Quotidien Shaarli

Sous le domaine dleci.ch, une page de phishing a été mise en ligne, reproduisant à l'identique le contenu de dieci.ch.

• In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers.

• Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched.

• Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers.

• App & API Protector customers who are in automatic mode have existing and updated protections.

On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.

We have received a takedown notice from the company mSpy, alleging that the domain ddosecrets.com, specifically the section https://data.ddosecrets.com/MSpy/, is hosting stolen personal and corporate data belonging to them.

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.

The vulnerabilities allowed one security researcher to peek inside the leak sites without having to log in.

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

Discover how Iran is allegedly targeting the 2024 US election, the potential impacts, and the measures being taken to safeguard the democratic process.

The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.

• In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers.
• This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera.
• Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2.
• The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024.
• Ten new sigma rules were created from this report and added to our private sigma ruleset

Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.