From kitploit.com
This project’s goal is to be simple to create and destroy your own VPN service using WireGuard.
Prerequisites
How to Deploy
Terraform
Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start a process.
Select your cloud provider AWS, DigitalOcean and open the directory
You can change the region or key name in the variable.tf
From therecord.media
A spammer has flooded the forum of the Babuk ransomware group with gay orgy porn GIFs after the Babuk gang failed to pay a $5,000 ransom demand the threat actor made on Friday.
While initially, the Babuk gang derided the extortion attempt and deleted the spammer’s initial post, hundreds of forum topics have been created today on the forum.
User profiles registered by The Record have disappeared twice today, suggesting the Babuk gang has wiped its forum clean at least on two occasions as a result of the spam waves that have flooded the site over the weekend.
From ehackingnews.com
As part of further “refinements in its tactics,” a malware notorious for targeting the macOS operating system has been updated to add more elements to its toolset that allow it to accumulate and exfiltrate sensitive data saved in a range of programmes, including apps like Google Chrome and Telegram. This macOS malware can collect login credentials from a variety of apps, allowing its operators to steal accounts.
XCSSET was discovered in August 2020, when it was found to be targeting Mac developers using an unusual method of propagation that entailed injecting a malicious payload into Xcode IDE projects, which is executed when the project files are built in Xcode. XCSSET collects files containing sensitive information from infected computers and delivers them to the command and control (C2) server.
From blog.malwarebytes.com
In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. The threat actor used this entry point to get into a Domain Controller and then leveraged it as a springboard to deploy ransomware.
While examining the ransomware payload, we noticed it was a new variant which we had not heard of before. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims.
This type of ransomware attack is unfortunately all too common these days and has wreaked havoc across many industries. With the disappearance of the infamous REvil, it is possible new threat actors are actively looking to fill the void.
From threatpost.com
Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with Discord are at risk.
Discord creates servers or specific groups or communities of users who can send voice, text and other media messages between one another quickly.
Researchers say there has been a massive uptick in the number of found Discord malware detections compared to last year. In a report released by Sophos, it claims incidents have jumped 140 times compared to 2020. The primary culprit in the Discord jump is its content delivery network (CDN) and application programming interface (API) – both tools cybercriminals have been abusing.
Discord’s CDN is being abused to host malware, while its API is being leveraged to exfiltrate stolen data and facilitate hacker command-and-control channels, Sophos added.
From securityonline.info
A PowerShell script to collect memory and (triage) disk forensics for incident response investigations.
The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection.
Permission requirements for the said directory will be dependent on the nuances of the environment and what credentials are used for the script execution (interactive vs. automation)
In the demonstration code, a network location of \Synology\Collections can be seen. This should be changed to reflect the specifics of your environment.
Collections folder needs to include:
From ehackingnews.com
Saudi Arabia’s state oil firm admitted on Wednesday that data from the corporation was leaked and that the files are now being used in a cyber-extortion effort including a USD 50 million ransom demand. The data was presumably leaked by one of the company’s contractors. Saudi Aramco, the Saudi Arabian Oil Co., notified The Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”
Saudi Aramco is a public Saudi Arabian oil and gas enterprise headquartered in Dhahran. It is expected to be one of the world’s most profitable corporations as of 2020. Saudi Aramco has the world’s second-biggest proven crude oil reserves, with about 270 billion barrels (43 billion cubic metres), as well as the world’s greatest daily oil production.