ANY.RUN<p>🚨 New <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> campaign uses <a href="https://infosec.exchange/tags/DBatLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DBatLoader</span></a> to drop <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> RAT.<br>The infection relies on <a href="https://infosec.exchange/tags/UAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UAC</span></a> bypass with mock directories, obfuscated .cmd scripts, Windows <a href="https://infosec.exchange/tags/LOLBAS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LOLBAS</span></a> techniques, and advanced persistence techniques. At the time of analysis, the samples had not yet been submitted to <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> ⚠️</p><p>🔗 Execution chain:<br><a href="https://infosec.exchange/tags/Phish" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phish</span></a> ➡️ Archive ➡️ DBatLoader ➡️ CMD ➡️ SndVol.exe (Remcos injected) </p><p>👨💻 <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> allows analysts to quickly uncover stealth techniques like LOLBAS abuse, injection, and UAC bypass, all within a single interactive analysis session. See analysis: <a href="https://app.any.run/tasks/c57ca499-51f5-4c50-a91f-70bc5a60b98d/?utm_source=mastodon&utm_medium=post&utm_campaign=dbatloader&utm_term=150525&utm_content=linktoservice" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/c57ca499-51f</span><span class="invisible">5-4c50-a91f-70bc5a60b98d/?utm_source=mastodon&utm_medium=post&utm_campaign=dbatloader&utm_term=150525&utm_content=linktoservice</span></a></p><p>🛠️ Key techniques:<br>🔹 <a href="https://infosec.exchange/tags/Obfuscated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Obfuscated</span></a> with <a href="https://infosec.exchange/tags/BatCloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BatCloak</span></a> .cmd files are used to download and run <a href="https://infosec.exchange/tags/payload" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>payload</span></a>.<br>🔹 Remcos injects into trusted system processes (SndVol.exe, colorcpl.exe). <br>🔹 Scheduled tasks trigger a Cmwdnsyn.url file, which launches a .pif dropper to maintain persistence. <br>🔹 Esentutl.exe is abused via LOLBAS to copy cmd.exe into the alpha.pif file. <br>🔹 UAC bypass is achieved with fake directories like “C:\Windows “ (note the trailing space), exploiting how Windows handles folder names. </p><p>⚠️ This threat uses multiple layers of stealth and abuse of built-in Windows tools. Behavioral detection and attention to unusual file paths or another activity are crucial to catching it early. <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANYRUN</span></a> Sandbox provides the visibility needed to spot these techniques in real time 🚀</p>
Recent searches
No recent searches
Search options
Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
278active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#virustotal
0 posts · 0 participants · 0 posts today
Radio Azureus<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ErikvanStraten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ErikvanStraten</span></a></span> </p><p>Dankjewel voor deze verhelderende uitleg. Ik heb er niet bij stilgestaan dat door Cloudflare grote blokken van het internet letterlijk kunnen worden uitgeschakeld, door simpelweg een script te draaien</p><p><a href="https://mastodon.social/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://mastodon.social/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://mastodon.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://mastodon.social/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://mastodon.social/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://mastodon.social/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://mastodon.social/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://mastodon.social/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://mastodon.social/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://mastodon.social/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://mastodon.social/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://mastodon.social/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://mastodon.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://mastodon.social/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://mastodon.social/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://mastodon.social/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://mastodon.social/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://mastodon.social/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://mastodon.social/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://mastodon.social/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://mastodon.social/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://mastodon.social/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://mastodon.social/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://mastodon.social/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://mastodon.social/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Käsekuchen<p>Dang... The <a href="https://social.anoxinon.de/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firefox</span></a> alternative <a href="https://social.anoxinon.de/tags/Librewolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Librewolf</span></a> actually is flagged by <a href="https://social.anoxinon.de/tags/Virustotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Virustotal</span></a> </p><p>🤬 Fuck this shit, purge, rollback and set new passwords. Next time I better listen to <span class="h-card" translate="no"><a href="https://infosec.exchange/@znovak" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>znovak</span></a></span> <a href="https://social.anoxinon.de/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@SandraDeHaan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SandraDeHaan</span></a></span> schreef: "Ook NL heeft zich afhankelijk gemaakt van Amerikaanse digitale infrastructuur (o.a. cloud-diensten)."</p><p>Daar waarschuw ik al langer voor (zie <a href="https://security.nl/posting/684958" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/684958</span><span class="invisible"></span></a> van 6-1-2021 toen ik de bestorming van het Capitool zag, en zie bovenaan die pagina).</p><p>En gisteren nog: <a href="https://infosec.exchange/@ErikvanStraten/114042082778156313" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114042082778156313</span></a></p><p>En de NL overheid gaat daar, op advies van "experts" (anoniem natuurlijk) gewoon in mee: <a href="https://security.nl/posting/876914" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876914</span><span class="invisible"></span></a>.</p><p>Hoe NAÏEF kunnen we zijn?!</p><p>En waarom een EV-certificaat, bijv. van de Rabobank, 1FA (en DV nauwelijks veiliger dan DNS is - een notoir onveilig protocol): <a href="https://security.nl/posting/877247" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/877247</span><span class="invisible"></span></a>.</p><p>P.S. Helaas heb ik Bert Hubert moeten bliokken nadat hij IDF-propagandaspam uit Auschwitz had geboost.</p><p><a href="https://infosec.exchange/tags/Availability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Availability</span></a> <a href="https://infosec.exchange/tags/Beschikbaarheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Beschikbaarheid</span></a> <a href="https://infosec.exchange/tags/Cinfidentiality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cinfidentiality</span></a> <a href="https://infosec.exchange/tags/Vertrouwelijkheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vertrouwelijkheid</span></a> <a href="https://infosec.exchange/tags/Integrity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Integrity</span></a> <a href="https://infosec.exchange/tags/Integriteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Integriteit</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Authenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticiteit</span></a> <a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a>.<a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a>#Trump <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p>Risico Cloudflare (+Trump)</p><p>Toevoeging 21 maart 2025 {<br>Cloudflare bekijkt uw wachtwoorden (en 2FA codes), en zou daarmee desgewenst als u kunnen inloggen op uw accounts. Ze geven dat impliciet zelf toe: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a>. Bron: <a href="https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">benjojo.co.uk/u/benjojo/h/cR4d</span><span class="invisible">JWj3KZltPv3rqX</span></a>.<br>}</p><p>🌦️ Achter Cloudflare<br>Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> (let op, daar staat https:// vóór, Mastodon verstopt dat) in uw browser:</p><p> browser <-1-> Cloudflare <-2-> <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a></p><p>⛓️💥 Géén E2EE<br>Bij zeer veel websites (<a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> is een voorbeeld) is er sprake van twee *verschillende* verbindingen, dus beslist geen E2EE = End-to-End-Encryption (voor zover dat überhaupt nog wat zegt als de "echte" een cloud-server van Google, Microsoft of Amazon is).</p><p>🕋 CDN's<br>Cloudflare, een CDN (Content Delivery Network), heeft een wereldomspannend netwerk met "tunnel"-servers in computercentra van de meeste internetproviders. Waarschijnlijk ook bij u "om de hoek".</p><p>🔥 DDoS-aanvallen<br>Dat is werkt uitstekend tegen DDoS (Distributed Denial of Service) aanvallen. Ook zorgen CDN's voor veel snellere communicatie (mede doordat plaatjes e.d. op een web van servers "gecached" worden) - ook als de "echte" server aan de andere kant van de wereld staan.</p><p>🚨 Nadelen<br>Maar dit is NIET zonder prijs! Cloudflare kan namelijk *meekijken* in zeer veel "versleuteld" netwerkverkeer (en dat zelfs, desgewenst, wijzigen).</p><p>🚦 Nee, niet *u*<br>Ook kunnen Cloudflare-klanten allerlei regels instellen waar bezoekers aan moeten voldoen, en hen als "ongewenst" bezoek blokkeren (ook *criminele* klanten maken veelvuldig gebruik van deze mogelijkheid, o.a. om te voorkómen dat de makers van virusscanners nepwebsites op kwaadaardige inhoud kunnen checken).<br>Aanvulling 14:39: { zo kan ik, met Firefox Focus onder Android, <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> *niet* openen, ik zie dan een pagina waarin o.a. staat "Even geduld, de website van Centrum Informatie en Documentatie Israël (CIDI) is aan het verifiëren of de verbinding veilig is. Please unblock challenges.cloudflare.com to proceed."<br>}</p><p>😎 Men In Black<br>Omdat Cloudflare een (tevens) in de VS gevestigd bedrijf is, moeten zij voldoen aan de Amerikaanse FISA section 702 wetgeving. Dat betekent dat hen opgedragen kan worden om internetverkeer te monitoren, en zij daar een zwijgplicht over hebben. Terwijl Amerikanen al minder privacy-rechten hebben dan Europeanen, hebben *niet*-Amerikanen *nul* privacyrechten volgens genoemde FISA wet.</p><p>🔓 Knip<br>Dat https-verbindingen via Cloudflare niet E2EE zijn, blijkt uit onderstaand plaatje (dat vast méér mensen wel eens gezien hebben).</p><p>📜 Certificaten en foutmeldingen<br>Dat plaatje kan, zonder certificaatfoutmeldingen, ALLEEN bestaan als Cloudflare een geldig authenticerend website-certificaat (een soort paspoort) heeft voor, in dit geval, <a href="https://bleepingcomputer.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bleepingcomputer.com</span><span class="invisible"></span></a> - en dat hébben ze. Voor MILJOENEN websites.</p><p>🛃 MitM<br>Cloudflare (maar ook anderen, zoals Fastly) zijn een MitM (Man in the Middle).</p><p>🤔 De tweede verbinding?<br>Uw browser heeft, grotendeels transparant, een E2EE-verbinding met een Cloudflare server. U heeft géén idee wat voor soort verbinding Cloudflare met de werkelijke website heeft (is dat überhaupt https, en een veilige variant daarvan? Wat doet Cloudflare als het certificaat van de website verlopen is? Etc).</p><p>👽 AitM<br>En zodra een MitM kwaadaardig wordt, noemen we het een AitM (A van Attacker of Adversary).</p><p>🗽 Trump<br>Als Trump Cloudflare opdraagt om geen diensten meer aan NL of EU te leveren, werkt hier HELEMAAL NIETS MEER en dondert onze economie als een kaartenhuis in elkaar.</p><p>🃏 DV-certs<br>Dat Cloudflare een website-certificaat voor bijvoorbeeld <a href="https://vvd.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vvd.nl</span><span class="invisible"></span></a> of <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> heeft verkregen, zou vreemd moeten zijn. Dit is echter een peuleschil "dankzij" DV (Domain Validated) certificaten (het lievelingetje van Google) die het internet steeds onveiliger maken en waar ook onze overheid "voor gevallen is" (zie <a href="https://infosec.exchange/@ErikvanStraten/114032329847123742" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114032329847123742</span></a>).</p><p>😱 Nepwebsites<br>Maar dit is nog niet alles: steeds meer criminele nepwebsites *verstoppen* zich achter Cloudflare, waar zijzelf (crimineel) geld aan verdient. Zie bijvoorbeeld <a href="https://security.nl/posting/876655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876655</span><span class="invisible"></span></a> (of kijk eens in het "RELATIONS" tabblad van <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a> en druk enkele keren op •••).</p><p><a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@jwijnings" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jwijnings</span></a></span> : community-based klinkt leuk, maar ik vrees dat dit niet werkt in de praktijk: criminelen zullen er *alles* aan doen om hun sites positief te laten scoren.</p><p>PGP is niet voor niets totaal niet schaalbaar gebleken, en criminelen hebben public keys op naam van anderen op publieke keyservers geplaatst - waar de mensen met die namen *niets* tegen kunnen doen.</p><p>En een browser-plugin is véél te vrijwillig, dat wordt niks.</p><p>Linksom of rechtsom ontkom je er m.i. niet aan om één of meer derde partijen (certificaatuitgevers) te vertrouwen, die (meer of minder betrouwbaar) de identiteit van verantwoordelijken voor websites vaststellen (maar dit moet je beslist niet aan big tech zelf overlaten, zoals nu gebeurt).</p><p>De "community" (betrouwbare daaruit, en/of objectieve auditors) zouden vervolgens herhaaldelijk moeten vaststellen hoe betrouwbaar elke *CERTIFICAAT-UITGEVER* is.</p><p>• Van elke website waarvan de verantwoordelijke ANONIEM is, moeten browsers dit klip en klaar aangeven (en bij doorklikken op de risico's wijzen.</p><p>• Van elke website waarvan de verantwoordelijke NIET anoniem is, moeten browsers het volgende klip en klaar aangeven:</p><p>1) wie de verantwoordelijke is</p><p>2) hoe betrouwbaar de identiteit van de verantwoordelijke is vastgesteld</p><p>3) hoe betrouwbaar de certificaatverstrekker door "de community" voor het laatst werd beoordeeld, wanneer en door wie.</p><p>En dit alles met eenvoudig vindbare uitgebreide en duidelijke toeliching waar de internetter rekening mee moet houden, inclusief dat een https websitecertificaat *NIETS* zegt over de betrouwbaarheid van die site en diens eigenaar, maar wel dat je weet HOE BETROUWBAAR je weet WIE DE VERANTWOORDELIJKE is.