Top Security News for 30/09/2023
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
FBI: Ransomware Actors Launching 'Dual' Attacks
The FBI is warning of dual ransomware attacks, where victim organizations are hit with two different types of ransomware variants in quick succession - sometimes within 48 hours of each other. Several factors are enabling these types of dual attacks. Attackers…
Top Security News for 24/10/2023
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
N2K CyberWire
Social engineering for espionage and for profit.
Okta discloses a data exposure incident. Cisco works to fix zero-day. DPRK threat actors pose as IT workers. Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. The Quasar RAT and DLL side-loading. Hacktivists…
Top Security News for 25/10/2023
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
Explore this post and more from the netsec community
Top Security News for 26/10/2023
dup()'s shared file IO offset is a necessary part of Unix
https://www.reddit.com/r/lowlevel/comments/17g4ucp/dups_shared_file_io_offset_is_a_necessary_part_of/
StripedFly: Perennially flying under the radar
https://malware.news/t/stripedfly-perennially-flying-under-the-radar/74952#post_1
Unveil Data Security Paradoxes
https://thecyberwire.com/podcasts/uncovering-hidden-risks/13/notes
Expanding audit logging and retention within Microsoft Purview for increased security visibility
https://www.microsoft.com/en-us/security/blog/2023/10/18/expanding-audit-logging-and-retention-within-microsoft-purview-for-increased-security-visibility/
RTX (formerly known as Raytheon) is selling its cybersecurity business. Accenture acquires MNEMO Mexico. CISO challenges, across sectors.
https://thecyberwire.com/newsletters/business-briefing/5/43
Privacy landscapes for children.
https://thecyberwire.com/podcasts/caveat/192/notes
Perfect DLL Hijacking
https://www.reddit.com/r/Malware/comments/17go4v5/perfect_dll_hijacking/
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
https://www.reddit.com/r/netsec/comments/17g98dn/octo_tempest_crosses_boundaries_to_facilitate/
N2K Cyber and Microsoft expand collaboration with the launch of The Microsoft Threat Intelligence Podcast.
https://thecyberwire.com/stories/e29c68e1cd9a4660a0a65da33e95393a/n2k-cyber-and-microsoft-expand-collaboration-with-the-launch-of-the-microsoft-threat-intelligence-podcast
Application Security Posture Management: Providing AppSec (and DevOps) a big assist
https://malware.news/t/application-security-posture-management-providing-appsec-and-devops-a-big-assist/74950#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
dup()'s shared file IO offset is a necessary part of Unix
https://www.reddit.com/r/lowlevel/comments/17g4ucp/dups_shared_file_io_offset_is_a_necessary_part_of/
StripedFly: Perennially flying under the radar
https://malware.news/t/stripedfly-perennially-flying-under-the-radar/74952#post_1
Unveil Data Security Paradoxes
https://thecyberwire.com/podcasts/uncovering-hidden-risks/13/notes
Expanding audit logging and retention within Microsoft Purview for increased security visibility
https://www.microsoft.com/en-us/security/blog/2023/10/18/expanding-audit-logging-and-retention-within-microsoft-purview-for-increased-security-visibility/
RTX (formerly known as Raytheon) is selling its cybersecurity business. Accenture acquires MNEMO Mexico. CISO challenges, across sectors.
https://thecyberwire.com/newsletters/business-briefing/5/43
Privacy landscapes for children.
https://thecyberwire.com/podcasts/caveat/192/notes
Perfect DLL Hijacking
https://www.reddit.com/r/Malware/comments/17go4v5/perfect_dll_hijacking/
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
https://www.reddit.com/r/netsec/comments/17g98dn/octo_tempest_crosses_boundaries_to_facilitate/
N2K Cyber and Microsoft expand collaboration with the launch of The Microsoft Threat Intelligence Podcast.
https://thecyberwire.com/stories/e29c68e1cd9a4660a0a65da33e95393a/n2k-cyber-and-microsoft-expand-collaboration-with-the-launch-of-the-microsoft-threat-intelligence-podcast
Application Security Posture Management: Providing AppSec (and DevOps) a big assist
https://malware.news/t/application-security-posture-management-providing-appsec-and-devops-a-big-assist/74950#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: dup()'s shared file IO offset is a necessary part of Unix
Posted by skeeto - 7 votes and no comments
Top Security News for 27/10/2023
Why cybersecurity training isn’t working (and how to fix it)
https://securityintelligence.com/articles/why-cybersecurity-training-isnt-working-and-how-to-fix-it/
6 steps to accelerate cybersecurity incident response
https://malware.news/t/6-steps-to-accelerate-cybersecurity-incident-response/75002#post_1
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
A cascade of compromise: unveiling Lazarus’ new campaign
https://malware.news/t/a-cascade-of-compromise-unveiling-lazarus-new-campaign/75004#post_1
A cascade of compromise: unveiling Lazarus’ new campaign
https://securelist.com/unveiling-lazarus-new-campaign/110888/
Workflow of a zkSync Era transaction: from generation to finalization
http://blog.quarkslab.com/zksync-transaction-workflow.html
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
StripedFly reclassified from petty larceny to APT.
https://thecyberwire.com/stories/e41efe29905a42dc86888a014624baf9/stripedfly-reclassified-from-petty-larceny-to-apt
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Why cybersecurity training isn’t working (and how to fix it)
https://securityintelligence.com/articles/why-cybersecurity-training-isnt-working-and-how-to-fix-it/
6 steps to accelerate cybersecurity incident response
https://malware.news/t/6-steps-to-accelerate-cybersecurity-incident-response/75002#post_1
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
A cascade of compromise: unveiling Lazarus’ new campaign
https://malware.news/t/a-cascade-of-compromise-unveiling-lazarus-new-campaign/75004#post_1
A cascade of compromise: unveiling Lazarus’ new campaign
https://securelist.com/unveiling-lazarus-new-campaign/110888/
Workflow of a zkSync Era transaction: from generation to finalization
http://blog.quarkslab.com/zksync-transaction-workflow.html
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
StripedFly reclassified from petty larceny to APT.
https://thecyberwire.com/stories/e41efe29905a42dc86888a014624baf9/stripedfly-reclassified-from-petty-larceny-to-apt
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Intelligence
Why cybersecurity training isn’t working (and how to fix it)
Don’t look now, but cybersecurity training isn’t good enough. Here's what it tends to get wrong, and how to get it right.
