Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
11 résultats taggé steal  ✕
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | Datadog Security Labs https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
14/12/2024 10:58:04
QRCode
archive.org
thumbnail
  • In this post, we describe our in-depth investigation into a threat actor to which we have assigned the identifier MUT-1244.
  • MUT-1224 uses two initial access vectors to compromise their victims, both leveraging the same second-stage payload: a *phishing campaign targeting thousands of academic researchers and a large number of trojanized GitHub repositories, such as proof-of-concept code for exploiting known CVEs.
  • Over 390,000 credentials, believed to be for WordPress accounts, have been exfiltrated to the threat actor through the malicious code in the trojanized "yawpp" GitHub project, masquerading as a WordPress credentials checker.
  • Hundreds of victims of MUT-1244 were and are still being compromised. Victims are believed to be offensive actors—including pentesters and security researchers, as well as malicious threat actors— and had sensitive data such as SSH private keys and AWS access keys exfiltrated.
  • We assess that MUT-1244 has overlap with a campaign tracked in previous research reported on the malicious npm package 0xengine/xmlrpc and the malicious GitHub repository hpc20235/yawpp.
securitylabs.datadoghq.com EN 2024 pentesters script-kiddies offensive actors MUT-1244 PoC PoC-abuse MUT-1224 credentials steal
Abnormal Security https://abnormalsecurity.com/blog/adversary-in-the-middle-dropbox-phishing-open-enrollment
20/11/2024 22:00:32
QRCode
archive.org
thumbnail

Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.

abnormalsecurity EN 2024 exploited sophisticated phishing attack leveraged aitm tactics steal credentials open dropbox enrollment discover period
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED https://www.wired.com/story/goldenjackal-hacking-group-new-tools-air-gapped-machines/?bxid=644160cd83915f2ed0038c99&cndid=73607740&hasha=28402521ecd17181dde031e6b323e4a8&hashb=1a9603f38b3d59ccd6cbc672326657876328edc3&hashc=e22bbd4fd4d6760f80642fef9bc1ee43a80208fbcdb3317c25439980987d6c22&esrc=
13/10/2024 14:25:02
QRCode
archive.org
thumbnail

It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.

wired EN 2024 GoldenJackal Air-Gapped steal tools
Data Exfiltration from Slack AI via indirect prompt injection https://promptarmor.substack.com/p/data-exfiltration-from-slack-ai-via
20/08/2024 21:40:04
QRCode
archive.org

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

promptarmor EN 2024 Slack prompt-injection LLM vulnerability steal indirect-prompt injection
The Spies Who Loved You: Infected USB Drives to Steal Secrets https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
12/07/2023 10:01:01
QRCode
archive.org
thumbnail

In the first half of 2023, we observed a threefold increase in the number of attacks using infected USB drives to steal secrets.

mandiant EN 2023 USB drives steal SOGU Malware SNOWYDRIVE
Revolut’s US payment flaws allowed thieves to steal $20mn https://archive.ph/Joh4a#selection-2047.0-2051.60
10/07/2023 09:24:34
QRCode
archive.org

A flaw in Revolut’s payment system in the US allowed criminals to steal more than $20mn of its funds over several months last year before the company could close the loophole, according to multiple people with knowledge of the episode.

ft EN 2023 Revolut steal criminals loophole
Hackers Start Selling Data Center Logins for Some of World’s Largest Corporations https://www.bloomberg.com/news/features/2023-02-21/hackers-scored-corporate-giants-logins-for-asian-data-centers
21/02/2023 11:41:19
QRCode
archive.org
thumbnail

Such credentials in the wrong hands could be dangerous, experts say, potentially allowing physical access to data centers. The affected data center operators say the stolen information didn’t pose risks for customer IT systems.

bloomberg EN 2023 datacenters passwords logins credentials steal
Azure Cloud Shell Command Injection Stealing User’s Access Tokens https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens
21/09/2022 23:44:32
QRCode
archive.org
thumbnail

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

lightspin EN 2022 Azure Cloud Shell injection terminals IoCs Analysis Tokens steal
Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
15/09/2022 17:40:33
QRCode
archive.org
thumbnail

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in.

Vectra EN 2022 token teams Microsoft credentials steal
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
15/06/2022 18:18:08
QRCode
archive.org
thumbnail

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

sonarsource EN 2022 Zimbra memcache Vulnerability email steal credentials
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
25/05/2022 06:59:04
QRCode
archive.org
thumbnail

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

PyPI ctx PHP supplychain attack sonatype EN 2022 exfiltration steal Supply-chain-security
4490 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio