cRyPtHoN™ INFOSEC (EN)

2022-05-17 09:51:40 US Manufacturing Giant Parker Hit by Conti Ransomware Gang.

US manufacturing company Parker-Hannifin Corporation has announced a data breach exposing employees’ personal identifiable information (PII) after Conti ransomware actors published reportedly stolen data last month.

The firm, one of the largest companies in the world in motion control technologies, revealed in a press release that an unauthorized third party gained access to its IT systems between the dates of March 11 and March 14 2022.

An investigation conducted by the company determined that the unauthorized party accessed and likely acquired certain files on its IT systems, which included information related to current and former employees, their dependents and members of Parker’s Group Health Plans (including health plans sponsored by an entity acquired by Parker).

https://www.infosecurity-magazine.com/news/parker-conti-ransomware/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:48:39 Ransomware gang threatens to overthrow Costa Rica government.

SAN JOSE, Costa Rica (AP) — A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat, saying its goal is now to overthrow the government.

Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a ransom by raising its demand to $20 million.

Chaves suggested Monday in a news conference that the attack was coming from inside as well as outside Costa Rica.

“We are at war and that’s not an exaggeration,” Chaves said. He said officials were battling a national terrorist group that had collaborators inside Costa Rica.

https://apnews.com/article/technology-government-and-politics-caribbean-gangs-381efc2320abb5356dee7f356e55e608

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:44:29 A Look Into Public Clouds From the Ransomware Actor's Perspective.

Traditional ransomware mainly targets on-premises IT infrastructure but doesn't work well in cloud environments, which is one reason we haven't heard much about ransomware in public clouds. However, ransomware actors could adapt their tactics, techniques and procedures (TTPs) to be more cloud native, and now is a good time for organizations to get ahead of this possibility.

Ransomware incidents have severely disrupted business operations across all industries. In 2021, the average ransom demand was $2.2 million, and the average payment was $541,010. Since 2020, researchers have detected at least 130 different ransomware families. There is still no sign of a decrease in the frequency and severity of ransomware attacks.

https://unit42.paloaltonetworks.com/ransomware-in-public-clouds/

#oscp #iocteams #spread #snortteams
@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:41:41 LeakInspector: an add-on that warns and protects against personal data exfiltration.

LeakInspector is an add-on that warns and protects against personal data exfiltration. We developed LeakInspector to help publishers and end-users to audit third parties that harvest personal information from online forms without their knowledge or consent.

It has the following features:

Blocks requests containing personal data extracted from the web forms and highlights related form fields by showing add-on's icon.

Logs technical details of the detected sniff and leak attempts to console to enable technical audits. The logged information includes the value and XPath of the sniffed input element, the origin of the sniffer script, and details of the leaky request such as the URL and the POST data.

https://github.com/leaky-forms/leak-inspector

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-17 09:35:31 Hackers Can Make Siemens Building Automation Controllers 'Unavailable for Days'

A vulnerability affecting building automation controllers from Siemens can be exploited to disrupt a device for an extended period of time, according to OT and IoT cybersecurity firm Nozomi Networks.

Nozomi researchers recently analyzed Siemens’ PXC4.E16, a programmable building automation system (BAS) of the Desigo family that is designed for HVAC and building service plants.

They discovered that the device, specifically its ABT Site Engineering and Commissioning Tool, is affected by a vulnerability that can be exploited for denial-of-service (DoS) attacks.

https://www.securityweek.com/hackers-can-make-siemens-building-automation-controllers-unavailable-days

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-16 14:32:49 Parker Hannifin reveals cyber-attack exposed sensitive employee data.

Data breach involves Social Security numbers and health insurance data, among other information

Parker Hannifin, the Fortune 500 engineering giant, has revealed that the personal data of employees and their dependents may have been compromised after its networks were breached.

“Certain systems” were shut down after the company detected the incident on March 14, 2022, according to a press release issued on Friday (May 13).

An investigation subsequently discovered that that an unauthorized third party had gained access to Parker Hannifin’s IT systems between March 11 and March 14.

https://portswigger.net/daily-swig/parker-hannifin-reveals-cyber-attack-exposed-sensitive-employee-data

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-16 14:29:52 First look at Portmaster, an open source cross-platform network monitor.

Portmaster is a free open source cross-platform network activity monitor that is available in an early version for Windows and the Linux distributions Ubuntu and Fedora.

Portmaster combines traditional network activity monitoring with additional features, such as the option to enforce the use of secure DNS or the automatic blocking of advertisement, trackers and malicious hosts using filter lists, which are commonly used by ad-blockers.

Portmaster is free to use, which usually leads to the question of how development is financed. The developers behind Portmaster reveal information on that on the official project website. Basically, what they plan to do is use a freemium model.

https://www.ghacks.net/2022/05/16/first-look-at-portmaster-an-open-source-cross-platform-network-monitor/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-16 14:27:06 At Least 14 German Automakers Targeted by Malware Campaign.

Experts have discovered a phishing campaign that has been going on for over a year. Its target? The German automotive industry. What threat actors are trying to do is to infiltrate password-stealing malware into the victims’ systems.

According to the researchers at Checkpoint, who published a report on this topic, the phishing campaign under discussion became active around July 2021 with its activity still being carried out at the present moment.

Its targets are car manufacturers and dealers in Germany, the threat actors behind it managing to duplicate genuine sites belonging to various companies for the purpose of registering lookalike domains. This technique is known as domain squatting.

https://heimdalsecurity.com/blog/at-least-14-german-automakers-targeted-by-malware-campaign/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 11:42:25 Ex-Cop Jokes That Police Surveillance Robot Could Spy On Women’s Locker Rooms.

The ReadySight surveillance robot looks a little like a paint roller with a camera in the middle. Targeted to both police and consumers, it can be controlled by a smartphone and not only provides visuals but also audio and motion detection. It’s tiny–roughly the size of a 16-ounce can, according to company marketing–and promises to be easy to use, too. “Just toss and go,” the company’s website says.

The robot has obvious applications for cops and SWAT teams dealing with difficult situations where they need eyes and ears without putting people in harm’s way. It’s slated to be released later this year.

https://www.forbes.com/sites/thomasbrewster/2022/02/16/ex-cop-jokes-that-company-six-police-surveillance-robot-could-spy-on-womens-locker-rooms/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-02-17 11:40:16 Nation-state actors hacked Red Cross exploiting a Zoho bug.

The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug.

The International Committee of the Red Cross (ICRC) revealed that the attack that breached its network in January was conducted by a nation-state actor that exploited a Zoho vulnerability.

In January, a cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The attack was disclosed by the ICRC, which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide.

https://securityaffairs.co/wordpress/128110/hacking/nation-state-actors-hacked-red-cross-exploiting-a-zoho-bug.html

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment