4n6 Week 48 – 2023 - THREAT INTELLIGENCE/HUNTING
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
THREAT INTELLIGENCE/HUNTING
4n6lady
JavaScript is not available. We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using twitter.com. You can see a list of supported browsers in our Help Center. Help Center Terms of Service Privacy Policy Cookie Policy Imprint Ads info © 2023 X Corp. Something went wrong, but don’t fret — let’s give it another shot.Try again
Adam Goss
Python Threat Hunting Tools: Part 12 — MISP and CrowdStrike Falcon IntegrationAdam Goss·FollowPublished inInfoSec Write-ups·12 min read·6 days ago--ShareWelcome back to this series on building threat hunting tools. In this series, I will be showcasing a variety of threat hunting tools that you can use to hunt for threats, automate tedious processes, and extend to create your own toolkit!Most of these tools will be simple, focusing on being easy to understand and implement. This is so that you, t...
Akamai
Allan Liska at ‘Ransomware Sommelier’
ransomwaresommelier.comCopy linkFacebookEmailNoteOtherDiscover more from RansomwareMy thoughts about ransomwareSubscribeContinue readingSign in Okay, Fine Let’s Talk About Scattered SpiderThe royalty free image should be interestingAllan LiskaNov 18, 20233Share this postOkay, Fine Let’s Talk About Scattered Spiderransomwaresommelier.comCopy linkFacebookEmailNoteOtherShareBefore getting to Scattered Spider, I’d like to ask your support for our Kickstarter Campaign to fund the 2nd Issue of Yours T...
John Althouse at APNIC
By John Althouse on 22 Nov 2023 Category: Tech matters Tags: Guest Post, security, threat hunting Tweet Blog home In this blog post, I look at new JA4+ network fingerprinting methods and examples of what they can detect. JA4+ provides a suite of modular network fingerprints that are easy to use and easy to share, replacing the JA3 TLS fingerprinting standard from 2017. These methods are both human and machine-readable to facilitate more effective threat-hunting and analysis. The use cases for th...
AttackIQ
Tainted Defenses: Emulating Gallium’s Operation Tainted Love
Attack Graph Response to CISA Advisory (AA23-319A): #StopRansomware: Rhysida Ransomware
BI Zone
Introducing our newest research “The seven faces of darkness” We talk about the commercial malware that is most common in attacks on Russian organizations November 24, 2023 ol:not([class])<li:before { font-size: 20px; color: #000; font-weight: bold;} Our experts at BI.ZONE Threat Intelligence have published their new research The seven faces of darkness that analyzes seven malware families being distributed via the MaaS (malware‑as‑a‑service) model. The research includes the malware that is heav...
Brad Duncan at Malware Traffic Analysis
2023-11-20 (MONDAY) - DARKGATE INFECTION REFERENCE: //www.linkedin.com/posts/unit42_darkgate-timelythreatintel-unit42threatintel-activity-7132871065927655428-X2wP //twitter.com/Unit42_Intel/status/1727105445200814456 ASSOCIATED FILES: 2023-11-20-IOCs-for-DarkGate-infection.txt.zip 2.1 kB (2,143 bytes) 2023-11-20-DarkGate-infection-traffic.pcap.zip 1.2 MB (1,171,059 bytes) 2023-11-20-DarkGate-malware-and-artifacts.zip 1.4 MB (1,387,961 bytes) Click here to return to the main page. Copyright © 202...
2023-11-06 (MONDAY) - 404 TDS --< UNIDENTIFIED MALWARE --< COBALT STRIKE NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. ASSOCIATED FILES: 2023-11-06-IOCs-from-404TDS-to-malware-to-CobaltStrike.txt.zip 2.0 kB (2,007 bytes) 2023-11-06-404TDS-to-malware-to-Cobalt-Strike.pcap.zip 4.9 kB (4,865,381 bytes) 2023-11-06-404TDS-unidentified-malware-and-artifacts.zip 166 kB (166,441 bytes) 2023-11-06 (MONDAY) - 404 TDS --< UNIDENTIFIED MALWARE...
