Do you store your "DNS dynamic update registration credentials" in a DHCP? Cute, it means I have a new tool for you 😁😈 Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual: github.com/gtworek/PSBits…

Took some time to put the discussion from the thread below into a more coherent and digestible format. TL;DR - If you're interested how UWP and Windows desktop apps (store and other) are able to start on startup of windows without touching the Run key or any typical persistence

Update: Over 1,700 Ivanti VPN appliances have been hit by zero-day attacks, including government, military, telecom, defense, tech, finance, consulting, aerospace, and engineering sectors. Read: thehackernews.com/2024/01/nation… #infosec

Ransomware Operator Claims - Week 3 2024 dbdigest.com/2024/01/ransom… #databreach #databreaches #databreachesdigest #dataprivacy #GDPR #cybersec #cybersecurity #infosec #informationsecurity #cyberattack #hacked #malware #phishing #ransomware #ROCreport

After 30 years of cyber, I can say that someday on my gravestone, I hope someone spray paints a groundhog.

INTRODUCING: Agentic Security - LLM Security Scanner! 🔍 🔑 Features: Scans for prompt injections, jailbreaking & more. Provides detailed reports & options to customize attack rules. 🔗access the GitHub Link ↓

The new publication from DefSecSentinel explores the DPRK’s use of Python and social engineering for initial access. Check out the detailed breakdown here: go.es.io/3ZtSYsS #ElasticSecurityLabs #DPRK #Python

we're gone for 30 minutes and now people are turning walkie talkies into bombs wtf

Why is no one talking about how, if the comms supply chain was THAT compromised on so many levels, how that likely impacted the confidentiality and geo locations of Hezbollah just as much as this kinetic attack? Probably more than just explosives put in those devices.

And here we thought humans were better at machines in thinking outside of the box during a red team...

BREAKING: Someone just hacked a voting machine within seconds live on PBD's podcast. He only used a preprogrammed USB stick that gave him total access to do whatever he wanted, including flipping or creating votes out of thin air "If this would have been an election, I could

🧵Threat 1/ BREAKING: Windows Installer Sample Goes UNDETECTED! IP Linked to #Cicada3301 & #Ransomware Infra 🚨 🚨 August 2024: Under the Radar! In August, I discovered a new Windows Installer being tested with only 1 detection in VirusTotal 🛑. By September? Zero

Today the United States Securities and Exchange Commission charged four companies for intentionally misleading investors about the severity of the SolarWinds breach. In or around September 2019, APT29 a/k/a Cozy Bear a/k/a Turla Group compromised United States-based network

Ransomware attacks on the health care sector are rising and putting lives at risk, led by Iranian hackers, Microsoft said in a report Tuesday. scoopmedia.co/3YfcqHA

🔴 CVE-2024-47575: FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests (critical) / aka #FortiJump. Vulnerability used in zero-day attacks 🔥 Reported malicious IPs: - 45.32.41.202 -

Absolutely killer CMMC online workshop! No cost, just show up this Wednesday and walk away with a baseline, plan, gaps identified, and access to the same tracking tool we use ourselves! linkedin.com/posts/trustedi… #CMMC #workshop #online #NIST #DFARS

Necessity is the mother of all things.