Top Security News for 28/10/2023
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
The evolution of 20 years of cybersecurity awareness
https://securityintelligence.com/articles/20-years-of-cybersecurity-awareness/
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html
A new ransomware uses virtual machine to dodge security
https://www.reddit.com/r/netsec/comments/17hyw24/a_new_ransomware_uses_virtual_machine_to_dodge/
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
No rest for the wicked HiatusRAT.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Top insights and best practices from the new Microsoft Data Security Index report
https://www.microsoft.com/en-us/security/blog/2023/10/25/top-insights-and-best-practices-from-the-new-microsoft-data-security-index-report/
Federal network vulnerabilities curbed by CISA KEV catalog
https://malware.news/t/federal-network-vulnerabilities-curbed-by-cisa-kev-catalog/75043#post_1
Wade Baker from Cyentia Institute is sharing their latest IRIS report.
https://thecyberwire.com/podcasts/interview-selects/183/notes
De4py: Toolkit for python reverse engineering
https://www.reddit.com/r/netsec/comments/17hy8ga/de4py_toolkit_for_python_reverse_engineering/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
The evolution of 20 years of cybersecurity awareness
https://securityintelligence.com/articles/20-years-of-cybersecurity-awareness/
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html
A new ransomware uses virtual machine to dodge security
https://www.reddit.com/r/netsec/comments/17hyw24/a_new_ransomware_uses_virtual_machine_to_dodge/
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
No rest for the wicked HiatusRAT.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Top insights and best practices from the new Microsoft Data Security Index report
https://www.microsoft.com/en-us/security/blog/2023/10/25/top-insights-and-best-practices-from-the-new-microsoft-data-security-index-report/
Federal network vulnerabilities curbed by CISA KEV catalog
https://malware.news/t/federal-network-vulnerabilities-curbed-by-cisa-kev-catalog/75043#post_1
Wade Baker from Cyentia Institute is sharing their latest IRIS report.
https://thecyberwire.com/podcasts/interview-selects/183/notes
De4py: Toolkit for python reverse engineering
https://www.reddit.com/r/netsec/comments/17hy8ga/de4py_toolkit_for_python_reverse_engineering/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft Security Blog
An integrated incident response solution with Microsoft and PwC | Microsoft Security Blog
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability, providing a more comprehensive and seamless incident response experience.
Top Security News for 29/10/2023
First time seeing this app
https://www.reddit.com/r/Malware/comments/17iek36/first_time_seeing_this_app/
Size Matters for Many Security Controls, (Sat, Oct 28th)
https://isc.sans.edu/diary/rss/30352
Turning a boring file move into a privilege escalation on Mac
https://www.reddit.com/r/netsec/comments/17ibj2e/turning_a_boring_file_move_into_a_privilege/
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.html
Octo Tempest cybercriminal group is "a growing concern"—Microsoft
https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Isp>vpn>whoami>proxychain>tor
https://0x00sec.org/t/isp-vpn-whoami-proxychain-tor/37626
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
https://securityaffairs.com/153169/hacking/pwn2own-toronto-2023-ended.html
Spooky, scary, skeletons at the movies.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/23/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
First time seeing this app
https://www.reddit.com/r/Malware/comments/17iek36/first_time_seeing_this_app/
Size Matters for Many Security Controls, (Sat, Oct 28th)
https://isc.sans.edu/diary/rss/30352
Turning a boring file move into a privilege escalation on Mac
https://www.reddit.com/r/netsec/comments/17ibj2e/turning_a_boring_file_move_into_a_privilege/
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.html
Octo Tempest cybercriminal group is "a growing concern"—Microsoft
https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Isp>vpn>whoami>proxychain>tor
https://0x00sec.org/t/isp-vpn-whoami-proxychain-tor/37626
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
https://securityaffairs.com/153169/hacking/pwn2own-toronto-2023-ended.html
Spooky, scary, skeletons at the movies.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/23/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: First time seeing this app
Explore this post and more from the Malware community
👍1
Top Security News for 30/10/2023
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html
remote access trojan
https://www.reddit.com/r/Malware/comments/17j47j5/remote_access_trojan/
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://malware.news/t/accidental-malvertising-via-dynamic-search-ads-delivers-malware-frenzy/75055#post_1
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/153186/breaking-news/security-affairs-newsletter-round-443-by-pierluigi-paganini-international-edition.html

Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://isc.sans.edu/diary/rss/30354
Seeking Guidance on Writing a Malware Builder
https://0x00sec.org/t/seeking-guidance-on-writing-a-malware-builder/37630
ISC Stormcast For Monday, October 30th, 2023 https://isc.sans.edu/podcastdetail/8722, (Mon, Oct 30th)
https://malware.news/t/isc-stormcast-for-monday-october-30th-2023-https-isc-sans-edu-podcastdetail-8722-mon-oct-30th/75052#post_1
Help Everyone Do Better Security
https://www.reddit.com/r/netsec/comments/17jo8tx/help_everyone_do_better_security/
Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://malware.news/t/spam-or-phishing-x3f-looking-for-credentials-passwords-sun-oct-29th/75050#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html
remote access trojan
https://www.reddit.com/r/Malware/comments/17j47j5/remote_access_trojan/
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://malware.news/t/accidental-malvertising-via-dynamic-search-ads-delivers-malware-frenzy/75055#post_1
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/153186/breaking-news/security-affairs-newsletter-round-443-by-pierluigi-paganini-international-edition.html

Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://isc.sans.edu/diary/rss/30354
Seeking Guidance on Writing a Malware Builder
https://0x00sec.org/t/seeking-guidance-on-writing-a-malware-builder/37630
ISC Stormcast For Monday, October 30th, 2023 https://isc.sans.edu/podcastdetail/8722, (Mon, Oct 30th)
https://malware.news/t/isc-stormcast-for-monday-october-30th-2023-https-isc-sans-edu-podcastdetail-8722-mon-oct-30th/75052#post_1
Help Everyone Do Better Security
https://www.reddit.com/r/netsec/comments/17jo8tx/help_everyone_do_better_security/
Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://malware.news/t/spam-or-phishing-x3f-looking-for-credentials-passwords-sun-oct-29th/75050#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: remote access trojan
Posted by young-jayy - 2 votes and 3 comments
Top Security News for 31/10/2023
New Webinar: 5 Must-Know Trends Impacting AppSec
https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
https://securityintelligence.com/posts/what-keeps-incident-responders-up-at-night-common-pitfalls-cyber-responders-encounter/
Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)
https://isc.sans.edu/diary/rss/30358
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html
LockBit claims a cyberattack against Boeing.
https://thecyberwire.com/stories/fe240f10e10049b9b2b9407216696e1b/lockbit-claims-a-cyberattack-against-boeing
Virtual credit card fraud: An old scam reinvented
https://securityintelligence.com/posts/virtual-credit-card-fraud-old-scam-reinvented/
ISC StormCast for Tuesday, October 31st, 2023
https://isc.sans.edu/podcastdetail/8724
ISC Stormcast For Tuesday, October 31st, 2023 https://isc.sans.edu/podcastdetail/8724, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30360
Ukraine at D+613: ISPs disrupted in occupied territories.
https://thecyberwire.com/stories/9e6a9dfd309a4b1283d464c396ab9747/ukraine-at-d613
A week in security (October 16 – October 22)
https://www.malwarebytes.com/blog/news/2023/10/a-week-in-security-october-16-october-22-2
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New Webinar: 5 Must-Know Trends Impacting AppSec
https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
https://securityintelligence.com/posts/what-keeps-incident-responders-up-at-night-common-pitfalls-cyber-responders-encounter/
Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)
https://isc.sans.edu/diary/rss/30358
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html
LockBit claims a cyberattack against Boeing.
https://thecyberwire.com/stories/fe240f10e10049b9b2b9407216696e1b/lockbit-claims-a-cyberattack-against-boeing
Virtual credit card fraud: An old scam reinvented
https://securityintelligence.com/posts/virtual-credit-card-fraud-old-scam-reinvented/
ISC StormCast for Tuesday, October 31st, 2023
https://isc.sans.edu/podcastdetail/8724
ISC Stormcast For Tuesday, October 31st, 2023 https://isc.sans.edu/podcastdetail/8724, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30360
Ukraine at D+613: ISPs disrupted in occupied territories.
https://thecyberwire.com/stories/9e6a9dfd309a4b1283d464c396ab9747/ukraine-at-d613
A week in security (October 16 – October 22)
https://www.malwarebytes.com/blog/news/2023/10/a-week-in-security-october-16-october-22-2
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Intelligence
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
What does the worst day look like for incident responders? What keeps them up at night, and what makes their jobs more difficult? Unpack the scary stories.
Top Security News for 01/11/2023
Supercharging Red-Teaming with Infrastructure as Code Integration
https://www.reddit.com/r/netsec/comments/17ks4u7/supercharging_redteaming_with_infrastructure_as/
Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30362
Impersonating Slack Users - Red Team Tradecraft
https://www.reddit.com/r/netsec/comments/17l5qbg/impersonating_slack_users_red_team_tradecraft/
Not sure if this is the right place to post this but
https://www.reddit.com/r/Malware/comments/17l10gp/not_sure_if_this_is_the_right_place_to_post_this/
Canada Bans WeChat and Kaspersky Apps On Government Devices
https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html
Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking)
https://malware.news/t/warning-against-infostealer-infections-upon-executing-legitimate-exe-files-dll-hijacking/75158#post_1
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/10/patch-now-big-ip-configuration-utility-is-vulnerable-for-an-authentication-bypass
What would it take to get you kids into a nice, late-model malware mealkit?
https://thecyberwire.com/podcasts/daily-podcast/1938/notes
ISC Stormcast For Wednesday, November 1st, 2023 https://isc.sans.edu/podcastdetail/8726, (Wed, Nov 1st)
https://malware.news/t/isc-stormcast-for-wednesday-november-1st-2023-https-isc-sans-edu-podcastdetail-8726-wed-nov-1st/75157#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Supercharging Red-Teaming with Infrastructure as Code Integration
https://www.reddit.com/r/netsec/comments/17ks4u7/supercharging_redteaming_with_infrastructure_as/
Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30362
Impersonating Slack Users - Red Team Tradecraft
https://www.reddit.com/r/netsec/comments/17l5qbg/impersonating_slack_users_red_team_tradecraft/
Not sure if this is the right place to post this but
https://www.reddit.com/r/Malware/comments/17l10gp/not_sure_if_this_is_the_right_place_to_post_this/
Canada Bans WeChat and Kaspersky Apps On Government Devices
https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html
Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking)
https://malware.news/t/warning-against-infostealer-infections-upon-executing-legitimate-exe-files-dll-hijacking/75158#post_1
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/10/patch-now-big-ip-configuration-utility-is-vulnerable-for-an-authentication-bypass
What would it take to get you kids into a nice, late-model malware mealkit?
https://thecyberwire.com/podcasts/daily-podcast/1938/notes
ISC Stormcast For Wednesday, November 1st, 2023 https://isc.sans.edu/podcastdetail/8726, (Wed, Nov 1st)
https://malware.news/t/isc-stormcast-for-wednesday-november-1st-2023-https-isc-sans-edu-podcastdetail-8726-wed-nov-1st/75157#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Supercharging Red-Teaming with Infrastructure as Code Integration
Explore this post and more from the netsec community
Top Security News for 02/11/2023
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
https://malware.news/t/uefi-and-the-digital-supply-chain-dick-wilkins-bts-16/75190#post_1
ISC Stormcast For Thursday, November 2nd, 2023 https://isc.sans.edu/podcastdetail/8728, (Thu, Nov 2nd)
https://malware.news/t/isc-stormcast-for-thursday-november-2nd-2023-https-isc-sans-edu-podcastdetail-8728-thu-nov-2nd/75195#post_1
Pentagon 'Strongly' Urges Military Members to Report UFO Sightings With New Website
https://www.vice.com/en_us/article/bvjpaz/us-pentagon-ufo-uap-reporting-website-aaro
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Official release of CVSS v4.0
https://www.reddit.com/r/netsec/comments/17lic7r/official_release_of_cvss_v40/
Weaponizing your out-of-office replies.
