Camera off: Akira deploys ransomware via webcam

Akira, a prominent ransomware group, accounted for 15% of incidents in 2024, showcasing novel evasion techniques. In a recent attack, Akira circumvented an Endpoint Detection and Response (EDR) tool by compromising an unsecured webcam to deploy ransomware. After initial detection, the group pivoted to exploit IoT devices, particularly a vulnerable webcam running Linux. This allowed them to execute their Linux ransomware variant without EDR interference. The incident highlights the importance of comprehensive security measures, including IoT device monitoring, network segmentation, and regular audits. Key takeaways include prioritizing patch management for all devices, adapting to evolving threat actor tactics, and ensuring proper EDR implementation.

Pulse ID: 67d046979aa7a5f6ddc6aa12
Pulse Link: https://otx.alienvault.com/pulse/67d046979aa7a5f6ddc6aa12
Pulse Author: AlienVault
Created: 2025-03-11 14:20:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

What is the best way to make a #Sparnatural SHACL specification ?

Based on #HumaNum's #Nakala graph, here is a usecase of an automated version of Sparnatural Thomas submitted as an example for Veronika Heimsbakk’s upcoming book.

We look forward to reading @veronahe’s book, and you ?

https://blog.sparna.fr/2025/02/06/nakala-from-an-rdf-dataset-to-a-query-ui-in-minutes-shacl-automated-generation-and-sparnatural/

Kritieke kwetsbaarheid in ivanti endpoint manager ondanks patches nog steeds uitgebuit https://www.trendingtech.news/trending-news/2024/10/40372/kritieke-kwetsbaarheid-in-ivanti-endpoint-manager-ondanks-patches-nog-steeds-uitgebuit #Ivanti #CVE-2024-29824 #Endpoint Manager #SQL-injectie #kwetsbaarheid #Trending #News #Nieuws

@tuxedocomputers
Hey Tuxedo,
das implementieren eigener URLs, ich vermute aus Datenschutz gründen?, ist gut! Könntet ihr das bitte auch mit den übrigen Endpoints machen, insbesondere wenn sie zu #google gehen?

Das Verhalten wurde beim der Installation der aktuellen Tuxedo OS 3 .iso festgestellt.

I have now finally found the solution and cause to what stops deployment of IKEv2 VPN connections on #windows11 .
It took 6 months of pushing an issue through #Microsoft to finally solve the issue.
The background was that the deployment worked on some of our customers, but not on others. Everything worked if we sent a Powershell-script with same settings.

There WAS an undocumented limitation that all of the Child Security Association Parameters had to be configured. And we had some customer that didn't have PFS configured.
Microsoft has now fixed the documentation.

Current: https://learn.microsoft.com/en-us/mem/intune/configuration/vpn-settings-windows-10#ike-security-association-parameters-ikev2-only

Previous: https://web.archive.org/web/20231206054019/https://learn.microsoft.com/en-us/mem/intune/configuration/vpn-settings-windows-10

Question for large #enterprise #infosec people out there who deal with #network and #endpoint security: are decrypting proxies still the main focus? Is the latest state of the art still painful TLS interception and having to manipulate certificate trust for everything? Is there really nothing better?

#Malware exploits undocumented Google #OAuth #endpoint to regenerate #Google #cookies
https://securityaffairs.com/156723/hacking/exploit-regenerates-google-cookies.html

Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:

➝ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ Hackers breached International Criminal Court’s systems last week
➝ #Microsoft #AI researchers accidentally exposed terabytes of internal sensitive data
➝ #BlackCat #ransomware hits #Azure Storage with #Sphynx encryptor
➝ Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ #India's biggest tech centers named as #cybercrime hotspots
➝ Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ UK Minister Warns #Meta Over End-to-End Encryption
➝ One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ #GitHub launches #passkey support into general availability
➝ Free Download Manager releases script to check for #Linux malware
➝ #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ #iOS 17 includes these new security and #privacy features
➝ High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ Apple emergency updates fix 3 new zero-days exploited in attacks
➝ #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ Nearly 12,000 #Juniper #Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-382023

Lots of good information on API processes, standardisation & lifecycle in @lornajane’s talk at @appdevcon. #endpoint

Implement Microsoft Sentinel and Microsoft 365 Defender for Zero Trust

This solution guide walks through the process of setting up Microsoft eXtended detection and response (XDR) tools together with Microsoft Sentinel to accelerate your organization’s ability to respond to and remediate cybersecurity attacks.

https://learn.microsoft.com/en-us/security/operations/siem-xdr-overview

Tech Wrap-Up 5-4-2022, which is #StarWarsDay! Track #Windows Registry changes, persistent #cybersecurity threats, real-time #endpoint #protection, reasons to upgrade to #Windows11, #Linux #gaming popularity, and more, all in today's wrap-up https://www.techhelpkb.com/tech-wrap-up-5-4-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup

AWS recently announced AWS Lambda Function URLs which provide built-in HTTPS Endpoints for Single-Function Microservices: Read more: https://cybersec.nonamesecurity.com/s/aws-s-latest-announcement-will-accelerate-the-already-explosive-growth-of-apis-3825 #AWS #Endpoint #cybersecurity

« October 2020 Top 10 #Sysadmin #HowTo and tutorials » by #RedHat

- Join a #Linux system to an #ActiveDirectory domain
- #Kubernetes basics for SysAdmins
- Top 5 #Vim plugins for SysAdmins
- 8 ways to protect #SSH access on your system
- Understanding YAML for #Ansible
- #YAML for beginners
- Use the #uniq #command to process lists in Linux
- Customize Linux user environments
- Using Ansible to interact with #Web #Endpoint(s)
- Deconstructing an Ansible playbook

/> https://www.redhat.com/sysadmin/october-2020-recap

An interesting question for the haxors and slaxors here.

Given remote or physical access to an #endpoint with #authorization, what difference would a short (~30 minute) authorization window make in comparison to 8 hours?

Assume you don't get access to a refresh of the authorization but, come on, you usually do.