How to check iOS devices for signs of CVE-2021-30860 / FORCEDENTRY exploitation (for context, see @citizenlab's 13.09.2021 blog). #nso#pegasus#malware#ios
Make an unencrypted iTunes backup, or use MVT (docs.mvt.re/en/latest/inde…) to decrypt an encrypted one. You can also check older backups, if you have them. (it's a good idea to make regular iTunes backups for all your devices, precisely for this reason)
Feb 16, 2021 • 9 tweets • 2 min read
1/9 The French National Cybersecurity Agency @ANSSI_FR released a report on Hades / Sandworm infecting Centreon servers with a PHP backdoor, followed by deploying the Exaramel Linux backdoor. Some notes:
2/9 Centreon is an IT monitoring software, created by a French company with the same name. Some customers include Accor Hotels, AirFrance / KLM, Airbus, Euronews, Orange and various French gov agencies. No indication any of these were breached.
Dec 21, 2020 • 8 tweets • 3 min read
Cracking the Sunburst / Solorigate "do not infect" domain hashes, a thread 👉
In their comprehensive analysis of Sunburst / Solorigate, Microsoft highlights an interesting fact: that certain domains are excepted from further infection. microsoft.com/security/blog/…
Jan 10, 2019 • 10 tweets • 4 min read
Today, Singapore gov published a large, thorough, 450+ pages analysis report on the Health Services Private Ltd hack. Here's a summary analysis highlighting the most interesting findings. Full report is available at: mci.gov.sg/coireport
The attackers breached Singapore Health Services through a vulnerability in Outlook. Although a patch was available, the systems were not updated. As a side note, it is quite rare that we see attackers exploiting vulnerabilities in Outlook.
