Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
14 résultats taggé doublepulsar  ✕
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534
04/05/2025 00:44:20
QRCode
archive.org

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is happening.

The attacks on Marks and Spencer, Co-op and Harrods are linked. DragonForce’s lovely PR team claim more are to come.

Defenders should urgently make sure they have read the CISA briefs on Scattered Spider and LAPSUS$ as it’s a repeat of the 2022–2023 activity which saw breaches at Nvidia, Samsung, Rockstar and Microsoft amongst many others. More info below.

I am not saying it is Scatter Spider; Scattered Spider has become a dumping ground for e-crime groups anyway. The point is they — the threat actor — are entering using the front door, via the helpdesk to get MFA access — those are very good guides from defenders about what to do, links below.

Source: Cybersecurity and Infrastructure Security Agency
DragonForce is a white label cartel operation housing anybody who wants to do e-crime. Some of them are pretty good at e-crime.

While organisations are away at RSA thinking about quantum AI cyber mega threats — the harsh reality is most organisations do not have the foundations in place to do be worrying about those kind of things. Generative AI is porn for execs and growth investment — threat actors are very aware that now is the time to launch attacks, not with GenAI, but foundational issues. Because nobody is paying attention.

Once they get access, they are living off the land — using Teams, Office search to find documentation, the works. Forget APTs, now you have the real threat: Advanced Persistent Teenagers, who have realised the way to evade most large cyber programmes is to cosplay as employees. Last time this happened, the MET Police ended up arresting a few under-18 UK nationals causing incidents to largely drop off.

doublepulsar EN 2025 UK DragonForce Ransomware Cartel attacks
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them. https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f
16/01/2025 10:18:21
QRCode
archive.org

Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684

Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices:

doublepulsar EN 2025 2022 cve-2022-40684 Fortigate dump
Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773
23/10/2024 09:53:22
QRCode
archive.org

Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.

doublepulsar EN 2024 FortiJump FortiManager vulnerability 0-day medium
Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company https://doublepulsar.com/hacker-group-handala-hack-team-claim-battery-explosions-linked-to-israeli-battery-company-5bea086280cd
23/09/2024 21:36:35
QRCode
archive.org

Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:

doublepulsar EN 2024 Handala hacktivist Palestine Israel data-breach data-leak vidisco
Snowflake at centre of world’s largest data breach https://doublepulsar.com/snowflake-at-central-of-worlds-largest-data-breach-939fc400912e
03/06/2024 09:48:52
QRCode
archive.org

Cloud AI Data platform Snowflake are having a bad month. Due to teenager threat actors and cybersecurity of its own customers… and its own cybersecurity, too, in terms of optics.

There are several large data breaches playing out in the media currently. For example, Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers.

doublepulsar EN 204 Snowflake Data-Breach analysis KevinBeaumont
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
01/06/2024 14:43:53
QRCode
archive.org

I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…

doublepulsar EN Microsoft Copilot+ PC Windows Recall Stealing disaster KevinBeaumont
The ticking time bomb of Microsoft Exchange Server 2013 https://medium.com/doublepulsar/the-ticking-time-bomb-of-microsoft-exchange-server-2013-d0850b80465b
23/12/2023 12:36:11
QRCode
archive.org

I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong.

Basically, I’m a giant big dork with too much free time.

I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.

doublepulsar EN 2023 analysis ransomware Microsoft-Exchange Exchange-Server2013 risk
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f
04/12/2023 20:05:44
QRCode
archive.org

Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp…

doublepulsar EN 2023 CitrixBleed analysis
LockBit ransomware group assemble strike team to breach banks, law firms and governments. https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee
15/11/2023 10:18:56
QRCode
archive.org

Recently, I’ve been tracking LockBit ransomware group as they’ve been breaching large enterprises:
I thought it would be good to break down what is happening and how they’re doing it, since LockBit are breaching some of the world’s largest organisations — many of whom have incredibly large security budgets.
Through data allowing the tracking of ransomware operators, it has been possible to track individual targets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed. Prior reading:

doublepulsar EN 2023 LockBit ransomware CitrixBleed
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability https://doublepulsar.com/uk-electoral-commission-had-an-unpatched-microsoft-exchange-server-vulnerability-5436f3f5ec2c
16/08/2023 11:16:38
QRCode
archive.org

You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented.

doublepulsar EN 2023 UK Electoral Commission ProxyNotShell
Rackspace Cloud Office suffers security breach https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f
05/12/2022 08:52:08
QRCode
archive.org

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

doublepulsar EN 2022 Rackspace Cloud Office breach Exchange
ProxyNotShell— the story of the claimed zero days in Microsoft Exchange https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9
02/10/2022 10:20:25
QRCode
archive.org

Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero…

ProxyNotShell doublepulsar EN 2022 Medium KevinBeaumont ProxyNotShell CVE-2022–41040 CVE-2022–41082
Follina — a Microsoft Office code execution vulnerability https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
30/05/2022 11:33:04
QRCode
archive.org

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...

doublepulsar EN 2022 Office vulnerability msdt.exe PowerShell Follina
BPFDoor — an active Chinese global surveillance tool https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
07/05/2022 17:54:58
QRCode
archive.org
doublepulsar EN 2022 BPFDoor nix unix surveillance Chinese implant backdoor
4481 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio