@GossiTheDog@cyberplace.social cover
@GossiTheDog@cyberplace.social avatar

GossiTheDog

@[email protected]

Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions.

I have Direct Messages disabled - you can send them, but I will never receive them.

This profile is from a federated server and may be incomplete. View on remote instance

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

Looks like Anne beat me to it - Ascension is ransomware, in Netflow I could see ‘em connecting to known ransomware infrastructure since a week ago. They had data exfil too.

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

There’s a continuing and growing pivot by ransomware on US healthcare.

I suspect it’s driven by various factors, including US healthcare have a very high payout rate, and they’ve focused on compliance based cybersecurity to meet regulations - which translates to setup to fail operationally to deal with ransomware.

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar
  1. Introduces law requiring voter ID

https://www.bbc.co.uk/news/uk-politics-68947834

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

Do I know any Wikipedia editors?

I have an actor that wants to change their picture and can supply a royalty free photo themselves. I can edit the page but I don’t know the process to make sure it is done properly.

They’re not trying to control the image btw, the current pic is just really old.

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

@molly0xfff cheers, worked well

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

Cryptobro who declared “code is law” has found out that the law is, in fact, the law. https://www.web3isgoinggreat.com/?id=avi-eisenberg-convicted

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

Pretty funny - Nintendo Network shut down today finally and Wii U and 3DS device support ended.

Pretendo, an effort to keep devices online via homebrew, kept quiet an SSL bug which enables them to spoof being Nintendo Network via just a DNS server change 🤣🫡
https://mastodon.pretendo.network/@pretendo/112238381209517548

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

Congressman who pushed for TikTok ban citing China surveillance joins American surveillance company.. if I were a TV producer I’d send this script back for being too on the nose.

https://www.rollingstone.com/politics/politics-news/mike-gallagher-tiktok-ban-palantir-1234993167/

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

A key part of Mastodon is no longer free open source due to a licensing change by Redis. (Not just Mastodon obvs).

GossiTheDog , to random
@GossiTheDog@cyberplace.social avatar

🚨 patch your Cisco AnyConnect boxes 🚨

For a 2020 vulnerability. Really.

Lots of ransomware cases coming in for Cisco AnyConnect/ASA recently and finally we know how - CVE-2020-3259

It was a vuln which allowed a CitrixBleed style memory dump, found by a Russian research org now under US sanctions. Ransomware operators have an exploit.

Sadly it looks like many orgs never patched.

https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

Since the exploit isn’t public, I think vuln management vendors probably need to find a way to fingerprint devices (over HTTPS) to see if they’ve been patched recently.

Great work by TrueSec again.

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

Update. CISA have added CVE-2020-3259 to KEV and linked it to ransomware groups. HT @simontsui

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

I have obtained the exploit for Cisco AnyConnect vulnerability CVE-2020-3259 that Akira ransomware group are exploiting.

Would an nmap module for unauthenticated checking be useful?

GossiTheDog OP ,
@GossiTheDog@cyberplace.social avatar

In light of recent events, probably best to make this ASA vuln public in public interest: https://github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh

If you get <argument> back with toke inside, not vuln. If you get a memory dump back, you vuln. The dump is pretty bad as it contains a bunch of stuff.

The path exists even with webvpn disabled, it's the host checker.

Credits to person who found it, don't know if they want to be named.

Akira and others have been living off this for a while.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • tech
  • kbinEarth
  • testing
  • interstellar
  • wanderlust
  • All magazines
    •