cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:25
Russia Linked to New Malware Targeting Email Accounts for Espionage
Russian military intelligence (GRU)-linked threat actors have been using previously unknown malicious software to enable espionage against victim email accounts, the UK’s National Cyber Security Centre (NCSC) has reported.
https://www.infosecurity-magazine.com/news/new-malware-targeting-email/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:21
Parisian Tour Agency ‘Come to Paris’ Allegedly Breached – Admin Access for Sale
A threat actor has allegedly put administrative access to the website of "Come to Paris" up for sale on a...
Qilin Ransomware Allegedly Breaches Thai Manufacturer Adiantes
The Qilin ransomware group has allegedly targeted Adiantes, a prominent Thailand-based manufacturer specializing in premium sustainable leather goods. Formerly known...
HIV Patient Data from RS Polri Kramat Jati Allegedly For Sale on Dark Web
A user on a dark web forum has allegedly posted a sensitive database belonging to the Indonesian National Police Hospital,...
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:17
Mobile Threat Landscape Report: Q2 2024
Executive Summary
The second quarter of this year followed many trends observed in our first quarter report, but also introduced some interesting new perspectives on the mobile threat landscape. We continued to see a massive increase in mobile phishing and malicious web content being delivered to mobile users, disclosed Houthi-developed mobile spyware, and saw a higher number of iOS-targeted root enablers than we have in the past.
https://www.lookout.com/threat-intelligence/report/q2-2024-mobile-landscape-threat-report
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:11
Cyberattack on CoinDCX Triggers $44M Loss, But No Impact on User Wallets
Indian cryptocurrency exchange CoinDCX has confirmed a cyberattack that resulted in a loss of approximately $44 million. The CoinDCX cyberattack, which occurred on July 19, 2025, targeted one of the platform’s internal operational accounts. CoinDCX co-founders have assured users that no customer’s funds were affected by the breach, and that trading operations remain uninterrupted.
https://thecyberexpress.com/coindcx-cyberattack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:07
Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks
Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers.
Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed “ToolShell.”
https://securityaffairs.com/180197/hacking/microsoft-issues-emergency-patches-for-sharepoint-zero-days-exploited-in-toolshell-attacks.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 17:03
Mastering Shellcode Obfuscation with Alphabetfuscation: A Red Team Essential
Introduction
Shellcode obfuscation is a critical technique in red team operations, enabling attackers to evade detection by converting malicious payloads into seemingly benign ASCII strings. Alphabetfuscation, a tool developed by Maldev-Academy, simplifies this process by transforming shellcode into alphanumeric representations, bypassing security filters. This article explores its functionality, practical applications, and defensive countermeasures.
https://undercodetesting.com/mastering-shellcode-obfuscation-with-alphabetfuscation-a-red-team-essential/
/channel/UndercodeCommunity/67292
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 16:46
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.
Aruba Instant On Access Points are compact, plug-and-play wireless (Wi-Fi) devices, designed primarily for small to medium-sized businesses, offering enterprise-grade features (guest networks, traffic segmentation) with cloud/mobile app management.
https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 16:36
800,000 users at risk after MAJOR hack at betting giants — IP addresses, email addresses, and online activity compromised
Paddy Power and Betfair users exposed to email scams after breach
A major data breach affecting up to 800,000 users of two popular online betting platforms has raised concerns about phishing risks and the role of artificial intelligence in exploiting exposed personal data.
The incident, confirmed by Flutter Entertainment, the parent company of Paddy Power and Betfair, compromised user IP addresses, email addresses, and online activity linked to individual gambling accounts.
https://www.techradar.com/pro/security/800-000-users-at-risk-after-hack-at-betting-giants-ip-addresses-email-addresses-and-online-activity-compromised
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:56
Boston clinic notifies 185,000+ people of data breach that compromised patients’ personal and medical info
DotHouse Health in Boston this week confirmed it notified 185,795 Massachusetts residents of an October 2022 data breach that compromised patients’ names, medical record numbers, diagnoses, conditions, medications, treatment info, claims info, dates of birth, and addresses.
https://www.comparitech.com/news/boston-clinic-notifies-185000-people-of-data-breach-that-compromised-patients-personal-and-medical-info/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:53
New Surge of Crypto-Jacking Hits Over 3,500 Websites
Cybersecurity experts at cside have discovered a clever campaign that infected over 3,500 websites with nefarious JavaScript miners, marking a startling return to crypto-jacking techniques reminiscent of the Coinhive heyday of 2017.
