Mira
@miraarim.bsky.social
mira mira on the wall
Cybersecurity | SOC Analyst | post-child, pre-adult
Cybersecurity | SOC Analyst | post-child, pre-adult
Palo Alto did some great analysis on this new malware: Lots of capabilities - caveat, user has to run binary. Don't run strange binaries you find on the Web folks.
Auto-Color: An Emerging and Evasive Linux Backdoor
The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more. The new Linux malware named Auto-color uses...
unit42.paloaltonetworks.com
March 2, 2025 at 1:05 PM
Palo Alto did some great analysis on this new malware: Lots of capabilities - caveat, user has to run binary. Don't run strange binaries you find on the Web folks.
Great writeup and breakdown by the folks at @sekoia.io on modern phishing techiques
🔍 TDR analysts discovered a new Adversary-in-the-Middle (#AiTM) #phishing kit, specifically targeting Microsoft 365 accounts and circumventing 2-step verification: Sneaky 2FA
https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/
#detection #sneaky2fa
https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/
#detection #sneaky2fa
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
In this blog post, learn about Sneaky 2FA, a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts.
blog.sekoia.io
January 18, 2025 at 2:31 AM
Great writeup and breakdown by the folks at @sekoia.io on modern phishing techiques
Ivanti never gets a break
#Ivanti: Researcher Uncovers Critical Vulnerabilities in Multiple Versions of Ivanti Endpoint Manager (#EPM)
and Ivanti Avalanche Application Control Engine.
CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update!
👇
thehackernews.com/2025/01/rese...
and Ivanti Avalanche Application Control Engine.
CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update!
👇
thehackernews.com/2025/01/rese...
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Ivanti patches four EPM vulnerabilities (CVSS 9.8) and updates Avalanche and Application Control Engine. No exploitation evidence found.
thehackernews.com
January 16, 2025 at 2:20 PM
Ivanti never gets a break
Being a piece of malware must be terrifying. An omniscient being can stop time, change your environment at will, pick you apart piece by piece until all your secrets are revealed, before you are catalogued, hunted down, and destroyed.
December 30, 2024 at 7:06 AM
Being a piece of malware must be terrifying. An omniscient being can stop time, change your environment at will, pick you apart piece by piece until all your secrets are revealed, before you are catalogued, hunted down, and destroyed.
Small non-malicious functions coming together maliciously is always hard to detect.
securelist.com/bellacpp-cpp...
securelist.com/bellacpp-cpp...
Kaspersky discovers C++ version of BellaCiao malware
While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed "BellaCPP".
securelist.com
December 26, 2024 at 7:35 AM
Small non-malicious functions coming together maliciously is always hard to detect.
securelist.com/bellacpp-cpp...
securelist.com/bellacpp-cpp...
Wow, epic fail by Fortinet. Took them 19 months after disclosure to release a security bulletin, 9 months after the zero day was published publicly.
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.
Fortinet warns of FortiWLM bug giving hackers admin privileges
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.
www.bleepingcomputer.com
December 19, 2024 at 5:29 PM
Wow, epic fail by Fortinet. Took them 19 months after disclosure to release a security bulletin, 9 months after the zero day was published publicly.
Quite a detailed but easy read on the TTPs of a threat actor
Proofpoint has published a report detailing new activity from #TA397 (AKA Bitter), a prominent South Asian advanced persistent threat (APT) group.
The campaign, which took place in November 2024, targeted a defense sector organization in Turkey.
Read the blog: ow.ly/z81o50UshPt.
The campaign, which took place in November 2024, targeted a defense sector organization in Turkey.
Read the blog: ow.ly/z81o50UshPt.
Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs | Proofpoint US
Key findings Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar. The attack...
ow.ly
December 18, 2024 at 2:59 AM
Quite a detailed but easy read on the TTPs of a threat actor
A great recap on some of the not so great cyber threats that have occurred this year ~
New Blog! Top 10 Cyber Threats of 2024
Overall, this year was full of mega breaches, government hacking campaigns, massive ransomware attacks, disruptive ICS attacks, and global technology failures
blog.bushidotoken.net/2024/12/top-...
#cybercrime #infosec #malware #cybersecurity
Overall, this year was full of mega breaches, government hacking campaigns, massive ransomware attacks, disruptive ICS attacks, and global technology failures
blog.bushidotoken.net/2024/12/top-...
#cybercrime #infosec #malware #cybersecurity
Top 10 Cyber Threats of 2024
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
blog.bushidotoken.net
December 11, 2024 at 8:42 AM
A great recap on some of the not so great cyber threats that have occurred this year ~
"Compliance-based mindset" - this criticism really pisses me off when I hear management declare that it is the root of all our problems.
It's not a mindset.
It is a coping mechanism when you overload people and don't give them any space or time to do their jobs well.
It's not a mindset.
It is a coping mechanism when you overload people and don't give them any space or time to do their jobs well.
December 6, 2024 at 11:53 PM
"Compliance-based mindset" - this criticism really pisses me off when I hear management declare that it is the root of all our problems.
It's not a mindset.
It is a coping mechanism when you overload people and don't give them any space or time to do their jobs well.
It's not a mindset.
It is a coping mechanism when you overload people and don't give them any space or time to do their jobs well.
Another fantastic analysis from the people at DFIR Report. What I'm seeing is that there is an increasing trend of threat actors using creative social engineering to get around defences, augmented with AI, proving once again, you can't really patch people.
Check out our new report on a TA4557 intrusion.
Make sure your team that handles resumes recognises these fake lures!
Make sure your team that handles resumes recognises these fake lures!
December 3, 2024 at 3:28 PM
Another fantastic analysis from the people at DFIR Report. What I'm seeing is that there is an increasing trend of threat actors using creative social engineering to get around defences, augmented with AI, proving once again, you can't really patch people.
Studying after work is hard, but I know it's necessary, especially for cybersec. Cheers to you 🍻 who finds the energy after work and life to sit and learn something new :)
December 3, 2024 at 3:25 PM
Studying after work is hard, but I know it's necessary, especially for cybersec. Cheers to you 🍻 who finds the energy after work and life to sit and learn something new :)
It's hard to do so when we are owning less and less of the devices we have these days
The burden of catching malware or adware should not be placed on the consumer. www.eff.org/deeplinks/20...
One Down, Many to Go with Pre-Installed Malware on Android
Last year, we investigated a Dragon Touch children’s tablet (KidzPad Y88X 10) and confirmed that it was linked to a string of fully compromised Android TV Boxes that also had multiple reports of malwa...
www.eff.org
December 3, 2024 at 12:53 AM
It's hard to do so when we are owning less and less of the devices we have these days
MacOS is the distro you settle for once you cut your teeth on other Linux distros
December 3, 2024 at 12:50 AM
MacOS is the distro you settle for once you cut your teeth on other Linux distros
I've been thinking... what would a strike in cybersec look like? I mean, things will keep on working for awhile since incidents don't happen every day.
December 1, 2024 at 12:38 AM
I've been thinking... what would a strike in cybersec look like? I mean, things will keep on working for awhile since incidents don't happen every day.
Some fantastic RE by the folks at Trend Micro on the malware used to automate a residential botnet proxy operation.
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
www.trendmicro.com
November 30, 2024 at 3:16 PM
Some fantastic RE by the folks at Trend Micro on the malware used to automate a residential botnet proxy operation.
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Some great infosec/cybersecurity deals: github.com/0x90n/InfoSe...
GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday
All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday
github.com
November 30, 2024 at 12:08 AM
Some great infosec/cybersecurity deals: github.com/0x90n/InfoSe...
"Mira stop sniffing your computer"
I love the smell of new computers. Is there a "Newly opened Macbook Pro" air freshener scent? Because I would buy a ton of that.
Yes I know it is off-gassing. Sue me.
I love the smell of new computers. Is there a "Newly opened Macbook Pro" air freshener scent? Because I would buy a ton of that.
Yes I know it is off-gassing. Sue me.
November 29, 2024 at 10:36 AM
"Mira stop sniffing your computer"
I love the smell of new computers. Is there a "Newly opened Macbook Pro" air freshener scent? Because I would buy a ton of that.
Yes I know it is off-gassing. Sue me.
I love the smell of new computers. Is there a "Newly opened Macbook Pro" air freshener scent? Because I would buy a ton of that.
Yes I know it is off-gassing. Sue me.
This is the way
.
.
.
.
/s 🤣
.
.
.
.
/s 🤣
A lot of people have suggested using a machine dedicated solely to examining suspicious USB keys.
Good advice. This is why I have kept a Windows XP machine on the office network, with full Internet access to so I can keep McAfee up to date.
Good advice. This is why I have kept a Windows XP machine on the office network, with full Internet access to so I can keep McAfee up to date.
November 28, 2024 at 3:07 AM
This is the way
.
.
.
.
/s 🤣
.
.
.
.
/s 🤣