Sergiu Gatlan
@serghei
Followers
8,239
Following
1,786
Media
813
Statuses
7,041
Cybersecurity/tech reporter @BleepinComputer Signal: serghei.33
Joined April 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Olympics
• 3740212 Tweets
Venezuela
• 1150705 Tweets
Jesus
• 779765 Tweets
Bitcoin
• 505507 Tweets
Christianity
• 494139 Tweets
Islam
• 426616 Tweets
Last Supper
• 378806 Tweets
Hezbollah
• 337330 Tweets
Majdal Shams
• 154351 Tweets
Chelsea
• 148706 Tweets
The Villages
• 123370 Tweets
Sanchez
• 115327 Tweets
Druze
• 95337 Tweets
لبنان
• 91530 Tweets
Greece
• 87689 Tweets
Lebanon
• 84417 Tweets
C Spire
• 58070 Tweets
Jazz
• 51486 Tweets
YO SIGO A DENISSE PORQUE
• 43790 Tweets
Alcaraz
• 42346 Tweets
Demichelis
• 40420 Tweets
Gallardo
• 36344 Tweets
Fofana
• 33941 Tweets
#アイドルへモーニングコール
• 30702 Tweets
De Armas
• 30184 Tweets
Gary Gensler
• 27919 Tweets
Maresca
• 27222 Tweets
Giannis
• 18482 Tweets
Babi
• 17875 Tweets
Shai
• 14927 Tweets
#ボクらの時代
• 13431 Tweets
Dionysus
• 12793 Tweets
Sterling
• 10987 Tweets
ブライアン
• 10557 Tweets
LAPSUS$ just asked NVIDIA to "COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS and Linux" until Friday.
More info on what happened before this:
26
284
762
1. Juniper installs NSA backdoor in NetScreen devices in 2008
2. Chinese-backed hacking group APT5 hijacks NSA's backdoor in 2012 & drops a separate backdoor in 2014
3. Juniper fails to understand the significance of the 2012 and 2014 breaches
1
79
197
Mandiant says it's looking into Lockbit ransomware gang's claims:
“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops.”
5
44
155
Cisco says it won’t fix a zero-day vulnerability in end-of-life VPN routers allowing unauthenticated, remote attackers to execute commands with root-level privileges.
Affected models: Cisco Small Business RV110W, RV130, RV130W, and RV215W routers.
3
66
135
Everyone: Signs in every day to watch Elon slowly running Twitter into the ground.
Elon:
6
12
108
Replace "legacy server" with "test database" and it's perfect👌
2
32
89
Sandworm rn 🤡🤡🤡
0
26
83
The FIN7 hacking group has created an automated system called "Checkmarks" to breach corporate networks by exploiting unpatched Microsoft Exchange servers.
The attack platform has already been used to breach over 8,000 companies, primarily in the U.S.
1
18
68
Meanwhile, SiegedSec: "meow meow meow meow meow meow meow"
3
16
58
Microsoft has fixed a zero-day vulnerability exploited to bypass the Windows SmartScreen security feature to deliver Magniber ransomware and Qbot malware.
0
18
54
Mystery solved, Microsoft is tracking:
- HermeticWiper AND HermeticWizard as Foxblade
- HermeticRansom as SonicVote
- IsaacWiper as Lasainraw
4
20
52
Babuk rebranding as a data breach site? New name seems to be Payload.bin.
Looks like they're switching to data-theft extortion as they said last month.
More here:
1
17
44
Toyota says the customer data of more than 296,000 customers may have been exposed after an access key was accidentally published on GitHub five years ago.
2
14
39
It's ALWAYS DNS.
Our investigation of this connection issue is still ongoing at this time. We’ll be back with another update and apologize for this disruption. Thank you for your continued patience.
30
15
56
5
11
36
This is why security keys are 🔥
🔑How does a FIDO security key limit the hacks we're seeing in the news now?🔑
Beyond fun to work with
@Yubico
& partner with
@Twitter
to answer that question + demo how social engineering is used to steal passwords & siphon out MFA codes to gain admin access with
@EvanTobac
.
39
233
764
2
5
37
@wdormann
Not surprising. Guess who else was advising customers to exclude their products from antivirus scanning "to prevent possible application related issues, unexpected behaviour and performance related problems"?
This is nuts. Solarwinds had a support page (now removed) advising users to DISABLE antivirus scanning for Orion products' folders.
30
215
665
2
6
37
Internet outage in British Columbia because of *checks notes* "beaver incident"
ℹ️ Confirmed: Network data corroborate reports of a disruption to internet access in parts of British Columbia,
#Canada
, 7 June.
The incident is attributed to the activity of a single beaver, which gnawed through a tree that then fell on fiber cabling 🦫
96
955
3K
1
8
31
15th ransomware operation that targets VMware ESXi servers according to
@BushidoToken
's count (confirmed by media or vendors)
0
11
27
Mandiant found evidence of coordination between Russia's foreign military intelligence agency GRU and pro-Russian online activists and hacktivist groups (XakNet Team, Infoccentr, and CyberArmyofRussia_Reborn)
2
7
28
Windows zero-day (CVE-2020-0986) actively exploited in May got a bad patch in June.
Now it got a new CVE (CVE-2020-17008) and it's still exploitable (public exploit code available).
Microsoft says that a patch will be released after January 6, 2021.
0
20
26
State hackers linked to China have breached over a dozen orgs across critical infra sectors worldwide using a custom Zoho ServiceDesk Plus exploit.
Globally, 62% of all 4,700 Internet-exposed ServiceDesk Plus servers are still vulnerable.
1
6
24
New Microsoft Exchange zero-days can be exploited in remote code execution and data theft attacks by authenticated attackers.
Trend Micro's Zero Day Initiative (ZDI) disclosed them yesterday after reporting them to Microsoft in early September.
0
10
24
REvil: "Since it no longer makes sense to avoid working in the United States, all restrictions have been lifted." 👀
@Bing_Chris
Revil responds to the U.S. Department of Justice giving ransomware similar priority as terrorism, at
6
18
33
1
11
23
Cybersecurity firm GTSC says threat actors are actively exploiting what looks like a pair of Microsoft Exchange zero-days to deploy web shells via remote code execution.
GTSC says the bugs were validated by ZDI and reported to Microsoft three weeks ago.
1
9
23
Hostmaster, Ukraine's CCTLD admin, now uses European cloud DNS for Ukrainian government domains.
Also added Cloudflare DNS firewall protection for and domains.
1
3
23
BREAKING: Apple has filed an appeal in its lawsuit against Corellium.
Unexpected development after the two parties had reached a settlement.
10
94
288
0
6
22
Telegram CEO Pavel Durov:
"Some people wondered if Telegram is somehow less secure for Ukrainians, because I once lived in Russia. Let me tell these people how my career in Russia ended."
3
7
22
Equinix data center giant says that data stolen by Netwalker ransomware in September won't be leaked.
Equinix said that customers' operations and data were not impacted.
Ransom was set to $4.5M for a decryptor & to prevent the release of stolen data.
0
12
20
LastPass "credential stuffing" related.
Relevant tweet from Bob:
At the same time thousands of LastPass login pairs were found in the recent Redline Stealer malware logs I reported earlier... Coincidence?
7
64
248
2
11
19
Twitch goes open source.
0
2
19
Twilio says some of its customers' data was accessed by attackers who breached its internal systems after stealing employee credentials in an SMS phishing attack.
3
8
19
@CisoDiagonal
They're most likely trolling at this point because they know NVIDIA will not cave in and pay them.
They added this a couple of hours ago:
1
1
19
FAA outage reportedly caused by software maintenance mistake.
"An engineer 'replaced one file with another,' the official said, not realizing the mistake was being made."
5
12
20
Proof-of-concept local privilege escalation exploit for CVE-2020-0796 from
@SophosLabs
As a MAPP member we were restricted from sharing what we knew about the bug until Microsoft released its update this morning for CVE-2020-0796. Our Offensive Research team did manage to develop a proof-of-concept exploit for one way to exploit the bug
1
13
18
0
10
19
Stealing keys from crash dumps = dumpster diving attacks? 🤔
Microsoft says Storm-0558 Chinese hackers stole a signing key from a Windows crash dump after breaching a Microsoft engineer's corporate account -
@serghei
13
221
451
1
2
19
"Andrey Shumeyko, also known as YRH04E and JVHResearch online, decided to share his story because he felt that Apple took advantage of him and should have compensated him for providing the company this information."👀
1
13
16
A Romanian, suspected of involvement in the DDoS attacks targeting some Romanian government sites over the last several days, was arrested by the British police, at the request of the Romanian authorities.
