Reposted by Glider
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks #cybersecurity #infosec #privacy #news thehackernews.com/20...
March 19, 2024 at 3:12 PM
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks #cybersecurity #infosec #privacy #news thehackernews.com/20...
Reposted by Glider
#LockBit ransomware secretly building next-gen encryptor before takedown
#PotatoSecurity #Ransomware
www.bleepingcomputer.com/news/securit...
February 23, 2024 at 12:10 AM
#LockBit ransomware secretly building next-gen encryptor before takedown
#PotatoSecurity #Ransomware
www.bleepingcomputer.com/news/securit...
Reposted by Glider
Well that sure is a collection of words isn’t it
February 6, 2024 at 11:25 PM
Well that sure is a collection of words isn’t it
Reposted by Glider
🚨 After the FBI shut down the KV-botnet network, the malware operators attempted to bounce back by restructuring their operations and engaging with thousands of IP addresses.
themashernews.com/2024/02/afte...
#potatosecurity #malware #informationsecurity
themashernews.com/2024/02/afte...
#potatosecurity #malware #informationsecurity
February 7, 2024 at 8:16 PM
🚨 After the FBI shut down the KV-botnet network, the malware operators attempted to bounce back by restructuring their operations and engaging with thousands of IP addresses.
themashernews.com/2024/02/afte...
#potatosecurity #malware #informationsecurity
themashernews.com/2024/02/afte...
#potatosecurity #malware #informationsecurity
Reposted by Glider
Heads-up to anyone running a Wordpress site. If you get a very convincing looking email from “The Wordpress Security Team about a vulnerability and the message: “We urge you to install the CVE-2024-46188 Patch without any delay”
DO NOT INSTALL!
It’s a scam. The download is malware. DO NOT INSTALL.
DO NOT INSTALL!
It’s a scam. The download is malware. DO NOT INSTALL.
February 3, 2024 at 7:58 PM
Heads-up to anyone running a Wordpress site. If you get a very convincing looking email from “The Wordpress Security Team about a vulnerability and the message: “We urge you to install the CVE-2024-46188 Patch without any delay”
DO NOT INSTALL!
It’s a scam. The download is malware. DO NOT INSTALL.
DO NOT INSTALL!
It’s a scam. The download is malware. DO NOT INSTALL.
Reposted by Glider
"we believe this attack was performed by a nation state with the goal of obtaining persistent and widespread access to Cloudflare global network"
#Okta #cloudflare #Atlassian #Confluence #jira #Bitbucket #software #breach #security #cybersecurity #hacking
www.bleepingcomputer.com/news/securit...
Cloudflare hacked using auth tokens stolen in Okta attack
Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code managem...
www.bleepingcomputer.com
February 2, 2024 at 3:43 PM
"we believe this attack was performed by a nation state with the goal of obtaining persistent and widespread access to Cloudflare global network"
#Okta #cloudflare #Atlassian #Confluence #jira #Bitbucket #software #breach #security #cybersecurity #hacking
www.bleepingcomputer.com/news/securit...
Want to learn how to create a native XLL dropper?
GitHub - EvilGreys/XLL-DROPPER-: XLL DROPPER | Learn to create Native xll Dropper
XLL DROPPER | Learn to create Native xll Dropper. Contribute to EvilGreys/XLL-DROPPER- development by creating an account on GitHub.
github.com
January 30, 2024 at 1:49 AM
Want to learn how to create a native XLL dropper?
Proof of concept code for thread pool based process injection in Windows.
GitHub - Uri3n/Thread-Pool-Injection-PoC: Proof of concept code for thread pool based process inject...
Proof of concept code for thread pool based process injection in Windows. - GitHub - Uri3n/Thread-Pool-Injection-PoC: Proof of concept code for thread pool based process injection in Windows.
github.com
January 28, 2024 at 3:57 PM
Proof of concept code for thread pool based process injection in Windows.
A php-based webshell. The code has been obfuscated to bypass static malware scans.
