kid

joined 9 months ago
MODERATOR OF
cybersecurity
sorted by: new top controversial old
18
US and UK Military Social Network "Forces Penpals" Exposes SSN, PII Data (hackread.com)
submitted 2 days ago by kid to c/cybersecurity
0 comments fedilink
18
New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (thehackernews.com)
submitted 4 days ago by kid to c/cybersecurity
2 comments fedilink
15
Ford 'actively investigating' breach claims (www.theregister.com)
submitted 4 days ago by kid to c/cybersecurity
0 comments fedilink
12
Recently disclosed VMware vCenter Server bugs are actively exploited in attacks (securityaffairs.com)
submitted 4 days ago by kid to c/cybersecurity
0 comments fedilink
14
Apache Kafka Vulnerability Let Attackers Escalate Privileges (gbhackers.com)
submitted 4 days ago by kid to c/cybersecurity
0 comments fedilink
15
Ransomware Attack on Oklahoma Medical Center Impacts 133,000 (www.securityweek.com)
submitted 4 days ago by kid to c/cybersecurity
0 comments fedilink
18
Space tech giant Maxar confirms hacker accessed employees' personal data (techcrunch.com)
submitted 4 days ago by kid to c/cybersecurity
0 comments fedilink
24
Akira Ransomware Racks Up 30+ Victims in a Single Day (www.darkreading.com)
submitted 4 days ago by kid to c/cybersecurity
1 comments fedilink
8
Fortra Reports Alarming Increase In Abuse Of Cloudflare Services (informationsecuritybuzz.com)
submitted 5 days ago by kid to c/cybersecurity
0 comments fedilink
5
Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices (www.trendmicro.com)
submitted 5 days ago by kid to c/cybersecurity
0 comments fedilink
 

  • Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.

  • Its botnet uses automated scripts to find and compromise vulnerable IoT devices sourced from public internet scan databases like Shodan.

  • Once IoT devices are compromised, the Ngioweb malware is deployed, which runs in memory and connects to command-and-control servers to register the compromised device as a proxy.

  • The monetization process, from initial infection to the availability of the device as a proxy on a residential proxy marketplace, can take as little as 10 minutes, indicating a highly efficient and automated operation.

42
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (thehackernews.com)
submitted 5 days ago by kid to c/cybersecurity
4 comments fedilink
8
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (thehackernews.com)
submitted 5 days ago by kid to c/cybersecurity
0 comments fedilink
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices in c/cybersecurity
[–] kid 5 points 4 months ago (3 children)

CrowdStrike report of the incident: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

Police allege ‘evil twin’ in-flight Wi-Fi used to steal info in c/cybersecurity
[–] kid 2 points 4 months ago

Well, depends. If the user go to a captive portal to "authenticate" before the VPN could closes, than no. But, if the VPN can "pierce" through it (without any intervention from the AP), than yes. Anyways, If the user is willing to provide authentication data (like social media accounts, etc), nothing matters.

TeamViewer investigating intrusion of corporate IT environment in c/cybersecurity
P2PInfect botnet targets REdis servers with new ransomware module in c/cybersecurity
[–] kid 3 points 5 months ago (2 children)

Yes.

303,481 servers worldwide, according to Shodan.

Ukraine says hackers abuse SyncThing tool to steal data in c/cybersecurity
[–] kid 2 points 5 months ago (2 children)

Interesting. I didn't know that syncthing does hole punching.

From a defense perspective, how would this work with an enterprise firewall, with UDP/TCP only allowed to specific destinations or specific sources. Example: only the internal DNS relay server can access 53/UDP and only the internal proxy server can access 80/443. What I mean is in a network with a very closed firewall, how would Syncthing be able to connect with peers?

Ukraine says hackers abuse SyncThing tool to steal data in c/cybersecurity
[–] kid 11 points 5 months ago (3 children)

Instance Rules

Be respectful. Everyone should feel welcome here.

Ukraine says hackers abuse SyncThing tool to steal data in c/cybersecurity
[–] kid 6 points 5 months ago (4 children)

Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don't know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).

Ukraine says hackers abuse SyncThing tool to steal data in c/cybersecurity
[–] kid 6 points 5 months ago (6 children)

Honestly, I didn't think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

Some Microsoft services, DuckDuckGo hit by global outage in c/cybersecurity
[–] kid 3 points 6 months ago

By the messages that they are sending to customers, looks like is related to recent updates to the services, but nothing clear.

Critical Fluent Bit flaw impacts all major cloud providers in c/cybersecurity
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version in c/cybersecurity
[–] kid 1 points 6 months ago

IoCs available in the original article.

Proton VPN TunnelVision support response. in c/cybersecurity
[–] kid 17 points 6 months ago (16 children)

Please note that the attack can only be carried out if the local network itself is compromised.

view more: ‹ prev next ›