kid

joined 9 months ago
MODERATOR OF
cybersecurity
sorted by: new top controversial old
8
Fortra Reports Alarming Increase In Abuse Of Cloudflare Services (informationsecuritybuzz.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
5
Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices (www.trendmicro.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
 

  • Water Barghest, which comprised over 20,000 IoT devices by October 2024, monetizes IoT devices by exploiting vulnerabilities and quickly enlisting them for sale on a residential proxy marketplace.

  • Its botnet uses automated scripts to find and compromise vulnerable IoT devices sourced from public internet scan databases like Shodan.

  • Once IoT devices are compromised, the Ngioweb malware is deployed, which runs in memory and connects to command-and-control servers to register the compromised device as a proxy.

  • The monetization process, from initial infection to the availability of the device as a proxy on a residential proxy marketplace, can take as little as 10 minutes, indicating a highly efficient and automated operation.

42
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (thehackernews.com)
submitted 1 week ago by kid to c/cybersecurity
4 comments fedilink
8
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (thehackernews.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
16
Zero-Day Exploitation Targeting Palo Alto Networks Firewall (www.rapid7.com)
submitted 1 week ago by kid to c/cybersecurity
1 comments fedilink
12
ChatGPT allows access to underlying sandbox OS, “playbook” data (www.bleepingcomputer.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
9
Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories (www.securityweek.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
6
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns (www.infosecurity-magazine.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
9
Embargo ransomware claims breach of US pharmacy network (www.theregister.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
4
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (thehackernews.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
14
Leaked info of 122 million linked to B2B data aggregator breach (www.bleepingcomputer.com)
submitted 1 week ago by kid to c/cybersecurity
0 comments fedilink
4
Zoom addressed two high-severity issues in its platform (securityaffairs.com)
submitted 2 weeks ago by kid to c/cybersecurity
0 comments fedilink
Truck-to-truck worm could infect entire US fleet in c/cybersecurity
[–] kid 1 points 8 months ago (1 children)

Not following... Since this is a cybersecurity com, I assume that many of us work in this area, literally defending people and organizations from attackers and scammers. That's why I said some of us make a living out of this in a sad way.

Truck-to-truck worm could infect entire US fleet in c/cybersecurity
[–] kid 3 points 8 months ago (3 children)

Sad, but some of us make a living out of this. But still sad (and true).

Of course if that was not the case we could employ our sorry minds to something more constructive.

Microsoft confirms Windows Server issue behind domain controller crashes in c/cybersecurity
[–] kid 8 points 8 months ago

Stop giving me your toughest battles

Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems in c/cybersecurity
[–] kid 1 points 8 months ago

IoCs from original research:

Hashes

267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b 54/70

d6ac21a409f35a80ba9ccfe58ae1ae32883e44ecc724e4ae8289e7465ab2cf40 54/71

ad4d196b3d85d982343f32d52bffc6ebfeec7bf30553fa441fd7c3ae495075fc

13c017cb706ef869c061078048e550dba1613c0f2e8f2e409d97a1c0d9949346

b376a3a6bae73840e70b2fa3df99d881def9250b42b6b8b0458d0445ddfbc044

Domains

hanagram[.]jpthefinetreats[.]com

caduff-sa[.]chjeepcarlease[.]com

buy-new-car[.]com

carleasingguru[.]com

IP Addresses

91[.]193[.]18[.]120

_Half of North Korea's foreign currency income comes from cyberattacks in c/cybersecurity
[–] kid 1 points 8 months ago

Link to article.

'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE in c/cybersecurity
[–] kid 2 points 8 months ago* (last edited 8 months ago)

IoCs:

IOCs Hashes (SHA-256) Email – 16e6dfd67d5049ffedb8c55bee6ad80fc0283757bc60d4f12c56675b1da5bf61

Docx – 1abf56bc5fbf84805ed0fbf28e7f986c7bb2833972793252f3e358b13b638bb1

Injected ZIP – 95898c9abce738ca53e44290f4d4aa4e8486398de3163e3482f510633d50ee6c

LNK file – d07323226c7be1a38ffd8716bc7d77bdb226b81fd6ccd493c55b2711014c0188

Final ZIP – 94499196a62341b4f1cd10f3e1ba6003d0c4db66c1eb0d1b7e66b7eb4f2b67b6 26/64

Client32.exe – 89f0c8f170fe9ea28b1056517160e92e2d7d4e8aa81f4ed696932230413a6ce1 26/73

URLs and Hostnames yourownmart[.]com/solar[.]txt

firstieragency[.]com/depbrndksokkkdkxoqnazneifidmyyjdpji[.]txt

yourownmart[.]com

firstieragency[.]com

parabmasale[.]com

tapouttv28[.]com

IP Addresses 192[.]236[.]192[.]48

173[.]252[.]167[.]50

199[.]188[.]205[.]15

46[.]105[.]141[.]54

Others Message ID contains: “sendinblue[.]com”

Return Path contains: “sender-sib[.]com”

Source

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme in c/cybersecurity
[–] kid 2 points 8 months ago

For the IoCs, check the original research.

Chinese Earth Krahang hackers breach 70 orgs in 23 countries in c/cybersecurity
[–] kid 3 points 8 months ago* (last edited 8 months ago)

IoCs.

Most with good detection, but some with no detection at all, according to VT.

Edit: typo

Increase in the number of phishing messages pointing to IPFS and to R2 buckets - SANS Internet Storm Center in c/cybersecurity
[–] kid 3 points 8 months ago

Normally web filters categorize IPFS gateways as p2p, and most organizations block this category.

SIM swappers hijacking phone numbers in eSIM attacks in c/cybersecurity
[–] kid 4 points 8 months ago

From the text:

Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own. They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.

No need for social engineering.

SIM swappers hijacking phone numbers in eSIM attacks in c/cybersecurity
[–] kid 4 points 8 months ago

Hear, hear!

Meta is building a giant AI model to power its video ecosystem in c/cybersecurity
[–] kid 1 points 8 months ago

Unfortunately, this is the really not only for Meta, but most of social platforms, gaming, e-commerce, not to mention gambling.

view more: ‹ prev next ›