Found 1003 bookmarks
Custom sorting
Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA
Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA
Key Attack Insights: Web DDoS attack campaign lasted six days and peaked at 14.7 Million RPS Featured multiple attack waves amounting to a total of 100 hours of attack time Sustained an average of 4.5 million RPS Targeted a financial institution in the Middle East Averaged a 0.12% ratio of legitimate to malicious web requests Attributed by Radware to SN_BLACKMETA, a pro-Palestinian hacktivist with potential ties to Sudan that may operate from within Russia * Possibly leveraged the InfraShutdown premium DDoS-for-hire service
#radware#EN#2024#DDoS#SN_BLACKMETA#hacktivist#pro-Palestinian#InfraShutdown#DDoS-for-hire
·radware.com·
Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA
Stargazers Ghost Network
Stargazers Ghost Network
  • Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts that distribute malicious links and malware and perform other actions such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. Check Point Research is tracking the threat group behind this service as Stargazer Goblin. The group provides, operates, and maintains the Stargazers Ghost Network and distributes malware and links via their GitHub Ghost accounts. The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. Our latest calculations suggest that more than 3,000 active Ghost accounts are part of the network. Based on core GitHub Ghost accounts, we believe that the network began development or testing on a smaller scale for the first time around August 2022. Check Point Research discovered an advertiser in Dark-Web forums that provides the exact GitHub operation. The first advertisement was published on July 8, 2023, from an account created the previous day. Based on the monitored campaigns from mid-May to mid-June 2024, we estimate that Stargazer Goblin earned approximately $8,000. However, we believe that this amount is only a small fraction of what the actor made during that period. The total amount during the operations’ lifespan is estimated to be approximately $100,000. * Stargazers Ghost Network appears to be only one part of the grand picture, with other Ghost accounts operating on different platforms, constructing an even bigger Distribution as a Service universe.
#checkpoint#EN#2024#research#Stargazers#Ghost#Network#GitHub#dark-web
·research.checkpoint.com·
Stargazers Ghost Network
DDoS Attacks in Spain
DDoS Attacks in Spain
In the wake of Spanish Authorities arresting three individuals associated with NoName057(16), the group declared a "holy war" on Spain. The call to arms encourages all pro-Russian hacker groups to join under the hashtag #FuckGuardiaCivil. Over the past two days, NETSCOUT observed a significant increase in claimed attacks on Spanish websites, coinciding with the call to arms in retaliation for the arrests made. Despite the surge in hacktivist targeting and claims of victory, the daily DDoS attacks manifest as a normal day for Spanish network operators.
#netscout#EN#2024#NETSCOUT#NoName057(16)#Spain#call-to-arms#DDoS
·netscout.com·
DDoS Attacks in Spain
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Documents reveal how Israel seized files, suppressed information related to WhatsApp’s lawsuit against Pegasus spyware vendor NSO Amid a lawsuit pitting WhatsApp against the Israeli company NSO, the state of Israel ordered documents to be seized from the offices of the Pegasus spyware vendor Israel also emitted a gag order on the seizure to prevent further dissemination of the information * Leaked files from the Israeli Ministry of Justice accessed by Forbidden Stories suggest that the MoJ pushed for language in NSO court filings to be modified
#forbiddenstories#EN#2024#lawsuit#WhatsApp#NSO#Pegasus#Israel#Disclosure
·forbiddenstories.org·
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Switzerland now requires all government software to be open source
Switzerland now requires all government software to be open source
The United States remains reluctant to work with open source, but European countries are bolder. Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the Atlantic, Switzerland has taken a major step forward with its "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG). This groundbreaking legislation mandates using open-source software (OSS) in the public sector.
#zdnet#EN#2024#Switzerland#EMBAG#open-source#OSS#public-sector
·zdnet.com·
Switzerland now requires all government software to be open source
TuDoor
TuDoor
TuDoor is a new DNS attack, which could be exploited to carry out DNS cache poisoning, denial-of-service, and resource consuming. DNS can be compared to a game of chess in that its rules are simple, yet the possibilities it presents are endless. While the fundamental rules of DNS are straightforward, DNS implementations can be extremely complex. In this study, we intend to explore the complexities and vulnerabilities in DNS response pre-processing by systematically analyzing DNS RFCs and DNS software implementations.
#TuDoor#2024#EN#DNS#attack#implementation#cache-poisoning
·tudoor.net·
TuDoor
North Korean hackers are stealing military secrets, say U.S. and allies
North Korean hackers are stealing military secrets, say U.S. and allies
North Korean hackers have conducted a global cyber espionage campaign in efforts to steal classified military secrets to support Pyongyang's banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday. The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, are believed to be part of North Korea's intelligence agency known as the Reconnaissance General Bureau, an entity sanctioned by the U.S. in 2015.
#reuters#EN#2024#North-Korea#Anadriel#APT45#spy#stealing
·reuters.com·
North Korean hackers are stealing military secrets, say U.S. and allies
Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems
Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems
In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorized command messages. Modbus is a commonly used protocol across all industrial sectors. The Cyber Security Situation Center (CSSC), a part of the Security
#dragos#EN#2024#FrostyGoop#malware#ICS#Modbus
·dragos.com·
Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems
Lviv neighbourhood left without heating, hot water by hacker attack
Lviv neighbourhood left without heating, hot water by hacker attack
The Sykhiv residential area in Lviv was left without hot water and heating as a result of a hacker attack on Lvivteploenergo. This is reported on the company's website. "The hacker attack disrupted the heat supply management system. Work is underway to restore heating and hot water supply in the Sykhiv residential area. The estimated time of restoration is 21:00," the statement said.
#lb.ua#EN#2024#hacking#Lviv#Russia-Ukraine-war#attack#disrupted#heating#Lvivteploenergo
·en.lb.ua·
Lviv neighbourhood left without heating, hot water by hacker attack
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
Veteran cybercriminals appear to be reducing their dependence on ransomware-as-a-service platforms — a sign that law enforcement raids are having an impact. Experts say the market for digital extortion tools has plenty of room to adapt, though.
#therecord.media#EN#2024#analysis#ransomware-as-a-service#law#enforcement#pressure
·therecord.media·
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.
#theregister#EN#2024#Windows#CrowdStrike#bug#incident#PIR#preliminary-post-incident-review
·theregister.com·
CrowdStrike blames a test software bug for Windows wipeout
Solving the 7777 Botnet enigma: A cybersecurity quest
Solving the 7777 Botnet enigma: A cybersecurity quest
  • Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost. This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France. To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting. Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor. However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor. * The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.
#sekoia#EN#2024#7777#botnet#research#Quad7#TP-Link#routers
·blog.sekoia.io·
Solving the 7777 Botnet enigma: A cybersecurity quest
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat. Please note that we may add further detail to this article as we uncover additional information in our ongoing investigation.
#arcticwolf#EN#2024#Fog#ransomware#USA#analysis
·arcticwolf.com·
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
dirDevil: Hiding Code and Content Within Folder…
dirDevil: Hiding Code and Content Within Folder…
You can hide data in directory structures, and it will be more or less invisible without knowing how to decode it. It won't even show up as taking up space on disk. However, its real-world applications may be limited because it is the code execution itself which is often the difficulty with AV/EDR evasion.
#trustedsec#EN#2024#Fileless#Data#Storage#dirDevil#Hiding#evasion#technique
·trustedsec.com·
dirDevil: Hiding Code and Content Within Folder…
Spanish Police Arrests NoName Hackers
Spanish Police Arrests NoName Hackers
Spanish Police arrested three individuals on July 20, 2024, who are suspected of participating in a series of cyberattacks targeting critical infrastructure and government institutions in Spain and other NATO countries. The detainees are believed to be affiliated with the hacktivist group NoName057(16), known for its pro-Russian ideology and launching DDoS attacks against entities supporting Ukraine in the ongoing conflict.
#thecyberexpress#EN#2024#NoName057(16)#busted#arrested#Spain
·thecyberexpress.com·
Spanish Police Arrests NoName Hackers
Technical Details: Falcon Update for Windows Hosts
Technical Details: Falcon Update for Windows Hosts
On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC. This issue is not the result of or related to a cyberattack.
#CrowdStrike#EN#2024#incident#issue
·crowdstrike.com·
Technical Details: Falcon Update for Windows Hosts
Helping our customers through the CrowdStrike outage
Helping our customers through the CrowdStrike outage
On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.
#blogs.microsoft#microsoft#EN#2024#CrowdStrike#incident#statement
·blogs.microsoft.com·
Helping our customers through the CrowdStrike outage
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Earlier this week, the FBI announced that it had accessed the locked phone of Thomas Matthew Crooks, the man who opened fire at a Trump rally last Saturday. A new report from Bloomberg today reveals more details about this process and the phone used by Crooks. After Saturday’s Trump rally shooting, the FBI said on Sunday that it had been unsuccessful in unlocking Crooks’ phone. The phone was then sent to the FBI lab in Quanitco, Virginia, and on Tuesday the bureau confirmed that it had successfully unlocked the phone in question.
#9to5mac#EN#2024#Android#Cellebrite#Samsung#cracked
·9to5mac.com·
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Our Statement on Today's Outage
Our Statement on Today's Outage
I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
#crowdstrike#EN#2024#incident#outage#statement
·crowdstrike.com·
Our Statement on Today's Outage