1
8
18
UnitedHealth Group spokesperson:
"We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds."
2
15
18
Hacker hijacks Orange Spain RIPE account to cause BGP havoc
=> No MFA and 'ripeadmin' as the account's password...🤦♂️
1
7
17
Soon: Microsoft 365 Defender => Microsoft Defender for 365
1
4
17
Over 71,000 NVIDIA employees had their credentials stolen during last month's data breach.
0
2
16
Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution.
The security flaw (tracked as CVE-2022-3236) is "being used to target a small set of specific organizations, primarily in the South Asia region."
0
7
14
New
#malware
campaign hunting down
#MikroTik
routers to set them up for a new
#cryptojacking
career using
#CoinHive
0
13
15
@poppy_haze
"The Belgian Air Force had 60 active F-16 aircraft remaining, including 48 on duty for NATO.” Luckily, not all of them in the same place.
0
0
14
A ransomware group has apologized to Arab royal families after leaking their data.
"We found that our sample data was not properly reviewed before being uploaded to the blog"
12
104
305
0
4
14
The St. Stephen’s Cathedral in Vienna, Austria, got hacked and the attackers promptly started ringing the bells at 2 AM, in the middle of the night, for roughly 20 minutes.
The cathedral's bells are now only accessible via VPN.
0
10
14
These attacks can lead to ransomware deployment on the victim's network within 48 hours after the initial breach..
New blog post: Our continued investigation into BazaCall campaigns, which use fraudulent call centers that trick users into downloading the BazaLoader malware, shows this threat is more dangerous than what’s been discussed publicly. Here’s what we found:
1
96
174
1
9
14
In response to questions as to why they are rolling back this Office macro change, a spokesperson told us Microsoft “doesn’t have anything more to share.”
2
3
14
Twitter confirms a now-patched zero-day bug was used to link personal data (email addresses or phone numbers) to more than 5.4 million accounts.
1
8
13
Thread on a financially motivated threat actor tracked by Mandiant as FIN13.
"FIN13 had a median dwell time of 913 days or 2.5 years. Median dwell time for ransomware investigations is measured in days, whereas FIN13's is measured in years."
Report here:
0
3
13
Stadia is the 274th product killed by Google so far, according to
0
8
13
@threatresearch
@SophosXOps
Movie material if you ask me. And the white paper is also a must-read!
0
5
13
"Any Windows machine where port 445 is exposed and the RPC runtime library is not patched is vulnerable. According to Shodan, 𝐦𝐨𝐫𝐞 𝐭𝐡𝐚𝐧 𝟕𝟎𝟎𝐤 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐦𝐚𝐜𝐡𝐢𝐧𝐞𝐬 expose this port to the internet."
Everyone's talking about the 9.8 RCE bug in Windows RPC runtime (CVE-2022-26809).
@nachoskrnl
bin-diffed rpcrt4.dll and located the integer overflow that was patched. Read about it here -
Patch now, and ffs don't expose TCP 445 to the internet.
7
317
773
0
7
12
Microsoft shared mitigations for the new PetitPotam NTLM relay attack allowing take over of DC and other Windows servers.
1. Disable NTLM where not needed (e.g. Domain Controllers)
2. Enable Extended Protection for Authentication to protect credentials.
1
5
11
Nice move: kill Stadia and then launch a cloud-gaming Chromebook line🤪
1
4
12
Open-source package repositories, including NPM, PyPi, and NuGet, have been flooded by a massive wave of 144,294 malicious packages.
These packages were linked to an automated phishing operation using 90 domains that hosted over 65,000 phishing pages.
0
4
11
Ransomware gang coughs up decryptor after realizing they hit the police
4
71
141
1
3
11
DHS issues new National Terrorism Advisory System (NTAS) Bulletin
1
7
11
Meta takes down a large Russian disinformation network of 60 websites "impersonating legitimate websites of news organizations in Europe, including Spiegel, The Guardian and Bild."
2
10
11
So, you installed today's PrintNightmare patch?
