Top Security News for 07/11/2023
ISC StormCast for Monday, October 30th, 2023
https://isc.sans.edu/podcastdetail/8722
Anyone have the link to the real hahaha your a idoit malware
https://www.reddit.com/r/Malware/comments/17pnem6/anyone_have_the_link_to_the_real_hahaha_your_a/
Persistence – Windows Telemetry
https://www.reddit.com/r/netsec/comments/17oyq8g/persistence_windows_telemetry/
Threat Landscape During the Holidays & Michael Francess Member Spotlight
https://thecyberwire.com/podcasts/rh-isac/39/notes
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
ISC StormCast for Thursday, November 2nd, 2023
https://isc.sans.edu/podcastdetail/8728
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Veterans Impacting Cybersecurity - David Cross - CSP #147
https://malware.news/t/veterans-impacting-cybersecurity-david-cross-csp-147/75349#post_1
ISC Stormcast For Tuesday, November 7th, 2023 https://isc.sans.edu/podcastdetail/8734, (Tue, Nov 7th)
https://isc.sans.edu/diary/rss/30378
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, October 30th, 2023
https://isc.sans.edu/podcastdetail/8722
Anyone have the link to the real hahaha your a idoit malware
https://www.reddit.com/r/Malware/comments/17pnem6/anyone_have_the_link_to_the_real_hahaha_your_a/
Persistence – Windows Telemetry
https://www.reddit.com/r/netsec/comments/17oyq8g/persistence_windows_telemetry/
Threat Landscape During the Holidays & Michael Francess Member Spotlight
https://thecyberwire.com/podcasts/rh-isac/39/notes
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
ISC StormCast for Thursday, November 2nd, 2023
https://isc.sans.edu/podcastdetail/8728
ISC StormCast for Monday, November 6th, 2023
https://isc.sans.edu/podcastdetail/8732
Veterans Impacting Cybersecurity - David Cross - CSP #147
https://malware.news/t/veterans-impacting-cybersecurity-david-cross-csp-147/75349#post_1
ISC Stormcast For Tuesday, November 7th, 2023 https://isc.sans.edu/podcastdetail/8734, (Tue, Nov 7th)
https://isc.sans.edu/diary/rss/30378
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
SANS Daily Network Security Podcast (Stormcast) for Monday, October 30th, 2023
Top Security News for 08/11/2023
Example of Phishing Campaign Project File, (Wed, Nov 8th)
https://malware.news/t/example-of-phishing-campaign-project-file-wed-nov-8th/75408#post_1
[Kimsuky] Operation Covert Stalker
https://malware.news/t/kimsuky-operation-covert-stalker/75403#post_1
What the new ‘iLeakage’ research tells us about potential security flaws in Apple Arm chips
https://malware.news/t/what-the-new-ileakage-research-tells-us-about-potential-security-flaws-in-apple-arm-chips/75405#post_1
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://isc.sans.edu/diary/rss/30382
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://malware.news/t/isc-stormcast-for-wednesday-november-8th-2023-https-isc-sans-edu-podcastdetail-8736-wed-nov-8th/75402#post_1
Creating Connections: Breaking through.
https://thecyberwire.com/newsletters/creating-connections/4/7
OST2, Zephyr RTOS, and a bunch of CVEs
https://www.reddit.com/r/netsec/comments/17pp4c2/ost2_zephyr_rtos_and_a_bunch_of_cves/
Did Israel Finally Confirm It Has Nuclear Weapons by Threatening Gaza?
https://www.vice.com/en_us/article/g5ymaw/did-israel-finally-confirm-it-has-nuclear-weapons-by-threatening-gaza
ISC StormCast for Wednesday, November 8th, 2023
https://isc.sans.edu/podcastdetail/8736
Advice for women in cybersecurity or those aspiring to join the industry.
https://thecyberwire.com/stories/042043040981448db309b22a1392cb40/advice-for-women-in-cybersecurity-or-those-aspiring-to-join-the-industry
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Example of Phishing Campaign Project File, (Wed, Nov 8th)
https://malware.news/t/example-of-phishing-campaign-project-file-wed-nov-8th/75408#post_1
[Kimsuky] Operation Covert Stalker
https://malware.news/t/kimsuky-operation-covert-stalker/75403#post_1
What the new ‘iLeakage’ research tells us about potential security flaws in Apple Arm chips
https://malware.news/t/what-the-new-ileakage-research-tells-us-about-potential-security-flaws-in-apple-arm-chips/75405#post_1
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://isc.sans.edu/diary/rss/30382
ISC Stormcast For Wednesday, November 8th, 2023 https://isc.sans.edu/podcastdetail/8736, (Wed, Nov 8th)
https://malware.news/t/isc-stormcast-for-wednesday-november-8th-2023-https-isc-sans-edu-podcastdetail-8736-wed-nov-8th/75402#post_1
Creating Connections: Breaking through.
https://thecyberwire.com/newsletters/creating-connections/4/7
OST2, Zephyr RTOS, and a bunch of CVEs
https://www.reddit.com/r/netsec/comments/17pp4c2/ost2_zephyr_rtos_and_a_bunch_of_cves/
Did Israel Finally Confirm It Has Nuclear Weapons by Threatening Gaza?
https://www.vice.com/en_us/article/g5ymaw/did-israel-finally-confirm-it-has-nuclear-weapons-by-threatening-gaza
ISC StormCast for Wednesday, November 8th, 2023
https://isc.sans.edu/podcastdetail/8736
Advice for women in cybersecurity or those aspiring to join the industry.
https://thecyberwire.com/stories/042043040981448db309b22a1392cb40/advice-for-women-in-cybersecurity-or-those-aspiring-to-join-the-industry
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Example of Phishing Campaign Project File, (Wed, Nov 8th)
We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily… Good luck! Of course, tools have been…
Top Security News for 09/11/2023
avoidr - masscan with exclusive exclusions
https://www.reddit.com/r/netsec/comments/17qve37/avoidr_masscan_with_exclusive_exclusions/
QNAP warns about critical vulnerabilities in NAS systems
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/11/qnap-warns-about-critical-vulnerabilities-in-nas-systems
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
https://www.reddit.com/r/netsec/comments/17qlat2/50_shades_of_vulnerabilities_uncovering_flaws_in/
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
https://securityaffairs.com/153842/apt/bluenoroff-apt-objcshellz-macos-malware.html
Cyberattack on Marina Bay Sands.
https://thecyberwire.com
Using Github as C2
https://www.reddit.com/r/netsec/comments/17r79xv/using_github_as_c2/
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
https://thehackernews.com/2023/11/cisa-alerts-high-severity-slp.html
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
https://www.microsoft.com/en-us/security/blog/2023/11/07/digital-security-sessions-at-microsoft-ignite-to-prepare-you-for-the-era-of-ai/
"No credible threats" to yesterday's US elections.
https://thecyberwire.com/newsletters/daily-briefing/12/214
Our Pwn2Own journey against time and randomness (part 2) | Quarkslab
https://www.reddit.com/r/netsec/comments/17qm17j/our_pwn2own_journey_against_time_and_randomness/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
avoidr - masscan with exclusive exclusions
https://www.reddit.com/r/netsec/comments/17qve37/avoidr_masscan_with_exclusive_exclusions/
QNAP warns about critical vulnerabilities in NAS systems
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/11/qnap-warns-about-critical-vulnerabilities-in-nas-systems
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
https://www.reddit.com/r/netsec/comments/17qlat2/50_shades_of_vulnerabilities_uncovering_flaws_in/
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
https://securityaffairs.com/153842/apt/bluenoroff-apt-objcshellz-macos-malware.html
Cyberattack on Marina Bay Sands.
https://thecyberwire.com
Using Github as C2
https://www.reddit.com/r/netsec/comments/17r79xv/using_github_as_c2/
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
https://thehackernews.com/2023/11/cisa-alerts-high-severity-slp.html
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
https://www.microsoft.com/en-us/security/blog/2023/11/07/digital-security-sessions-at-microsoft-ignite-to-prepare-you-for-the-era-of-ai/
"No credible threats" to yesterday's US elections.
https://thecyberwire.com/newsletters/daily-briefing/12/214
Our Pwn2Own journey against time and randomness (part 2) | Quarkslab
https://www.reddit.com/r/netsec/comments/17qm17j/our_pwn2own_journey_against_time_and_randomness/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: avoidr - masscan with exclusive exclusions
Explore this post and more from the netsec community
Top Security News for 10/11/2023
Ukraine at D+263: Russia's 2022 grid attacks as foreshadowing.
https://thecyberwire.com/stories/920091fb7ffb4023978aebe54c771daa/ukraine-at-d263
AWS IoT Core: A Compromised Device Perspective
https://www.reddit.com/r/netsec/comments/17rg45u/aws_iot_core_a_compromised_device_perspective/
Three proactive ways to prepare for the coming regulatory climate around AI
https://malware.news/t/three-proactive-ways-to-prepare-for-the-coming-regulatory-climate-around-ai/75513#post_1
Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30390
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html
ISC Stormcast For Friday, November 10th, 2023 https://isc.sans.edu/podcastdetail/8740, (Fri, Nov 10th)
https://malware.news/t/isc-stormcast-for-friday-november-10th-2023-https-isc-sans-edu-podcastdetail-8740-fri-nov-10th/75512#post_1
BugBountyGPT - Now GPT helps to find vulnerabilities!
https://www.reddit.com/r/netsec/comments/17rnrte/bugbountygpt_now_gpt_helps_to_find_vulnerabilities/
Shields Ready, as infrastructure operators look to threats and vulnerabilities.
https://thecyberwire.com/newsletters/daily-briefing/12/215
Visual Examples of Code Injection, (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30388
Send Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zero
https://www.reddit.com/r/netsec/comments/17rbo99/send_bluetooth_le_spam_impersonating_219_devices/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ukraine at D+263: Russia's 2022 grid attacks as foreshadowing.
https://thecyberwire.com/stories/920091fb7ffb4023978aebe54c771daa/ukraine-at-d263
AWS IoT Core: A Compromised Device Perspective
https://www.reddit.com/r/netsec/comments/17rg45u/aws_iot_core_a_compromised_device_perspective/
Three proactive ways to prepare for the coming regulatory climate around AI
https://malware.news/t/three-proactive-ways-to-prepare-for-the-coming-regulatory-climate-around-ai/75513#post_1
Routers Targeted for Gafgyt Botnet [Guest Diary], (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30390
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html
ISC Stormcast For Friday, November 10th, 2023 https://isc.sans.edu/podcastdetail/8740, (Fri, Nov 10th)
https://malware.news/t/isc-stormcast-for-friday-november-10th-2023-https-isc-sans-edu-podcastdetail-8740-fri-nov-10th/75512#post_1
BugBountyGPT - Now GPT helps to find vulnerabilities!
https://www.reddit.com/r/netsec/comments/17rnrte/bugbountygpt_now_gpt_helps_to_find_vulnerabilities/
Shields Ready, as infrastructure operators look to threats and vulnerabilities.
https://thecyberwire.com/newsletters/daily-briefing/12/215
Visual Examples of Code Injection, (Thu, Nov 9th)
https://isc.sans.edu/diary/rss/30388
Send Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zero
https://www.reddit.com/r/netsec/comments/17rbo99/send_bluetooth_le_spam_impersonating_219_devices/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Ukraine at D+623: Russia's 2022 grid attacks as foreshadowing.
Ukraine maintains its counteroffensive pressure. Russian milbloggers channel Tolstoi. And Sandworm's attacks on Ukrainian infrastructure in October 2022 suggest what may be in store for this winter.
Top Security News for 11/11/2023
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
https://thecyberwire.com/newsletters/week-that-was/7/43
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html
Israel subjected to Charming Kitten attacks
https://malware.news/t/israel-subjected-to-charming-kitten-attacks/75548#post_1
Microsoft shares threat intelligence at CYBERWARCON 2023
https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/
Dissecting Intel’s Explanation of Key Usage in Integrated Firmware Images (IFWI)
https://www.reddit.com/r/lowlevel/comments/17s9jt9/dissecting_intels_explanation_of_key_usage_in/
MuddyWater attacks against Israel involve novel C2 framework
https://malware.news/t/muddywater-attacks-against-israel-involve-novel-c2-framework/75547#post_1
Over 39K affected by Kyocera AVX ransomware-related breach
https://malware.news/t/over-39k-affected-by-kyocera-avx-ransomware-related-breach/75546#post_1
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest
https://thehackernews.com/2023/11/the-new-8020-rule-for-secops-customize.html
AOL's 92M records database leak in 2003 - A Retroactive Examination
https://www.reddit.com/r/netsec/comments/17s5bq9/aols_92m_records_database_leak_in_2003_a/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
https://thecyberwire.com/newsletters/week-that-was/7/43
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers
https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html
Israel subjected to Charming Kitten attacks
https://malware.news/t/israel-subjected-to-charming-kitten-attacks/75548#post_1
Microsoft shares threat intelligence at CYBERWARCON 2023
https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/
Dissecting Intel’s Explanation of Key Usage in Integrated Firmware Images (IFWI)
https://www.reddit.com/r/lowlevel/comments/17s9jt9/dissecting_intels_explanation_of_key_usage_in/
MuddyWater attacks against Israel involve novel C2 framework
https://malware.news/t/muddywater-attacks-against-israel-involve-novel-c2-framework/75547#post_1
Over 39K affected by Kyocera AVX ransomware-related breach
https://malware.news/t/over-39k-affected-by-kyocera-avx-ransomware-related-breach/75546#post_1
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest
https://thehackernews.com/2023/11/the-new-8020-rule-for-secops-customize.html
AOL's 92M records database leak in 2003 - A Retroactive Examination
https://www.reddit.com/r/netsec/comments/17s5bq9/aols_92m_records_database_leak_in_2003_a/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
N2K CyberWire
Cyber phases of hybrid wars remain opportunistic, but some signs of combined arms ops emerge.