https://gbhackers.com/new-surge-of-crypto-jacking/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:48
New CrushFTP zero-day exploited in attacks to hijack servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
CrushFTP is an enterprise file transfer server used by organizations to securely share and manage files over FTP, SFTP, HTTP/S, and other protocols.
https://www.bleepingcomputer.com/news/security/new-crushftp-zero-day-exploited-in-attacks-to-hijack-servers/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:41
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations
Security researchers say they have caught a surveillance company in the Middle East exploiting a new attack capable of tricking phone operators into disclosing a cell subscriber’s location.
https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/
https://www.enea.com/insights/the-good-the-bad-and-the-encoding-an-ss7-bypass-attack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:35
Scanception Exposed: New QR Code Attack Campaign Exploits Unmonitored Mobile Access
Cyble’s Research and Intelligence Lab (CRIL) has analyzed a new quishing campaign that leverages QR codes embedded in PDF files to deliver malicious payloads. The campaign, dubbed Scanception, bypasses security controls, harvests user credentials, and evades detection by traditional systems.
Unlike conventional phishing attacks, which rely on malicious links within emails or attachments, Scanception leverages user curiosity by embedding QR codes within legitimate PDF documents. Victims are prompted to scan these codes using their mobile devices, a tactic that cleverly shifts the attack vector to endpoints that lie outside organizational visibility, such as personal smartphones.
https://thecyberexpress.com/scanception-qr-code-quishing-campaign/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:31
Authorities released free decryptor for Phobos and 8base ransomware
Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom.
Japanese authorities released a free decryptor for Phobos and 8Base ransomware, allowing victims to recover files without paying.
https://securityaffairs.com/180108/malware/authorities-released-free-decryptor-for-phobos-and-8base-ransomware.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:55
Using AI Chatbots to examine leaked data
Introduction
AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted).
This involves building an AI chatbot system based on large language models (LLMs) and should only be used for legitimate, ethical purposes (e.g. for internal automation, security support, or user interaction).
https://www.pentestpartners.com/security-blog/using-ai-chatbots-to-examine-leaked-data/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:23
Iranian APT Targets Android Users With New Variants of DCHSpy Spyware
Iranian APT MuddyWater has been using new versions of the DCHSpy Android surveillance tool since the beginning of the conflict with Israel.
Iran-linked APT MuddyWater has been deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict, mobile security firm Lookout reports.
https://www.securityweek.com/new-variants-of-dchspy-spyware-used-by-iranian-apt-to-target-android-users/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:19
Dell confirms breach of test lab platform by World Leaks extortion group
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom.
Dell acknowledged the incident to BleepingComputer, confirming that the threat actor had breached its Customer Solution Centers platform, which is used to demonstrate Dell products and solutions to customers.
https://www.bleepingcomputer.com/news/security/dell-confirms-breach-of-test-lab-platform-by-world-leaks-extortion-group/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:13
Alaska Airlines resumes operations after IT outage grounded flights
Alaska Airlines outage sees flights grounded
Alaska Airlines flights are back up and running after a mysterious IT outage grounded flights for several hours.
The outage resulted in all of the company's flights being grounded as well as affecting Horizon Air flights – a subsidiary of the Alaskan company.
https://www.techradar.com/pro/security/alaska-airlines-resumes-operations-after-it-outage-grounded-flights
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Jul 2025 15:09
Recall WiFi: free Windows tool reveals wireless passwords and gives security rating
When you use a Windows laptop, you have probably connected it to several wireless networks in the past. At home or work, at the coffee shop, airport, during a train commute, or elsewhere. This usually means signing in to wireless networks that often require passwords, and sometimes troubleshooting WiFi connection issues.
Recall WiFi is a free tool for Windows that reveals the wireless networks that you connected your device to in the past. It furthermore provides a rating of the security of each wireless network and may show the password used to connect to each as well.
https://www.ghacks.net/2025/07/21/recall-wifi-free-windows-tool-reveals-wireless-passwords-and-gives-security-rating/
https://software.mechanikadesign.com/software/recall-wifi/downloads
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 18:32
Have A Break, Take Your Headphone.
Share some video clip / Credit To SOFI TUKKER - Topic
Have A Nice Day From Admin
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 16:51
SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available
Enterprises running SharePoint servers should not wait for a fix for CVE-2025-53770 and should commence threat hunting to search for compromise immediately.
