Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute

I have looked at 2024 malware research papers in academia and found that none of them used today's relevant malware. Families they used were old worms and viruses that had been relevant decades ago and nowadays only thrive on sandbox systems.

One of the most in depth research I ever come across. Totally deserved Marc-Etienne M.Léveillé, you can be very proud!

New APT insight from @Proofpoint: This week, Threat Insight has observed Iraninan-aligned threat group #TA453 (AKA #CharmingKitten #APT42 #MintSandstorm) continue their phishing efforts despite the recent unsealing of indictments and sanctions by the U.S. government. #IRGC

Proofpoint attributes the Voldemort malware campaign documented in August 2024 to China-aligned TA415 (aka #APT41 / #BrassTyphoon)

Hey Cyble marketing team please clarify your blog and actually credit the author of the Ransomware Vulnerability Matrix… because that would be me 🙃 otherwise others may think you made it 🤦🏻‍♂️ hxxps://cyble[.]com/blog/ransomware-vulnerability-matrix-a-comprehensive/

Andrew Thompson The main thing I use it for is to check if a port is open.. and I do that simply cause I am old school and it's my habit

Best tool ever to test for open tcp ports.

Public WiFi is so unsafe (it’s not it’s generally fine for personal/family use) that when I arp spoof and dns spoof not only do I get errors with TLS (this site doesn’t have hsts enabled) but my phone (android) literally warns me the network is acting in a suspicious manner….

Recoding a hot af podcast episode tomorrow with the Gregs all about 🇰🇵 DPRK. What threat intel questions do you have for the experts? #sleet #chollima

"reverse engineering is better than hearsay" Great quote. Feels like something Anton Cherepanov would say too!

Lots of good research this week on MacOS activity from Bluenoroff / TA444 / Sapphire Sleet New record: only one of them said Lazarus instead of Bluenoroff 😂

Not everything is a ZERO DAY...

Next monday, I'll have the privilege to chat with my colleagues Jean-Ian Boutin, Alexis Dorais-Joncas (@adorais.bsky.social) and Catherine Dupont-Gagnon (Cyber Citoyen) for a panel focused on “State-sponsored cyber attacks: current trends and impact on modern society” at #FPS2024. Join us ! 👉fps-2024.hec.ca

Rare opportunity to work with an exceptional team!

Cette information pop à droite à Haude depuis qq jours et je pense qu’il manque beaucoup de contexte alors petit thread 👇

Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line. The emails contained a password-protected RAR attachment with the malicious payload.

Vendors only have partial visibility on any campaign. What appears as highly targeted to one can be widespread to another. It is normal and expected - we all have visibility biases. Working together and combining our findings is the only way to get closer to the full picture 🤜🤛

1/16 Recently I became aware of this The Jerusalem Post breaking "News" article, which turns out to be more like a paid content: jpost.com/middle-east/ir…