publicarray

@[email protected]
27 Followers
72 Following
21 Posts
Twitterhttps://twitter.com/publicarray
🛠️https://seby.au
Githubhttps://github.com/publicarray
publicarrayJul 21, 2024
BleepingComputerJul 19, 2024

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack.

https://www.bleepingcomputer.com/news/security/medisecure-ransomware-gang-stole-data-of-129-million-people/

MediSecure: Ransomware gang stole data of 12.9 million people

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack.

BleepingComputer
publicarrayJul 21, 2024
John BurnsJul 20, 2024

Are you ready for #Project2025

This weathercaster got some practice. Because #Crowdstrike

https://www.cnn.com/2024/07/20/us/global-it-outage-california-forecaster-trnd/index.html

The global software outage affected this forecaster’s broadcast. He took the weather report into his own hands – literally

As what was possibly the “largest IT outage in history” impacted computer systems across the globe this week, a Northern California weather forecaster found a creative – and hands-on – solution to keep his viewers updated as his news station’s software remained offline.

CNN
publicarrayJul 11, 2024
Have I Been PwnedJul 11, 2024
New sensitive breach: mSpy had 2.4M unique email addresses exposed in a 318GB breach last month. Data included name & IP address in user records & support tickets, plus photos of credit cards & nude selfies. 54% were already in @haveibeenpwned. More: https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/
Data breach exposes millions of mSpy spyware customers | TechCrunch

A huge batch of mSpy customer service emails dating back to 2014 were stolen in a May data breach.

TechCrunch
publicarraySep 9, 2023
Kent BrewsterSep 9, 2023

Infosec friends are unanimous: if you're using Chrome, you want to visit chrome://settings/adPrivacy and turn off Ad Topics, Site-Suggested Ads, and Ad Measurement.

IMPORTANT: you must do this for each of your Chrome profiles, since it's not a global setting.

#chrome #privacy #enshittification

publicarrayJul 12, 2023
Kevin BeaumontJul 12, 2023
Microsoft quietly snuck out a blog yesterday to say that Office 365 got compromised by China and used to steal emails. Thread follows. https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email | MSRC Blog | Microsoft Security Response Center

Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email

publicarrayJul 11, 2023
BrianKrebsJul 11, 2023

Whoa. Sophos researchers just announced that they’ve uncovered 133 malicious drivers signed with legitimate digital certificates, and found 100 of of those 133 drivers were signed by Microsoft.

https://news.sophos.com/en-us/2023/07/11/microsoft-revokes-malicious-drivers-in-patch-tuesday-culling/

From the post:

"Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than 100 malicious drivers that had been digitally signed by Microsoft and others, dating as far back as April 2021."

"They also released Knowledge Base article 5029033, which includes new, more detailed information on the technical measures Microsoft has taken to protect against these malicious signed drivers."

https://msrc.microsoft.com/update-guide/vulnerability/ADV230001

https://support.microsoft.com/help/5029033

Today's post about patches from Microsoft and Apple to quash zero-day bugs:

https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/

I wrote recently about one of the bigger names in signing malware as a service:

https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-…

Sophos News
publicarrayApr 1, 2023
Kevin BeaumontMar 29, 2023
3CX got breached and used for supply chain delivery. I don’t know if anybody remembers my #3CX thread on Twitter last year but.. uh.. it got fun. https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers //

**What Happened** On March 29, 2023, Falcon OverWatch observed unexpected malicious activity emanating from a legitimate, signed binary,...

reddit
publicarrayApr 1, 2023
Thomas Roccia Mar 31, 2023
🍏Diving into the 3CX Mac OS edition analysis, here is the preliminary diagram of the attack flow. I hope it will give you a broader understanding! 💥 #3CX #3CXpocalypse #infosec
publicarrayApr 1, 2023
Thomas Roccia Mar 31, 2023

🔍 If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow for the Windows version! 💥

I'll update as soon as the analysis progresses. #cybersecurity #infosec #supplychainattack #3CXpocalypse

publicarrayJan 2, 2023
Simon BrookeJan 2, 2023

"#OpenSource maintainers are effectively unpaid outsourcing teams for giant corporations. The Alibaba engineer told the log4j team: 'Please hurry up'. Meanwhile, let's remember that Alibaba has a market cap of $348 billion" – Yawar Amin

https://dev.to/yawaramin/the-human-toll-of-log4j-maintenance-35ap

The human toll of log4j maintenance

How the pressure of fixing the vulnerability was dumped on a tiny team over a frantic weekend

DEV Community 👩‍💻👨‍💻