Rami McCarthy
Rami McCarthy
https://www.linkedin.com/posts/the-dfir-report_insight-from-an-unusual-script-in-dagon-activity-7130185501621325826-zJfB/?trk=public_profile_like_view
https://www.sumologic.com/security-response-center/ > On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account....
https://www.timehop.com/security/technical + https://www.timehop.com/security AWS not mentioned - but likely implicated via OSINT on stack of company
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/ https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/e3f79r9/ https://oag.ca.gov/system/files/Reddit%20breach%20notice%20%28email%29_0.pdf Known: * we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting...
https://coffeemeetsbagel.zendesk.com/hc/en-us/articles/20204630281491-CMB-August-23-Outage-FAQ > We determined that the outage was the result of an outside actor who maliciously deleted company data and files.
https://oag.ca.gov/system/files/EpiSource%20Notice%20Letter%20%285.27.23%29.pdf
https://www.databreaches.net/ask-fm-user-database-with-350m-user-records-has-shown-up-for-sale/
## Summary (give a brief description of the issue) [ZDI-24-208](https://www.zerodayinitiative.com/advisories/ZDI-24-208/) (9.8) Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability [ZDI-23-1588](https://www.zerodayinitiative.com/advisories/ZDI-23-1588/) (8.8) Microsoft Azure US...