probablyfinished reading A Song For The Void ๐๐๐๐๐
| bird link | https://twitter.com/robstunkist |
| work on | https://www.threatable.io |
probably
- 146 Followers
- 366 Following
- 269 Posts
threat intel, detection engineering and research. Member of Curatedintel.
started reading Ship of Gold in the Deep Blue Sea
BrianKrebsThere is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Heads up to people/orgs running ConnectWise ScreenConnect. There is a bad-as-it-gets bug being exploited right now that is basically no-tech hacking to gain remote admin access. Patch now if you haven't already.
ConnectWise's advisory on the vulnerabilities and exploitation is here:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
A working proof of concept for this attack:
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
Huntress does a good job dissecting the ConnectWise advisory and showing the exploit in action.
https://www.youtube.com/watch?v=AWGoGO5jnvY
@wdormann sums up the technical capabilities needed to exploit this flaw:
"Apparently the exploit is to add a '/' to the end of the URI.
That's it."
k3ym๐บGreat write-up by @Kaspersky on Operation Triangulation, the 0-click iMessage attack which chained together four (now patched) zero-days as part of it's attack chain.
Read up on this incredibly sophisticated attack:
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
@shepgo I have several if some folks need just lmk
Taiwan in Monochromeโโๅบๅฐใซๆผใใ้ซ็ ็พฉๅ้ใฎๆดป่บ National Taiwan University Library Collection https://dl.lib.ntu.edu.tw/s/photo/page/list #taiwan #taiwanhistory #taiwanphoto
Chris ClarkeWell @riskybusiness definitely called it this week https://www.cbc.ca/news/politics/cyberattacks-parliament-india-1.6981399?cmp=rss
Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News
The federal government is coping with cyberattacks this week, as a hacker group in India claims it has sowed chaos in Ottawa โ but Canada's signals-intelligence agency says the "nuisance" attacks likely haven't put private information at risk.
Frank BajakResearchers at Citizen Lab and Google uncover attempt to hack opposition Egyptian presidential candidate with spyware, say Egyptian govt likely to blame. Itโs why Apple rushed to release a critical iOS update this week. https://apnews.com/article/6e5ab454bff94e1712c94b20b0756f7f
Leading Egyptian opposition politician targeted with spyware, researchers find
Security researchers say a leading Egyptian opposition politician was targeted with Predator spyware after announcing a president bid. They say it's highly likely Egyptian authorities were behind the hacking attempt. Its discovery by researchers at Citizen Lab and Google prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the vulnerability. Citizen Lab said in a blog post Friday that attempts beginning in August to hack former lawmaker Ahmed Altantawy involved configuring his connection on the Vodaphone Egypt mobile network to automatically infect his devices if he visited certain websites not using the secure HTTPS protocol.