Capita have finally admitted a data breach, but still do not think they need to disclose key details of the incident to customers, regulators, impacted parties and investors. So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta…

There’s an interesting piece in The Times today, where the CEO of Capita declares Capita’s response to the hack “will go down as a case history for how to deal with a sophisticated cyberattack”. That’s a bold statement, so let us explore it. While that may be true on a…

Yesterday Microsoft dropped a patch for a vulnerability found by @hexnomad@infosec.exchange. It’s a great vuln, in theory allowing code execution over ICMP. It also sounds really scary, as it’s a high CVSS score in Windows OS on a commonly used protocol. I’ve had a quick reverse engineer of the patch…

Those who have known me for a long time will know I’ve been banging on about ransomware for years. On here, on Twitter, in person. Here, I documented things like the emergence of Locky 7 years ago, one of the first big single endpoint ransomware incidents. I worked with the…

Back in February 2022, Mykhailo Fedorov — Ukraine’s Deputy Prime Minister — launched the IT Army of Ukraine: The army, which has grown to 300,000 people at peak, has been fighting a digital war with the Russian government and private enterprise. It has been incredibly successful — I have…

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security breach on their Hosted Exchange service. Rackspace have now confirmed this is a ransomware incident. Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server: Updated followed through the day, but…

Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero day: Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | Blog | GTSC — Cung cấp các dịch vụ bảo mật toàn diện (gteltsc.vn) …

Two days ago, on May 27th 2022, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus. This turned out to be a zero day vulnerability in Office and/or Windows. This caught my attention, as Defender for Endpoint missed execution: The…

Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group. You can read more in PwC’s great, yearly threat intelligence brief, here. PwC plan to present their findings in June: BPFDoor is interesting…