Jump to content
Tuts 4 You

FireEye discloses breach, theft of hacking tools

whoknows

By whoknows,
in General Discussions and Off Topic

Followers 0

Recommended Posts

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

  • whoknows

    48

  • Kurapica

    7

  • deepzero

    3

  • Teddy Rogers

    3

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

deepzero

https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

whoknows

today powered by white wine @ 2015 ( ITA @tonyweb )   src - otondo.com

Progman

Microsoft discovers SECOND hacking team dubbed 'Supernova' installed backdoor in SolarWinds software in March - as Feds say first Russian 'act of war' cyber attack struck at least 200 firms and US fed

Posted Images

whoknows

whoknows 317

Posted
  • Author
Posted

benchtweakgaming.Windows 10 Debloat Tool GUI

based this on farag2’s – Windows 10 ‘Sophia‘ Script,  tool is basically a front-end

benchtweakgaming.com/2020/11/12/windows-10-debloat-tool/

Link to post
whoknows

whoknows 317

Posted
  • Author
Posted

FireEye breached after SolarWinds supply-chain attack

this is hard sex - "products that contained this vulnerability to be fewer than 18,000"

bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/

 :bangin:

Link to post
deepzero

deepzero 215

Posted
Posted

SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Our customer list includes:

More than 425 of the US Fortune 500

All ten of the top ten US telecommunications companies

All five branches of the US Military

The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States

All five of the top five US accounting firms

Hundreds of universities and colleges worldwide

 

Well - it certainly seems like a good choice to attack...

  • Like 1
Link to post
whoknows

whoknows 317

Posted
  • Author
Posted

Hackers used SolarWinds' dominance against it in sprawling spy campaign

Cybersecurity experts are still struggling to understand the scope of the damage.

“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”

The hackers inserted malicious code into Solarwinds.Orion software updates pushed out to nearly 18,000 customers.

The malicious updates - sent between March and June

We may not know the true impact for many months, if not more – if not ever

The company’s stock has tumbled more than 23%

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123

 

in.reuters.com/article/global-cyber-solarwinds-idINKBN28P2N8

Link to post
Kurapica

Kurapica 708

Posted
Posted

https://www.theregister.com/2020/12/09/fireeye_tools_hacked/

 

 

Quote

"In an effort to save face, Mandia went to some trouble to outline just how good the hackers were and the extraordinary lengths they must have gone to in order to pull down its pants in public, spank it on the bottom, and then run away laughing while FireEye was standing at a lectern telling everyone why they needed to hire the company to protect their networks."

 

Link to post
whoknows

whoknows 317

Posted
  • Author
Posted (edited)

Microsoft says it found malicious software in its systems

reuters.com/article/usa-cyber-breach-exclusive-int-idUSKBN28R3E2

 

51% of 4 million Docker images have critical vulnerabilities

thechief.io/c/news/51-4-million-docker-images-have-critical-vulnerabilities/

 

Rocky Linux: A CentOS replacement by the CentOS founder

github.com/rocky-linux/rocky
rockylinux.org

 

Europol launches new decryption platform for law enforcement

bleepingcomputer.com/news/security/europol-launches-new-decryption-platform-for-law-enforcement/

Edited by whoknows
merge shits (see edit history)
  • Like 1
Link to post
Kurapica

Kurapica 708

Posted
Posted
1 hour ago, whoknows said:

Microsoft says it found malicious software in its systems

reuters.com/article/usa-cyber-breach-exclusive-int-idUSKBN28R3E2

 

 

rofl , so what should Windows 10 users say about their systems ?!

 

  • Haha 1
Link to post
kao

kao 2,161

Posted
Posted (edited)

Statement from MS side.

Just to clarify, Frank X Shaw is Corporate Vice President, Corporate Communications at Microsoft Corporation. So a pretty senior executive who usually doesn't talk out of his ass, unlike a certain journalist..

 

Edited by kao
+explanation what this tweet means (see edit history)
  • Like 1
Link to post
Teddy Rogers

Teddy Rogers 1,497

Posted
Posted
8 hours ago, deepzero said:

https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

Makes you wonder who really was monitoring and managing the monitoring and management platform... 🤔

Quote

Additional malware discovered

In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor. The malware consists of a small persistence backdoor in the form of a DLL file named App_Web_logoimagehandler.ashx.b6031896.dll, which is programmed to allow remote code execution through SolarWinds web application server when installed in the folder “inetpub\SolarWinds\bin\”. Unlike Solorigate, this malicious DLL does not have a digital signature, which suggests that this may be unrelated to the supply chain compromise.  Nonetheless, the infected DLL contains just one method (named DynamicRun), that can receive a C# script from a web request, compile it on the fly, and execute it.

Ted.

  • Haha 1
Link to post
whoknows

whoknows 317

Posted
  • Author
Posted (edited)

Virtual Machine Detection in the Browser

bannedit.github.io/Virtual-Machine-Detection-In-The-Browser.html

 

Fujifilm and IBM Set World Record With 580TB Magnetic Tapes

pcmag.com/news/fujifilm-and-ibm-set-world-record-with-580tb-magnetic-tapes

Edited by whoknows (see edit history)
Link to post
Progman

Progman 109

Posted
Posted

Awesome practical tricks used.  Funny how non targeted domains were hashed so its computationally difficult to even figure that out.

Also the way it masquerades as seemingly a normal business backend file and protocol was very clever.  If the attackers did not use this vector to install further RATs that would be quite a waste.  Though if the network communication is heavily monitored at these big targets then perhaps this initial discovery would have blown the whole thing anyway.  But at least it should have had backup domains or IPs given that they were quick to go to court and disable it completely by grabbing the domain name

Link to post
Kurapica

Kurapica 708

Posted
Posted

It's weird how resourceful companies and organizations with sensitive data rely on a 3rd-party contractor to provide such software for monitoring their systems.

And the access level those monitoring tools had over these systems, I wonder if it's a full access to every thing on these networks.

But it was epic to see .NET finally being used in a sophisticated attack.

  • Like 2
Link to post
whoknows

whoknows 317

Posted
  • Author
Posted

Firefox to ship 'network partitioning - what a gr8 shit! love it!

zdnet.com/article/firefox-to-ship-network-partitioning-as-a-new-anti-tracking-defense/

Link to post
Progman

Progman 109

Posted
Posted

Microsoft discovers SECOND hacking team dubbed 'Supernova' installed backdoor in SolarWinds software in March - as Feds say first Russian 'act of war' cyber attack struck at least 200 firms and US federal agencies

https://www.dailymail.co.uk/news/article-9071645/Microsoft-discovers-SECOND-hacking-team-installed-backdoor-SolarWinds-software-March.html

 

It just keeps getting better...

  • Like 2
Link to post
Kurapica

Kurapica 708

Posted
Posted

Those big companies are tasting their own poison now, violating the privacy of all humans for years !

Why is it legal when they do it ? no one bats an eye when they spy on users and fu⁠ck us everyday by the name

of improving services or protecting their interests ! now it's named an act of war because they are the victims.

 

 

  • Thanks 1
Link to post
whoknows

whoknows 317

Posted
  • Author
Posted

iPhone factory workers say they haven’t been paid, cause millions in damages

arstechnica.com/gadgets/2020/12/worker-protests-at-indian-iphone-factory-causes-up-to-7-million-in-damages/

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Followers 0
Go to topic listing
×
×
  • Create New...