Cybersecurity

5977 readers

128 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

1601

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (thehackernews.com)

submitted 10 months ago by [email protected] to c/cybersecurity

0 comments fedilink

New cyberattack campaign, DEEP#GOSU, uses PowerShell & VBScript to target Windows systems.

1602

Brazilian Authorities Arrest Members of Banking Trojan Cybercrime Group (www.darkreading.com)

submitted 10 months ago by [email protected] to c/cybersecurity

0 comments fedilink

INTERPOL assisted in the operation where analysts identified Grandoreiro group members by analyzing and matching malware samples.

1603

Chinese Earth Krahang hackers breach 70 orgs in 23 countries (www.bleepingcomputer.com)

submitted 10 months ago by [email protected] to c/cybersecurity

1 comments fedilink

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.

1604

Fujitsu found malware on IT systems, confirms data breach (www.bleepingcomputer.com)

submitted 10 months ago by kid to c/cybersecurity

1 comments fedilink

1605

Hackers Claim Accessing 740GB of Data from Viber Messaging App (www.hackread.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1606

Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (therecord.media)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1607

Russia's ruling party 'hit by cyberattack' during presidential election (www.standard.co.uk)

submitted 10 months ago by [email protected] to c/cybersecurity

3 comments fedilink

1608

CISA: CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog - RedPacket Security (www.redpacketsecurity.com)

submitted 10 months ago by [email protected] to c/cybersecurity

0 comments fedilink

CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog

1609

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer (thehackernews.com)

submitted 10 months ago by [email protected] to c/cybersecurity

0 comments fedilink

Researchers at G DATA have exposed a scheme dubbed "gitgub" on GitHub, where 17 repositories were delivering the information stealer, RisePro.

1610

Hackers exploit Aiohttp bug to find vulnerable networks (www.bleepingcomputer.com)

submitted 10 months ago by [email protected] to c/cybersecurity

0 comments fedilink

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.

1611

Why DDoS Threat Actors Are Shifting Their Tactics (www.infosecurity-magazine.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1612

IMF probing cyber security incident, source says no top managers affected (www.reuters.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1613

Cisco fixed high-severity elevation of privilege and DoS bugs (securityaffairs.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1614

Increase in the number of phishing messages pointing to IPFS and to R2 buckets - SANS Internet Storm Center (isc.sans.edu)

submitted 10 months ago by kid to c/cybersecurity

2 comments fedilink

Blocking R2 buckets could be difficult, since is widely used. IPFS could be blocked to restric p2p and block access to gateways (have a uptodate list of IPFS gateways could be challenging).

1615

Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the "Forti Forty" (www.horizon3.ai)

submitted 10 months ago by kid to c/cybersecurity

1 comments fedilink

1616

StopCrypt: Most widely distributed ransomware now evades detection (www.bleepingcomputer.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1617

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage (thehackernews.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1618

SIM swappers hijacking phone numbers in eSIM attacks (www.bleepingcomputer.com)

submitted 10 months ago by [email protected] to c/cybersecurity

5 comments fedilink

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.

1619

A patched Windows attack surface is still exploitable (malware.news)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1620

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (www.bleepingcomputer.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings.

1621

Major CPU, Software Vendors Impacted by New GhostRace Attack (www.securityweek.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1622

Andariel Hackers Attacking Asset Management Companies To Inject Malicious Code (gbhackers.com)

submitted 10 months ago* (last edited 10 months ago) by kid to c/cybersecurity

0 comments fedilink

IoC MD5 – a714b928bbc7cd480fed85e379966f95 (VT: 43/72) : AndarLoader (%SystemDirectory%\SVPNClientW.exe)

– 4f1b1124e34894398aa423200a8ab894 (VT: 43/72) : KeyLogger (%USERPROFILE%\documents\kerberos.tmp, %USERPROFILE%\kl.exe, %SystemDirectory%\dllhostsvc.exe)

– 2c69c4786ce663e58a3cc093c6d5b530 (VT: 0) : ModeLoader

– 29efd64dd3c7fe1e2b022b7ad73a1ba5 (VT: 64/73) : Mimikatz (%USERPROFILE%\mimi.exe)

C&C 주소 – privacy.hopto[.]org:443 : AndarLoader – privatemake.bounceme[.]net:443 : AndarLoader – 84.38.129[.]21 : MeshAgent – hxxp://www.ipservice.kro[.]kr/index.php : ModeLoader – hxxp://www.ipservice.kro[.]kr/view.php : ModeLoader – hxxp://www.ipservice.kro[.]kr/modeRead.php : ModeLoader – hxxp://panda.ourhome.o-r[.]kr/view.php : ModeLoader – hxxp://panda.ourhome.o-r[.]kr/modeRead.php : ModeLoader – hxxp://panda.ourhome.o-r[.]kr/modeView.php : ModeLoader – hxxp://www.mssrv.kro[.]kr/view.php : ModeLoader – hxxp://www.mssrv.kro[.]kr/modeView.php : ModeLoader – hxxp://www.mssrv.kro[.]kr/modeRead.php : ModeLoader – hxxp://www.mssrv.kro[.]kr/modeWrite.php : ModeLoader

1623

ChatGPT Spills Secrets in Novel PoC Attack (www.darkreading.com)

submitted 10 months ago by kid to c/cybersecurity

4 comments fedilink

1624

The effects of law enforcement takedowns on the ransomware landscape - Help Net Security (www.helpnetsecurity.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink

1625

Phishing Campaign Unleashes Java RATs including VCURMS and STRRAT (cybermaterial.com)

submitted 10 months ago by kid to c/cybersecurity

0 comments fedilink