Notices by Catalin Cimpanu (campuscodi@mastodon.social), page 4

Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Monday, 08-Apr-2024 00:37:53 JST Catalin Cimpanu

Anyone know where I can find more details on this audit?
Source: https://twitter.com/infernosec/status/1776706528013406435
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/112/230/673/196/212/966/original/bd115552c8251e71.png
2. Untitled attachment
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Sunday, 07-Apr-2024 22:31:37 JST Catalin Cimpanu

"I discovered a pre-auth path traversal vulnerability in the Jasmin Ransomware web panel (CVE-2024-30851), allowing an attacker to deanonymize panel operators and dump decryption keys"
https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  
  GitHub - chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc: Jasmin ransomware web panel path traversal PoC
  
  Jasmin ransomware web panel path traversal PoC. Contribute to chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc development by creating an account on GitHub.
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Saturday, 30-Mar-2024 16:43:42 JST Catalin Cimpanu

HP has ceased all operations and has exited the Russian market.
The company stopped all shipments to Russia in February 2022 after its invasion of Ukraine.
It began winding down operations in May of the same year and had planned for a final exit in May 2024.
HP pulled out of Russia last week, two months ahead of its planned departure.
The move has surprised Russian companies, which cannot update drivers or contact support.
https://t.me/breakingmash/52972
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  Index of /
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Friday, 29-Mar-2024 03:18:53 JST Catalin Cimpanu

Czech intelligence services have disrupted a Russian propaganda network operating in Prague.
The network operated a news website named the Voice of Europe.
Officials say the website was registered to a local company but was financed from Russia. It published opinions from EU politicians who were demanding that the EU stop financing Ukraine.
According to local news outlet Denik N, some of the politicians were paid using funds from Russia.
https://denikn.cz/1388000/odhaleni-bis-jak-se-rusove-snazili-z-ceska-ovlivnit-volby-po-cele-evrope/?ref=tit1

In conversation about 8 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 28-Mar-2024 16:38:12 JST Catalin Cimpanu

US charges KuCoin and its founders with money laundering "large sums of criminal proceeds, including proceeds from darknet markets and malware, ransomware, and fraud schemes."
https://www.justice.gov/usao-sdny/pr/prominent-global-cryptocurrency-exchange-kucoin-and-two-its-founders-criminally
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  Prominent Global Cryptocurrency Exchange KuCoin And Two Of Its Founders Criminally Charged With Bank Secrecy Act And Unlicensed Money Transmission Offenses
  
  Damian Williams, the United States Attorney for the Southern District of New York, and Darren McCormack, the Acting Special Agent in Charge of the New York Field Office of Homeland Security Investigations (“HSI”), announced today the unsealing of an Indictment against global cryptocurrency exchange KuCoin and two of its founders, CHUN GAN, a/k/a “Michael,” and KE TANG, a/k/a “Eric,” for conspiring to operate an unlicensed money transmitting business and conspiring to violate the Bank Secrecy Act by willfully failing to maintain an adequate anti-money laundering (“AML”) program designed to prevent KuCoin from being used for money laundering and terrorist financing, failing to maintain reasonable procedures for verifying the identity of customers, and failing to file any suspicious activity reports.
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Wednesday, 27-Mar-2024 07:51:17 JST Catalin Cimpanu

Security firm ReversingLabs has discovered a malicious .NET library on the official NuGet repository.
The package contains code to take screenshots of the infected system every minute and upload the data to a remote server.
ReversingLabs says the library appears to target developers who work with industrial software from Chinese company Bozhon.
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems

In conversation about 8 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Wednesday, 27-Mar-2024 03:43:22 JST Catalin Cimpanu

The UK's NCSC has published guidance to help CEOs in public and private sector organizations respond and manage a cybersecurity incident.
https://www.ncsc.gov.uk/guidance/ceos-responding-cyber-incidents

In conversation about 8 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Wednesday, 27-Mar-2024 03:41:49 JST Catalin Cimpanu

Atlas VPN, the company that flooded my inbox with bogus security research for years, is shutting down in a month
https://atlasvpn.com/blog/announcement

In conversation about 8 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Tuesday, 26-Mar-2024 20:42:06 JST Catalin Cimpanu

...and now you know why all the Russian internet troll farms defend cryptocurrencies like it was their own child
"Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned thirteen entities and two individuals for operating in the financial services and technology sectors of the Russian Federation economy including persons developing or offering services in virtual assets that enable the evasion of U.S. sanctions."
https://home.treasury.gov/news/press-releases/jy2204
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: home.treasury.gov
  
  Treasury Designates Russian Companies Supporting Sanctions Evasion Through Virtual Asset Services and Technology Procurement
  
  WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned thirteen entities and two individuals for operating in the financial services and technology sectors of the Russian Federation economy including persons developing or offering services in virtual assets that enable the evasion of U.S. sanctions. Five entities were designated for being owned or controlled by OFAC-designated persons.Many of the individuals and entities designated today facilitated transactions or offered other services that helped OFAC-designated entities evade sanctions. These designations build upon OFAC’s February 23, 2024 action to target companies servicing Russia’s core financial infrastructure and curtail Russia’s use of the international financial system to further its war against Ukraine. “Russia is increasingly turning to alternative payment mechanisms to circumvent U.S. sanctions and continue to fund its war against Ukraine,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson. “As the Kremlin seeks to leverage entities in the financial technology space, Treasury will continue to expose and disrupt the companies that seek to help sanctioned Russian financial institutions reconnect to the global financial system.”COUNTERING THE POTENTIAL FOR SANCTIONS EVASION WITH VIRTUAL ASSETSOn February 24, 2024, the G7 Leaders reaffirmed their commitment to step up efforts against the evasion and circumvention of G7 sanctions and export control measures. The companies designated by OFAC today have all either helped build or operate blockchain-based services for, or enabled virtual currency payments in, the Russian financial sector, thus enabling potential sanctions evasion. Joint Stock Company B-Crypto (B-Crypto) is a Moscow-based fintech company that has partnered with OFAC-designated Rosbank to facilitate cross-border settlements for Russian exporters using virtual currencies. B-Crypto was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Obshchestvo S Ogranichennoy Otvetstvennostyu Sistemy Raspredelennogo Reyestra (Masterchain) is a Moscow-based fintech company that has agreements to issue digital financial assets, a term in Russia’s legal framework that refers to blockchain-based tokens that confer digital rights, with various OFAC-designated Russian banks, including VTB Bank and the Central Bank of Russia. Masterchain was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Obshchestvo S Ogranichennoy Otvetstvennostyu Laitkhaus (Laitkhaus) is a Moscow-based fintech company that has worked with OFAC-designated Sberbank and VTB Bank to issue, exchange, and transfer digital financial assets. Laitkhaus was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Obshchestvo S Ogranichennoy Otvetstvennostyu Atomaiz (Atomaiz), a Moscow-based fintech company, is a registered digital financial asset operator that has worked to tokenize precious metals and diamonds for Russian companies and is partnered with OFAC-designated Rosbank and Sovcombank. Atomaiz was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy. Tokentrust Holdings Ltd., based in Cyprus, is the majority shareholder of Atomaiz and was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy. Obshchestvo S Ogranichennoy Otvetstvennostyu Veb3 Tekhnologii (Veb3 Tekhnologii) and Obshchestvo S Ogranichennoy Otvetstvennostyu Veb3 Integrator (Veb3 Integrator) are Moscow-based technology companies providing blockchain solutions and platforms within the Russian financial sectors, with clients including OFAC-designated Sberbank and Alfa-Bank. Veb3 Tekhnologii and Veb3 Integrator were designated pursuant to E.O. 14024 for operating or having operated in the technology sector of the Russian Federation economy.Igor Veniaminovich Kaigorodov is the majority shareholder at both Veb3 Tekhnologii and Veb3 Integrator and was designated pursuant to E.O. 14024 for operating or having operated in the technology sector of the Russian federation economy.Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP), under its business names Netexchange and Netex24, is a Moscow-based fintech company that operates a virtual currency exchange which has enabled digital payments in rubles and virtual currencies to OFAC-designated entities such as Sberbank, Alfa-Bank, and Hydra Market. TOEP was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Timur Evgenyevich Bukanov (Bukanov) is the owner and director of TOEP and was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Bitfingroup OÜ (Bitfingroup) is an Estonian company that lists Bukanov as the sole owner. Bitfingroup was designated for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Bukanov.Bitpapa IC FZC LLC (Bitpapa) operates a peer-to-peer virtual currency exchange and offers services to Russian nationals. To date, it has conducted transactions worth millions of dollars with OFAC-designated Russian entities Hydra Market and Garantex. Bitpapa was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Crypto Explorer DMCC (Crypto Explorer), under its business name AWEX, operates a Russia and UAE-based virtual currency exchange that offers conversions between virtual currencies, rubles, and UAE dirhams. AWEX offers cash services at its offices in Moscow and Dubai and also loads funds onto credit cards associated with OFAC-designated Russian banks such as Sberbank and Alfa-Bank. Crypto Explorer was designated pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.Obshchestvo S Ogranichennoy Otvetstvennostyu Kripto Eksplorer (OOO Kripto Eksplorer) is a Russian company that is solely owned by Crypto Explorer. OOO Kripto Eksplorer was designated for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Crypto Explorer.DISRUPTING RUSSIA’S TECHNOLOGY PROCUREMENTJoint Stock Company Echelon Technologies (Echelon Technologies) is a Moscow-based company that sells technology products and is owned by Joint Stock Company Echelon Union for Science and Technology (Echelon Union) an OFAC-designated entity licensed by the Russian Federal Security Service and the Russian Ministry of Defense. Echelon Technologies was designated pursuant to E.O. 14024 for operating or having operated in the technology sector of the Russian Federation economy.Autonomous Non-Profit Organization of Additional Professional Education Echelon Training Center and Limited Liability Company Key Information Systems are Moscow-based companies that work with and share an address with OFAC-designated Echelon Union and were designated pursuant to E.O. 14024 for operating or having operated in the technology sector of the Russian Federation economy.Limited Liability Company Echelon Innovations (Echelon Innovations), Limited Liability Company Project Consulting Bureau Echelon (Project Bureau Echelon), and Limited Liability Company Cybersecurity Laboratory (Cybersecurity Laboratory) all list Echelon Union as the sole or majority shareholder. Echelon Innovations, Project Bureau Echelon, and Cybersecurity Laboratory were designated for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Echelon Union.SANCTIONS IMPLICATIONSAs a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. In addition, foreign financial institutions that conduct or facilitate significant transactions or provide any service involving Russia’s military-industrial base run the risk of being sanctioned by OFAC. Examples of activities that could expose foreign financial institutions to sanctions risk under E.O. 14024, as amended, are maintaining accounts, transferring funds, or providing other financial services (i.e., payment processing, trade finance, insurance) for any persons designated for operating in the specified sectors or for any persons, either inside or outside Russia, that support Russia’s military-industrial base, including those that operate in the specified sectors of the Russian Federation economy. For additional guidance, please see the December 22, 2023 OFAC Sanctions Advisory as well as OFAC Frequently Asked Questions (FAQs) 1146-1157.The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.Click here for more information on the individuals and entities designated today.###
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Friday, 22-Mar-2024 03:59:12 JST Catalin Cimpanu