https://thecyberwire.com/podcasts/hacking-humans/264/notes
EKS Cluster Games: An EKS-focused CTF Challenge
https://www.reddit.com/r/netsec/comments/17lhfee/eks_cluster_games_an_eksfocused_ctf_challenge/
Hacktivism in two hybrid wars (with an excursus on gastropods).
https://thecyberwire.com/podcasts/daily-podcast/1939/notes
How to crack Windows Password
https://www.reddit.com/r/netsec/comments/17l2oea/how_to_crack_windows_password/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
https://malware.news/t/uefi-and-the-digital-supply-chain-dick-wilkins-bts-16/75190#post_1
ISC Stormcast For Thursday, November 2nd, 2023 https://isc.sans.edu/podcastdetail/8728, (Thu, Nov 2nd)
https://malware.news/t/isc-stormcast-for-thursday-november-2nd-2023-https-isc-sans-edu-podcastdetail-8728-thu-nov-2nd/75195#post_1
Pentagon 'Strongly' Urges Military Members to Report UFO Sightings With New Website
https://www.vice.com/en_us/article/bvjpaz/us-pentagon-ufo-uap-reporting-website-aaro
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Official release of CVSS v4.0
https://www.reddit.com/r/netsec/comments/17lic7r/official_release_of_cvss_v40/
Weaponizing your out-of-office replies.
https://thecyberwire.com/podcasts/hacking-humans/264/notes
EKS Cluster Games: An EKS-focused CTF Challenge
https://www.reddit.com/r/netsec/comments/17lhfee/eks_cluster_games_an_eksfocused_ctf_challenge/
Hacktivism in two hybrid wars (with an excursus on gastropods).
https://thecyberwire.com/podcasts/daily-podcast/1939/notes
How to crack Windows Password
https://www.reddit.com/r/netsec/comments/17l2oea/how_to_crack_windows_password/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
Article Link: UEFI and The Digital Supply Chain – Dick Wilkins – BTS #16 | SC Media
Top Security News for 03/11/2023
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
https://thecyberwire.com/podcasts/daily-podcast/1940/notes
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
https://thehackernews.com/2023/11/irans-muddywater-targets-israel-in-new.html
Vulnerable Apache ActiveMQ servers subjected to HelloKitty ransomware attack
https://malware.news/t/vulnerable-apache-activemq-servers-subjected-to-hellokitty-ransomware-attack/75247#post_1
Novel macOS malware launched by North Korean hackers
https://malware.news/t/novel-macos-malware-launched-by-north-korean-hackers/75245#post_1
ISC StormCast for Friday, November 3rd, 2023
https://isc.sans.edu/podcastdetail/8730
Advice For Catching a RedLine Stealer - includes tools to identify C2 protocol
https://www.reddit.com/r/netsec/comments/17m7dsr/advice_for_catching_a_redline_stealer_includes/
ISC Stormcast For Friday, November 3rd, 2023 https://isc.sans.edu/podcastdetail/8730, (Fri, Nov 3rd)
https://malware.news/t/isc-stormcast-for-friday-november-3rd-2023-https-isc-sans-edu-podcastdetail-8730-fri-nov-3rd/75248#post_1
Lazarus Group prospects blockchain engineers with KANDYKORN.
https://thecyberwire.com/stories/2fadf6cb2f084714ab3ae40bb8b2f889/lazarus-group-prospects-blockchain-engineers-with-kandykorn
Quick Tip For Artificially Inflated PE Files, (Thu, Nov 2nd)
https://isc.sans.edu/diary/rss/30370
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
https://thehackernews.com/2023/11/first-announces-cvss-40-new.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
https://thecyberwire.com/podcasts/daily-podcast/1940/notes
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
https://thehackernews.com/2023/11/irans-muddywater-targets-israel-in-new.html
Vulnerable Apache ActiveMQ servers subjected to HelloKitty ransomware attack
https://malware.news/t/vulnerable-apache-activemq-servers-subjected-to-hellokitty-ransomware-attack/75247#post_1
Novel macOS malware launched by North Korean hackers
https://malware.news/t/novel-macos-malware-launched-by-north-korean-hackers/75245#post_1
ISC StormCast for Friday, November 3rd, 2023
https://isc.sans.edu/podcastdetail/8730
Advice For Catching a RedLine Stealer - includes tools to identify C2 protocol
https://www.reddit.com/r/netsec/comments/17m7dsr/advice_for_catching_a_redline_stealer_includes/
ISC Stormcast For Friday, November 3rd, 2023 https://isc.sans.edu/podcastdetail/8730, (Fri, Nov 3rd)
https://malware.news/t/isc-stormcast-for-friday-november-3rd-2023-https-isc-sans-edu-podcastdetail-8730-fri-nov-3rd/75248#post_1
Lazarus Group prospects blockchain engineers with KANDYKORN.
https://thecyberwire.com/stories/2fadf6cb2f084714ab3ae40bb8b2f889/lazarus-group-prospects-blockchain-engineers-with-kandykorn
Quick Tip For Artificially Inflated PE Files, (Thu, Nov 2nd)
https://isc.sans.edu/diary/rss/30370
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
https://thehackernews.com/2023/11/first-announces-cvss-40-new.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts.…
Top Security News for 04/11/2023
Okta employee data compromised in third-party breach
https://malware.news/t/okta-employee-data-compromised-in-third-party-breach/75289#post_1
Immediate patching of Atlassian Confluence flaw urged
https://malware.news/t/immediate-patching-of-atlassian-confluence-flaw-urged/75284#post_1
Keylogger keyboard leaks passwords via Apple's "Find My" location network
https://www.reddit.com/r/netsec/comments/17mv6a9/keylogger_keyboard_leaks_passwords_via_apples/
First handset with MTE on the market
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Sandman doesn't slow malware down.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
Israel subjected to new MuddyWater spear-phishing attacks
https://malware.news/t/israel-subjected-to-new-muddywater-spear-phishing-attacks/75290#post_1
ZDI discloses four zero-day flaws in Microsoft Exchange
https://securityaffairs.com/153599/hacking/microsoft-exchange-zero-day-flaws.html
ram usage went high all of a sudden without using programs and i found this second explorer task which i cant close
https://www.reddit.com/r/Malware/comments/17n8np5/ram_usage_went_high_all_of_a_sudden_without_using/
CanesSpy Spyware Discovered in Modified WhatsApp Versions
https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Okta employee data compromised in third-party breach
https://malware.news/t/okta-employee-data-compromised-in-third-party-breach/75289#post_1
Immediate patching of Atlassian Confluence flaw urged
https://malware.news/t/immediate-patching-of-atlassian-confluence-flaw-urged/75284#post_1
Keylogger keyboard leaks passwords via Apple's "Find My" location network
https://www.reddit.com/r/netsec/comments/17mv6a9/keylogger_keyboard_leaks_passwords_via_apples/
First handset with MTE on the market
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Sandman doesn't slow malware down.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
Israel subjected to new MuddyWater spear-phishing attacks
https://malware.news/t/israel-subjected-to-new-muddywater-spear-phishing-attacks/75290#post_1
ZDI discloses four zero-day flaws in Microsoft Exchange
https://securityaffairs.com/153599/hacking/microsoft-exchange-zero-day-flaws.html
ram usage went high all of a sudden without using programs and i found this second explorer task which i cant close
https://www.reddit.com/r/Malware/comments/17n8np5/ram_usage_went_high_all_of_a_sudden_without_using/
CanesSpy Spyware Discovered in Modified WhatsApp Versions
https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Okta employee data compromised in third-party breach
Okta had 4,961 current and former employees' data, including names, health insurance plan numbers, and Social Security numbers, compromised following a breach at its third-party vendor Rightway Healthcare, reports The Register. Article Link: Okta employee…
Top Security News for 05/11/2023
Frameworks for DE-Friendly CTI (Part 5) [Medium Backup]
https://malware.news/t/frameworks-for-de-friendly-cti-part-5-medium-backup/75293#post_1
Smashing the TLB for fun and profit - ekoparty 2023
https://www.reddit.com/r/netsec/comments/17o24gf/smashing_the_tlb_for_fun_and_profit_ekoparty_2023/
Talkin’ About Infosec News – 11/4/2023
https://malware.news/t/talkin-about-infosec-news-11-4-2023/75296#post_1
Google Play Store Introduces 'Independent Security Review' Badge for Apps
https://thehackernews.com/2023/11/google-play-store-introduces.html
Threat Roundup for October 27 to November 3
https://malware.news/t/threat-roundup-for-october-27-to-november-3/75295#post_1
Riks around Chrome cache
https://www.reddit.com/r/Malware/comments/17nw3i4/riks_around_chrome_cache/
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
https://securityaffairs.com/153610/hacking/kinsing-hackers-probe-looney-tunables.html
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity.
https://thecyberwire.com/podcasts/special-edition/55/notes
Jeffrey Wheatman: Sometimes you just need to open the raincoat.
https://thecyberwire.com/podcasts/career-notes/174/notes
Google Cybersecurity Action Team Threat Horizons Report #8 Is Out! [Medium Backup]
https://malware.news/t/google-cybersecurity-action-team-threat-horizons-report-8-is-out-medium-backup/75292#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Frameworks for DE-Friendly CTI (Part 5) [Medium Backup]
https://malware.news/t/frameworks-for-de-friendly-cti-part-5-medium-backup/75293#post_1
Smashing the TLB for fun and profit - ekoparty 2023
https://www.reddit.com/r/netsec/comments/17o24gf/smashing_the_tlb_for_fun_and_profit_ekoparty_2023/
Talkin’ About Infosec News – 11/4/2023
https://malware.news/t/talkin-about-infosec-news-11-4-2023/75296#post_1
Google Play Store Introduces 'Independent Security Review' Badge for Apps
https://thehackernews.com/2023/11/google-play-store-introduces.html
Threat Roundup for October 27 to November 3
https://malware.news/t/threat-roundup-for-october-27-to-november-3/75295#post_1
Riks around Chrome cache
https://www.reddit.com/r/Malware/comments/17nw3i4/riks_around_chrome_cache/
Kinsing threat actors probed the Looney Tunables flaws in recent attacks
https://securityaffairs.com/153610/hacking/kinsing-hackers-probe-looney-tunables.html
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity.
https://thecyberwire.com/podcasts/special-edition/55/notes
Jeffrey Wheatman: Sometimes you just need to open the raincoat.
https://thecyberwire.com/podcasts/career-notes/174/notes
Google Cybersecurity Action Team Threat Horizons Report #8 Is Out! [Medium Backup]
https://malware.news/t/google-cybersecurity-action-team-threat-horizons-report-8-is-out-medium-backup/75292#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Frameworks for DE-Friendly CTI (Part 5) [Medium Backup]
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Detection…
Top Security News for 06/11/2023
A week in security (October 30 – November 5)
https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-october-30-november-5-2
ISC Stormcast For Monday, November 6th, 2023 https://isc.sans.edu/podcastdetail/8732, (Mon, Nov 6th)
https://isc.sans.edu/diary/rss/30374
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
https://securityaffairs.com/153622/hacking/lazarus-kandykorn-malware.html
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
https://thehackernews.com/2023/11/us-treasury-targets-russian-money.html
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking
https://malware.news/t/malware-analysis-zpaq-to-net-downloader-to-injector-dll-unpacking/75298#post_1
I’m not sure if this is the correct place but please read
https://www.reddit.com/r/Malware/comments/17o68b1/im_not_sure_if_this_is_the_correct_place_but/
How do I capture all network traffic on a phone
https://0x00sec.org/t/how-do-i-capture-all-network-traffic-on-a-phone/37733
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Ledger Live Crypto Wallet Attack
https://malware.news/t/ledger-live-crypto-wallet-attack/75299#post_1
Create own malware, ransomware, trojans and more
https://www.reddit.com/r/Malware/comments/17omgum/create_own_malware_ransomware_trojans_and_more/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
A week in security (October 30 – November 5)
https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-october-30-november-5-2
ISC Stormcast For Monday, November 6th, 2023 https://isc.sans.edu/podcastdetail/8732, (Mon, Nov 6th)
https://isc.sans.edu/diary/rss/30374
Lazarus targets blockchain engineers with new KandyKorn macOS Malware
https://securityaffairs.com/153622/hacking/lazarus-kandykorn-malware.html
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
https://thehackernews.com/2023/11/us-treasury-targets-russian-money.html
Malware Analysis - ZPAQ to .NET downloader to Injector DLL unpacking
https://malware.news/t/malware-analysis-zpaq-to-net-downloader-to-injector-dll-unpacking/75298#post_1
I’m not sure if this is the correct place but please read
https://www.reddit.com/r/Malware/comments/17o68b1/im_not_sure_if_this_is_the_correct_place_but/
How do I capture all network traffic on a phone
https://0x00sec.org/t/how-do-i-capture-all-network-traffic-on-a-phone/37733
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Ledger Live Crypto Wallet Attack
https://malware.news/t/ledger-live-crypto-wallet-attack/75299#post_1
Create own malware, ransomware, trojans and more
https://www.reddit.com/r/Malware/comments/17omgum/create_own_malware_ransomware_trojans_and_more/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
A week in security (October 30 - November 5) | Malwarebytes
A list of topics we covered in the week of October 30 to November 5 of 2023
Top Security News for 07/11/2023
ISC StormCast for Monday, October 30th, 2023
https://isc.sans.edu/podcastdetail/8722
Anyone have the link to the real hahaha your a idoit malware
https://www.reddit.com/r/Malware/comments/17pnem6/anyone_have_the_link_to_the_real_hahaha_your_a/
Persistence – Windows Telemetry
https://www.reddit.com/r/netsec/comments/17oyq8g/persistence_windows_telemetry/
Threat Landscape During the Holidays & Michael Francess Member Spotlight
https://thecyberwire.com/podcasts/rh-isac/39/notes
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
ISC StormCast for Thursday, November 2nd, 2023
https://isc.sans.edu/podcastdetail/8728
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Veterans Impacting Cybersecurity - David Cross - CSP #147
https://malware.news/t/veterans-impacting-cybersecurity-david-cross-csp-147/75349#post_1
ISC Stormcast For Tuesday, November 7th, 2023 https://isc.sans.edu/podcastdetail/8734, (Tue, Nov 7th)
https://isc.sans.edu/diary/rss/30378
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, October 30th, 2023
https://isc.sans.edu/podcastdetail/8722
Anyone have the link to the real hahaha your a idoit malware
https://www.reddit.com/r/Malware/comments/17pnem6/anyone_have_the_link_to_the_real_hahaha_your_a/
Persistence – Windows Telemetry
https://www.reddit.com/r/netsec/comments/17oyq8g/persistence_windows_telemetry/
Threat Landscape During the Holidays & Michael Francess Member Spotlight
https://thecyberwire.com/podcasts/rh-isac/39/notes
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
ISC StormCast for Thursday, November 2nd, 2023
https://isc.sans.edu/podcastdetail/8728
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Veterans Impacting Cybersecurity - David Cross - CSP #147
https://malware.news/t/veterans-impacting-cybersecurity-david-cross-csp-147/75349#post_1
ISC Stormcast For Tuesday, November 7th, 2023 https://isc.sans.edu/podcastdetail/8734, (Tue, Nov 7th)
https://isc.sans.edu/diary/rss/30378
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
SANS Daily Network Security Podcast (Stormcast) for Monday, October 30th, 2023
Top Security News for 08/11/2023
Example of Phishing Campaign Project File, (Wed, Nov 8th)
https://malware.news/t/example-of-phishing-campaign-project-file-wed-nov-8th/75408#post_1
[Kimsuky] Operation Covert Stalker
https://malware.news/t/kimsuky-operation-covert-stalker/75403#post_1
What the new ‘iLeakage’ research tells us about potential security flaws in Apple Arm chips
https://malware.news/t/what-the-new-ileakage-research-tells-us-about-potential-security-flaws-in-apple-arm-chips/75405#post_1
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://isc.sans.edu/diary/rss/30382
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://malware.news/t/isc-stormcast-for-wednesday-november-8th-2023-https-isc-sans-edu-podcastdetail-8736-wed-nov-8th/75402#post_1
Creating Connections: Breaking through.
https://thecyberwire.com/newsletters/creating-connections/4/7
OST2, Zephyr RTOS, and a bunch of CVEs
https://www.reddit.com/r/netsec/comments/17pp4c2/ost2_zephyr_rtos_and_a_bunch_of_cves/
Did Israel Finally Confirm It Has Nuclear Weapons by Threatening Gaza?
https://www.vice.com/en_us/article/g5ymaw/did-israel-finally-confirm-it-has-nuclear-weapons-by-threatening-gaza
ISC StormCast for Wednesday, November 8th, 2023
https://isc.sans.edu/podcastdetail/8736
Advice for women in cybersecurity or those aspiring to join the industry.
https://thecyberwire.com/stories/042043040981448db309b22a1392cb40/advice-for-women-in-cybersecurity-or-those-aspiring-to-join-the-industry
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Example of Phishing Campaign Project File, (Wed, Nov 8th)
https://malware.news/t/example-of-phishing-campaign-project-file-wed-nov-8th/75408#post_1
[Kimsuky] Operation Covert Stalker
https://malware.news/t/kimsuky-operation-covert-stalker/75403#post_1
What the new ‘iLeakage’ research tells us about potential security flaws in Apple Arm chips
https://malware.news/t/what-the-new-ileakage-research-tells-us-about-potential-security-flaws-in-apple-arm-chips/75405#post_1
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://isc.sans.edu/diary/rss/30382
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://malware.news/t/isc-stormcast-for-wednesday-november-8th-2023-https-isc-sans-edu-podcastdetail-8736-wed-nov-8th/75402#post_1
Creating Connections: Breaking through.
https://thecyberwire.com/newsletters/creating-connections/4/7
OST2, Zephyr RTOS, and a bunch of CVEs
https://www.reddit.com/r/netsec/comments/17pp4c2/ost2_zephyr_rtos_and_a_bunch_of_cves/
Did Israel Finally Confirm It Has Nuclear Weapons by Threatening Gaza?
https://www.vice.com/en_us/article/g5ymaw/did-israel-finally-confirm-it-has-nuclear-weapons-by-threatening-gaza
ISC StormCast for Wednesday, November 8th, 2023
https://isc.sans.edu/podcastdetail/8736
Advice for women in cybersecurity or those aspiring to join the industry.
https://thecyberwire.com/stories/042043040981448db309b22a1392cb40/advice-for-women-in-cybersecurity-or-those-aspiring-to-join-the-industry
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Example of Phishing Campaign Project File, (Wed, Nov 8th)
We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily… Good luck! Of course, tools have been…
Top Security News for 09/11/2023
avoidr - masscan with exclusive exclusions
https://www.reddit.com/r/netsec/comments/17qve37/avoidr_masscan_with_exclusive_exclusions/
QNAP warns about critical vulnerabilities in NAS systems
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/11/qnap-warns-about-critical-vulnerabilities-in-nas-systems
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
https://www.reddit.com/r/netsec/comments/17qlat2/50_shades_of_vulnerabilities_uncovering_flaws_in/
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
https://securityaffairs.com/153842/apt/bluenoroff-apt-objcshellz-macos-malware.html
Cyberattack on Marina Bay Sands.
https://thecyberwire.com
Using Github as C2
https://www.reddit.com/r/netsec/comments/17r79xv/using_github_as_c2/
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
https://thehackernews.com/2023/11/cisa-alerts-high-severity-slp.html
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
https://www.microsoft.com/en-us/security/blog/2023/11/07/digital-security-sessions-at-microsoft-ignite-to-prepare-you-for-the-era-of-ai/
"No credible threats" to yesterday's US elections.
https://thecyberwire.com/newsletters/daily-briefing/12/214
Our Pwn2Own journey against time and randomness (part 2) | Quarkslab
https://www.reddit.com/r/netsec/comments/17qm17j/our_pwn2own_journey_against_time_and_randomness/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
avoidr - masscan with exclusive exclusions
https://www.reddit.com/r/netsec/comments/17qve37/avoidr_masscan_with_exclusive_exclusions/
QNAP warns about critical vulnerabilities in NAS systems
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/11/qnap-warns-about-critical-vulnerabilities-in-nas-systems
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
https://www.reddit.com/r/netsec/comments/17qlat2/50_shades_of_vulnerabilities_uncovering_flaws_in/
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
https://securityaffairs.com/153842/apt/bluenoroff-apt-objcshellz-macos-malware.html
Cyberattack on Marina Bay Sands.
https://thecyberwire.com
Using Github as C2
https://www.reddit.com/r/netsec/comments/17r79xv/using_github_as_c2/
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
https://thehackernews.com/2023/11/cisa-alerts-high-severity-slp.html
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
https://www.microsoft.com/en-us/security/blog/2023/11/07/digital-security-sessions-at-microsoft-ignite-to-prepare-you-for-the-era-of-ai/
"No credible threats" to yesterday's US elections.
https://thecyberwire.com/newsletters/daily-briefing/12/214
Our Pwn2Own journey against time and randomness (part 2) | Quarkslab
https://www.reddit.com/r/netsec/comments/17qm17j/our_pwn2own_journey_against_time_and_randomness/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: avoidr - masscan with exclusive exclusions
Explore this post and more from the netsec community
Top Security News for 10/11/2023
Ukraine at D+263: Russia's 2022 grid attacks as foreshadowing.
https://thecyberwire.com/stories/920091fb7ffb4023978aebe54c771daa/ukraine-at-d263
AWS IoT Core: A Compromised Device Perspective
https://www.reddit.com/r/netsec/comments/17rg45u/aws_iot_core_a_compromised_device_perspective/
Three proactive ways to prepare for the coming regulatory climate around AI
https://malware.news/t/three-proactive-ways-to-prepare-for-the-coming-regulatory-climate-around-ai/75513#post_1
Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30390
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html
ISC Stormcast For Friday, November 10th, 2023 https://isc.sans.edu/podcastdetail/8740, (Fri, Nov 10th)
https://malware.news/t/isc-stormcast-for-friday-november-10th-2023-https-isc-sans-edu-podcastdetail-8740-fri-nov-10th/75512#post_1
BugBountyGPT - Now GPT helps to find vulnerabilities!
https://www.reddit.com/r/netsec/comments/17rnrte/bugbountygpt_now_gpt_helps_to_find_vulnerabilities/
Shields Ready, as infrastructure operators look to threats and vulnerabilities.
https://thecyberwire.com/newsletters/daily-briefing/12/215
Visual Examples of Code Injection, (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30388
Send Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zero
https://www.reddit.com/r/netsec/comments/17rbo99/send_bluetooth_le_spam_impersonating_219_devices/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ukraine at D+263: Russia's 2022 grid attacks as foreshadowing.
https://thecyberwire.com/stories/920091fb7ffb4023978aebe54c771daa/ukraine-at-d263
AWS IoT Core: A Compromised Device Perspective
https://www.reddit.com/r/netsec/comments/17rg45u/aws_iot_core_a_compromised_device_perspective/
Three proactive ways to prepare for the coming regulatory climate around AI
https://malware.news/t/three-proactive-ways-to-prepare-for-the-coming-regulatory-climate-around-ai/75513#post_1
Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30390
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html
ISC Stormcast For Friday, November 10th, 2023 https://isc.sans.edu/podcastdetail/8740, (Fri, Nov 10th)
https://malware.news/t/isc-stormcast-for-friday-november-10th-2023-https-isc-sans-edu-podcastdetail-8740-fri-nov-10th/75512#post_1
BugBountyGPT - Now GPT helps to find vulnerabilities!
https://www.reddit.com/r/netsec/comments/17rnrte/bugbountygpt_now_gpt_helps_to_find_vulnerabilities/
Shields Ready, as infrastructure operators look to threats and vulnerabilities.
https://thecyberwire.com/newsletters/daily-briefing/12/215
Visual Examples of Code Injection, (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30388
Send Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zero
https://www.reddit.com/r/netsec/comments/17rbo99/send_bluetooth_le_spam_impersonating_219_devices/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Ukraine at D+623: Russia's 2022 grid attacks as foreshadowing.
