Main News

Typo

Best OSINT tools to investigate Typo squatting domains

Bangaly Koita 1 month ago
CTI feed

Top Free Threat Intelligence Feeds for SOC

Bangaly Koita 2 months ago
WordPress Search and Scanner-min

Best WordPress website scanner for free

Bangaly Koita 2 months ago
PHAAS

Phishing as a service platforms used by threat actors

Bangaly Koita 3 months ago
Fake Microsoft Teams

Fake Microsoft Teams website to deliver malware

Bangaly Koita 4 months ago

Editor’s Picks

Typo

Best OSINT tools to investigate Typo squatting domains

Bangaly Koita 1 month ago
CTI feed

Top Free Threat Intelligence Feeds for SOC

Bangaly Koita 2 months ago

Stories

Featured Posts

Typo

Best OSINT tools to investigate Typo squatting domains

Bangaly Koita 1 month ago
CTI feed

Top Free Threat Intelligence Feeds for SOC

Bangaly Koita 2 months ago
WordPress Search and Scanner-min

Best WordPress website scanner for free

Bangaly Koita 2 months ago
PHAAS

Phishing as a service platforms used by threat actors

Bangaly Koita 3 months ago
Fake Microsoft Teams

Fake Microsoft Teams website to deliver malware

Bangaly Koita 4 months ago

Archives

template

OpenSSL has patched two high severity vulnerabilities

Bangaly Koita 3 years ago

OpenSSL has released two high severity vulnerabilities within the open source OpenSSL library.

The both vulnerabilities CVE-2022-3602 and CVE-2022-3786 require a malicious X.509 certificate that has been signed by a valid certificate authority.

The first vulnerability CVE-2022-3602 - could cause a denial of service by allowing the bytes containing the character “.” (decimal 46) to be entered on the stack.

The second one CVE-2022-3786 - could cause a denial of service by allowing the attacker to craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the “.” character (decimal 46) on the stack.

Affected version: OpenSSL versions 3.0.0 to 3.0.6.

Mitigation: OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7.

protect

How to protect your data?

Bangaly Koita 3 years ago

 

The confidential data are any types of data if leaked could cause several damages to any company such as data lost, loss of reputation or a person.

Data are categorized in the following ways:

PII (Personal identifiable Information) – Consist of data such as Username and password, date of birthday, social security number, credit card number and others.

PHI (Personal Health Information) – Consist of data such as data related to human health (medical record).

Sensitive or confidential Information – Consist of data related managed by private institution, public institution, military institution or army or data that belong to a person such as personal data that could be used to blackmail someone (Pictures, message, voice call, video and others).

Financial Data - Consist of data managed by financial institution such as Banks, any institution storing financial information (Organization, Insurance companies and others)

The data are protected by regulations or standards based on the countries where the data reside such as the African Union’s Convention on Cyber Security and Personal Data Protection, GDRP, The Gramm-Leach-Bliley, HIPAA, PCI DSS and others.

 

Below, you can get some tips about how to protect your data:

Don't share confidential data sensitive data via public file transfer and storage.

Don’t put data such as password, key, source code on public GitHub or other code repositories.

Use 2FA.

Use encryption while sharing confidential data

Don't put any confidential data over social media

Don't upload file on virus total or others similar sources unless you are sure that it does not contain any confidential data

Use the hash to check the file reputation on VT

Monitor confidential data leaked on dark web or data leaked issue from source such as Havebeepwned

Monitor your key word on different social media

Perform a vulnerability assessment and patching

Perform a threat hunting to detect any threat that can be exploited

 

1

Les hackers sont entrain de voler le mot de passe des utilisateurs lors du process du 28 Septembre 2009 en Guinee

Bangaly Koita 3 years ago

Le monde braque sur le process du 28 Septembre 2009 en Guinee, les hackers le sont aussi.

Notre equipe a pu detecter des utilisateurs malvaillants sur des chaines Youtube   des televisions Guineenes  telles que  Djoma TV, Espace FM, FIM FM qui sont devenues des vecteurs dattaques pour les hackers.

Des liens ou domains malvaillants sont distribues sur ces chaines pour attirer lattention des utilisateurs en vue d’y cliquer .