Election security: no major incidents in US off-year voting. The cyber front in the Hamas-Israel war. Sandworm and Ukraine's power grid: 2022 attacks described and analyzed. A major Chinese cyberespionage effort against Cambodia. Current BlueNoroff activity.…
Top Security News for 12/11/2023
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
https://securityaffairs.com/154041/cyber-crime/bulletproftlink-phaas-platform-seized.html
Basic Command and Control (C2) setup with Mythic C2
https://www.reddit.com/r/netsec/comments/17sw87w/basic_command_and_control_c2_setup_with_mythic_c2/
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html
Geopolitical Cybercrime: LockBit attack on the ICBC
https://malware.news/t/geopolitical-cybercrime-lockbit-attack-on-the-icbc/75556#post_1
Malware Analysis of Pegasus Spyware
https://www.reddit.com/r/Malware/comments/17stpho/malware_analysis_of_pegasus_spyware/
Chinese APT Infrastructure Mimics Cloud Backup Services
https://malware.news/t/chinese-apt-infrastructure-mimics-cloud-backup-services/75554#post_1
Private UK health data donated for medical research shared with insurance companies
https://www.theguardian.com/technology/2023/nov/12/private-uk-health-data-donated-medical-research-shared-insurance-companies
The Power of Complex Binary Analysis
https://malware.news/t/the-power-of-complex-binary-analysis/75555#post_1
Maine says 1.3M people affected by data breach
https://www.reddit.com/r/Malware/comments/17t0rbd/maine_says_13m_people_affected_by_data_breach/
Can FM Radio Receivers Be Physically Tracked or Exploited? Can Devices in Airplane Mode Be Physically Tracked or Exploited?
https://www.reddit.com/r/Malware/comments/17t7bkz/can_fm_radio_receivers_be_physically_tracked_or/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
https://securityaffairs.com/154041/cyber-crime/bulletproftlink-phaas-platform-seized.html
Basic Command and Control (C2) setup with Mythic C2
https://www.reddit.com/r/netsec/comments/17sw87w/basic_command_and_control_c2_setup_with_mythic_c2/
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html
Geopolitical Cybercrime: LockBit attack on the ICBC
https://malware.news/t/geopolitical-cybercrime-lockbit-attack-on-the-icbc/75556#post_1
Malware Analysis of Pegasus Spyware
https://www.reddit.com/r/Malware/comments/17stpho/malware_analysis_of_pegasus_spyware/
Chinese APT Infrastructure Mimics Cloud Backup Services
https://malware.news/t/chinese-apt-infrastructure-mimics-cloud-backup-services/75554#post_1
Private UK health data donated for medical research shared with insurance companies
https://www.theguardian.com/technology/2023/nov/12/private-uk-health-data-donated-medical-research-shared-insurance-companies
The Power of Complex Binary Analysis
https://malware.news/t/the-power-of-complex-binary-analysis/75555#post_1
Maine says 1.3M people affected by data breach
https://www.reddit.com/r/Malware/comments/17t0rbd/maine_says_13m_people_affected_by_data_breach/
Can FM Radio Receivers Be Physically Tracked or Exploited? Can Devices in Airplane Mode Be Physically Tracked or Exploited?
https://www.reddit.com/r/Malware/comments/17t7bkz/can_fm_radio_receivers_be_physically_tracked_or/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Police seized BulletProftLink phishing-as-a-service (PhaaS) platform
The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform.
Top Security News for 13/11/2023
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
https://thehackernews.com/2023/11/major-phishing-as-service-syndicate.html
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
https://securityaffairs.com/154101/data-breach/the-lorenz-ransomware-group-hit-texas-based-cogdell-memorial-hospital.html
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html
GPTs & Assistants API - Code Interpreter Data Exfiltration
https://www.reddit.com/r/netsec/comments/17they7/gpts_assistants_api_code_interpreter_data/
ISC Stormcast For Monday, November 13th, 2023 https://isc.sans.edu/podcastdetail/8742, (Mon, Nov 13th)
https://malware.news/t/isc-stormcast-for-monday-november-13th-2023-https-isc-sans-edu-podcastdetail-8742-mon-nov-13th/75562#post_1
2023 Sep – Deep Web and Dark Web Threat Trend Report
https://malware.news/t/2023-sep-deep-web-and-dark-web-threat-trend-report/75561#post_1
A week in security (November 06 – November 12)
https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-november-06-november-12
Veterans Day Special.
https://thecyberwire.com/stories/fa745f711e5540a6969ae1be66b86152/veterans-day-special
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
https://thehackernews.com/2023/11/new-bibi-windows-wiper-targets-windows.html
ISC Stormcast For Monday, November 13th, 2023 https://isc.sans.edu/podcastdetail/8742, (Mon, Nov 13th)
https://isc.sans.edu/diary/rss/30394
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
https://thehackernews.com/2023/11/major-phishing-as-service-syndicate.html
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
https://securityaffairs.com/154101/data-breach/the-lorenz-ransomware-group-hit-texas-based-cogdell-memorial-hospital.html
Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/154056/breaking-news/security-affairs-newsletter-round-445-by-pierluigi-paganini-international-edition.html
GPTs & Assistants API - Code Interpreter Data Exfiltration
https://www.reddit.com/r/netsec/comments/17they7/gpts_assistants_api_code_interpreter_data/
ISC Stormcast For Monday, November 13th, 2023 https://isc.sans.edu/podcastdetail/8742, (Mon, Nov 13th)
https://malware.news/t/isc-stormcast-for-monday-november-13th-2023-https-isc-sans-edu-podcastdetail-8742-mon-nov-13th/75562#post_1
2023 Sep – Deep Web and Dark Web Threat Trend Report
https://malware.news/t/2023-sep-deep-web-and-dark-web-threat-trend-report/75561#post_1
A week in security (November 06 – November 12)
https://www.malwarebytes.com/blog/news/2023/11/a-week-in-security-november-06-november-12
Veterans Day Special.
https://thecyberwire.com/stories/fa745f711e5540a6969ae1be66b86152/veterans-day-special
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
https://thehackernews.com/2023/11/new-bibi-windows-wiper-targets-windows.html
ISC Stormcast For Monday, November 13th, 2023 https://isc.sans.edu/podcastdetail/8742, (Mon, Nov 13th)
https://isc.sans.edu/diary/rss/30394
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital.
Top Security News for 14/11/2023
Warhammer Fan Now In Charge of Overseeing Crumbling Remnant of Vast Empire
https://www.vice.com/en_us/article/93k8wy/warhammer-fan-now-in-charge-of-overseeing-crumbling-remnant-of-vast-empire
ISC Stormcast For Tuesday, November 14th, 2023 https://isc.sans.edu/podcastdetail/8744, (Tue, Nov 14th)
https://isc.sans.edu/diary/rss/30398
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
https://thecyberwire.com/podcasts/daily-podcast/1946/notes
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
ISC StormCast for Tuesday, November 14th, 2023
https://isc.sans.edu/podcastdetail/8744
Ghidra reverse engineering malware filled with empty space.
https://www.reddit.com/r/Malware/comments/17upd9l/ghidra_reverse_engineering_malware_filled_with/
Ukraine at D+267: Infantry assaults and shifting narratives.
https://thecyberwire.com/stories/0e18135cff5e4a0ea2ba9051bdc9f9ab/ukraine-at-d267
SolarWinds Fallout: Why CISOs need proof of resilience to avoid fines – or worse
https://malware.news/t/solarwinds-fallout-why-cisos-need-proof-of-resilience-to-avoid-fines-or-worse/75618#post_1
National Cyber Security Center has detected influence operations exploiting China’s “disguised…
https://malware.news/t/national-cyber-security-center-has-detected-influence-operations-exploiting-china-s-disguised/75617#post_1
A variety of threats to critical infrastructure.
https://thecyberwire.com/newsletters/daily-briefing/12/216
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Warhammer Fan Now In Charge of Overseeing Crumbling Remnant of Vast Empire
https://www.vice.com/en_us/article/93k8wy/warhammer-fan-now-in-charge-of-overseeing-crumbling-remnant-of-vast-empire
ISC Stormcast For Tuesday, November 14th, 2023 https://isc.sans.edu/podcastdetail/8744, (Tue, Nov 14th)
https://isc.sans.edu/diary/rss/30398
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
https://thecyberwire.com/podcasts/daily-podcast/1946/notes
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
ISC StormCast for Tuesday, November 14th, 2023
https://isc.sans.edu/podcastdetail/8744
Ghidra reverse engineering malware filled with empty space.
https://www.reddit.com/r/Malware/comments/17upd9l/ghidra_reverse_engineering_malware_filled_with/
Ukraine at D+267: Infantry assaults and shifting narratives.
https://thecyberwire.com/stories/0e18135cff5e4a0ea2ba9051bdc9f9ab/ukraine-at-d267
SolarWinds Fallout: Why CISOs need proof of resilience to avoid fines – or worse
https://malware.news/t/solarwinds-fallout-why-cisos-need-proof-of-resilience-to-avoid-fines-or-worse/75618#post_1
National Cyber Security Center has detected influence operations exploiting China’s “disguised…
https://malware.news/t/national-cyber-security-center-has-detected-influence-operations-exploiting-china-s-disguised/75617#post_1
A variety of threats to critical infrastructure.
https://thecyberwire.com/newsletters/daily-briefing/12/216
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Vice
Warhammer Fan Now In Charge of Overseeing Crumbling Remnant of Vast Empire
James Cleverly, Britain’s new Home Secretary, is a big fan of the franchise that depicts a fascist humanity serving a zombie Emperor.
Top Security News for 15/11/2023
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html
Advanced threat predictions for 2024
https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/
Static Code Injections in OpenCart (CVE-2023-47444)
https://www.reddit.com/r/netsec/comments/17vfo5a/static_code_injections_in_opencart_cve202347444/
Wrong: “You Can’t Protect What You Don’t Know”
https://dale-peterson.com/2023/11/14/wrong-you-cant-protect-what-you-dont-know/
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/14-11-2023
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
https://thecyberwire.com/podcasts/daily-podcast/1947/notes
Introducing Bambdas
https://portswigger.net/blog/introducing-bambdas
Security Alert: Microsoft Releases November 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-november-2023-security-updates/75675#post_1
ISC Stormcast For Wednesday, November 15th, 2023 https://isc.sans.edu/podcastdetail/8746, (Wed, Nov 15th)
https://malware.news/t/isc-stormcast-for-wednesday-november-15th-2023-https-isc-sans-edu-podcastdetail-8746-wed-nov-15th/75677#post_1
Security Alert: Alert Regarding Vulnerability in Adobe Acrobat and Reader (APSB23-54)
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-adobe-acrobat-and-reader-apsb23-54/75674#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html
Advanced threat predictions for 2024
https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/
Static Code Injections in OpenCart (CVE-2023-47444)
https://www.reddit.com/r/netsec/comments/17vfo5a/static_code_injections_in_opencart_cve202347444/
Wrong: “You Can’t Protect What You Don’t Know”
https://dale-peterson.com/2023/11/14/wrong-you-cant-protect-what-you-dont-know/
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/14-11-2023
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
https://thecyberwire.com/podcasts/daily-podcast/1947/notes
Introducing Bambdas
https://portswigger.net/blog/introducing-bambdas
Security Alert: Microsoft Releases November 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-november-2023-security-updates/75675#post_1
ISC Stormcast For Wednesday, November 15th, 2023 https://isc.sans.edu/podcastdetail/8746, (Wed, Nov 15th)
https://malware.news/t/isc-stormcast-for-wednesday-november-15th-2023-https-isc-sans-edu-podcastdetail-8746-wed-nov-15th/75677#post_1
Security Alert: Alert Regarding Vulnerability in Adobe Acrobat and Reader (APSB23-54)
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-adobe-acrobat-and-reader-apsb23-54/75674#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Kaspersky Security Bulletin: APT predictions 2024
Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024.
Top Security News for 16/11/2023
Novel espionage tool leveraged by pro-Palestinian hacking operation
https://malware.news/t/novel-espionage-tool-leveraged-by-pro-palestinian-hacking-operation/75720#post_1
Executing from Memory Using ActiveMQ CVE-2023-46604
https://www.reddit.com/r/netsec/comments/17vv5rq/executing_from_memory_using_activemq_cve202346604/
Ransomware review: November 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023
ISC Stormcast For Thursday, November 16th, 2023 https://isc.sans.edu/podcastdetail/8748, (Thu, Nov 16th)
https://isc.sans.edu/diary/rss/30406
Upload Additional Files into Active Tasks in ANY.RUN
https://malware.news/t/upload-additional-files-into-active-tasks-in-any-run/75725#post_1
Bolstering economic security.
https://thecyberwire.com/podcasts/caveat/195/notes
New hospital cyber rules mulled in New York
https://malware.news/t/new-hospital-cyber-rules-mulled-in-new-york/75723#post_1
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
https://www.microsoft.com/en-us/security/blog/2023/11/15/microsoft-unveils-expansion-of-ai-for-security-and-security-for-ai-at-microsoft-ignite/
A Simple Python Redirection Container for Red Team Operations
https://www.reddit.com/r/netsec/comments/17vwpes/a_simple_python_redirection_container_for_red/
SentinelOne acquires Krebs Stamos Group. Radiant Security raises $15 million. RADICL secures an additional $9 million.
https://thecyberwire.com/newsletters/business-briefing/5/46
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Novel espionage tool leveraged by pro-Palestinian hacking operation
https://malware.news/t/novel-espionage-tool-leveraged-by-pro-palestinian-hacking-operation/75720#post_1
Executing from Memory Using ActiveMQ CVE-2023-46604
https://www.reddit.com/r/netsec/comments/17vv5rq/executing_from_memory_using_activemq_cve202346604/
Ransomware review: November 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023
ISC Stormcast For Thursday, November 16th, 2023 https://isc.sans.edu/podcastdetail/8748, (Thu, Nov 16th)
https://isc.sans.edu/diary/rss/30406
Upload Additional Files into Active Tasks in ANY.RUN
https://malware.news/t/upload-additional-files-into-active-tasks-in-any-run/75725#post_1
Bolstering economic security.
https://thecyberwire.com/podcasts/caveat/195/notes
New hospital cyber rules mulled in New York
https://malware.news/t/new-hospital-cyber-rules-mulled-in-new-york/75723#post_1
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
https://www.microsoft.com/en-us/security/blog/2023/11/15/microsoft-unveils-expansion-of-ai-for-security-and-security-for-ai-at-microsoft-ignite/
A Simple Python Redirection Container for Red Team Operations
https://www.reddit.com/r/netsec/comments/17vwpes/a_simple_python_redirection_container_for_red/
SentinelOne acquires Krebs Stamos Group. Radiant Security raises $15 million. RADICL secures an additional $9 million.
https://thecyberwire.com/newsletters/business-briefing/5/46
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Novel espionage tool leveraged by pro-Palestinian hacking operation
CyberScoop reports that governments across the Middle East have been targeted by persistent pro-Palestinian hacking group TA402, also known as Gaza Cybergang, WIRTE, Frankenstein, and Molerats, in cyberespionage attacks using the new IronWind initial access…
Top Security News for 17/11/2023
How human-centric and self-healing security closes the great gap in cybersecurity
https://malware.news/t/how-human-centric-and-self-healing-security-closes-the-great-gap-in-cybersecurity/75781#post_1
Ukraine at D+670: GRU may be expanding its targeting.
https://thecyberwire.com/stories/ba12ab1185774c91a3c9dea8d33d9db4/ukraine-at-d670
I analyzed Stack Overflow for leaks
https://www.reddit.com/r/netsec/comments/17wqwgg/i_analyzed_stack_overflow_for_leaks/
CrushFTP - CVE-2023-43177 - Unauthenticated Root-Level RCE Chain
https://www.reddit.com/r/netsec/comments/17wokij/crushftp_cve202343177_unauthenticated_rootlevel/
ISC Stormcast For Friday, November 17th, 2023 https://isc.sans.edu/podcastdetail/8750, (Fri, Nov 17th)
https://isc.sans.edu/diary/rss/30410
JTAG 'Hacking' the Original Xbox in 2023
https://www.reddit.com/r/lowlevel/comments/17wwyhk/jtag_hacking_the_original_xbox_in_2023/
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
https://thehackernews.com/2023/11/experts-uncover-darkcasino-new-emerging.html
Ongoing cyberattack against Denmark is country's largest ever
https://malware.news/t/ongoing-cyberattack-against-denmark-is-countrys-largest-ever/75779#post_1
How to Automate the Hardest Parts of Employee Offboarding
https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
How human-centric and self-healing security closes the great gap in cybersecurity
https://malware.news/t/how-human-centric-and-self-healing-security-closes-the-great-gap-in-cybersecurity/75781#post_1
Ukraine at D+670: GRU may be expanding its targeting.
https://thecyberwire.com/stories/ba12ab1185774c91a3c9dea8d33d9db4/ukraine-at-d670
I analyzed Stack Overflow for leaks
https://www.reddit.com/r/netsec/comments/17wqwgg/i_analyzed_stack_overflow_for_leaks/
CrushFTP - CVE-2023-43177 - Unauthenticated Root-Level RCE Chain
https://www.reddit.com/r/netsec/comments/17wokij/crushftp_cve202343177_unauthenticated_rootlevel/
ISC Stormcast For Friday, November 17th, 2023 https://isc.sans.edu/podcastdetail/8750, (Fri, Nov 17th)
https://isc.sans.edu/diary/rss/30410
JTAG 'Hacking' the Original Xbox in 2023
https://www.reddit.com/r/lowlevel/comments/17wwyhk/jtag_hacking_the_original_xbox_in_2023/
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
https://thehackernews.com/2023/11/experts-uncover-darkcasino-new-emerging.html
Ongoing cyberattack against Denmark is country's largest ever
https://malware.news/t/ongoing-cyberattack-against-denmark-is-countrys-largest-ever/75779#post_1
How to Automate the Hardest Parts of Employee Offboarding
https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
How human-centric and self-healing security closes the great gap in cybersecurity
Here’s how humans can better manage automation in ways that are truly productive. Article Link: How human-centric and self-healing security closes the great gap in cybersecurity | SC Media
Top Security News for 18/11/2023
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html
Phishing page with trivial anti-analysis features, (Fri, Nov 17th)
https://isc.sans.edu/diary/rss/30412
Grey market and criminal-to-criminal offerings.
https://thecyberwire.com/newsletters/daily-briefing/12/220
7 Ways to Strike Balance Between Technical Debt and Security Posture in The World of Open Source
https://malware.news/t/7-ways-to-strike-balance-between-technical-debt-and-security-posture-in-the-world-of-open-source/75814#post_1
HavocC2 Exploit
https://www.reddit.com/r/netsec/comments/17x3kyt/havocc2_exploit/
HavocC2 Exploit
https://www.reddit.com/r/netsec/comments/17x3kyt/havocc2_exploit/
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html
The malicious YoroTrooper in disguise.
https://thecyberwire.com/podcasts/research-saturday/307/notes
DIALStranger: my research about DIAL protocol vulnerabilities is public after 4 years
https://www.reddit.com/r/netsec/comments/17xlehh/dialstranger_my_research_about_dial_protocol/
Ransomware gang files SEC complaint about victim
https://www.malwarebytes.com/blog/news/2023/11/ransomware-gang-files-sec-complaint-about-target
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html
Phishing page with trivial anti-analysis features, (Fri, Nov 17th)
https://isc.sans.edu/diary/rss/30412
Grey market and criminal-to-criminal offerings.
https://thecyberwire.com/newsletters/daily-briefing/12/220
7 Ways to Strike Balance Between Technical Debt and Security Posture in The World of Open Source
https://malware.news/t/7-ways-to-strike-balance-between-technical-debt-and-security-posture-in-the-world-of-open-source/75814#post_1
HavocC2 Exploit
https://www.reddit.com/r/netsec/comments/17x3kyt/havocc2_exploit/
HavocC2 Exploit
https://www.reddit.com/r/netsec/comments/17x3kyt/havocc2_exploit/
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html
The malicious YoroTrooper in disguise.
https://thecyberwire.com/podcasts/research-saturday/307/notes
DIALStranger: my research about DIAL protocol vulnerabilities is public after 4 years
https://www.reddit.com/r/netsec/comments/17xlehh/dialstranger_my_research_about_dial_protocol/
Ransomware gang files SEC complaint about victim
https://www.malwarebytes.com/blog/news/2023/11/ransomware-gang-files-sec-complaint-about-target
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
Internet Storm Center Diary 2023-11-17 - SANS Internet Storm Center
Internet Storm Center Diary 2023-11-17, Author: Johannes Ullrich
Top Security News for 20/11/2023
8Base ransomware operators use a new variant of the Phobos ransomware
https://securityaffairs.com/154383/malware/8base-ransomware-phobos-ransomware.html
Mockingjay revisisted - Process stomping on an executable's RWX section and loading beacon with sRDI
https://www.reddit.com/r/netsec/comments/17yx1et/mockingjay_revisisted_process_stomping_on_an/
Overflowing Web Honeypot Logs, (Mon, Nov 20th)
https://malware.news/t/overflowing-web-honeypot-logs-mon-nov-20th/75821#post_1
Overflowing Web Honeypot Logs, (Mon, Nov 20th)
https://isc.sans.edu/diary/rss/30416
ALPHV/BlackCat reporting to the SEC could become the 'new normal' for ransomware operators
https://malware.news/t/alphv-blackcat-reporting-to-the-sec-could-become-the-new-normal-for-ransomware-operators/75826#post_1
Understanding Malware from the Inside
https://www.reddit.com/r/Malware/comments/17zb3b2/understanding_malware_from_the_inside/
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/154408/breaking-news/security-affairs-newsletter-round-446-by-pierluigi-paganini-international-edition.html
PikaBot Is Back With a Vengeance - Part 2
https://malware.news/t/pikabot-is-back-with-a-vengeance-part-2/75824#post_1
Building a Free Burp Collaborator with Cloudflare Workers
https://www.reddit.com/r/netsec/comments/17yoyc2/building_a_free_burp_collaborator_with_cloudflare/
CrowdStrike Extends AI Approach to Cybersecurity to SMBs
https://malware.news/t/crowdstrike-extends-ai-approach-to-cybersecurity-to-smbs/75823#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
8Base ransomware operators use a new variant of the Phobos ransomware
https://securityaffairs.com/154383/malware/8base-ransomware-phobos-ransomware.html
Mockingjay revisisted - Process stomping on an executable's RWX section and loading beacon with sRDI
https://www.reddit.com/r/netsec/comments/17yx1et/mockingjay_revisisted_process_stomping_on_an/
Overflowing Web Honeypot Logs, (Mon, Nov 20th)
https://malware.news/t/overflowing-web-honeypot-logs-mon-nov-20th/75821#post_1
Overflowing Web Honeypot Logs, (Mon, Nov 20th)
https://isc.sans.edu/diary/rss/30416
ALPHV/BlackCat reporting to the SEC could become the 'new normal' for ransomware operators
https://malware.news/t/alphv-blackcat-reporting-to-the-sec-could-become-the-new-normal-for-ransomware-operators/75826#post_1
Understanding Malware from the Inside
https://www.reddit.com/r/Malware/comments/17zb3b2/understanding_malware_from_the_inside/
Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/154408/breaking-news/security-affairs-newsletter-round-446-by-pierluigi-paganini-international-edition.html
PikaBot Is Back With a Vengeance - Part 2
https://malware.news/t/pikabot-is-back-with-a-vengeance-part-2/75824#post_1
Building a Free Burp Collaborator with Cloudflare Workers
https://www.reddit.com/r/netsec/comments/17yoyc2/building_a_free_burp_collaborator_with_cloudflare/
CrowdStrike Extends AI Approach to Cybersecurity to SMBs
https://malware.news/t/crowdstrike-extends-ai-approach-to-cybersecurity-to-smbs/75823#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
8Base ransomware operators use a new variant of the Phobos ransomware
8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks.
Top Security News for 21/11/2023
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
https://securelist.com/black-friday-cyberthreat-report-2023/111076/
Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do
https://www.vice.com/en_us/article/m7bk3v/commercial-flights-are-experiencing-unthinkable-gps-attacks-and-nobody-knows-what-to-do
Ukraine at D+674: FSB's LitterDrifter.
https://thecyberwire.com/stories/87d9604c2c214843b6a734cf3bc74b7d/ukraine-at-d674
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html
Can I get some help in relation to interpreting a log/data
https://www.reddit.com/r/netsec/comments/1803knf/can_i_get_some_help_in_relation_to_interpreting_a/
Acting National Cyber Director appointed
https://malware.news/t/acting-national-cyber-director-appointed/75875#post_1
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
https://securelist.com/black-friday-cyberthreat-report-2023/111076/
XWorm Malware: Exploring C&C Communication
https://malware.news/t/xworm-malware-exploring-c-c-communication/75882#post_1
DarkCasino joins the list of APT groups exploiting WinRAR zero-day
https://securityaffairs.com/154414/apt/darkcasino-apt-exploiting-winrar-0day.html
New anti-SIM swapping rules unveiled by FCC
https://malware.news/t/new-anti-sim-swapping-rules-unveiled-by-fcc/75877#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
https://securelist.com/black-friday-cyberthreat-report-2023/111076/
Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do
https://www.vice.com/en_us/article/m7bk3v/commercial-flights-are-experiencing-unthinkable-gps-attacks-and-nobody-knows-what-to-do
Ukraine at D+674: FSB's LitterDrifter.
https://thecyberwire.com/stories/87d9604c2c214843b6a734cf3bc74b7d/ukraine-at-d674
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html
Can I get some help in relation to interpreting a log/data
https://www.reddit.com/r/netsec/comments/1803knf/can_i_get_some_help_in_relation_to_interpreting_a/
Acting National Cyber Director appointed
https://malware.news/t/acting-national-cyber-director-appointed/75875#post_1
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
https://securelist.com/black-friday-cyberthreat-report-2023/111076/
XWorm Malware: Exploring C&C Communication
https://malware.news/t/xworm-malware-exploring-c-c-communication/75882#post_1
DarkCasino joins the list of APT groups exploiting WinRAR zero-day
https://securityaffairs.com/154414/apt/darkcasino-apt-exploiting-winrar-0day.html
New anti-SIM swapping rules unveiled by FCC
https://malware.news/t/new-anti-sim-swapping-rules-unveiled-by-fcc/75877#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Black Friday threat report 2023
As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023.
