cRyPtHoN™ INFOSEC (EN)

2021-05-18 23:24:28 GitLab tackles crypto-mining abuse with payment card checks for free accounts.

Security control could be rolled out more widely if it fails to halt rise in abuse

A surge in crypto-mining abuse on GitLab has prompted the DevOps platform to mandate that even customers with free accounts must include payment card details in order to use its pipeline services.

The San Francisco-based company says it has introduced the measure in part because the problem was creating “performance issues”.

“Recently, there has been a massive uptick in abuse of free pipeline minutes available on GitLab.com and on other CI/CD providers to mine cryptocurrencies,” said GitLab in a blog post announcing the change.

https://portswigger.net/daily-swig/gitlab-tackles-crypto-mining-abuse-with-payment-card-checks-for-free-accounts

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 23:15:49 Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture.

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create plugins to expand the functionality of the reverse shell.

You can run Mediator's scripts as standalone executables or you can import them for integration into other pentesting and incident response tools.

https://github.com/doctormay6/mediator

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 23:07:21 Thunderbird 78.10.2 is out with security fixes and usability improvements.

MZLA Technologies Corporation released a new version of its Thunderbird email client on May 17, 2021. Thunderbird 78.10.2 is a security update but it also includes usability improvements and a number of bug fixes.

The new version is already available and users who have not turned off automatic updates in the email client should see it pop up on their screens automatically. A quick check of Help > About Thunderbird displays the current version of the email client and the option to check for updates and install them if that has not happened automatically already.

Thunderbird users who prefer to update manually find the latest download link on the official project website.

https://www.ghacks.net/2021/05/18/thunderbird-78-10-2-is-out-with-security-fixes-and-usability-improvements/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 22:55:47 Detecting attackers obfuscating their IP address inside AWS.

Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS.

The feature and its exploitation potential

“Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define,” AWS explains.

Customers have complete control over their virtual networking environment, and can select their own IP address range, create subnets, and configure route tables and network gateways.

https://www.helpnetsecurity.com/2021/05/18/detecting-attackers-inside-aws/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 22:28:30 'You Can't Just Concede.' How One Expert Explains Negotiating With Cybercriminals.

Colonial Pipeline reportedly paid nearly $5 million worth of bitcoin to recover its data from cybercriminals who had hijacked the company's computer systems. The shutdown disrupted gas supplies across large parts of the South and East Coast.

The hackers used ransomware, which takes control of a victim's computer and locks them out of their data unless they agree to pay an anonymous hacker, usually in cryptocurrency. Hackers may also threaten to leak a company's sensitive data to the public unless paid to keep quiet.

https://www.npr.org/2021/05/18/997549334/you-cant-just-concede-how-one-expert-explains-negotiating-with-cybercriminals

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 22:21:09 Lawsuit Against Snapchat Rightfully Goes Forward Based on “Speed Filter,” Not User Speech.

The U.S. Court of Appeals for the Ninth Circuit has allowed a civil lawsuit to move forward against Snapchat, a smartphone social media app, brought by the parents of three teenage boys who died tragically in a car accident after reaching a maximum speed of 123 miles per hour. We agree with the court’s ruling, which confirmed that internet intermediaries are not immune from liability when the harm does not flow from the speech of other users.

The parents argue that Snapchat was negligently designed because it incentivized users to drive at dangerous speeds by offering a “speed filter” that could be used during the taking of photos and videos.

https://www.eff.org/deeplinks/2021/05/lawsuit-against-snapchat-rightfully-goes-forward-based-speed-filter-not-user

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 21:12:29 Bizarro banking Trojan expands its attacks to Europe.

Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We hv seen users being targeted in Spain, Portugal, France n Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European n South American countries. Following in the footsteps of Tetrade, Bizarro is using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping with transfers. In this article we analyse the technical features of the Trojan’s components, giving a detailed overview of obfuscation techniques, the infection process n subsequent functions, as well as the social engineering tactics used by the criminals to convince their victims to give away their online banking details.

https://securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 21:05:32 Headhunterz.

Have a nice day, take a break...
Listen to music...

Credit to Headhunterz



@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 19:39:17 Microsoft, Adobe Exploits Top List of Crooks’ Wish List.

You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.

A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits.

According to researchers (see chart below) Microsoft products made up a whopping 47 percent of the requests, compared with, say, internet of things (IoT) exploits, which only accounted for 5 percent.

https://threatpost.com/top-microsoft-adobe-exploits-list/166241/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-18 19:22:17 Ransomware hits AXA units in Asia, Irish healthcare.

BANGKOK (AP) — The Thai affiliate of Paris-based insurance company AXA said Tuesday it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines.

Meanwhile, a cyberattack on a public health provider in New Zealand took down information systems across five hospitals, forcing staff to cancel some elective surgeries and creating all sorts of other problems.

In Bangkok, Krungthai AXA said it has formed a team with AXA’s Inter Partner Assistance to urgently investigate the problem.

https://apnews.com/article/europe-asia-health-technology-business-2cfbc82beb75dfede32fc225113131b3

https://www.theregister.com/2021/05/17/ransomware_roundup/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment