Since it is back in the news here is some info on SmartLoader that mysterious LUA malware...

The name SmartLoader comes from the UserAgent string used in early builds of the malware (cc Who said what), the true name is currently unknown.

There are at least two different versions of

Ersin Buckley 「RSS tools: A set of crappy RSS scripts to handle RSS in an Unix way」

adulau.github.io/rss-tools/ #opensourced

twitter.com/adulau/status/…

——与 #RSS 有关的 #Coding 向 #开源 #工具 #项目 #分享 #crosspost

Alexandre (Alexandre Dulaunoy @[email protected]) and Jean-Louis will present 'Sharing Information and Intelligence without Disclosing It - Private Search Set (PSS)' (TLP:CLEAR), first.org/conference/fir… #FIRSTCTI24

Alexandre Dulaunoy @[email protected] @[email protected] Project: github.com/hashlookup/pri…

The Linux Foundation is excited to announce the Valkey 7.2.5 release, and support from new partners Aiven, Alibaba Cloud, Chainguard, Huawei, Percona, Heroku and Verizon.

Read the full announcement: go.aws/3Q6pDz8
#valkey #opensource

Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our Volexity team and our awesome customers & a great response from the Palo Alto Networks team.

If your open source or free software project does not use a CLA and shares copyrights among all contributors, you might consider adding the CLA FREE logo.

ossbase.org/initiatives/cl…

#opensource #cla free #cla #licensing #freesoftware #floss #Copyright

We are pleased to announce the immediate release of MISP 2.4.189, released with bug fixes, performance improvements and a new blocklist feature.

misp-project.org/2024/04/12/MIS…

#cti #opensource #misp #ThreatIntelligence

Organisations and suppliers barely manage to deal with SBOMs. This sees as yet another acronym from the money-spending-wonka-machine. #snakeoil

Campaign (from SOLAR SPIDER?) uses new version of JSOutProx. Targets finance sector in APAC and MENA. Uses fake SWIFT payment notifications. resecurity.com/blog/article/t… Indicators also in botvrij.eu botvrij.eu/data/feed-osin…

📅 Join us on May 16 in #Brussels for the 12th EU ATT&CK Community Workshop. Register now for free at eventbrite.be/e/12th-eu-attc… Centre for Cybersecurity Belgium
#CenterForThreatInformedDefense #CCBConnectAndShare Speakers: myself, Erik Van Buggenhout Kennedy Torkura Freddy Dezeure Nebu Varghese Wojciech Lesicki Ryusuke Masuoka ...

It's sad to see the community-contributed Redis logo retired. It was originally drawn by Charly Prioglio, sponsored by Citrusbyte, and was the winner of a logo competition held in 2010.😞(web.archive.org/web/2010111302…).

It feels like these community contributions are slowly being erased.

9) Correction to 4) - In 2023, Google had funded a manual security audit on xz-utils with a vendor. The audit concluded on Jan 22, 2024. The only suggestions made were to improve fuzzing coverage. Jia Tan had a relieved response - “We are happy that no vulnerabilities were

Bats are out… it’s time for some detection.

#nature #bat s #bat #ultrasonic

auth bypass confirmed!

> INFO:paramiko.transport:Authentication (password) successful!

mm_keyallowed_backdoor cmd 1 allows to override the response for mm_answer_authpassword with a custom one. if you set it to { u32(9), u8(13), u32(1), u32(0) } you can login with any pass 🤓

One of my #YARA rules picked up a shell script similar to the infected.txt mentioned in Andres' email on the #xzbackdoor findings

Detected by AV
virustotal.com/gui/file/ece86…
(the mentioned one)

Undetected by AV
virustotal.com/gui/file/d2d99…
🧵

MISP - Elastic Stack - Docker

This lab explains how to connect MISP to the Elastic Stack in order to leverage IOCs from MISP and trigger alerts based on user defined rules.

misp-project.org/2024/04/05/ela…

Elastic

#elastic #misp #opensource #threatintel

Former #Wirecard -CEO Jan Marsalek and a former officer of the Austrian security service gave the Russian #FSB a laptop with the German encryption system SINA: archive.is/ClNSz

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information 'as is' while the analysis

Here are two more suspicious personas with a similar naming scheme amplifying a 'bug report'

bugs.debian.org/cgi-bin/bugrep…

krygorin4545[@]proton[.]me
misoeater91[@]tutamail[.]com