Top Security News for 22/11/2023
PyCript Burp Suite Extension v0.3 released
https://www.reddit.com/r/netsec/comments/180nt4f/pycript_burp_suite_extension_v03_released/
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html
Nothing Chats pulled from Google Play
https://www.malwarebytes.com/blog/news/2023/11/nothing-chats-pulled-from-google-play
Atomic Stealer distributed to Mac users via fake browser updates
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
MISP Platform Integration, CISO Spotlight, & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/40/notes
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
https://thehackernews.com/2023/11/new-agent-tesla-malware-variant-using.html
CISA issues joint Cybersecurity Advisory on Citrix Bleed.
https://thecyberwire.com/stories/9e8a4e04f63f4219b6deef5725055093/cisa-issues-joint-cybersecurity-advisory-on-citrix-bleed
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
https://www.reddit.com/r/netsec/comments/180grhr/the_ticking_supply_chain_attack_bomb_of_exposed/
ARM64 Reversing And Exploitation Part 9 – Exploiting an Off by One Overflow Vulnerability
https://malware.news/t/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/75930#post_1
Private and Secure Windows
https://www.reddit.com/r/netsec/comments/180gl33/private_and_secure_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
PyCript Burp Suite Extension v0.3 released
https://www.reddit.com/r/netsec/comments/180nt4f/pycript_burp_suite_extension_v03_released/
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html
Nothing Chats pulled from Google Play
https://www.malwarebytes.com/blog/news/2023/11/nothing-chats-pulled-from-google-play
Atomic Stealer distributed to Mac users via fake browser updates
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
MISP Platform Integration, CISO Spotlight, & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/40/notes
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
https://thehackernews.com/2023/11/new-agent-tesla-malware-variant-using.html
CISA issues joint Cybersecurity Advisory on Citrix Bleed.
https://thecyberwire.com/stories/9e8a4e04f63f4219b6deef5725055093/cisa-issues-joint-cybersecurity-advisory-on-citrix-bleed
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
https://www.reddit.com/r/netsec/comments/180grhr/the_ticking_supply_chain_attack_bomb_of_exposed/
ARM64 Reversing And Exploitation Part 9 – Exploiting an Off by One Overflow Vulnerability
https://malware.news/t/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/75930#post_1
Private and Secure Windows
https://www.reddit.com/r/netsec/comments/180gl33/private_and_secure_windows/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: PyCript Burp Suite Extension v0.3 released
Explore this post and more from the netsec community
Top Security News for 23/11/2023
Malware Killed for " (deleted)" binary
https://0x00sec.org/t/malware-killed-for-deleted-binary/38022
Kinsing Malware Exploits Critical Apache ActiveMQ Flaw To Mine Crypto
https://packetstormsecurity.com/news/view/35223/Kinsing-Malware-Exploits-Critical-Apache-ActiveMQ-Flaw-To-Mine-Crypto.html
Gazans Are Trying to Stay Online Under Siege. New Tech Is Struggling to Help.
https://www.vice.com/en_us/article/5d9qwz/gaza-israel-esims
Ukraine at D+676: Ukraine's infantry attacks east of the Dnipro.
https://thecyberwire.com/stories/ae0dc1c7863c46ceb4aa32a92dbc61a8/ukraine-at-d676
HrServ – Previously unknown web shell used in APT attack
https://securelist.com/hrserv-apt-web-shell/111119/
Pentesting Azure Mindmap
https://www.reddit.com/r/netsec/comments/1817z0i/pentesting_azure_mindmap/
HrServ – Previously unknown web shell used in APT attack
https://securelist.com/hrserv-apt-web-shell/111119/
IPSec Analysis (X-Post from /r/malware)
https://www.reddit.com/r/netsec/comments/181b9if/ipsec_analysis_xpost_from_rmalware/
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
https://www.reddit.com/r/netsec/comments/181fc11/diamond_sleet_supply_chain_compromise_distributes/
AI Solutions Are the New Shadow IT
https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Killed for " (deleted)" binary
https://0x00sec.org/t/malware-killed-for-deleted-binary/38022
Kinsing Malware Exploits Critical Apache ActiveMQ Flaw To Mine Crypto
https://packetstormsecurity.com/news/view/35223/Kinsing-Malware-Exploits-Critical-Apache-ActiveMQ-Flaw-To-Mine-Crypto.html
Gazans Are Trying to Stay Online Under Siege. New Tech Is Struggling to Help.
https://www.vice.com/en_us/article/5d9qwz/gaza-israel-esims
Ukraine at D+676: Ukraine's infantry attacks east of the Dnipro.
https://thecyberwire.com/stories/ae0dc1c7863c46ceb4aa32a92dbc61a8/ukraine-at-d676
HrServ – Previously unknown web shell used in APT attack
https://securelist.com/hrserv-apt-web-shell/111119/
Pentesting Azure Mindmap
https://www.reddit.com/r/netsec/comments/1817z0i/pentesting_azure_mindmap/
HrServ – Previously unknown web shell used in APT attack
https://securelist.com/hrserv-apt-web-shell/111119/
IPSec Analysis (X-Post from /r/malware)
https://www.reddit.com/r/netsec/comments/181b9if/ipsec_analysis_xpost_from_rmalware/
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
https://www.reddit.com/r/netsec/comments/181fc11/diamond_sleet_supply_chain_compromise_distributes/
AI Solutions Are the New Shadow IT
https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
❤4
Top Security News for February 19, 2025
Join us for the end-to-end Microsoft RSAC 2025 Conference experience
https://www.microsoft.com/en-us/security/blog/2025/02/18/join-us-for-the-end-to-end-microsoft-rsac-2025-conference-experience/
Spam and phishing in 2024
https://securelist.com/spam-and-phishing-report-2024/115536/
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html
XWorm Cocktail: A Mix of PE data with PowerShell Code
https://isc.sans.edu/diary/rss/31700
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/174375/security/u-s-cisa-adds-sonicwall-sonicos-and-palo-alto-pan-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Join us for the end-to-end Microsoft RSAC 2025 Conference experience
https://www.microsoft.com/en-us/security/blog/2025/02/18/join-us-for-the-end-to-end-microsoft-rsac-2025-conference-experience/
Spam and phishing in 2024
https://securelist.com/spam-and-phishing-report-2024/115536/
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html
XWorm Cocktail: A Mix of PE data with PowerShell Code
https://isc.sans.edu/diary/rss/31700
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/174375/security/u-s-cisa-adds-sonicwall-sonicos-and-palo-alto-pan-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft News
Join us for the end-to-end Microsoft RSAC 2025 Conference experience
Join Microsoft at RSAC 2025, where we will showcase end-to-end security designed to help organizations accelerate the secure adoption of AI.
Top Security News for October 23, 2023
Ivanti Endpoint Manager Credential Coercion Vulnerabilities Deep-Dive
https://www.reddit.com/r/netsec/comments/1it4l97/ivanti_endpoint_manager_credential_coercion/
Reinventing PowerShell in C/C++
https://www.reddit.com/r/netsec/comments/1it1knv/reinventing_powershell_in_cc/
Credential theft puts sensitive corporate and military networks at risk.
https://thecyberwire.com/newsletters/daily-briefing/14/32
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms
https://www.microsoft.com/en-us/security/blog/2025/02/19/microsoft-is-named-a-leader-in-the-2025-gartner-magic-quadrant-for-cyber-physical-systems-protection-platforms/
Achieving RCE in famous Japanese chat tool with an obsolete Electron feature
https://www.reddit.com/r/netsec/comments/1it7p4j/achieving_rce_in_famous_japanese_chat_tool_with/
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html
CyberArk acquires Zilla. Tines secures $125 million in Series C round.
https://thecyberwire.com/newsletters/business-briefing/7/7
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ivanti Endpoint Manager Credential Coercion Vulnerabilities Deep-Dive
https://www.reddit.com/r/netsec/comments/1it4l97/ivanti_endpoint_manager_credential_coercion/
Reinventing PowerShell in C/C++
https://www.reddit.com/r/netsec/comments/1it1knv/reinventing_powershell_in_cc/
Credential theft puts sensitive corporate and military networks at risk.
https://thecyberwire.com/newsletters/daily-briefing/14/32
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms
https://www.microsoft.com/en-us/security/blog/2025/02/19/microsoft-is-named-a-leader-in-the-2025-gartner-magic-quadrant-for-cyber-physical-systems-protection-platforms/
Achieving RCE in famous Japanese chat tool with an obsolete Electron feature
https://www.reddit.com/r/netsec/comments/1it7p4j/achieving_rce_in_famous_japanese_chat_tool_with/
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html
CyberArk acquires Zilla. Tines secures $125 million in Series C round.
https://thecyberwire.com/newsletters/business-briefing/7/7
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Ivanti Endpoint Manager Credential Coercion Vulnerabilities Deep-Dive
Explore this post and more from the netsec community
Top Security News for February 20, 2025
PCI DSS 4.0 Mandates DMARC By 31st March 2025
https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html
RANsacked: Over 100 Security Flaws Found in LTE/5G Network Implementations
https://www.reddit.com/r/netsec/comments/1itt6y4/ransacked_over_100_security_flaws_found_in_lte5g/
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions
https://research.checkpoint.com/2025/the-cat-and-mouse-game-exploiting-statistical-weaknesses-in-human-interaction-anti-evasions/
Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview
https://www.microsoft.com/en-us/security/blog/2025/02/20/microsoft-at-legalweek-help-safeguard-your-ai-future-with-microsoft-purview/
CISA and FBI issue advisory on the Ghost ransomware.
https://thecyberwire.com/newsletters/daily-briefing/14/33
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
PCI DSS 4.0 Mandates DMARC By 31st March 2025
https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html
RANsacked: Over 100 Security Flaws Found in LTE/5G Network Implementations
https://www.reddit.com/r/netsec/comments/1itt6y4/ransacked_over_100_security_flaws_found_in_lte5g/
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions
https://research.checkpoint.com/2025/the-cat-and-mouse-game-exploiting-statistical-weaknesses-in-human-interaction-anti-evasions/
Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview
https://www.microsoft.com/en-us/security/blog/2025/02/20/microsoft-at-legalweek-help-safeguard-your-ai-future-with-microsoft-purview/
CISA and FBI issue advisory on the Ghost ransomware.
https://thecyberwire.com/newsletters/daily-briefing/14/33
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: RANsacked: Over 100 Security Flaws Found in LTE/5G Network Implementations
Posted by dukeofmola - 85 votes and 5 comments
Top Security News for February 21, 2025
AI-Powered Deception is a Menace to Our Societies
https://thehackernews.com/2025/02/ai-powered-deception-is-menace-to-our.html
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
https://thehackernews.com/2025/02/webinar-learn-how-to-identify-high-risk.html
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html
Apple Removes Advanced Data Protection Tool After UK Government Request
https://www.theguardian.com/technology/2025/feb/21/apple-removes-advanced-data-protection-tool-uk-government
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
AI-Powered Deception is a Menace to Our Societies
https://thehackernews.com/2025/02/ai-powered-deception-is-menace-to-our.html
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
https://thehackernews.com/2025/02/webinar-learn-how-to-identify-high-risk.html
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html
Apple Removes Advanced Data Protection Tool After UK Government Request
https://www.theguardian.com/technology/2025/feb/21/apple-removes-advanced-data-protection-tool-uk-government
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
the Guardian
Apple removes advanced data protection tool in face of UK government request
Apple says removal of tool after government asked for right to see data will make iCloud users more vulnerable
Top Security News for October 16, 2023
Apple removes iCloud encryption in UK following backdoor demand
https://securityaffairs.com/174500/security/apple-removes-icloud-encryption-in-uk.html
‘The bot asked me four times a day how I was feeling’: is tracking everything actually good for us?
https://www.theguardian.com/lifeandstyle/2025/feb/22/the-bot-asked-me-four-times-a-day-how-i-was-feeling-is-tracking-everything-actually-good-for-us
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
https://securityaffairs.com/174514/cyber-crime/lazarus-stole-1-5b-from-bybit-cryptocurrency-heist.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Apple removes iCloud encryption in UK following backdoor demand
https://securityaffairs.com/174500/security/apple-removes-icloud-encryption-in-uk.html
‘The bot asked me four times a day how I was feeling’: is tracking everything actually good for us?
https://www.theguardian.com/lifeandstyle/2025/feb/22/the-bot-asked-me-four-times-a-day-how-i-was-feeling-is-tracking-everything-actually-good-for-us
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
https://securityaffairs.com/174514/cyber-crime/lazarus-stole-1-5b-from-bybit-cryptocurrency-heist.html
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Apple removes iCloud encryption in UK following backdoor demand
Apple removed iCloud’s Advanced Data Protection in the UK after the government requested encryption backdoor access.