Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Phylum Research | Software Supply Chain Security
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.
👍3
U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY
🗣digicat
>today remains the Department’s second largest financial seizure ever
What's the biggest?
👤RamblinWreckGT
Wait...
He technically did nothing wrong. He stole from scumbags. Just because it's tainted doesn't mean he should go to jail. Holy shit.
👤asecuredlife
Infinite money glitch irl:
- Create anonymous account on darknet market
- Exploit race condition to steal bitcoin (You could double spend if you do it fast)
- Quickly transfer bitcoin through a chain of addresses to hide source.
- Wait for hard fork to double your money
- ~~Make stupid opsec fails that lead to you getting caught~~
- Profit.
👤NullVoidPointer
🎖@malwr
🗣digicat
>today remains the Department’s second largest financial seizure ever
What's the biggest?
👤RamblinWreckGT
Wait...
He technically did nothing wrong. He stole from scumbags. Just because it's tainted doesn't mean he should go to jail. Holy shit.
👤asecuredlife
Infinite money glitch irl:
- Create anonymous account on darknet market
- Exploit race condition to steal bitcoin (You could double spend if you do it fast)
- Quickly transfer bitcoin through a chain of addresses to hide source.
- Wait for hard fork to double your money
- ~~Make stupid opsec fails that lead to you getting caught~~
- Profit.
👤NullVoidPointer
🎖@malwr
www.justice.gov
U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure
Create Emergency Access Accounts for AAD and Use Log Analytics to Monitor Sign-ins from them
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
TECHCOMMUNITY.MICROSOFT.COM
Create Emergency Access Accounts for Azure AD and Use Log Analytics to Monitor Sign-ins from Them
As part of your cloud BCDR processes, make sure you have a solid emergency accounts process and automation watching for sign-in attempts from those emergency..
Jit-Picking: Differential Fuzzing of JavaScript Engines [PDF](https://mu00d8.me/paper/bernhard22jitpicking.pdf)
🗣Gallus
🎖@malwr
🗣Gallus
🎖@malwr
SpyGuard:: a forked and enhanced version of TinyCheck. The main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
🗣lugh
🎖@malwr
🗣lugh
🎖@malwr
GitHub
GitHub - SpyGuard/SpyGuard: SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs…
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard
👍1🔥1
Free online cybercrime intelligence tools from info-stealers data
Find it here
What is it? - this (first to the left) free tool lets you search any domain and discover:
\- How many compromised employees & users a domain (company) has based on a cybercrime database composed of millions of compromised computers worldwide.
\- The external attack surface of that domain that is known to threat actors - each of the URLs have corresponding compromised credentials that are used by threat actors as an initial attack vector.
Why is it useful?
\- Risk assessment - looking up a domain and seeing it has a lot of compromised employees can indicate the company is not up to date with proper security measures, each compromised employee indicates that someone in the company downloaded and executed an info-stealing malware and had all their corporate credentials, personal credentials, cookies, documents, etc stolen by hackers that are using the credentials as an initial attack vector.
\- Assets discovery (External attack surface) - the tool let you see the top 5 URLs that compromised employees & clients had credentials to, often these URLs are not attainable anywhere else because internal URLs accessed by users & employees are not indexed anywhere and cannot be scraped.
🗣Malwarebeasts
🎖@malwr
Find it here
What is it? - this (first to the left) free tool lets you search any domain and discover:
\- How many compromised employees & users a domain (company) has based on a cybercrime database composed of millions of compromised computers worldwide.
\- The external attack surface of that domain that is known to threat actors - each of the URLs have corresponding compromised credentials that are used by threat actors as an initial attack vector.
Why is it useful?
\- Risk assessment - looking up a domain and seeing it has a lot of compromised employees can indicate the company is not up to date with proper security measures, each compromised employee indicates that someone in the company downloaded and executed an info-stealing malware and had all their corporate credentials, personal credentials, cookies, documents, etc stolen by hackers that are using the credentials as an initial attack vector.
\- Assets discovery (External attack surface) - the tool let you see the top 5 URLs that compromised employees & clients had credentials to, often these URLs are not attainable anywhere else because internal URLs accessed by users & employees are not indexed anywhere and cannot be scraped.
🗣Malwarebeasts
🎖@malwr
Hudson Rock
Hudson Rock - Infostealer Intelligence Solutions
Powered by Hudson Rock's continuously augmented cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.
👍2
Why don't Windows functions begin with a pointless MOV EDI,EDI instruction on x86-64?
🗣aqrit
That instruction wasn't actually pointless. It was a 2 byte instruction that allowed for a short jump. This would allow for hot patching of a function.
👤alittlejolly
🎖@malwr
🗣aqrit
That instruction wasn't actually pointless. It was a 2 byte instruction that allowed for a short jump. This would allow for hot patching of a function.
👤alittlejolly
🎖@malwr
Microsoft News
Why don’t Windows functions begin with a pointless MOV EDI,EDI instruction on x86-64?
Applying the hot-patch in a different way.
🔥1