Ransomware operators are terrorists

CPR discovered a network of GitHub Ghost accounts legitimizing repositories and spreading malware like #Atlantida, #Rhadamanthys, and #LummaStealer. The threat actor has possibly operated Stargazers Ghost Network as a #DaaS since August 2022. research.checkpoint.com/2024/stargazer…

AlienVault is currently flooded by fake indicators related to Call Girls service phone numbers

Scraping ransom leak sites which don't want to be using a JavaScript interpreter library in Python threatintelligence.substack.com/p/scraping-ran…

Reverse engineering a ESP32 file system structure - youtu.be/Xsf8_wfyU_Q?si…

Happy birthday to me I guess as citizenlab reference my Blue Callisto research from my PwC days

New macOS malware. :) DPRK. Spent some time reversing the dropper written in Swift/SwiftUI. Here’s the deep dive: kandji.io/blog/todoswift…

Exploiting an object corruption bug in v8 Javascript engine (CVE-2024-3833) github.blog/2024-06-26-att… Credits Man Yue Mo #chrome #cybersecurity

The FBI recently sent a warning out regarding DPRK activity against the crypto industry. Today, we documented attacks we've seen on macOS. Attacks start with social engineering and deliver a piece of malware that we call ThiefBucket. jamf.com/blog/jamf-thre… #malware

I did some new research. Enjoy! Detecting a business email compromise (BEC) threat actor - threatintelligence.substack.com/p/detecting-a-…

This is actively harmful for defenders and gives attackers an advantage. Why put indicators like this into an image?

We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.