cRyPtHoN™ INFOSEC (EN)

Company listed on Shanghai stock exchange accused of aiding Chinese cyberattacks The U.S. has accused a company listed on the Shanghai stock exchange of being directly involved in China’s state-sponsored hacking activities. Integrity Technology Group (Integrity Tech), also known as Yongxin Zhicheng, is a cybersecurity business named on Wednesday morning by FBI Director Christopher Wray as responsible for running a botnet associated with the hacking group tracked as Flax Typhoon. https://therecord.media/china-public-company-integrity-tech-accused-flax-typhoon-botnet-fbi 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained an authenticated administrative session on the appliance, they can carry out any action that a legitimate administrator user would be capable of. This includes the ability to reconfigure settings on the appliance, or modify policies to allow extraction of passwords stored in managed accounts or personal vaults,” AmberWolf researchers have explained. https://www.helpnetsecurity.com/2024/09/19/cve-2024-45488/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication In a major revelation for cybersecurity professionals, security researcher Sina Kheirkhah (@SinSinology) of watchTowr has published an analysis and proof-of-concept (PoC) exploit for CVE-2024-40711, a critical vulnerability in Veeam’s widely-used Backup & Replication software. With a CVSS score of 9.8, this unauthenticated remote code execution (RCE) issue poses a severe threat to enterprise environments running versions 12.1.2.172 and below, as highlighted by Veeam’s security advisory. https://securityonline.info/poc-exploit-releases-for-unauthenticated-rce-cve-2024-40711-in-veeam-backup-replication/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. CISA this week added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle product flaws for which there do not appear to be any previous reports of exploitation. https://www.securityweek.com/cisa-oracle-vulnerabilities-from-miracle-exploit-targeted-in-attacks/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Data from Major Chinese Oil Company Allegedly Leaked on Dark Web A threat actor has claimed to have leaked sensitive data from one of China’s largest oil companies on a dark web forum. The alleged leak contains a wide range of personal and corporate information. According to the post, the stolen data includes full names, job titles, email addresses, server IP logs, a number of password hashes, and phone numbers. A sample from the alleged leak was provided in the forum post. The threat actor also included a link to the entire dataset as well. https://dailydarkweb.net/data-from-major-chinese-oil-company-allegedly-leaked-on-dark-web/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Clever 'GitHub Scanner' campaign abusing repos to push malware A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability" and urges others to visit a counterfeit "GitHub Scanner" domain. The domain in question, however, is not associated with GitHub and tricks users into installing Windows malware. https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

UK activists targeted with Pegasus spyware ask police to charge NSO Group 4 file complaint with London's Met, alleging malware maker helped autocratic states violate their privacy Four UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London's Metropolitan Police they hope will lead to charges against Pegasus peddler NSO Group. The activists, who say their comms were snooped on by the autocratic states, assembled their complaint with the help of Global Legal Action Network (GLAN), a non-governmental organization bringing the case to the Met on their behalf. They accuse NSO, along with a selection of its key associates, of being behind alleged spyware infections dating back to 2018. https://www.theregister.com/2024/09/19/pegasus_spyware_met_police_complaint/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Picus Security, founded by 3 Turkish mathematicians, raises $45M after simulating 1B cyber attacks For as long as programming has existed, we have had a plethora of methods to ensure the code works as intended. These days, that entire testing process has been kicked into high gear: The growing sophistication of security breaches has turned software verification into a much more urgent task — and a far more complicated one. https://techcrunch.com/2024/09/19/picus-security-founded-by-turkish-3-mathematicians-raises-45m-after-simulating-1b-cyberattacks/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Five Eyes alliance seizes control of extensive spy tech network used by China FBI boss says the botnet was ‘burned down’ once China realized it had lost control of the network A network of devices has been seized by the western intelligence alliance, Five Eyes, taking control of a 260,000 device botnet. The network was reportedly in development since 2021, and was likely used to help Chinese actors breach critical infrastructure and government agencies in the US, Taiwan, and elsewhere. https://www.techradar.com/pro/five-eyes-alliance-seizes-control-of-extensive-spy-tech-network-used-by-china 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv