🔎 Tracking 5⃣ ALPHV/BlackCat 🐈‍⬛ ransomware affiliates in Maltego #infosec #cti

#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability rioru (Dany Bach) and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate

As of build 25915 (latest Preview) all known API based kernel address leaks no longer work unless requested by a process with SeDebugPrivilege (only available to admin processes)

How the Scammer can hack the victim's #Telegram account & spread the Phishing link using the victim's account. So, don't click on strange links & fill in your privacy data on the website. Video Credit: Mangtx , DragonForce Disclaimer: This video is for public awareness only.

How do you know your Defender configs are implemented correctly and working? Microsoft provides various files to demo, test, and validate Defender ASR, PUA, SmartScreen etc. rules. 👉 demo.wd.microsoft.com 👉 aka.ms/mde-demos

Turn off RCS chat in your Google Messages and you will be protected against scam SMS with embedded URL (if you are using local Malaysian telcos)

This enhancement will inspect the permissions the app declared in real-time and specifically look for four permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. MASSA by MyCERT should consider these permission check //cc Fatah al Farihin

Check if impacted by CVE-2024-3094 ❓ ❌ xz -V ✔️ strings /usr/local/bin/xz | grep "(XZ Utils)" ✔️strings `which xz` | grep "(XZ Utils" ✔️for xz_p in $(type -a xz | awk '{print $NF}' | uniq); do strings "$xz_p" | grep "xz (XZ Utils)" || echo "No match found for $xz_p"; done

Welcome to the future of YARA: virustotal.github.io/yara-x/blog/ya…

Israel has turned a refugee camp into a ghost town | Khuloud Rabah Sulaiman #eiGazaDispatches bit.ly/4c9Cc5K

This active job scam targeting Malaysians hosted at Vercel platform and use social media to spread it. Scam URL: hxxps://jawatankosong.vercel.app/ Cc Vercel Support Vercel

Folks, Microsoft just released a Microsoft Recovery Tool. See details at techcommunity.microsoft.com/t5/intune-cust…

This Indonesian origin phishing site are actively using Vercel services and kept coming. Vercel needs to proactively remove and block it. Phish URL: hxxps://ewallet-touchngo.vercel.app/my19 hxxps://madanimalaysia.vercel.app/Apply4 Will update more. Cc: Vercel Support Vercel

AMARAN PANGGILAN SCAM Jika anda menerima panggilan yang mendakwa datang dari kami, sila maklum bahawa ia bukan daripada pegawai kami. Jika ada sebarang pertanyaan, sila hubungi kami melalui saluran rasmi di [email protected]

Most notorious Ransomware group Lockbit announces its next version Lockbit 4.0.

Some one is taking advantage of this previous useful domain name.

Another multi-stages malware and drop executable files hidden in JPG file. SHA-256: 6051384898e7c2e48a2ffb170d71dbf87e6410206614989a037dac7c11b8d346 SHA-256: ec89764710094e5f4bca950236f4bde332c24af846da691e1ec62ab3fd59b08c #remcos gist.github.com/alternat0r/05b…

Feeling too familiar with using Sysmon? You can use it for #redteam purposes by having it overwrite the #antimalware executable. Just like I did with #windowsdefender

CVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday? copy.fail