This year at confidenceconf I’ll be presenting on UNC4841 with my talk titled "Tales from the Deep". Join me on 27-28 May 2024 in Krakow! Get 15% off your ticket with the discount code: TEAM15 (for individual registrations). confidence-conference.org

Nice! cloud.google.com/blog/topics/th…

confidenceconf was a really impressive conference and it was an honour to present there this week. Overwhelmed by all the positive feedback! Thanks to all the organisers and attendees, I met so many great fellow experts this week. I hope to be back again one day in Kraków. 🇵🇱👨‍💻

Mandiant (part of Google Cloud) is releasing details on a data theft and extortion campaign undertaken by UNC5537, targeting Snowflake customer instances. Since April, UNC5537 has leveraged stolen credentials to target over 100 organizations. cloud.google.com/blog/topics/th…

🚨 ALERT: Mandiant (part of Google Cloud)'s #AdvancedPractices team has recently received a video message from a State nexus actor. Sharing this for general visibility. Be safe out there. cc:Ryan Kazanciyan 🚨 cameo.com/recipient/664e…

Chcecie być objęci nadzorem ABW? Zapraszamy na Oh My H@ck 2024! Nie pożałujecie ;) omhconf.pl Z pozwu przeciwko członkom Dragon Sector: NEWAG zwrócił się do ABW o usunięcie artykułów oraz "objęcie szczególnym nadzorem wszystkich uczestników konferencji Oh my Hack"

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We

We uncovered striking connections between #Olympics-related domains used for #phishing and #scams for the #Tokyo and #Paris2024 Olympics. The shared infrastructure/similarities in domain names indicate a single actor may be behind this abuse. Details at bit.ly/4fG3bYJ

“Malware distribution groups are tricky to look at as a collective, so let’s narrow it down to some of my *least* favorites…” See ya next week, mWISE Conference 🫶🏼 #mWISE2024

Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online. As a result of the leak they've shut down their operations. We've archived the leak and made it available for download on GitHub. github.com/vxunderground/…

JPCERT/CC's Tomoya Kamei writes about an attack carried out by the APT-C-60 group around August 2024. The attack involved sending emails posing as job applicants to organizations' recruitment departments, infecting them with malware. blogs.jpcert.or.jp/ja/2024/11/APT…

EXCLUSIVE: Defense Secretary Pete Hegseth last week ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions. therecord.media/hegseth-orders…

Last year, we discovered custom backdoors on Juniper Networks’ Junos OS routers and attributed this to China-nexus espionage group #UNC3886. We recommend organizations to upgrade their Juniper devices and run the JMRT Quick Scan and Integrity Check. bit.ly/3DEDXvJ

Someone has done an excellent job collecting RATs and documenting them by version. They also included images. A+ work. This is amazing (we're going to ingest this eventually) github.com/Cryakl/Ultimat…

🎉 RooCon25 is coming! 🎉 Join us on 5-6 November for our 3rd edition! As one of Australia's key cyber threat intelligence conferences, we're building on past success to make this our best event yet. Our Call for Papers opens in just one week! [1/3]

Looking forward to giving my first TEAM CYMRU research webinar tomorrow! I shall be discussing a hot topic for many: DPRK IT Workers👨🏻‍💻 Tune into this tomorrow if you’re interested in how you can use NetFlow data to detect the 🇰🇵 activities 🔍 Reg here: team-cymru.zoom.us/webinar/regist…

Live Flax Typhoon Raptor Train botnet sinkholing data now available through @shadowserver free daily Sinkhole Event and Sinkhole HTTP Event network reports: shadowserver.org/what-we-do/net… shadowserver.org/what-we-do/net… events tagged as "raptor-train" Remediate current infections!

Thank you 🙏

Make ‘em Say UNC!