SonicWall's security team has published details on CVE-2024-2054, a still-unpatched unauth PHP deserialization vulnerability in the admin web interface of Artica Proxy appliances.
The vendor reports having over 100k servers installed around the world. 👀 👀 👀 👀 👀 👀 👀
https://blog.sonicwall.com/en-us/2024/03/unpatched-php-deserialization-vulnerability-in-artica-proxy/
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. Untitled attachment
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Friday, 22-Mar-2024 03:25:08 JST Catalin Cimpanu

Fortinet SQLi exploited in the wild:
https://mastodon.social/@simontsui@infosec.exchange/112134375836144314
This comes a day after the PoC was published on GitHub: https://github.com/horizon3ai/CVE-2023-48788
In conversation about 8 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  
  GitHub - horizon3ai/CVE-2023-48788: Fortinet FortiClient EMS SQL Injection
  
  Fortinet FortiClient EMS SQL Injection. Contribute to horizon3ai/CVE-2023-48788 development by creating an account on GitHub.
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 21-Mar-2024 11:49:50 JST Catalin Cimpanu

US sanctions Russian disinfo crew active in Latin America
https://home.treasury.gov/news/press-rleases/jy2195
Previously covered in a State Dept advisory here:
https://www.state.gov/the-kremlins-efforts-to-covertly-spread-disinformation-in-latin-america/

In conversation about 8 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 14-Mar-2024 20:55:21 JST Catalin Cimpanu
- Kevin Beaumont
@GossiTheDog too late... I've kinda retired from mindlessly posting online 2h/day

In conversation about 9 months ago from gnusocial.jp permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 14-Mar-2024 16:46:01 JST Catalin Cimpanu

Now that Simon has retired from Mastodon, I have to go back to actually working for a living :hurb: :sadness: 😭
https://mastodon.social/@simontsui@infosec.exchange/112085234926491096
In conversation about 9 months ago from mastodon.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  Mastodon
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Sunday, 10-Mar-2024 09:03:28 JST Catalin Cimpanu

The Swiss cyber-security agency has confirmed that classified information was stolen in a ransomware attack last year.
https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-100315.html

In conversation about 9 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 07-Mar-2024 21:11:25 JST Catalin Cimpanu

In a paper published this month, British academics say that the involvement of cybercrime crews in the Russian and Ukrainian hacktivism scene was "short-lived and fleeting."
https://arxiv.org/abs/2208.10629
In conversation about 9 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: arxiv.org
  
  Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict
  
  There has been substantial commentary on the role of cyberattacks carried by low-level cybercrime actors in the Russia-Ukraine conflict. We analyse 358k web defacement attacks, 1.7M reflected DDoS attacks, 1764 Hack Forums posts mentioning the two countries, and 441 announcements (with 58k replies) of a volunteer hacking group for two months before and four months after the invasion. We find the conflict briefly but notably caught the attention of low-level cybercrime actors, with significant increases in online discussion and both types of attack targeting Russia and Ukraine. However, there was little evidence of high-profile actions; the role of these players in the ongoing hybrid warfare is minor, and they should be separated from persistent and motivated 'hacktivists' in state-sponsored operations. Their involvement in the conflict appears to have been short-lived and fleeting, with a clear loss of interest in discussing the situation and carrying out both defacement and DDoS attacks against either Russia or Ukraine after a few weeks.
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Thursday, 07-Mar-2024 04:01:10 JST Catalin Cimpanu

The Record is now on Mastodon: https://mastodon.social/@therecord_media
In conversation about 9 months ago from mastodon.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: files.mastodon.social
  
  The Record Media (@therecord_media@mastodon.social)
  
  1 Post, 119 Following, 41 Followers · Covering the world of cyber and intelligence from every angle.
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Tuesday, 05-Mar-2024 08:20:41 JST Catalin Cimpanu

JetBrains tried to bury a security patch before Rapid7 called them out on it
https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
In conversation about 9 months ago from mastodon.social permalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/112/039/883/784/169/785/original/f8d9668465202042.png
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Sunday, 03-Mar-2024 22:36:47 JST Catalin Cimpanu
in reply to
- Kevin Beaumont
@GossiTheDog s***... gonna tell my Danish friends that websites they never access are gonna be down

In conversation about 9 months ago from mastodon.social permalink
Embed this notice
Catalin Cimpanu (campuscodi@mastodon.social)'s status on Friday, 01-Mar-2024 00:54:08 JST Catalin Cimpanu

Security researcher HaxRob has discovered a new Linux backdoor that is currently used to spy on telco networks.
The malware is named GTPDOOR after its use of the GPRS Tunnelling Protocol (GTP) to disguise command-and-control communications.
HaxRob believes the malware may be linked to LightBasin, a cyber-espionage group with a long history of telco espionage.
https://doubleagent.net/telecommunications/backdoor/gtp/2024/02/27/GTPDOOR-COVERT-TELCO-BACKDOOR
In conversation about 9 months ago from mastodon.social permalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/112/015/553/300/507/973/original/fd53f59e1fe688d6.png

After
Before

Public

Notices by Catalin Cimpanu (campuscodi@mastodon.social), page 4

User actions

Following 0

Followers 0

Groups 0

Statistics

Feeds