PaPPy
LightNews LightNews
banner
pappy.bsky.social
PaPPy
@pappy.bsky.social
92 followers 40 following 25 posts
All around go to guy. Enjoy video games and cyber security
Posts Replies Media Videos
Reposted by PaPPy
kikta.net
Google pushing out .zip as a TLD and then divesting their registrar business is the equivalent on pooping in the punch bowl as you leave a party

https://9to5google.com/2023/06/15/google-domains-squarespace/
June 15, 2023 at 10:08 PM
pappy.bsky.social
https://www.bleepingcomputer.com/news/security/chinese-hackers-used-vmware-esxi-zero-day-to-backdoor-vms/
Chinese hackers used VMware ESXi zero-day to backdoor VMs
VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.
www.bleepingcomputer.com
June 13, 2023 at 11:34 PM
pappy.bsky.social
Great article on recent malvertising https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there
Malvertising via brand impersonation is back again
Ads containing the official website of an impersonated brand are running again, allowing fraudsters to scam users.
www.malwarebytes.com
May 23, 2023 at 3:35 PM
pappy.bsky.social
Really cool initial access and malware graph https://onodo.org/visualizations/235067
Onodo
onodo.org
May 13, 2023 at 12:53 AM
pappy.bsky.social
@support.bsky.team how are the weekly invites granted? As I’m a week and an hour into this account and I do not have any invites. Thanks!
May 12, 2023 at 3:23 PM
pappy.bsky.social
It was trivial to come up with a POC for #CVE-2023-32243 thanks to @patchstackapp detailed write up. Already seeing it abused in the wild. #wordpress owners need to upgrade Essential Addons for Elementor plugin now and check for signs of intrusion.
May 12, 2023 at 3:47 AM
pappy.bsky.social
This will lead to a lot of hacked WordPress sites I wonder if any of the link pits are running this plugin https://www.bleepingcomputer.com/news/security/wordpress-elementor-plugin-bug-let-attackers-hijack-accounts-on-1m-sites/
WordPress Elementor plugin bug let attackers hijack accounts on 1M sites
One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site.
www.bleepingcomputer.com
May 11, 2023 at 5:23 PM
pappy.bsky.social
Great research on the Vidar Stealer https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer
eSentire Threat Intelligence Malware Analysis: Vidar Stealer
Dive deeper into the technical details gathered during eSentire’s Threat Response Unit (TRU) team’s research and threat analysis of the Vidar Stealer malware.
www.esentire.com
May 11, 2023 at 5:19 PM
pappy.bsky.social
https://www.bleepingcomputer.com/news/security/fake-in-browser-windows-updates-push-aurora-info-stealer-malware/
Fake in-browser Windows updates push Aurora info-stealer malware
A recently spotted malvertising campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.
www.bleepingcomputer.com
May 11, 2023 at 12:22 AM
pappy.bsky.social
Looking forward to seeing the POC on Monday for this LPE on Linux https://www.bleepingcomputer.com/news/security/new-linux-kernel-netfilter-flaw-gives-attackers-root-privileges/
New Linux kernel NetFilter flaw gives attackers root privileges
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
www.bleepingcomputer.com
May 10, 2023 at 7:47 PM
Reposted by PaPPy
wdormann.bsky.social
Note that the update for CVE-2023-24932 does NOT actually fix anything. It gives you the option of applying the fix yourself. Read through ALL of https://tinyurl.com/mprmsext if you want to consider applying the protection. Feel free to cry a bit and/or consider a career change.
May 9, 2023 at 7:15 PM
pappy.bsky.social
Great work by the spanish police https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-phishing-operation-linked-to-crime-ring/
Spanish police dismantle phishing operation linked to crime ring
The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.
www.bleepingcomputer.com
May 9, 2023 at 9:32 PM
pappy.bsky.social
Great work taking down DDoS services https://arstechnica.com/information-technology/2023/05/feds-seize-13-more-ddos-for-hire-platforms-in-ongoing-international-crackdown/
Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
The DDoS whack-a-mole game between law enforcement and miscreants continues.
arstechnica.com
May 9, 2023 at 3:42 PM
pappy.bsky.social
Nice article from CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
Hunting Russian Intelligence “Snake” Malware | CISA
www.cisa.gov
May 9, 2023 at 3:16 PM
pappy.bsky.social
Ouch https://techcrunch.com/2023/05/08/nextgen-healthcare-data-breach/
NextGen Healthcare says hackers accessed personal data of more than 1 million patients
NextGen Healthcare has admitted to a data breach that saw hackers access the personal data of more than 1 million patients
techcrunch.com
May 9, 2023 at 12:10 AM
pappy.bsky.social
That’s pretty funny #Microsoft #clippy
May 8, 2023 at 9:53 PM
pappy.bsky.social
Seems legit… https://www.reddit.com/r/techsupport/comments/9gwwcj/windowsdefendervbs_on_cuserspubliclibraries_is/
Reddit - Dive into anything
www.reddit.com
May 8, 2023 at 3:41 PM
pappy.bsky.social
https://cybafrique.substack.com/p/kenya-is-turning-to-spyware-again
Kenya is turning to spyware, again; African SIM cards and identities; Nigerian telcos want to be excluded from data regulation
and more infosec stories from across Africa.
cybafrique.substack.com
May 8, 2023 at 3:14 AM
pappy.bsky.social
Please educate y’all’s older folks https://www.malwarebytes.com/blog/threat-intelligence/2023/04/massive-malvertising-campaign-targets-seniors-via-fake-weebly-sites
Massive malvertising campaign targets seniors via fake Weebly sites
Scammers are buying ads on for the most common Google searches made by seniors and defrauding them with tech support scams.
www.malwarebytes.com
May 7, 2023 at 3:07 AM
pappy.bsky.social
https://abc7.com/san-bernardino-cyberattack-ransom-paid-hackers/13215833/
San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff's Department systems
The hackers encrypted San Bernardino County Sheriff's Department data, causing significant disruptions to operations.
abc7.com
May 6, 2023 at 2:44 PM
pappy.bsky.social
Stuff like this and the satellite network keep me up and employed https://www.darkreading.com/ics-ot/2-years-after-colonial-pipeline-attack-us-critical-infrastructure-remains-as-vulnerable-to-ransomware
May 6, 2023 at 2:41 AM
pappy.bsky.social
Great post on bad practices in cyber security from CISA https://www.cisa.gov/news-events/news/bad-practices-0
May 5, 2023 at 4:44 PM
pappy.bsky.social
If people haven’t upgraded their Papercut software now, this seems pretty bad https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html
May 5, 2023 at 3:23 PM
pappy.bsky.social
What prevents this individual from just starting a new domain and running the same business again? #infosec https://krebsonsecurity.com/2023/05/10m-is-yours-if-you-can-get-this-guy-to-leave-russia/
May 5, 2023 at 3:19 PM
pappy.bsky.social
Hello World! Happy to be here on #BlueSky instead of the dumpster fire!
May 5, 2023 at 3:11 PM