Release New Features · 22XploiterCrew-Team/Gel4y-Mini-Shell-Backdoor
Features [UPDATED]
Command Shell
Zip Upload (Auto Extract)
Obfuscated Code (not a feature in webshell)
Multiple File Upload
Create Folder and File
File Download
Full Changelog: v1.2...v1.3
github.com
January 28, 2024 at 3:55 PM
A php-based webshell. The code has been obfuscated to bypass static malware scans.
Reposted by Glider
Useful websites collecting Linux kernel syscall tables for various architectures and kernel versions
arm64.syscall.sh
syscalls.mebeim.net
#Linux #infosec
arm64.syscall.sh
syscalls.mebeim.net
#Linux #infosec
January 28, 2024 at 8:56 AM
Useful websites collecting Linux kernel syscall tables for various architectures and kernel versions
arm64.syscall.sh
syscalls.mebeim.net
#Linux #infosec
arm64.syscall.sh
syscalls.mebeim.net
#Linux #infosec
Reposted by Glider
Unsurprisingly lots of Fortra GoAnywhere MFT CVE-2024-0204 related exploit attempts (based on public PoC exploit) happening. Over 120 IPs seen so far ... However, we think unlikely these will be successful on larger scale as not many admin portals exposed (only ~50, most patched)
January 25, 2024 at 10:58 AM
Unsurprisingly lots of Fortra GoAnywhere MFT CVE-2024-0204 related exploit attempts (based on public PoC exploit) happening. Over 120 IPs seen so far ... However, we think unlikely these will be successful on larger scale as not many admin portals exposed (only ~50, most patched)
Reposted by Glider
Russian advanced persistent threat (APT) #ColdRiver has expanded its phishing campaign against Western officials and allies of #Ukraine via deployment of a new custom backdoor, #Spica, while Google's Threat Analysis Group pushes back against #hackers. #cybersecurity #malware #Russia bit.ly/4b9WxI3
Spica Uncovered: Google’s Response to Russian APT ColdRiver’s Latest Malware
| By Lauren LaPorta | Russian advanced persistent threat ColdRiver has expanded and evolved its phishing campaigns against Western officials and allies of Ukraine through the deployment of a new custo...
bit.ly
January 27, 2024 at 4:18 AM
Russian advanced persistent threat (APT) #ColdRiver has expanded its phishing campaign against Western officials and allies of #Ukraine via deployment of a new custom backdoor, #Spica, while Google's Threat Analysis Group pushes back against #hackers. #cybersecurity #malware #Russia bit.ly/4b9WxI3
Reposted by Glider
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records
www.darkreading.com
January 26, 2024 at 10:16 PM
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records
Reposted by Glider
TweetFeed
List of IOCs shared today by the #infosec community at Twitter:
- domains
- URLs
- IPs
- SHA256/MD5 hashes
tweetfeed.live
Creator twitter.com/0xDanielLopez
List of IOCs shared today by the #infosec community at Twitter:
- domains
- URLs
- IPs
- SHA256/MD5 hashes
tweetfeed.live
Creator twitter.com/0xDanielLopez
January 23, 2024 at 8:45 AM
TweetFeed
List of IOCs shared today by the #infosec community at Twitter:
- domains
- URLs
- IPs
- SHA256/MD5 hashes
tweetfeed.live
Creator twitter.com/0xDanielLopez
List of IOCs shared today by the #infosec community at Twitter:
- domains
- URLs
- IPs
- SHA256/MD5 hashes
tweetfeed.live
Creator twitter.com/0xDanielLopez
Reposted by Glider
We are detecting activity for CVE-2023-22527, which relates to a critical Atlassian Confluence Template Injection RCE vulnerability. So far, commands are focused on `id` `whoami` and `cat /etc/shadow` - Patch before it's too late!
viz.greynoise.io/tag...
viz.greynoise.io/tag...
GreyNoise Visualizer
At GreyNoise, we collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet.
viz.greynoise.io
January 22, 2024 at 7:53 PM
We are detecting activity for CVE-2023-22527, which relates to a critical Atlassian Confluence Template Injection RCE vulnerability. So far, commands are focused on `id` `whoami` and `cat /etc/shadow` - Patch before it's too late!
viz.greynoise.io/tag...
viz.greynoise.io/tag...
Reposted by Glider
We are seeing Atlassian Confluence CVE-2023-22527 pre-auth template injection RCE attempts since 2024-01-19. Over 600 IPs seen attacking so far (testing callback attempts and 'whoami' execution).
Vulnerability affects out of date versions of Confluence:
confluence.atlassian.com/security/cve...
Vulnerability affects out of date versions of Confluence:
confluence.atlassian.com/security/cve...
January 22, 2024 at 10:12 AM
We are seeing Atlassian Confluence CVE-2023-22527 pre-auth template injection RCE attempts since 2024-01-19. Over 600 IPs seen attacking so far (testing callback attempts and 'whoami' execution).
Vulnerability affects out of date versions of Confluence:
confluence.atlassian.com/security/cve...
Vulnerability affects out of date versions of Confluence:
confluence.atlassian.com/security/cve...
Astounding(Blackforums admin) is working on developing a new C++ ransomware known as "TerrorLocker".
January 22, 2024 at 2:37 AM
Astounding(Blackforums admin) is working on developing a new C++ ransomware known as "TerrorLocker".
As part of the sentencing conditions, Fitzpatrick will serve the first two years of his release in home arrest with a GPS locator and receive mental health treatment.
BreachForums hacking forum admin sentenced to 20 years supervised release
Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking...
www.bleepingcomputer.com
January 21, 2024 at 4:16 AM
As part of the sentencing conditions, Fitzpatrick will serve the first two years of his release in home arrest with a GPS locator and receive mental health treatment.
Reposted by Glider
Russian Hackers Were Inside Ukrainian Telecoms Giant for Almost a Year
Russian Hackers Were Inside Ukrainian Telecoms Giant for Almost a Year
Russian hackers have been inside Ukrainian telecoms company Kyivstar's system since at least May of last year, causing the most severe cyberattack on Ukrainian networks.
cybersecuritynews.com
January 8, 2024 at 2:39 PM
Russian Hackers Were Inside Ukrainian Telecoms Giant for Almost a Year
Maze ransomware attacked Xerox in 2020.
Ex-Maze 🤝 INC post takedown by LEA?
Ex-Maze 🤝 INC post takedown by LEA?
Copy that? Xerox confirms 'security incident' at subsidiary
Xerox confirms 'security incident' at subsidiary
Company’s removal from ransomware gang’s leak blog could mean negotiations underway
www.theregister.com
January 3, 2024 at 2:01 PM
Maze ransomware attacked Xerox in 2020.
Ex-Maze 🤝 INC post takedown by LEA?
Ex-Maze 🤝 INC post takedown by LEA?
January 3, 2024 at 12:33 PM
Reposted by Glider
We are sharing SSH CVE-2023-48795 (Terrapin attack) vulnerable instances found in our IPv4/IPv6 scans in our Accessible SSH report: shadowserver.org/what-we-do/n...
Nearly 11M instances (by unique IP) found vulnerable (~52%).
Background on the vulnerability: terrapin-attack.com
Nearly 11M instances (by unique IP) found vulnerable (~52%).
Background on the vulnerability: terrapin-attack.com
January 3, 2024 at 9:50 AM
We are sharing SSH CVE-2023-48795 (Terrapin attack) vulnerable instances found in our IPv4/IPv6 scans in our Accessible SSH report: shadowserver.org/what-we-do/n...
Nearly 11M instances (by unique IP) found vulnerable (~52%).
Background on the vulnerability: terrapin-attack.com
Nearly 11M instances (by unique IP) found vulnerable (~52%).
Background on the vulnerability: terrapin-attack.com