2023-11-22 (WEDNESDAY) - AGENTTESLA INFECTION WITH FTP DATA EXFIL NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. ASSOCIATED FILES: 2023-11-22-IOCs-from-AgentTesla-infection.txt.zip 1.9 kB (1,876 bytes) 2023-11-20-AgentTesla-malspam-1828-UTC.eml.zip 1.5 kB (7,534 bytes) 2023-11-22-AgentTesla-infection-FTP-data-exfil.pcap.zip 8.6 MB (8,564,400 bytes) 2023-11-22-AgentTesla-malware-and-artifacts.zip 7.6 MB (7,608,076 bytes) 2023-11-22 (...
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 18 – 24 Novembre 2023 24/11/2023 riepilogo In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 43 campagne malevole, di cui 38 con obiettivi italiani e 5 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 537 indicatori di compromissione (IOC) individuati. Riportiamo in seguito il dettaglio delle tipolog...
Check Point
CISA
Release DateNovember 21, 2023 Alert CodeAA23-325A SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...
Dylan Duncan at Cofense
Cybereason
Written By Cybereason Security Research Team Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including new ransomware actors such as the emergent group INC Ransom. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. KEY DETAILS Targets US & Western Countries: Similar to many other ransomware groups, INC Ransom’s operators appear to mainly target the United States and European countries. Partial Enc...
Cyfirma
Published On : 2023-11-23 Share : Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware. Target Technologies: MS Windows, Linux. Introduction CYFIRMA Research and Advisory Team has found ransomware called C3RB3R while monitoring various underground forums as part of our ...
EclecticIQ
Sandworm Targets Ukraine's Critical Infrastructure; Overlooked AI Privacy Challenges This volume of the analyst prompt looks at recent Russian APT techniques against Ukraine critical infrastructure and the implications of the changing tactics, plus overlooked privacy implications of AI applications transforming data from a non-sensitive to a sensitive context. Aleksander W. Jarosz – November 21, 2023 Sandworm Targeting Ukraine Critical Infrastructure Demonstrate Russia Streamlining Operational T...
Esentire
→ Nov 17, 2023 The Rise of QR Code Phishing Attacks and Best Practices for Interacting… → Nov 16, 2023 eSentire Threat Intelligence Malware Analysis: SolarMarker: To Jupyter and… → VIEW BLOG → Resources Case Studies → Videos → Reports → Webinars → Data Sheets → Cybersecurity Tools → Glossary → EXPLORE LIBRARY → SECURITY ADVISORIES Nov 07, 2023 Atlassian Confluence Vulnerability Exploited (CVE-2023-22518) THE THREAT On November 6th, Atlassian confirmed that threat actors are now actively exploiti...
BY eSentire November 17, 2023 | 5 MINS READ Attacks/Breaches Managed Risk Programs Want to learn more on how to achieve Cyber Resilience? TALK TO AN EXPERT Since the onset of the COVID-19 pandemic, most businesses across a wide range of industries have begun using Quick Response (QR) codes to provide a contactless experience for their customers. The QR code is a square pixelated barcode that can be read by digital devices such as your smartphone camera. These codes are often used for many legiti...
Flare
Huntress
Previous Post Share on Twitter Share on LinkedIn Share on Facebook Share on Reddit Small and medium-sized businesses (SMBs) often find themselves in the crosshairs of today’s cybercriminals. While the spotlight often shines on high-profile breaches affecting corporate giants, it’s these businesses, the SMBs, who are the ones dealing with the barrage of threats. And that’s exactly what we’re seeing in the wild. At Hunress, we have a distinct view of the various attacks and instructions against th...
InfoSec Write-ups
Reading into Direct Syscalls with Syswhispers.bob van der staak·FollowPublished inInfoSec Write-ups·16 min read·5 days ago--ShareNow that we have a better understanding of syscalls and know the chain from application ==< Windows Api ==< Native Windows Api. It is time to really implement the bypass by making use of Direct Syscalls.But first, let's dive a tiny bit deeper into the code we already created in Part 1. We gonna use WinDBG to investigate the code of the native Windows API. We will focus...
Intel471
Nov 20, 2023 Bulletproof hosting (BPH) services, as their name suggests, are more robust than other web hosting services. More resilient against complaints and takedown requests from law enforcement, they enable and facilitate a vast array of cybercriminal activity, such as phishing sites and malware download servers, to continue undisturbed. BPH services are perhaps the biggest enabler of cybercrime within the underground, and for the last decade, one threat actor has maintained prominence: yal...
Joshua Penny
Infrastructure Analysis: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023–4966 Citrix Bleed VulnerabilityJoshuapenny·Follow13 min read·2 days ago--ListenShare//www.cisa.gov/news-events/cybersecurity-advisories/aa23-325aAuthors: Joshua Penny, Michael KoczwaraTools used: Shodan, Censys, VirusTotal, UrlScan, Validin, MaltegoSummaryIn this blog post, we’re going to take a look at the recent IOCs provided by Boeing in the joint CISA/FBI/ACSC report. LockBit 3.0 affiliates are exploiting CVE-2023–49...
KELA Cyber Threat Intelligence
KELA Cyber Intelligence Center The cybercrime landscape is constantly evolving with sophisticated threats and risks, but the heart of the cybercrime ecosystem is built on threat actors. Being the brains behind each cyber incident, they are responsible for ransomware attacks, data breaches, building new malware, and aiming to compromise corporate networks. Threat actors are a wide range of players, from nation-state actors to script kiddies. This blog delves into KELA’s new module – Threat Actors...
Kroll
The threat landscape has evolved rapidly in recent years due to major changes in the way organizations operate and adopt new technologies. Cloud services such as Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) have seen massive growth over the last decade. With accelerated digital transformation, increased remote working and cloud adoption, the attack surface has increased for most organizations. Threats are also increasing as innovations like generative AI emerge, creating o...
Simon Marechal at Synacktiv
Written by Simon Marechal - 22/11/2023 - in Outils , Reverse-engineering - Download This post showcases a small but very useful tool that can be used to classify expected and suspicious traffic in a network capture file, and, more importantly, what the process is for writing such a tool. I recently had to analyze traffic from and to an Android that was suspected to having been compromised. I started by capturing all WiFi traffic for a few days on the wireless router. It amounted to a few hundred...
Marcus Edmondson at ‘The Threat Hunter’s Dilemma’
Threat Hunting Lab 1 - Answersmarcusedmondson.substack.comCopy linkFacebookEmailNoteOtherThreat Hunting Lab 1 - AnswersThe Situational Awareness CaseMarcus EdmondsonNov 20, 2023∙ Paid1Share this postThreat Hunting Lab 1 - Answersmarcusedmondson.substack.comCopy linkFacebookEmailNoteOtherShareSubscribeLab 1 Scenario: Security has been alerted that this computer may have been possibly compromised. We need to answer the below questions. This lab will be fairly simple with the intention to make them...
Microsoft Security
Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:United States English Microsoft Homepage
Andrea Fisher at Microsoft Security Insights Show
securityinsights.substack.comCopy linkFacebookEmailNoteOtherDiscover more from Microsoft Security Insights ShowHosted by Edward Walton, Andrea Fisher, Rod Trent, and Brodie Cassell, the Microsoft Security Insights Show provides information, news, tips on the Microsoft Security Solutions including Microsoft Sentinel, Microsoft 365 Defender, Azure, and Microsoft 365Over 3,000 subscribersSubscribeContinue readingSign in Using KQL in a Playbook for SentinelFun with parsing JSONAndrea FisherNov 22, 2...
Nasreddine Bencherchali
SigmaHQ Rules Release Highlights — r2023–11–20Nasreddine Bencherchali·FollowPublished inSigma_HQ·7 min read·6 days ago--ListenShare//github.com/SigmaHQ/sigma/releases/tag/r2023-11-20Sigma Rule Packages for 20–11–2023 are released and available for download. This release saw the addition of 29 new rules, 44 rule updates and 11 rule fixes by 21+ contributors.New RulesSome highlights for the newer rules include, emerging threat detections for CVE-2023–22518 and CVE-2023–46747 exploitation attempts....
Alex Jessop at NCC Group
The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review Don’t throw a hissy fit; defend against Medusa Demystifying Cobalt Strike’s “make_token” Command Tool Release: Magisk Module – Conscrypt Trust User Certs Post-exploiting a compromised etcd – Full control over the cluster and its nodes D0nut encrypt me, I have a wife and no backups Popping Blisters for research: An overview o...
Paul Hager at Nextron Systems
by Paul Hager | Nov 14, 2023 Supercharging Postfix With THOR Thunderstorm by Paul Hager | Nov 14, 2023 | Security Monitoring, THOR, Thunderstorm, Tool, Tutorial Have you already heard about THOR Thunderstorm, a self-hosted THOR as a service? In this blog post, we will show how you can leverage THOR Thunderstorm to level up your email infrastructure security. THOR Thunderstorm THOR Thunderstorm is a web API wrapped around THOR, which accepts file uploads and returns matches in JSON format. It can...
NIS and NCSC
Palo Alto Networks
8,064 people reacted 67 17 min. read Share By Unit 42 November 21, 2023 at 6:00 AM Category: Malware Tags: advanced persistent threat, Advanced Threat Prevention, Advanced URL Filtering, Advanced WildFire, APTs, BeaverTail, CL-STA-0420, CL-STA-0421, Cloud-Delivered Security Services, Cortex XDR, DPRK, next-generation firewall, North Korea, Wagemole This post is also available in: 日本語 (Japanese)Executive Summary Unit 42 researchers recently discovered two separate campaigns targeting job-seeking ...
Penetration Testing Lab
Persistence – Scheduled Task Tampering by Administrator.In Persistence.Leave a Comment on Persistence – Scheduled Task Tampering Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method of persistence by threat actors and red teams and therefore this technique has drawn a lot of attention from SOC teams which are monitoring specific Windows Event ID’s in order to identify modificati...
Rapid7
What is Sigma?How is Sigma used traditionally?The Sigma ruleLimitations of the Sigma formatAdvantages of SigmaHow is Sigma implemented in Velociraptor?The Sigma Velociraptor pluginManaging a large repository of Sigma rulesSigma alerting via a CLIENT artifactSigma In VelociraptorThis page discusses how Sigma is implemented and used within Velociraptor.What is Sigma?Detection engineering is an evolving field with many practitioners developing and evolving signatures rapidly, as new threats emerge ...
Red Alert
2023 The First Half Activities Summary of Ransomware Threat Actors (EN...2023 The First Half Activities Summary of Ransomware Threat Actors (EN) Executive Summary NSHC Threat Research Lab has analyzed information about hacking groups that have used Ransomware during the first half of 2023. Hacking activities using Ransomware have been continuously occurring up to now and it has been confirmed that the effects caused by the dissemination of Ransomware with the purpose of obtaining monetary compen...
James Xiang at ReliaQuest
SANS
Linux Intrusions â A Growing Problem Tarot (Taz) Wake Linux Intrusions â A Growing Problem As the reports from TechJury and Trend Micro illustrate, the need for comprehensive Linux security knowledge has never been greater. November 20, 2023 OverviewThe cybersecurity landscape is constantly evolving, even if the ultimate goal of our attackers remains consistent. Linux systems are increasingly targeted by sophisticated threat actors, ranging from Nation/State-backed actors, to organized crimi...
Five Startling Findings In 2023âs ICS Cybersecurity Data Dean Parsons Five Startling Findings In 2023âs ICS Cybersecurity Data As ICS risk grows, so too must the skills of the ICS cyber defender. November 20, 2023 ICS Security in The FieldAt my company, ICS Defense Force, I perform industrial control system (ICS) security assessments and incident response tabletop exercises across many different critical infrastructure sectors across the globe. This includes oil and gas, water, electric powe...
Linux Incident Response - Using ss for Network Analysis Tarot (Taz) Wake Linux Incident Response - Using ss for Network Analysis Understanding the ss command is crucial for analyzing network connections & traffic, to identify and investigate potentially malicious activities. November 22, 2023 Introduction to the ss CommandThe ss (socket statistics) command is a powerful tool in Linux used for examining sockets. As an incident responder, understanding the ss command is crucial for analyzing netwo...
Linux Incident Response - Introduction to Rootkits Tarot (Taz) Wake Linux Incident Response - Introduction to Rootkits Learn about intricacies of Linux rootkits, the diverse types they encompass, their intricate construction techniques, & their historical evolution. November 22, 2023 Rooting out rootkitsRootkits are an ongoing problem in cybersecurity, particularly within the Linux ecosystem. These surreptitious entities pose a considerable threat by affording unauthorised access and perpetuatin...
Linux Incident Response - A Guide to syslog-ng Tarot (Taz) Wake Linux Incident Response - A Guide to syslog-ng Syslog-ng stands as a sophisticated evolution of the syslog protocol, designed to offer advanced logging capabilities within Linux systems. November 26, 2023 Understanding Syslog-ng in Linux EnvironmentsSyslog-ng stands as a sophisticated evolution of the syslog protocol, designed to offer advanced logging capabilities within Linux systems. Its enhanced functionalities are crucial in ma...
SANS Internet Storm Center
Overflowing Web Honeypot Logs Published: 2023-11-20 Last Updated: 2023-11-20 00:04:09 UTC by Jesse La Grew (Version: 1) 0 comment(s) While reviewing one of my honeypots to convert some of the JSON data, I noticed some of my files were much larger than I expected. That leads to the question, how large should these files normally be and why are some of them so large? To help summarize this data a bit easier, it seemed like a good idea to make another python script. import os from statistics import...
CVE-2023-1389: A New Means to Expand Botnets Published: 2023-11-22 Last Updated: 2023-11-22 18:25:42 UTC by Guy Bruneau (Version: 1) 0 comment(s) [This is a Guest Diary by Jonah Latimer, an ISC intern as part of the SANS.edu BACS program] Introduction I am currently pursuing a Bachelor degree from SANS Technology Institute, and part of the requirements for graduation is to complete a 20 week internship with the SANS Internet Storm Center. During this internship I created a honeypot using an Amaz...
Internet Storm Center Sign In Sign Up Watch ISC TV. Great for NOCs, SOCs and Living Rooms: //isctv.sans.edu Handler on Duty: Guy Bruneau Threat Level: green previous OVA Files Published: 2023-11-25 Last Updated: 2023-11-25 08:50:11 UTC by Didier Stevens (Version: 1) 0 comment(s) I had to figure out when a OVA file was published (for a virtual machine). The Open Virtualization Format (OVF) is the standard for these files. The OVF standard specifies that a OVF package consists of a folder containi...
Wireshark 4.2.0 Released Published: 2023-11-25 Last Updated: 2023-11-25 08:48:58 UTC by Didier Stevens (Version: 1) 0 comment(s) About 10 days ago, new versions of Wireshark were released. A new major Wireshark release: 4.2.0. And a bugfix release: 4.0.11. With 8 bug fixes and 2 vulnerabilities fixed, one of them an SSH dissector crash. Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com Keywords: wireshark 0 comment(s) previousnext Comments Login here to join the discussion. Top ...
Sekoia
SOCRadar
Tamara Chacon at Splunk
Share: By Tamara Chacon November 20, 2023 Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: A favorite regex test web site is //regex101.com. Here you can test your regex statements quickly and easily. If you’re ne...
Taz Wake
Report this article Taz Wake Taz Wake Cyber security incident response | Threat hunting | Digital forensics | Certified SANS instructor & course author | I am not looking for any new certification training... Published Nov 21, 2023 + Follow Overview of XFSXFS, a high-performance 64-bit journaling file system created by Silicon Graphics, Inc. (SGI) in 1993, is notable for its efficient execution of parallel input/output (I/O) operations. It is designed with allocation groups, which are subdivisio...
Satnam Narang at Tenable
Satnam Narang | Cyber Exposure Alerts November 20, 2023 | 9 Min Read Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.Update November 22: This FAQ blog has been updated to note the availability of a direct check plugin.View Change LogBackgroundThe Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a critical vulner...
Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas at Trellix
By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center (SOC) successfully detected and stopped an attack against Musaruba, the holding company for Trellix and Skyhigh Security, involving an emerging malware family named DarkGate. First discovered in 2018, DarkGate is a Remote Access Trojan (RAT) that enables attackers to fully compromise victim systems. The software is developed and sold as Malwa...
Trend Micro
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. By: Peter Girnus November 20, 2023 Read time: ( words) Save to Folio Subscribe We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. When exploited, thi...
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. By: Hitomi Kimura, Jed Valderama, Fe Cureg, Mohamed Fahmy, Byron Gelera November 22, 2023 Read time: ( words) Save to Folio Subscribe The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud tha...
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data. By: Aliakbar Zahravi, Peter Girnus November 23, 2023 Read time: ( words) Save to Folio Subscribe Our investigations on potential security threats uncovered a malicious Google Chrome extension that we named “ParaSiteSnatcher.” The ParaSiteSnatcher framework allows threat actors to monitor, manipulate,...
Joseliyo Sánchez at VirusTotal
Actionable Threat Intel (VI) - A day in a Threat H... The definitive VirusTotal’s admin guide ► October 2023 (2) ► September 2023 (1) ► August 2023 (2) ► July 2023 (5) ► June 2023 (5) ► May 2023 (3) ► April 2023 (3) ► March 2023 (2) ► February 2023 (2) ► January 2023 (2) ► 2022 (23) ► December 2022 (1) ► November 2022 (6) ► October 2022 (1) ► September 2022 (1) ► August 2022 (3) ► July 2022 (1) ► May 2022 (1) ► April 2022 (2) ► March 2022 (3) ► February 2022 (2) ► January 2022 (2) ► 2021 (19) ► ...
Radek Jizba at WeLiveSecurity
Insight into groups operating Telekopye bots that scam people in online marketplaces Radek Jizba 23 Nov 2023 • , 16 min. read We recently published a blogpost about Telekopye, a Telegram bot that helps cybercriminals scam people in online marketplaces. Telekopye can craft phishing websites, emails, SMS messages, and more. In the first part, we wrote about technical details of Telekopye and hinted at hierarchical structure of its operational groups. In this second part, we focus on what we were a...
Wiz
Dive in a Kubernetes attack and see how eBPF and other security best practices can prevent these attacks.7 minutes readDaniel Lemos, Nicolas EhrmanNovember 19, 20237 minutes readContentsScenario 1: Privileged ContainerExecuting and breaking Scenario 2: Containerized Web appAttack Reconnaissance Exploiting the vulnerabilityEscalating privilegesHow to Prevent Kubernetes Runtime Attacks Summary In the first part of our series, we explained why the introduction and use of cloud-native environments i...
Google Cloud customers can now detect excessive access in their GCP environment based on Google audit logs to effectively right-size permissions.2 minutes readShaked Rotlevi, Ofer David, Matika LidgiNovember 20, 20232 minutes readEditor’s note: In our first blog post for this series, we announced support for Google Workspace identity modeling in Wiz. In this blogpost, we are adding a capability to detect excessive access findings for GCP customers that don’t have IAM Recommender enabled. As disc...
Zolder B.V.
About (EN) Blogs Zoldersessions WCGW Products Support Over Zolder Contact applied security research Zolder B.V. - 21 nov 2023 Storm-1575 AITM platform used to target cybersecurity experts This morning we received a phishing mail containing a QR code. The mail caught our attention because it bypassed our spam filter and came straight into our inbox. Also, our company name “Zolder” was mentioned multiple times in the phishing mail, which indicates a more targeted campaign, although probably still ...