Login
Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their⦠Read more on Cisco Blogs
Hello, guys! I've published the tool I use to bypass HTTP 403 error pages and access the juicy information behind π. It is written in Golang, it's very fast, and it incorporates many techniques from book.hacktricks. If someone wants to collaborate or just leave feedback, here's the repo.
The @BSidesSATX CFP is open at BSidesSATX.com June 8th at St. Maryβs in San Antonio
Don't worry this isn't some sort of stealer that I grabbed from GitHub, nope it's actually my very own framework, it's open source, easy to understand, easy for beginners to learn from the code, easy to run and over all just great at everything one does for recon! Dont worry I'll be updating it continuously fore the framework is on its first little legs but I'll be releasing SubSeekerPro V.2 soon!
Stay tuned and as always, keep grinding my dudes βπ»β¨
How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious will make it all go away. It's the ease of debunking the "no breach here" claim that I find particularly fascinating; the truth is always sitting there in the data and it doesn't take much to bring it to the surface. Ah well, as I always end up lamenting, with behaviour like this it's a good time to be in the industry π€·ββοΈ
Core Infrastructure and Threat Hunting. 2
Cisco Secure Access Enables ZTNA for SOC⦠Read more on Cisco Blogs
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton Countyβs listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gangβs servers were seized this month by U.S. and U.K. law enforcement.
The LockBit website included a countdown timer until the promised release of data stolen from Fulton County, Ga. LockBit would later move this deadline up to Feb. 29, 2024.
LockBit listed Fulton County as a victim on Feb. 13, saying that unless it was paid a ransom the group would publish files stolen in a breach at the county last month. That attack disrupted county phones, Internet access and even their court system. LockBit leaked a small number of the countyβs files as a teaser, which appeared to include sensitive and sealed court records in current and past criminal trials.
On Feb. 16, Fulton Countyβs entry β along with a countdown timer until the data would be published β was removed from the LockBit website without explanation. The leader of LockBit told KrebsOnSecurity this was because Fulton County officials had engaged in last-minute negotiations with the group.
But on Feb. 19, investigators with the FBI and the U.K.βs National Crime Agency (NCA) took over LockBitβs online infrastructure, replacing the groupβs homepage with a seizure notice and links to LockBit ransomware decryption tools.
In a press briefing on Feb. 20, Fulton County Commission Chairman Robb Pitts told reporters the county did not pay a ransom demand, noting that the board βcould not in good conscience use Fulton County taxpayer funds to make a payment.β
Three days later, LockBit reemerged with new domains on the dark web, and with Fulton County listed among a half-dozen other victims whose data was about to be leaked if they refused to pay. As it does with all victims, LockBit assigned Fulton County a countdown timer, saying officials had until late in the evening on March 1 until their data was published.
LockBit revised its deadline for Fulton County to Feb. 29.
LockBit soon moved up the deadline to the morning of Feb. 29. As Fulton Countyβs LockBit timer was counting down to zero this morning, its listing disappeared from LockBitβs site. LockBitβs leader and spokesperson, who goes by the handle βLockBitSupp,β told KrebsOnSecurity today that Fulton Countyβs data disappeared from their site because county officials paid a ransom.
βFulton paid,β LockBitSupp said. When asked for evidence of payment, LockBitSupp claimed. βThe proof is that we deleted their data and did not publish it.β
But at a press conference today, Fulton County Chairman Robb Pitts said the county does not know why its data was removed from LockBitβs site.
βAs I stand here at 4:08 p.m., we are not aware of any data being released today so far,β Pitts said. βThat does not mean the threat is over. They could release whatever data they have at any time. We have no control over that. We have not paid any ransom. Nor has any ransom been paid on our behalf.β
Brett Callow, a threat analyst with the security firm Emsisoft, said LockBit likely lost all of the victim data it stole before the FBI/NCA seizure, and that it has been trying madly since then to save face within the cybercrime community.
βI think it was a case of them trying to convince their affiliates that they were still in good shape,β Callow said of LockBitβs recent activities. βI strongly suspect this will be the end of the LockBit brand.β
Others have come to a similar conclusion. The security firm RedSense posted an analysis to Twitter/X that after the takedown, LockBit published several βnewβ victim profiles for companies that it had listed weeks earlier on its victim shaming site. Those victim firms β a healthcare provider and major securities lending platform β also were unceremoniously removed from LockBitβs new shaming website, despite LockBit claiming their data would be leaked.
βWe are 99% sure the rest of their βnew victimsβ are also fake claims (old data for new breaches),β RedSense posted. βSo the best thing for them to do would be to delete all other entries from their blog and stop defrauding honest people.β
Callow said there certainly have been plenty of cases in the past where ransomware gangs exaggerated their plunder from a victim organization. But this time feels different, he said.
βIt is a bit unusual,β Callow said. βThis is about trying to still affiliatesβ nerves, and saying, βAll is well, we werenβt as badly compromised as law enforcement suggested.β But I think youβd have to be a fool to work with an organization that has been so thoroughly hacked as LockBit has.β
FreshRSS 