Pawb.Social Reports @transparency

SecuritySnacksDomainTools Investigations (DTI) shares its latest analysis: “Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict.” The infrastructure comprises a small number of mail servers, each supporting a set of domains designed to spoof that of a specific organization. These domains currently host webmail login pages likely intended to harvest credentials from targeted entities.🔹The phishing infrastructure targets defense and aerospace entities linked to the Ukraine conflict. 🔹Infrastructure comprises a small number of mail servers supporting domains designed to spoof specific organizations. 🔹Likely intended to harvest credentials from targeted entities. 🔹Motivated by cyber espionage, focusing on intelligence related to the Ukraine/Russia conflict.Stay informed and help us combat these threats - read the full article and join the discussion. <a href="https://dti.domaintools.com/phishing-campaign-targets-defense-and-aerospace-firms-linked-to-ukraine-conflict/?utm_source=Mastodon&utm_medium=Social&utm_campaign=PhishingInfra-UAConflict" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dti.domaintools.com/phishing-campaign-targets-defense-and-aerospace-firms-linked-to-ukraine-conflict/?utm_source=Mastodon&utm_medium=Social&utm_campaign=PhishingInfra-UAConflict</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberEspionage</a>

CTI.FYI🚨New ransom group blog post!🚨Group name: ransomhub Post title: cisd.org Info: <a href="https://cti.fyi/groups/ransomhub.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/ransomhub.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

SecuritySnacksDive into DomainTools Investigations’ latest analysis: "The Domain Registrars Powering Russian Disinformation: A Deep Dive into Tactics and Trends."Russian state-sponsored actors are leveraging low-cost, privacy-protected, and anonymous domain services to launch sophisticated disinformation campaigns.Key Highlights: 🔸Fake news portals mimicking legitimate media 🔸Typosquatting and homoglyph attacks 🔸Bulletproof hosting and Fast Flux networks 🔸Preferred registrars 🔸Emerging trends in domain registration tacticsStay informed and help us combat these threats - read the full article and join the discussion: <a href="https://dti.domaintools.com/domain-registrars-powering-russian-disinformation/?utm_source=Mastodon&utm_medium=Social&utm_campaign=disinformation" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dti.domaintools.com/domain-registrars-powering-russian-disinformation/?utm_source=Mastodon&utm_medium=Social&utm_campaign=disinformation</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Disinformation</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberThreats</a>

Christoffer S.I just published the source code for my very naive <a href="https://swecyb.com/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked <a href="https://swecyb.com/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Markdown</a> files linking intrusion sets to their used techniques.Perhaps someone finds it useful or interesting to experiment with.Source code: <a href="https://github.com/cstromblad/markdown_node" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cstromblad/markdown_node</a>I hinted at this in a thread started by <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> where he asked for input on a few very likely malicious domains. Me <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> <a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cR0w</a> <a href="https://masto.deoan.org/@neurovagrant" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neurovagrant</a> and others did some OSINT fun work with a couple of the original domains.It was this thread: <a href="https://mastodon.social/@Viss/114145122623079635" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@Viss/114145122623079635</a>Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.<a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/Obsidian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Obsidian</a>

CTI.FYI🚨New ransom group blog posts!🚨Group name: arcusmedia Post title: HYPERNOVA TELECOM Info: <a href="https://cti.fyi/groups/arcusmedia.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/arcusmedia.html</a>Group name: arcusmedia Post title: HYPONAMIRU Info: <a href="https://cti.fyi/groups/arcusmedia.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/arcusmedia.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Infoblox Threat IntelWhile everyone is enjoying Carnival in Brazil, threat actors are still out there trying to lure people into their traps. We have found a cluster of lookalikes to the Brazilian DMV office (DETRAN in Portuguese). We observed at least two instances where they were impersonating the DMV office for the Brazilian states of Paraná and Maranhão. The actor(s) create domains with the same label, but on several different TLDs (mostly highly abused). Here are some examples of what they look like. consultes-seu-debitos2025.<space|site|shop|cloud> debitos-sp-2025.<club|com|lat|net|online|store|xyz> de3trasn2025.<click|fun|life|online|xyz> departamentodetran2025.<click|icu|lat> detran2025.<click|icu|lat|sbs> l1cenciamento-detran2025.<click|icu|lat|sbs> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/</a> <a href="https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/</a>

greyFor some reason people are sharing llm garbage instead of the real chat logs for black basta. Here are the real logs and the telegram channel they're being shared in: https://t[.]me/shopotbasta/21CTI is a team sport. Not a secret boys club. Sharing is caring. <a href="https://infosec.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTI</a> <a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GAYINT</a> <a href="https://infosec.exchange/tags/CTIFORALL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTIFORALL</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/BlackBasta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlackBasta</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a>

CTI.FYI🚨New ransom group blog post!🚨Group name: flocker Post title: Eservices.gov.zm Info: <a href="https://cti.fyi/groups/flocker.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/flocker.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Infoblox Threat IntelWe researched the domains involved and found that some had been registered at NiceNIC, which we recognize as a problematic registrar located in China. This connection to China aligns with the type of pig-butchering / fake crypto platform scams that we're seeing. What makes this case unique is the use of political disinformation as a lure. An important lesson here is how adtech is being misused to facilitate disinformation and fraud. This is a trend you're probably familiar with if you've been following our content. Sample of identified domains: ecno26r4jj[.]com, affiltrack5681[.]com, client[.]fx-trinity[.]com, smartbrokerreviews[.]top <a href="https://infosec.exchange/tags/pigbutchering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pigbutchering</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disinformation</a> <a href="https://infosec.exchange/tags/canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#canada</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> 3/3

The New OilA <a href="https://mastodon.thenewoil.org/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#US</a> <a href="https://mastodon.thenewoil.org/tags/Treasury" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Treasury</a> <a href="https://mastodon.thenewoil.org/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> Analysis Designates <a href="https://mastodon.thenewoil.org/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> Staff as ‘<a href="https://mastodon.thenewoil.org/tags/InsiderThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InsiderThreat</a>’<a href="https://www.wired.com/story/treasury-bfs-doge-insider-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/treasury-bfs-doge-insider-threat/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/politics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#politics</a>

CTI.FYI🚨New ransom group blog post!🚨Group name: handala Post title: Israel Police Hacked Info: <a href="https://cti.fyi/groups/handala.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/handala.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Alexandre DulaunoyVulnerability Report – January 2025With significant improvements in gathering sightings and vulnerability information in recent weeks, vulnerability-lookup has become a great resource for automatically generating vulnerability threat landscape reports.The tooling is open source and you can reuse it or extend to add your own sources, sighting or improve it.We have many ideas for vulnerability-lookup project and we welcome new contributors.<a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilities</a> <a href="https://infosec.exchange/tags/fosdem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fosdem</a> 🔗 Report <a href="https://www.vulnerability-lookup.org/2025/02/01/vulnerability-report-january-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.vulnerability-lookup.org/2025/02/01/vulnerability-report-january-2025/</a> 🔗 Open source code <a href="https://github.com/vulnerability-lookup/vulnerability-lookup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/vulnerability-lookup/vulnerability-lookup</a> 🔗 Online version <a href="https://vulnerability.circl.lu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vulnerability.circl.lu/</a> :github: org <a href="https://github.com/vulnerability-lookup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/vulnerability-lookup</a>The project team will be also present at hackathon.lu (April 8th and 9th, 2025 in Luxembourg) <a href="https://hackathon.lu/projects/#vulnerability-lookup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackathon.lu/projects/#vulnerability-lookup</a><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@circl</a> <a href="https://fosstodon.org/@cedric" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cedric</a>

Infoblox Threat IntelMastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account. We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users. There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster. For our fellow security nerds... this was <a href="https://infosec.exchange/tags/vidar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vidar</a> malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d and a c2 IP 78[.]47[.]227[.]68 from the instance. there is still at least one more Mastodon instance impacted that we are trying to reach. <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/stealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#stealer</a> <a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/fakeaccounts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fakeaccounts</a> <a href="https://infosec.exchange/tags/c2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#c2</a>

ReynardSecEver seen a single QR code that can lead you to two different URLs? 🤯Christian Walther just demoed that. He merged two QR codes in such a way that each “pixel” can be interpreted as black or white, depending on angle, focus settings, or even plain luck. Same device, same scanner - yet sometimes you get <a href="https://mstdn.social/@isziaui" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mstdn.social/@isziaui</a>, other times it’s <a href="https://github.com/cwalther" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cwalther</a>.While this is currently just a wicked proof-of-concept, it’s a red flag for possible future scamsCheck full thread: <a href="https://mstdn.social/@isziaui/113874436953157913" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mstdn.social/@isziaui/113874436953157913</a><a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialengineering</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#programming</a>

Taggart :donor:A detailed, well-written, and hilarious breakdown of the details of CVE-2024-55591, one of the latest Fortinet fiascos:<a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a><a href="https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/</a>

Taggart :donor:A fantastic meta-analysis of Telegram cybercrime channels. I suspect there is ample material in these findings to start building hunts for new threat actors, or even to collect new <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> based on common patterns in posts.<a href="https://arxiv.org/html/2409.14596v2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arxiv.org/html/2409.14596v2</a><a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a>

Taggart :donor:A gentle introduction to the threat intel sharing process: <a href="https://www.infernux.no/Expanding-on-CTI/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infernux.no/Expanding-on-CTI/</a><a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a>

Taggart :donor:Hey hey! More <a href="https://infosec.exchange/tags/eBPF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eBPF</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> in the wild, this one targeting Juniper devices.EDIT: I don't think this is eBPF. As was pointed out in the replies, this is a BSD-based OS, which does not normally implement eBPF. Also I'm not seeing any eBPF code here. This would appear to be plain old-school BPF.<a href="https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/</a><a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a>

ReynardSecHas anyone already encountered something like this? 🚨 "g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen."<a href="https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4</a><a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a>

CTI.FYI🚨New ransom group blog post!🚨Group name: incransom Post title: RETAL Baltic Films Info: <a href="https://cti.fyi/groups/incransom.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cti.fyi/groups/incransom.html</a><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Recent searches

Search options

Administered by:

Server stats:

#threatintelligence