2024-02-23
Big props to the @HuntressLabs crew for disclosing responsibly this vulnerability. Worth pointing out that they also created detections for the community, making it easier for the rest of us to respond, thank you!🙏 https://www.huntress.com/...
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
2024-02-22
Big props to the @HuntressLabs crew for disclosing responsibly this vulnerability. Worth pointing out that they also created detections for the community, making it easier for the rest of us to respond, thank you!🙏 https://www.huntress.com/...
TechCrunch
Researchers warn that hackers are exploiting ConnectWise's remote access tool via a flaw “embarrassingly easy” to exploit; ConnectWise has confirmed the attacks
“I can't sugarcoat it — this shit is bad," said Huntress' CEO — Security experts are warning that a high-risk vulnerability …
2023-05-12
Nobody is immune to attacks. Even Dragos, with all the amazing folks they have there. It only takes one little slip-up. What matters is how many layers of security you have in place to prevent further damage and how you handle the situation. I love the transparency, well done! https://twitter.com/...
BleepingComputer
Industrial cybersecurity company Dragos says a known cybercrime group accessed its SharePoint cloud service on May 8 but failed to breach its internal network
2023-05-11
Nobody is immune to attacks. Even Dragos, with all the amazing folks they have there. It only takes one little slip-up. What matters is how many layers of security you have in place to prevent further damage and how you handle the situation. I love the transparency, well done! https://twitter.com/...
BleepingComputer
Industrial cybersecurity firm Dragos says a known cybercrime group gained access to its SharePoint cloud service on May 8 but didn't breach its internal network
Industrial cybersecurity company Dragos today disclosed what it describes as a “cybersecurity event” after a known cybercrime gang attempted …
2023-03-31
There is a cred harvesting aspect, as noted by SentinelOne 👇 https://www.sentinelone.com/ ... This happens after the payload is downloaded from GitHub and runs in memory. DPRK is once again looking to fund their operations by emptying your people's bank account and bitcoin wallets.
BleepingComputer
Researchers say hackers have compromised the VoIP desktop client of 3CX's Phone System, used by 600K+ companies and 12M+ DAUs, in an ongoing supply chain attack
https://www.3cx.com/... Any vendor of software and services that pull in code from NPM, PIP, RubyGems etc … Eitan Erez : This supply chain attack started unfolding not long ago as...
2023-03-30
There is a cred harvesting aspect, as noted by SentinelOne 👇 https://www.sentinelone.com/ ... This happens after the payload is downloaded from GitHub and runs in memory. DPRK is once again looking to fund their operations by emptying your people's bank account and bitcoin wallets.
BleepingComputer
Researchers say hackers have compromised the 3CX VoIP IPBX desktop app, used by 600K+ companies and 12M+ daily users, in an ongoing supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target …
2022-03-29
I don't even know where to start... Fireeye endpoint terminated using Process Explorer, Bing search looking for Mimikatz, the two month response time? Oh boy, so many things to unravel here 😂 Very nice thread and juicy info 👇 https://twitter.com/...
Wired
Leaked Mandiant report: Okta's contractor Sitel first sent a Lapsus$ breach notification to Okta on January 25 and a detailed “Intrusion Timeline” on March 17
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don't explain the apparent lack of urgency.
2022-02-28
I consolidated and translated them in a JSON format for easy parsing and analysis 🙂 There is some interesting stuff there but a lot of it is boring chatter... Be warned, this is google translation! 😄 https://github.com/... https://twitter.com/...
The Record
A pro-Ukraine member of the Conti ransomware gang posts 339 days' worth of the group's chat logs, after its leaders declared support for Russia
A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang's internal chats after the group's leaders posted …