GossiTheDog

GossiTheDog, 5 months ago to random

NoName057(16) are targeting the UK today, so I shall start monitoring them and naming their targets and attack types.

Their targeting: https://raw.githubusercontent.com/GossiTheDog/Monitoring/main/NoName/targets_2023_12_07_11am.txt

Currently:
pa.eastcambs.gov.uk
politics.leics.gov.uk
www.liverpool.gov.uk
www.mil.be
www.bollington-tc.gov.uk
www.cranbrooktowncouncil.gov.uk
cert.be
my.swiftcard.org.uk
www.monarchie.be
www.premier.be
www.david-clarinval.be
www.dekamer.be
www.senaat.be

#threatintel #noname

GossiTheDog, 10 months ago to random

Microsoft quietly snuck out a blog yesterday to say that Office 365 got compromised by China and used to steal emails. Thread follows. https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/

GossiTheDog, 1 year ago to random

The Guardian (who are themselves working out of a pub still due to a ransomware attack in December 2022) are reporting #Capita (a major IT supplier) have a "IT incident", staff have been told to not use VPN, and they are working with pen and paper since this morning. Thread follows. https://www.theguardian.com/business/2023/mar/31/capita-it-systems-fail-cyber-attack-nhs-fears?CMP=share_btn_tw

GossiTheDog, 11 months ago to random

A bunch of people have alerted me to a vulnerability in #MoveIT, a secure file transfer app used heavily in the UK.

I did some digging and it looks like it’s a zero day under active exploitation. Not 100% on threat actor yet but it may be one of the ransomware/extortion groups.

Really serious, impacted orgs should shut down the server. Thread follows. #threatintel

GossiTheDog, 10 months ago to random

Due to the ongoing Xbox court case in the US, Microsoft has had to disclose that it is rebuilding home Windows OS to be a cloud streaming subscription service https://www.theverge.com/2023/6/27/23775117/microsoft-windows-11-cloud-consumer-strategy

GossiTheDog, 3 months ago (edited 3 months ago) to random

The three million toothbrush botnet story isn’t true.

Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.

GossiTheDog, 1 year ago to random

Microsoft, one of the world’s most profitable companies - a story in two parts.

image/jpeg

GossiTheDog, 1 year ago to random

The web browser is 30 years old today - NCSA Mosaic 1.0 released April 22, 1993

GossiTheDog, 3 months ago to random

Okay, this made me laugh.

GossiTheDog, 4 months ago to random

⚠️ want a highly impactful, actively exploited border gateway zero days situation to wake you up?

Ivanti Pulse Secure aka Ivanti Connect Secure and Ivanti Policy Secure Gateway customers - prepare to deploy mitigations and await follow on patches.

In the wild exploitation, probable nation state - includes authentication (including MFA) bypass and code execution.

Looks like Ivanti have done a really good job identifying.

I call it ConnectAround. #threatintel #connectaround

GossiTheDog, 1 month ago to random

HT to @wdormann here - somebody has backdoored the open source project XZ which has downstream impacts.

For example, although OpenSSH doesn’t use XZ, Debian patch OpenSSH and introduced a dependency which translates as the XZ changes introducing a sshd authentication bypass backdoor it appears.

One dude bothered to investigate in his free time about why ssh was running slow, so it was caught fairly early - i.e. hopefully before distros started bundling it.

https://www.openwall.com/lists/oss-security/2024/03/29/4

GossiTheDog, 8 months ago to random

Starfield lets you name the ships in your fleet. Name mine.

GossiTheDog, 6 months ago to random

Interesting Citrix Netscaler bug being mass exploited in the wild for about a month.

This is the HTTP request:

GET /oauth/idp/.well-known/openid-configuration HTTP/1.1
Host: a <repeated 24812 times>
Connection: close

It replies with system memory, which includes session tokens that you can use it gain remote access, bypassing authentication including MFA.

I think this one may have more legs than people realise. #threatintel

https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966

GossiTheDog, 4 months ago to random

Microsoft filing with the SEC to say Russia SVR hacked the email accounts of its own cyber staff in November, they discovered this week: https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866dex991.htm

GossiTheDog, 10 months ago (edited 10 months ago) to random

For anybody wondering what the Mastodon security issue is - CVE-2023-36460, you can send a toot which makes a webshell on instances that process said toot. #CVE202336460 #TootRoot

GossiTheDog, 7 months ago to random

I wish I didn't auto delete my toots sometimes, as I predicted this about 6 months ago...

People are injecting malware responses into Microsoft's AI, so now when you ask it questions it is serving people malware downloads. https://www.bleepingcomputer.com/news/security/bing-chat-responses-infiltrated-by-ads-pushing-malware/

GossiTheDog, 8 months ago to random

Regarding MGM Resorts - while there are reports things are fixed, this very definitely isn’t true.

I’ve been monitoring their on prem network border - everything is down still. DMZ, WAN etc. #threatintel

GossiTheDog, 10 months ago to random

Can’t wait for Twitter to get fixed on Monday and for all the journalists to return to write how Mastodon is doomed.

GossiTheDog, 11 months ago to random

billionaires r u okay https://www.bbc.com/news/av/uk-21597371

GossiTheDog, 2 days ago to random

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

video/mp4

GossiTheDog, 10 months ago to random

Mastodon has hit 2 million active users today. 🎉

GossiTheDog, 11 months ago to random

😬

image/jpeg

GossiTheDog, 8 months ago to random

If companies want to deal with efficiency, instead of chasing people into the office they should ask Microsoft for this M365 feature suggestion:

you set an average cost per employee hour, then at the end of the meeting in Teams it displays how much the meeting cost in $ based on number of attendees and time they attended, and asks each attendee to rate if it was worth it - ie if something meaningful happened.

Anonymised stats dashboard to show cost of meetings vs benefit.

GossiTheDog, 11 months ago to random

A common Mastodon journalist observation is that things don’t seem to get traction here.

They’re right. Sorta. Boosts and likes aren’t synced across servers, so things look dead.

I’ve had plenty of toots with thousands of boosts and likes.. but if you don’t use my server, cyberplace.social, it looked like they had 4 interactions.

Plot twist: boost and like syncing is coming to Mastodon. It’s on the roadmap.

GossiTheDog, 27 days ago to random

My Mastodon server, cyberplace.social, has received a legal threat in an attempt to have a user's thread deleted. It is styled as a cease and desist.

I have published the email here:
https://github.com/GossiTheDog/Cyberplace/blob/main/LegalThreats/Cease%20and%20Desist%20Order%20-%20Felix%20Juhl

#mastoadmin