</p><p>Alle info over de verantwoordelijke hoeft niet bij elk bezoek in je gezicht te worden gedrukt, maar in elk geval bij het eerste bezoek van een domeinnaam, en bij elke certificaatswijziging. Geo-info over het actuele IP-adres (vestigingsland) kan ook zinvol zijn.</p><p>Om dit effectief uit de grond te stampen, moet de EU elke browsermaker verplichten om dit te faciliteren. Zonder dwang wordt het niks.</p><p>P.S. ik weet nu ook een phishing domeinnaam met "google" er in, die zich afgelopen jaar achter Cloudflare verstopte - en was voorzien van een door GOOGLE uitgegeven certificaat.</p><p>Het kan big tech echt geen ruk schelen.</p><p>De meeste mensen zien het niet, maar met een beetje zoeken ontdek je al snel dat we, bij het internetten, aan het koorddansen zijn - zonder evenwichtsstok en zonder valbescherming.</p><p>Via een domeinnaam in <a href="https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.sekoia.io/targeted-supply</span><span class="invisible">-chain-attack-against-chrome-browser-extensions/</span></a> vond ik weer een hele reeks IP-adressen in de US en FR met bergen nepsites, met o.a. waadaardige Chrome extensies zoals hieronder te zien is (uit <a href="https://www.virustotal.com/gui/domain/chatgptextension.site/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/chat</span><span class="invisible">gptextension.site/relations</span></a>):</p><p><a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a></p>
Erik van Straten<p>Google is kwaadaardig</p><p>Extreem zelfs, zij hosten -zonder blikken of blozen- zelfs phishingwebsites met de volgende URL's (ik heb ".com" vervangen door "·com", met "hoge" punt, en de '/' door '⧸', om onbedoeld openen te voorkómen):</p><p> https:⧸⧸helpdesk-google·com<br> https:⧸⧸cancel-google·com<br> https:⧸⧸adsupport-google·com</p><p>Veel meer info in <a href="https://www.security.nl/posting/872651/https%3A__cancel-google%C2%B7com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/872651/htt</span><span class="invisible">ps%3A__cancel-google%C2%B7com</span></a>.</p><p>Edit 15:14: ik zie dat de redactie van security.nl mijn artikel heeft verwijderd (tot zover vrijheid van meningsuiting). Ik had het artikel gearchiveerd: <a href="https://archive.is/3UwWn" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">archive.is/3UwWn</span><span class="invisible"></span></a>.</p><p><a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/Cybercriminaliteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercriminaliteit</span></a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://infosec.exchange/tags/GoogleCloudHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleCloudHosting</span></a> <a href="https://infosec.exchange/tags/CloudHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudHosting</span></a> <a href="https://infosec.exchange/tags/Hosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hosting</span></a> <a href="https://infosec.exchange/tags/CloudProviders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudProviders</span></a> <a href="https://infosec.exchange/tags/BigTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTech</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DomainValidated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainValidated</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/FakeWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebSites</span></a> <a href="https://infosec.exchange/tags/FakeSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeSites</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ryanrowcliffe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ryanrowcliffe</span></a></span> : passkeys are easily lost (I can lookup screenshots) and they don't help for fake sites that you do not have an account for.</p><p>Sites as can be seen in <a href="https://www.virustotal.com/gui/ip-address/43.135.155.204/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">43.135.155.204/relations</span></a> (said IP is detected by 18/94 virusscanners, according to VT).</p><p>Or a site that spoofs one that you do have an account for, such as your bank, and asks you to enter confidential/PII data without having to log in. The scammers subsequently call you, saying they're employees from your bank, and lie to you that criminals may have access to your bank account. You best act quickly by transferring your money to some other "safe vault" bank accout number. They'll offer to help you, provided that you install a RAT such as AnyDesk.</p><p>We're not fixing an extremely criminalized internet by using passkeys.</p><p><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/FakeSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeSites</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a></p>
✍️ Eljo #MorpurgoMedia<p>Linux in opmars en kan zich eindelijk meten met Windows en Apple. Eerste virus gevonden gericht op Linux UEFI boot.</p><p><a href="https://datanews.knack.be/nieuws/security/onderzoekers-vinden-eerste-uefi-bootkit-voor-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datanews.knack.be/nieuws/secur</span><span class="invisible">ity/onderzoekers-vinden-eerste-uefi-bootkit-voor-linux/</span></a></p><p><a href="https://mastodon.nl/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> <a href="https://mastodon.nl/tags/virus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virus</span></a> <a href="https://mastodon.nl/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.nl/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.nl/tags/bootkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bootkit</span></a> <a href="https://mastodon.nl/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a> <a href="https://mastodon.nl/tags/eset" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eset</span></a> <a href="https://mastodon.nl/tags/virustotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virustotal</span></a> <a href="https://mastodon.nl/tags/masterbootrecord" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>masterbootrecord</span></a> <a href="https://mastodon.nl/tags/morpurgoMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>morpurgoMedia</span></a></p>
Pyrzout :vm:<p>Researchers unearth two previously unknown Linux backdoors <a href="https://www.helpnetsecurity.com/2024/11/21/linux-backdoors-wolfsbane-firewood/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2024/11/21</span><span class="invisible">/linux-backdoors-wolfsbane-firewood/</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://social.skynetcloud.site/tags/threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threat</span></a> <a href="https://social.skynetcloud.site/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESET</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT</span></a></p>
@infosec_jcp 🐈🃏 done differently<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@screaminggoat" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>screaminggoat</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cR0w</span></a></span> </p><p>Why not adapt the <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> upload plugin to send to VT... BEFORE sending it to the web browser?</p><p> QR<br>Code<br>👉👈</p>
@infosec_jcp 🐈🃏 done differently<p>This one node is quite the repeat offender in attacccing as a many year logged attaccc server of exploits.</p><p><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> </p><p>Fastly DNS GammaGroup FinFisher FinSpy<br> Attaccc Node Proxy IP : 151.101.3.52</p><p><a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <br><a href="https://infosec.exchange/tags/GamaGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GamaGroup</span></a> <a href="https://infosec.exchange/tags/FinFisher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinFisher</span></a> <a href="https://infosec.exchange/tags/FinSpy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinSpy</span></a> <a href="https://infosec.exchange/tags/AttacccProxyServers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AttacccProxyServers</span></a> </p><p><a href="https://www.virustotal.com/graph/embed/gb9b1ac4d7a0b43cca8c9f4c64c4de986253c61a64c1a4409af770b990ce18db6" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/graph/embed/gb9</span><span class="invisible">b1ac4d7a0b43cca8c9f4c64c4de986253c61a64c1a4409af770b990ce18db6</span></a></p><p>Rescanned today after 2 months of not being scanned.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/CALEAMalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CALEAMalware</span></a> <a href="https://infosec.exchange/tags/GreyMarketInvestigations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreyMarketInvestigations</span></a> <a href="https://infosec.exchange/tags/RTDNA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RTDNA</span></a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Taylor Parizo<p>VirusTotal adds JA4 support!</p><p><a href="https://blog.virustotal.com/2024/10/unveiling-hidden-connections-ja4-client.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.virustotal.com/2024/10/un</span><span class="invisible">veiling-hidden-connections-ja4-client.html</span></a><br><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/JA4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JA4</span></a></p>
ITSEC News<p>This Windows PowerShell Phish Has Scary Potential - Many GitHub users this week received a novel phishing email warning of critical se... <a href="https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2024/09/th</span><span class="invisible">is-windows-powershell-phish-has-scary-potential/</span></a> <a href="https://schleuss.online/tags/microsoftpowershell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftpowershell</span></a> <a href="https://schleuss.online/tags/alittlesunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>alittlesunshine</span></a> <a href="https://schleuss.online/tags/latestwarnings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>latestwarnings</span></a> <a href="https://schleuss.online/tags/virustotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virustotal</span></a>.com <a href="https://schleuss.online/tags/lummastealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lummastealer</span></a> <a href="https://schleuss.online/tags/webfraud2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webfraud2</span></a>.0 <a href="https://schleuss.online/tags/captcha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>captcha</span></a> <a href="https://schleuss.online/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a></p>
