Security Leftovers

posted by Roy Schestowitz on Aug 15, 2023

• The 4 Best Network Scanning and Enumeration Tools

  The scanning and enumeration phase is crucial to every penetration tester's methodology and process. It is important to gather information about the network you are carrying a pentest on before you actually begin testing.

  So what does this really mean? And whar are the best tools to help you during the scanning and enumeration phase of your pentest?

• FBI warns of increasing cryptocurrency recovery scams

• Security updates for Monday [LWN.net]

  Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).

• Over 100K hacking forums accounts exposed by info-stealing malware

  Researchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Many of the computers belong to hackers, the researchers say.

  Analyzing the data, threat researchers found that the passwords used for logging into hacking forums were generally stronger than those for government websites.

  After pouring through 100 cybercrime forums, researchers at threat intelligence company Hudson Rock found that some hackers had inadvertently infected their computers and had their logins stolen.

• Colorado Department of Health Care Policy & Financing reports more than 4 million affected by MOVEit breach

  One of the MOVEit victims was the Colorado Department of Health Care Policy & Financing, which was notified by IBM of the data breach.

  According to their notification, the information types included full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home address and other contact information, demographic or income information, clinical and medical information (such as diagnosis/condition, lab results, medication, or other treatment information), and health insurance information.

• NYS Comptroller Audit: Cyber Incident Response Team (Follow-Up)

  To assess the extent of implementation of the two recommendations included in our initial audit report, Cyber Incident Response Team (Report 2020-S-58).

• Monti Ransomware Unleashes a New Encryptor for Linux [Ed: This impacts Linux but isn't a Linux issue; there's something else in the stack or a truly bad password]

  The Monti ransomware, which has both Windows and Linux-based variants, gained attention from cybersecurity organizations and researchers when it was first discovered in June 2022 because of its striking resemblance to the infamous Conti ransomware — not just in name but also the tactics that the threat actors used. The group, operating under the moniker "Monti," has also deliberately emulated the widely recognized tactics, techniques, and procedures (TTPs) of the Conti team, incorporating a substantial number of their tools and even using Conti’s leaked source code. Since its discovery, the Monti group has been continuously targeting companies, exposing them on their leak site.

• 10 people, including 16-year-old youth arrested for suspected involvement in malware scams

  They were later instructed by the scammers to download Android Package Kit (APK) files from third-party app stores in order to make purchases.

  This would result in malware being installed on the victims' mobile devices.

  The scammers then convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones.

• EXCLUSIVE: Medusa ransomware group, DDoS attacks against Levare International Ltd.

  The Medusa Group contacted us to inform them that they have just stopped the DDoS attacks on the IT infrastructure of Borets International Ltd. (Levare). On the website of the Levare we did not find any references regarding the loss of data after the cyber attack of last July 25th.

  We want to remind you that for some days we have been in possession of a video prepared by Medusa where the ransomware group shows an important part of the exfiltrated documents, we have chosen not to share it as much of the data seen in the video could harm both the privacy of employees, but also trade secrets.

• Everything old is new again? Medusa attempts to up the pressure on a victim with a DDoS attack

  uspect File reports that after negotiations broke down between Medusa and Levare’s negotiators in Texas, the threat actors knocked Levare offline with DDoS attacks. They have also added them to their dark web leak site with a price tag of $500,000.00 and a countdown clock showing nine days left. Proof of claims is also provided on the leak site with screencaps of files.