Ukraine maintains its counteroffensive pressure. Russian milbloggers channel Tolstoi. And Sandworm's attacks on Ukrainian infrastructure in October 2022 suggest what may be in store for this winter.
Top Security News for 11/11/2023
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
https://thecyberwire.com/newsletters/week-that-was/7/43
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html
Israel subjected to Charming Kitten attacks
https://malware.news/t/israel-subjected-to-charming-kitten-attacks/75548#post_1
Microsoft shares threat intelligence at CYBERWARCON 2023
https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/
Dissecting Intel’s Explanation of Key Usage in Integrated Firmware Images (IFWI)
https://www.reddit.com/r/lowlevel/comments/17s9jt9/dissecting_intels_explanation_of_key_usage_in/
MuddyWater attacks against Israel involve novel C2 framework
https://malware.news/t/muddywater-attacks-against-israel-involve-novel-c2-framework/75547#post_1
Over 39K affected by Kyocera AVX ransomware-related breach
https://malware.news/t/over-39k-affected-by-kyocera-avx-ransomware-related-breach/75546#post_1
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest
https://thehackernews.com/2023/11/the-new-8020-rule-for-secops-customize.html
AOL's 92M records database leak in 2003 - A Retroactive Examination
https://www.reddit.com/r/netsec/comments/17s5bq9/aols_92m_records_database_leak_in_2003_a/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
https://thecyberwire.com/newsletters/week-that-was/7/43
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html
Israel subjected to Charming Kitten attacks
https://malware.news/t/israel-subjected-to-charming-kitten-attacks/75548#post_1
Microsoft shares threat intelligence at CYBERWARCON 2023
https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/
Dissecting Intel’s Explanation of Key Usage in Integrated Firmware Images (IFWI)
https://www.reddit.com/r/lowlevel/comments/17s9jt9/dissecting_intels_explanation_of_key_usage_in/
MuddyWater attacks against Israel involve novel C2 framework
https://malware.news/t/muddywater-attacks-against-israel-involve-novel-c2-framework/75547#post_1
Over 39K affected by Kyocera AVX ransomware-related breach
https://malware.news/t/over-39k-affected-by-kyocera-avx-ransomware-related-breach/75546#post_1
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest
https://thehackernews.com/2023/11/the-new-8020-rule-for-secops-customize.html
AOL's 92M records database leak in 2003 - A Retroactive Examination
https://www.reddit.com/r/netsec/comments/17s5bq9/aols_92m_records_database_leak_in_2003_a/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
N2K CyberWire
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
Election security: no major incidents in US off-year voting. The cyber front in the Hamas-Israel war. Sandworm and Ukraine's power grid: 2022 attacks described and analyzed. A major Chinese cyberespionage effort against Cambodia. Current BlueNoroff activity.…
Top Security News for 12/11/2023
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
https://securityaffairs.com/154041/cyber-crime/bulletproftlink-phaas-platform-seized.html
Basic Command and Control (C2) setup with Mythic C2
https://www.reddit.com/r/netsec/comments/17sw87w/basic_command_and_control_c2_setup_with_mythic_c2/
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html
Geopolitical Cybercrime: LockBit attack on the ICBC
https://malware.news/t/geopolitical-cybercrime-lockbit-attack-on-the-icbc/75556#post_1
Malware Analysis of Pegasus Spyware
https://www.reddit.com/r/Malware/comments/17stpho/malware_analysis_of_pegasus_spyware/
Chinese APT Infrastructure Mimics Cloud Backup Services
https://malware.news/t/chinese-apt-infrastructure-mimics-cloud-backup-services/75554#post_1
Private UK health data donated for medical research shared with insurance companies
https://www.theguardian.com/technology/2023/nov/12/private-uk-health-data-donated-medical-research-shared-insurance-companies
The Power of Complex Binary Analysis
https://malware.news/t/the-power-of-complex-binary-analysis/75555#post_1
Maine says 1.3M people affected by data breach
https://www.reddit.com/r/Malware/comments/17t0rbd/maine_says_13m_people_affected_by_data_breach/
Can FM Radio Receivers Be Physically Tracked or Exploited? Can Devices in Airplane Mode Be Physically Tracked or Exploited?
https://www.reddit.com/r/Malware/comments/17t7bkz/can_fm_radio_receivers_be_physically_tracked_or/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
https://securityaffairs.com/154041/cyber-crime/bulletproftlink-phaas-platform-seized.html
Basic Command and Control (C2) setup with Mythic C2
https://www.reddit.com/r/netsec/comments/17sw87w/basic_command_and_control_c2_setup_with_mythic_c2/
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html
Geopolitical Cybercrime: LockBit attack on the ICBC
https://malware.news/t/geopolitical-cybercrime-lockbit-attack-on-the-icbc/75556#post_1
Malware Analysis of Pegasus Spyware
https://www.reddit.com/r/Malware/comments/17stpho/malware_analysis_of_pegasus_spyware/
Chinese APT Infrastructure Mimics Cloud Backup Services
https://malware.news/t/chinese-apt-infrastructure-mimics-cloud-backup-services/75554#post_1
Private UK health data donated for medical research shared with insurance companies
https://www.theguardian.com/technology/2023/nov/12/private-uk-health-data-donated-medical-research-shared-insurance-companies
The Power of Complex Binary Analysis
https://malware.news/t/the-power-of-complex-binary-analysis/75555#post_1
Maine says 1.3M people affected by data breach
https://www.reddit.com/r/Malware/comments/17t0rbd/maine_says_13m_people_affected_by_data_breach/
Can FM Radio Receivers Be Physically Tracked or Exploited? Can Devices in Airplane Mode Be Physically Tracked or Exploited?
https://www.reddit.com/r/Malware/comments/17t7bkz/can_fm_radio_receivers_be_physically_tracked_or/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform.