Netsec
!netsec
help-circle
rss
Earlier today, Oct. 2, Kyiv Post was contacted by hackers who identified themselves as part of the National Republican Army (NRA). As Kyiv Post has reported before, the NRA is an organization of Russian citizens seeking the overthrow of the Putin Government. The NRA hackers explained to Kyiv Post that they had executed an advanced ransomware attack on the network of Unisoftware, a Russian software development company known for the development and implementation of web applications, desktop systems, cloud, and API solutions. While communicating with Kyiv Post, the NRA member stated that their primary motivation was “Putin needlessly sending our young men to die in an unjust war waged against Ukraine that has resulted in the slaughter of innocent civilians, including women and children.” Corroborating what the NRA member told Kyiv Post, proof provided by the hackers of their work, including screenshots of the ransomware attack, identified clearly by the extension .t73 on several of the files as well as the standard decryption instructions file produced on the machines. The NRA hackers claimed to have stolen copies of all of Unisoftware’s data, including but not limited to: credentials for bank accounts and personal accounts, sensitive employee information, phone numbers, addresses, contracts, and proprietary code for Unisoftware’s clients and software. The group has threatened to release the data and all obtained information if not paid promptly by Unisoftware

>I tried to include primarily articles and readable guides, such as those published by madaidan. Also, I mostly tried to include some lesser-known articles. There are tons of security guides online and I do not want to simply recycle one of those. Some of the content, such as the articles about VPNs, are perhaps not going to be of interest to most of the readers of this site. Most of the older content is still relevant.

Judging from screenshots leaked onto Twitter, though, an intruder has compromised Uber's AWS cloud account and its resources at the administrative level; gained admin control over the corporate Slack workspace as well as its Google G Suite account that has over 1PB of storage in use; has control over Uber's VMware vSphere deployment and virtual machines; access to internal finance data, such as corporate expenses; and more. Infosec watcher Corben Leo, meanwhile, said he spoke to the miscreant responsible for this mess, and was told an employee was socially engineered to gain access to Uber's VPN, through which the intruder scanned the network, found a PowerShell script containing the hardcoded credentials for an administrator user, which were then used to unlock access to all of Uber's internal cloud and software-as-a-service resources, among other things. After that, everything was at the intruder's fingertips, allegedly. From an Uber employee: >Feel free to share but please don’t credit me: at Uber, we got an “URGENT” email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers.”

LastPass data breach: threat actors stole a portion of source code
To All LastPass Customers, I want to inform you of a development that we feel is important for us to share with our LastPass business and consumer community. Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations." Calling the attacks well designed and executed, the Singapore-headquartered company said the adversary singled out employees of companies that are customers of identity services provider Okta











netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

  1. Follow the golden rule, do unto others as you would have done unto you
  2. Smut, Porn, Gore etc. will result in Ban without warning
  3. No Spamming, Trolling or Unsolicited Ads (There are marketplaces in matrix and telegram you can use)
  4. Stay on topic in a community. If you would like a new community made, reach out to an admin and the creation of a net new community can be discussed.
  • 0 users online
  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 5 subscribers
  • 15 Posts
  • 0 Comments
  • Modlog