Exemple 1

Sur la chaine Youtube de Djoma Media, des liens malvaillants partages aux utlisateurs pour voler leur mot de passe.

Sur la photo au dessus, le domain GIRLS18[.]XZY (NE PAS CLIQUER SUR LE LIEN) apres examination par notre equipe de  Cyber Threat Intelligence.

Les resultast suivants ont ete obtenus:

Le domain  a ete cree il ya 8 jours heberge sur GO DADDY.

Apres soumission du domain, VirusTotal na pas detecte le domain comme malvaillant.

Le meme domain sur URLSCAN.IO nous redirige vers un notre domain que nous pouvons apercevoir sur l’image .

Apres une analyse faite sur ce domain, nous avions obtenu plus d’information sur les techniques utilisees par les attaqueurs .

Nous pouvons voir maintenant que ce domain a ete classifie par des anti-virus comme Fortinet, Sophos et dautres  comme Phishing .

URLSCAN montre le meme resultat.

Le domain a ete classifie comme malvaillant.

 

Exemple 2 

Le second exemple  vient de la chaine Youtube de la chaine TV Espace FM.

Comme vous le voyez,  le lien  mavaillant girls69[.]xyz  (ne pas cliquer sur le lien) a ete partage (Jespere que les utilisateurs nont pas clique 😊).

 

Les meme techniques et meme indicators ont ete trouves.

Le domain a ete cree il ya 6 jours.

Virustotal  resultat  RAS

Notre grand ami URLSCAN nous revele que le domain est redirige vers le meme domain que le cas precedant.

Le Meme domain produit le meme resultat.

Nous voyons que les meme bandits causent les meme effets 😊.

A ce effet nous pouvons conclure que les auteurs ont pour objectif de voler les information personels des utilisateurs et sy possible aussi installer un fichier malvaillant pour dautres objectifs.

Soyez virgillants mes chers auditeurs.

 

Recommendations:

Ne jamais cliquer sur un lien que vous ne connaissez pas.

Verifiez le lien sur Virustotal comme on vous a montre dans nos exemples.

Utilisez 2FA sur vos comptes Youtube, Facebook, Instagram et autres.

Ne jamais utilizer les meme mots de passes sur different comptes.

Ne jamais partager vos information personnelles le mot de passe, email addresse, date de naissance publiquement.

 

Protect your brand

How to find different domains mimicking your brand?

Bangaly Koita 3 years ago

Nowadays, the threat actors are using different technics to steal users PII (personal identifiable information).

One of the easiest ways of doing that is to create a fake web page that looks like a well-known webpage such as Facebook, Twitter, YouTube, Instagram, LinkedIn, Netflix and others services (Banks, gaming platforms etc.)

Let’s give some example:

URLscan URL and website scanner - urlscan.io

Is a well-known URL and website scanner used by most of security professional

The examples below, will teach us about how to find the website mimicking our brands.

1 – Netflix brand mimicking by threat actors to steal users credentials

The first to do is to connect to type the domain “netflix.com”  - www.netflix.com - urlscan.io

Next, go to “HTPPtransaction”, click on the “image” button

Now, you need to expand the image view and  click on “Show image”

Once clicked, you will see the image

As we can see the image now, if you want to find other webpages with the same image, follow the next steps.

Click right on the “Hash” Of the image and “choose open on the new tab “

You will get the following page

Scroll down the page, you will find some domains different from the one we submitted which is the legitimate one

Open in the new tab the domain that are different from the legitimate one (Netflix.com)

Now as you can see, we found some domains malicious domains mimicking Netflix.com.

You can use the same technic for your brand or organization.

Recommendation

Check the URL or the domain before connecting to a domain

Use 2FA for your login

Use different password for different account

Use a platform like Virus Total to check the domain if you are not sure before connection

You may have missed

Typo

Best OSINT tools to investigate Typo squatting domains

Bangaly Koita 1 month ago
CTI feed

Top Free Threat Intelligence Feeds for SOC

Bangaly Koita 2 months ago
WordPress Search and Scanner-min

Best WordPress website scanner for free

Bangaly Koita 2 months ago
PHAAS

Phishing as a service platforms used by threat actors

Bangaly Koita 3 months ago
Fake Microsoft Teams

Fake Microsoft Teams website to deliver malware

Bangaly Koita 4 months ago