CyberSecurity News
22nd November 2021
Here’s what I thought was interesting from the previous week:
127.1.0.0 - 127.255.255.255 might become Internet routable, this has massive security implications.
https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.htmlThe criminal cost of buying zero-click zero-days is going up and that's bad news for everyone.
Windows 10 Zero-Click Security Exploit Wanted. Reward: $3 Million
Ransomware has a lot to answer for, including helping to fund what could be the frightening future of Windows 10 attacks.
In the highly unlikely event that Shiba Inu was to rise in value to $1, the amount circulating would be worth almost 10 times as much as the entire U.S. stock market
https://www.bloomberg.com/news/articles/2021-11-20/coin-worth-0-00004893-highlights-crypto-s-wild-decimal-frontierThe Conti ransomware gang has suffered a security breach
Conti ransomware gang suffers security breach
The Conti ransomware group has suffered an embarrassing data breach after a security firm was able to identify the real IP address of one of its most sensitive servers and then gain console access to the affected system for more than a month.
This comes after blockchain analysis revealed that Conti made at least $25M since between July 2021 and November 2021
Israel charges Defense Minister’s house cleaner with leaking data to Iranian hackers
A house cleaner working for Israel's defense minister offered to spy for hackers linked to Iran, says indictment | Business Insider India
Omri Goren Gorochovsky faces espionage charges. He offered to install malware on the computer of Benny Gantz, Israel's defense minister.
Hackers deploy Linux malware, web skimmer on e-commerce servers
https://www.bleepingcomputer.com/news/security/hackers-deploy-linux-malware-web-skimmer-on-e-commerce-servers/United States has announced plans to sell tens of millions of dollars’ worth of seized crypto-currency to compensate victims of fraud.
US to Sell $56m in Seized Crypto-Currency - Infosecurity Magazine
BitConnect promoter’s seized crypto-currency to be liquidated to benefit victims of fraud
Sci-Hub: Researchers File Intervention Application To Fight ISP Blocking
Sci-Hub: Researchers File Intervention Application To Fight ISP Blocking - Slashdot
Last December, academic publishers Elsevier, Wiley, and American Chemical Society filed a lawsuit demanding that Indian ISPs block access to Sci-Hub and Libgen for copyright infringement. The ongoing case now includes an intervention application from a group of social science researchers who say tha...
Sci-Hub is a freely accessible decentralized database of more than 85,000,000 research papers, used by more than 500,000 people every day. These people are scientists and students, medical practitioners and journalists. The service is available at
https://sci-hub.se
Microsoft Exchange servers hacked in internal reply-chain attacks
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/North Korean Hackers Found Behind a Range of Credential Theft Campaigns
North Korean Hackers Found Behind a Range of Credential Theft Campaigns
North Korean hackers are behind a variety of credential theft campaigns, researchers report
Amazon's former head of information security said the company's customer data protection was a mess: 'It was all put together with tape and bubblegum'
Amazon's Customer Data Security Was a Mess, Former Security Exec Says
Amazon's mission to "delight the customer" came "at the expense of everything else," former information security VP Gary Gagnon told Wired.
Lastly, most people don’t realize how massively far reaching Curl is today. It’s a component of practically everything:
https://curl.se/docs/companies.htmlI’m planning to write an article on curl, it’s usefulness in PenTesting and how it’s used by commercial programs.
Please reach out to my on twitter at @forshish with any comments