Microsoft issued an urgent warning on Saturday to SharePoint Server customers, saying active attacks are targeting a zero-day vulnerability in the software product, which has been assigned CVE-2025-53770 with a CVSS score of 9.8.
https://www.securityweek.com/sharepoint-under-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 16:40
Microsoft says it will no longer use engineers in China for Department of Defense work
Following a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen.
https://techcrunch.com/2025/07/19/microsoft-says-it-will-no-longer-use-engineers-in-china-for-department-of-defense-work/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Jul 2025 16:33
Radiology Associates of Richmond data breach impacts 1.4 million people
A data breach at Radiology Associates of Richmond has exposed the personal and health information of over 1.4 million individuals.
Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of over 1.4 million individuals.
https://securityaffairs.com/180128/data-breach/radiology-associates-of-richmond-data-breach-impacts-1-4-million-people.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:55
UK sanctions Russian cyber spies accused of facilitating murders
Editor's Note: Story updated 9:15 a.m. Eastern U.S. time with additional details and names of sanctioned individuals.
The British government sanctioned 18 Russian military intelligence officers on Friday, alleging their units were responsible for cyber reconnaissance operations including those leading to hundreds of murders through the targeting of civilians in Ukraine.
Three units of the GRU have been sanctioned, alongside officers whom the British authorities said were responsible for hacking the personal device of Yulia Skripal — the daughter of GRU defector Sergei Skripal — five years before Russia’s failed attempt to murder the pair in Salisbury using the Novichok nerve agent.
https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:50
Indonesian Paint Giant Indaco Allegedly Hit by Data Breach
Indaco, a prominent paint manufacturing company based in Indonesia, has allegedly become the victim of a significant data breach. A threat actor has claimed on a dark web forum to have exfiltrated and leaked sensitive documents belonging to the company, known for its “Green” branding. The perpetrator claims the leak contains confidential and important information from the company’s internal systems.
https://dailydarkweb.net/indonesian-paint-giant-indaco-allegedly-hit-by-data-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:45
YouTuber leaked iOS secrets via friend spying on dev's phone, Apple lawsuit claims
Jon Prosser and alleged accomplice accused of stealing trade secrets from development device
Apple has sued tech YouTuber Jon Prosser for allegedly leaking iOS 26 information to the public ahead of its reveal at WWDC in June.
Apple sued Prosser and another individual, Michael Ramacciotti, in Northern California District Court yesterday, accusing [PDF] them of misappropriating trade secrets and a violation of the Computer Fraud and Abuse Act for conspiring to break into a development iPhone in the possession of an Apple employee in order to take a video of iOS 26 (then called iOS 19) in action.
https://www.theregister.com/2025/07/18/apple_sues_youtuber_ios_leak/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:37
Your Mobile App, Their Playground: The Dark side of the Virtualization
Executive Summary
Zimperium zLabs has uncovered a sophisticated evolution of the GodFather banking malware that leverages an advanced on-device virtualization technique to hijack several legitimate applications, with a focus on mobile banking and cryptocurrency applications. This method marks a significant leap in mobile threat capabilities, moving beyond traditional overlays to a more deceptive and effective form of attack.
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Jul 2025 14:33
TapTrap: almost invisible attack without permissions targets Android devices
Google releases security updates for its Android operating system regularly, but it is not uncommon for novel vulnerabilities to affect even the most recent versions of Android. It seems unlikely that this is changing with the merging of ChromeOS and Android, which Google announced just recently.
Security researchers have demonstrated a new attack on Android. TapTrap is an animation-driven tapjacking attack on Android that requires no special permissions and is more or less invisible to the human eye.
https://www.ghacks.net/2025/07/18/taptrap-almost-invisible-attack-without-permissions-targets-android-devices/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 16:00
Snort
Snort is an Intrusion Prevention System (IPS). It uses a set of rules to detect suspicious network activity and alerts users when it finds a match.
Suricata
Suricata is a network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine.
UTMStack
UTMStack is a unified threat management platform that combines Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) technologies. It enables real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources to detect and stop threats.
Wazuh
Wazuh is a security platform for threat prevention, detection, and response. It supports a wide range of environments, including on-premises, virtualized, containerized, and cloud-based systems.
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:54
This is your sign to step away from the keyboard
Welcome to this week’s edition of the Threat Source newsletter.
Burnout is a real issue for people in cybersecurity. We protect the systems that allow modern life to function. Our hours are long, our sense of responsibility real and occasionally heavy. Everyone notices when we have a bad day and an attack evades our protections, but nobody notices our best days when complex threats are detected and neutralized. Our failures are very visible, while our successes are imperceptible to others. This, coupled with a professional propensity to always consider negative outcomes, is a recipe for poor mental health – not to mention that we most of our waking hours sitting in front of screens, engaging with machines.
https://blog.talosintelligence.com/this-is-your-sign-to-step-away-from-the-keyboard/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200