Skip to main content


Items tagged with: cybersec

Ich sehe es weiterhin mit Freude, wie aktiv der Linux Client von NordVPN (momentan 75 % Rabatt!) * weiterentwickelt wird. Über die Feiertage habe ich bemerkt, dass ein Update auf Version 3.0.0 ausgeliefert wurde. Ich habe die neueste Version von NordVPN unter Linux Mint 19.1 ganz normal über die Aktualisierungsverwaltung bekommen. Es handelt sich bei der VPN Software um einen Client für die Kommandozeile. Das […]
NordVPN Linux Client 3.0.0 - neue Funktionen & bessere Performance
#Android #BKA #CyberSec #IP-Adresse #Linux #NordVPN #OpenVPN #PIA #PrivateInternetAccess #RaspberryPi #UbuntuMate #VPN #Windows #


OilRig (APT34) hacking tools and victim data leaked

Few weeks ago a group of Iranian hackers called "Lab Dookhtegan" started leaking information about the operations of APT34 / #OilRig / #HelixKitten which supposedly would be the Iranian Ministry of Intelligence. The leaks started on March 26 when #Dookhtegan started dropping archive containing source code on Telegram. The initial leak has recieved low coverrage so far and the Telegram group where the leak first appeard only has about 30 members.

Several cyber-security experts have already confirmed the authenticity of these tools.

Besides source code for the above tools, Dookhtegan also leaked on the Telegram channel data taken from victims that had been collected in some of APT34's backend command-and-control (C&C) servers.

Quick overview the leak and some IOC in Misterofch0c blog.

Pieces of code are available on Github.

#APT34, #Iran, #dataleak, #cybersec, #cybersecurity


Новая атака, старая техника.

Таргетинг - GOV.UA, аттрибуция - APT Gamaredon (RU)

Примитивная схема: документ для маскировки, SFX-архив с иконкой MS Word. После запуска влетает #... show more


Incident with Hacker's Story

GitHub issues of pieced together as one "story":

I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.

Complete compromise could have been avoided if developers were prohibited from using ForwardAgent yes or not using -A in their SSH commands. The flaws with agent forwarding are well documented.

Escalation could have been avoided if developers only had the access they absolutely required and did not have root access to all of the servers. I would like to take a moment to thank whichever developer forwarded their agent to Flywheel. Without you, none of this would have been possible.

Once I was in the network, a copy of your wiki really helped me out and I found that someone was forwarding 22226 to Flywheel. With jenkins access, this allowed me to add my own key to the host and make myself at home. There appeared to be no legitimate reaso
... show more pwned!

An attacker gained access to the servers hosting The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a user you should change your password now.

The hacker exploited a vulnerability in our production infrastructure (vulnerabilities in the groovy plugin in #Jenkins, multiplied by the incorrect setting of the CI sandbox). Homeservers other than are unaffected.

Forensics are ongoing

#hack, #cybersec, #matrix, #securityincident

... show more

better safe than sorry - CheckPoint Security found security problems in OpenSource and closed source rdp clients/servers - mstsc microsoft remote desktop rdp client - how to disable clipboard sharing

CheckPoint Security found security problems in OpenSource and closed source rdp clients/servers – the product vendors including MS have been informed and everybody except MS will update their products. X-D

a hacked rdp server can „attack“ the client – in the moment – the client pastes content from server (files or other stuff) – at this moment a malicious/compromised server running outside of corporate LAN could place a file at any path of the client (autostart folder) and run it next time the system boots. not cool.

proposed solution: disable clipboard sharing
... show more