Notices by Kevin Beaumont (gossithedog@cyberplace.social), page 4

@jerry nope. Captcha enabled.

2025 cyber gossi

Good on Jen and Nitin. They did incredible work with CISA, and it’s really the template for other regional cyber groups to copy now. The current version, not the version it may become. https://www.nextgov.com/people/2024/11/cisa-director-jen-easterly-depart-inauguration-day/401036/

Anonymous for Justice claim they have hacked “‘ministry of economy and industry’, ‘ministry of finance’, ‘Central Bank of Israel’ and stock exchange” and have started dumping data.

It does look credible that at least some of these orgs have a security issue. It is potentially embarrassing for the Israeli government as it is includes orgs who were tasked with briefing about how to defend against Anonymous for Justice.

#threatintel

Guess where X’s owner turned up when the changes were made btw.

“A computational analysis of potential algorithmic bias on platform X during the 2024 US election” by Queensland University of Technology has been released.

They find X's algorithm was changed in mid-July 2024 to systematically boost Republican-leaning accounts in the For You (default view) feed, along with Elon’s tweets.

https://eprints.qut.edu.au/253211/

The MS Flight Simulator 2024 collectors edition has been delayed in Europe as they forgot to arrange flights for the boxes. 🤣

Just to be clear on this one, Akamai aren’t knowingly hosting NoName attacks - NoName’s supporters are just bouncing some of their attacks off Linode.

As far as I know the only company who knowingly have customers who sell DDoS attacks is Cloudflare.

@nygren it’s all good - I just rant about NoName as they’re wiley foxes 🤣 I think some of the CERTs put lists in public, I’m presuming they got shut off since then - eg this one from January

https://github.com/govcert-ch/CTI/blob/main/20240117_NoName057-DDoS-CH.csv

@bagder the about box in Cisco AnyConnect has a lot to answer for 🤣

@nygren I know it is a coincidence. I never connected it in this thread. I am aware of the trust and safety team and the IPs have been reported all year.

@nygren no, many of the attacking nodes for NoName are run from Linode, which is owned by Akamai.

@StGebert the incident disclosed by Syniverse in 2021 had been going on for at least 5 years, worth reading the SEC filing. You may be able to figure some things out from the wording - eg it was an EDT (file exchange) platform but they got login creds which allowed backdoor installation - what else works on port 22 and provides SFTP?

Also worth reading the deleted CrowdStrike report above.

@hallyesvomet next week

One extra bit - Syniverse has port 22 access into every telco by design as part of their EDT platform.

In their SEC 8K they said “Login information allowing access to and from the EDT environment had been compromised for approximately 235 Syniverse customers”. Customers = telcos. It also said it removed "known backdoors that would allow access to Syniverse’s network without proper credentials"

This link has gone MIA from CrowdStrike’s website, but I’ll just loop it into this thread: https://web.archive.org/web/20240821122031/https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/

“no evidence of impacts to customer information” is some incredible wordsmithing.

https://www.thestack.technology/vodafone-supplier-hacked-syniverse-hack/

@cloudthethings no. Do you mean like individual moderation decisions on individual posts?

20% increase in active users at cyberplace.social