Looks like Microsoft still has to address
@gentilkiwi
's malicious printer driver LPE?🤔
Standard user to SYSTEM:
More info at
0
2
10
An estimated 1 million WordPress websites have been compromised in a series of attacks starting in 2017 and exploiting "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor dubbed "Balad Injector"
0
5
11
F5 urges customers to patch BIG-IP&BIG-IQ systems against:
- CVE-2021-22986 iControl REST unauthenticated RCE
- CVE-2021-22987 Appliance Mode TMUI authenticated RCE
- CVE-2021-22991 TMM buffer-overflow
- CVE-2021-22992 Advanced WAF/ASM buffer-overflow
0
12
10
The guy who pushed for backing up the backups deserves a raise (at least).
Google Cloud accidentally deleted a company's entire cloud environment (Unisuper, an investment company, which manages $80B). The company had backups in another region, but GCP deleted those too. Luckily, they had yet more backups on another provider.
535
4K
19K
0
0
10
@zhuhaiyang55
@privacyis1st
@theJoshMeister
@BleepinComputer
@patrickwardle
@thomasareed
@_inside
@TheHackersNews
@Malwarebytes
Why would the domain use a SSL certificate issued to Trend Micro Inc. though? 🤔 I think that's a pretty obvious connection ...
4
3
10
If you're in Palermo and nothing works, this is why.
0
6
10
Rackspace says that attackers accessed email data belonging to 27 customers in last month's ransomware incident.
The affected Hosted Exchange environment will be discontinued, with plans to migrate all customers to Microsoft 365 already in place.
0
8
10
Another zero-day RCE in the Universal Plug-and-Play (UPnP) service affecting the same models was also left unpatched last year.
According to Cisco, the last day these RV series routers were available to order was December 2, 2019.
2
2
10
😬In combination with a Visa card, “this feature can be leveraged to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone, using a Visa card, to any EMV reader, for any amount, without user authorisation.”
0
7
9
QNAP published a new DeadBolt ransomware advisory.
Asks customers to reach out for assistance if they cannot restore their files using DeadBolt decryptors.
2
4
10
U.S. Army using mIRC for tactical "chat" ? 👀
"Each crew had a checklist, point-by-point steps everyone had to follow. They messaged each other on mIRC chat to confirm all people were accounted for and each step completed."
BTW
0
4
9
One more T-Mobile hack to add to the list of breaches😬
1/ Exclusive: Leaked private chats from the LAPSUS$ group show they hacked T-Mobile multiple times last month, stealing large volumes of source code. T-Mobile says no customer or government data was taken.
26
351
757
2
11
9
The Guardian says parts of its tech infrastructure were hit in an "IT incident," believed to be a ransomware attack.
While staff has been told to work from home and some behind-the-scenes services have been disrupted, online publishing has largely been unaffected.
Guardian hit by serious IT incident believed to be ransomware attack
12
56
62
0
4
9
Microsoft confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that allowed attackers to target servers and takeover Windows domains in NTLM relay attacks.
0
3
9
GitHub notified customers today of a bug patched in March allowing GitHub Apps to generate scoped installation tokens with elevated permissions.
Spokesperson says there is no "evidence to suggest that GitHub or customer data was impacted."
More info:
0
5
9
The FBI says the Conti ransomware gang has attempted to breach the networks of at least 16 U.S. healthcare and first responder organizations within the last year.
In all, Conti hit 400 orgs worldwide, over 290 of them located in the U.S.
0
4
9
Report on Evil Corp now deploying LockBit ransomware in attacks to evade U.S. govt sanctions:
0
4
9
DuckDuckGo is rolling out an email privacy service that strips incoming messages of trackers and forwards them to your normal inbox.
0
7
9
All elite hackers use Bing. Don't @ me.
New documents for the Okta breach: I have obtained copies of the Mandiant report detailing the embarrassing Sitel/SYKES breach timeline and the methodology of the LAPSUS$ group. 1/N
75
946
3K
0
1
9
A new APT group tracked by Kaspersky as ToddyCat has been targeting Microsoft Exchange servers on government and military networks throughout Asia and Europe for more than a year.
0
4
9
@wdormann
@GossiTheDog
I'm 99,99% sure there's a display somewhere in Microsoft's HQ with your tweets slowly scrolling away.
Sort of a pew pew map for Microsoft devs 😄
0
0
9
Ratio go brrr!
Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.
We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.
5K
335
1K
0
1
8