Enterprises are on high alert as Lapsus$ group seems to have hacked Okta. The group posted screenshots on their Telegram channel showing admin access to a variety of tools. According to the same channel, the group focused on Okta’s customers. Okta confirmed a cybersecurity incident which happened in January. Apparently 2.5% of their customers might be affected. Today the group leaked domain hashes for LGE.com. And 37GB of Bing & Cortana source code belonging to Microsoft. Other recent victims of the hacker group are: Nvidia, Samsung, Vodafone & Ubisoft. More
CISA released a list of recommendation to protect against potential cyberattacks. More
Another Conti ransomware source code leak. Code last updated in January 2021 and it compiles easily. Other hacker groups will probably adopt it similar to previous leaks. More
An older phishing technique is getting popular. It’s called “Browser in the Browser” and it’s basically a pop-up the spoofs a browser window. Templates are free to download and can be incorporated in your red-teaming campaigns. More
Time to update your printer. HP published an advisory about a Buffer Overflow vulnerability in some of their printers. Attackers exploiting this obtain Remote Code Execution. More
Several improvements were made to modernize Linux’s Random Number Generator. More
A tutorial on escalating privileges to Domain Admin using Unconstrained Delegation. More
Are NFTs really non-fungible? Per ERC-721 they usually aren’t. Read about NFT security. More
US charges Russian hackers over industrial attacks in the energy sector. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.