@infosec_jcp 🐈🃏 done differently<p>Exec Summary : </p><p>No. It Doesn't look Safe.</p><p>You be the ☣️🔍👩⚖️ judge, though.<br> 👇</p><p><a href="https://infosec.exchange/tags/SubClub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SubClub</span></a> 🔍🧐 <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a><br> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/investigations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>investigations</span></a> <a href="https://infosec.exchange/tags/RTDNA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RTDNA</span></a> </p><p>https://sub .club 🔍🧐 <br>Fediverse Monetization Subscription Service - Scanned on 09/01/2024</p><p><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <br><a href="https://www.virustotal.com/graph/embed/g19fa1790209f4b94a0c6c868ca22d48939dc9253402d4a778fed49306bb2fb50" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/graph/embed/g19</span><span class="invisible">fa1790209f4b94a0c6c868ca22d48939dc9253402d4a778fed49306bb2fb50</span></a></p><p><a href="https://infosec.exchange/tags/TheVerge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TheVerge</span></a> Story about Monetization via this web site on the <a href="https://infosec.exchange/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediverse</span></a> </p><p><a href="https://www.theverge.com/2024/9/1/24232298/sub-club-fediverse-make-money" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theverge.com/2024/9/1/24232298</span><span class="invisible">/sub-club-fediverse-make-money</span></a></p>
@infosec_jcp 🐈🃏 done differently<p><a href="https://infosec.exchange/tags/GammaGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GammaGroup</span></a> <a href="https://infosec.exchange/tags/FinFisher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinFisher</span></a> <a href="https://infosec.exchange/tags/FinSpy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinSpy</span></a> <a href="https://infosec.exchange/tags/Finsky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Finsky</span></a> <br><a href="https://infosec.exchange/tags/Systemapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Systemapp</span></a> callback shim :</p><p> <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> host : </p><p>ec2-54-187-55-136.us-west-2.compute.amazonaws.com</p><p>Never before scanned attaccc host.</p><p><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <br><a href="https://www.virustotal.com/graph/embed/g53e1b16f932b448cbe04e28c4852cd7fb072ec70761d4691bf0d7a2283b7dc59" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/graph/embed/g53</span><span class="invisible">e1b16f932b448cbe04e28c4852cd7fb072ec70761d4691bf0d7a2283b7dc59</span></a></p>
@infosec_jcp 🐈🃏 done differently<p>New 1+yr since being scanned <a href="https://infosec.exchange/tags/GammaGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GammaGroup</span></a> <a href="https://infosec.exchange/tags/FinFisher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinFisher</span></a> <a href="https://infosec.exchange/tags/FinSpy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinSpy</span></a> <a href="https://infosec.exchange/tags/Finsky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Finsky</span></a> </p><p><a href="https://infosec.exchange/tags/SystemApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemApp</span></a> callback host shim<br>⚠️<br>☣️<br>👇<br>143-244-50-85.bunnyinfra.net</p><p><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <br><a href="https://www.virustotal.com/graph/embed/g20f593b16e6d40d78c64d9a4e45f4cdd34994ba193c8427fa5e8d3fe35f48452" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/graph/embed/g20</span><span class="invisible">f593b16e6d40d78c64d9a4e45f4cdd34994ba193c8427fa5e8d3fe35f48452</span></a></p>
@infosec_jcp 🐈🃏 done differently<p>Today is brought to you by a <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> inception on <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> in a picture. ⚠️👉☣️</p>
@infosec_jcp 🐈🃏 done differently<p><span class="h-card" translate="no"><a href="https://mastodon.online/@lhn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lhn</span></a></span> </p><p>Anyone do a <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> on that app? 📱🔍🧐</p><p><a href="https://infosec.exchange/@Techmeme@techhub.social/112966201849301682" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@Techmeme@tec</span><span class="invisible">hhub.social/112966201849301682</span></a></p>
@infosec_jcp 🐈🃏 done differently<p>X.x.137.95</p><p><a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <br><a href="https://www.virustotal.com/graph/embed/g684fd469d7a3454296a315370b37b119db7e7adc5cb04ee8b6d58d91e67ee570" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/graph/embed/g68</span><span class="invisible">4fd469d7a3454296a315370b37b119db7e7adc5cb04ee8b6d58d91e67ee570</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload