Sounds like spam/phishing emails might get a bit harder to block. Apparently this service was also used to spam Mastodon registrations last month as well.

The proof of concept code was released on GitHub.

I guess after using the NPM and PyPI repositories to distribute compromised packages, malicious actors have moved to Minecraft plugin/mod repos.

Minecraft mod BOM's when?

Verizon's annual DBIR reports analyze a crazy amount of corporate security incidents, then publish the interesting statistics and trends that were discovered in the data. It's always quite an interesting read.

C2 infrastructure mimics sites belonging to the Libyan Ministry of Foreign Affairs. Earliest artifacts date back to October 2022. Suspected that threat actor is targeting Egyptian and Libyan journalists and human rights activists.

Kaspersky is reporting a new zero-click iOS exploit in the wild, through message received via iMessage with an attachment containing the payload. Persistence is not supported, most likely due to limitations of the OS.

The Kaspersky writeup can be seen here.

ESET released an analysis of the Asylum Ambuscade crimeware group that has been active since at least early 2020.

This group targets bank customers and cryptocurrency traders in regions including North America and Europe.

The TTP's related to initial access include spearphising emails containing malicious XLS and DOC files.

Microsoft researchers have discovered an emerging cluster of TTP's they have named Storm-1167 being used by an unknown threat actor to target banking and financial services institutions.

This threat actor has been utilizing phishing emails for initial compromise, then using compromised inboxes to further distribute their malicious phishing emails.

The threat actor has been observed taking steps to minimize detection and to establish persistence.

Hello and welcome! I joined the Lemmy fediverse a week ago, and settled in to the sh.itjust.works instance yesterday. I had pulled back from most of my social and general use of Reddit a few years back, and mostly just used it as a more social RSS feed to keep abreast of things going on in the cybersecurity and information security world. One of the first things I noticed when exploring the Lemmy Fediverse was that outside of the general tech communities, there was only a single cybersecurity community which hadn't seen any activity in over a year or more.

I've gone back to my old stalwart RSS feeds, so I decided to create this community and post any articles I find interesting that come across my feed. Hopefully others will find it helpful as well!

I really hope that the social aspect of the community will take hold here too, and encourage anyone to make any link or text posts related to cybersecurity that they want. I don't really want this to turn into a place where every other question is "How do I get into cybersecurity?" or "Will you be my mentor?", but the Lemmy community is small so at this point I'd welcome any sort of community interaction.

To kick things off with a little about myself, started my career working as a network engineer for a WISP, scampering across city roofs, throwing up non-pen mounts for PtP radios, and slinging multi-Gbps links from building to building. I slowly transitioned into a SOC through a few calculated job transitions, then after a few more I've found myself working on a team that splits our time providing penetration tests for internal business lines and running red team/adversary emulation engagements against my company. Over the past few years I've earned my OSCP, OSEP, and OSWE, along with a handful of GIAC certifications. I'm currently working on the study materials for the OSED. I don't have any coding experience, just a bit of scripting ability, but I am very excited to jump in to binary exploitation and reverse engineering. It's the closest thing to magic to me in this space, and I can't wait to deconstruct and demystify it a bit.

Thanks for reading, and glad you're here!

Looks like a patch was released yesterday for the SQL injection vulnerabilities discovered in the MOVEit Transfer application.

The direct link to the official announcement is here.

Elastic Security Labs has discovered the SPECTRALVIPER malware targeting a national Vietnamese agribusiness.

I thought I'd take a break from posting stories that come across my RSS feed to let people know about an upcoming Hack-A-Thon/CTF event that OffSec is running next weekend.

I'm not really sure what the challenges will entail, since I'm not eligible for any of the prizes I haven't been paying much attention to info about it at all. I do know that in order to compete you will have to have an active PG Practice subscription, which is $19 USD/mo, more info is here. I don't really like that they're requiring people to already have a paid subscription to compete, but it's their ecosystem and their rules.

There are three different tiers you can compete in, a PEN-300 tier, an EXP-301 tier, and an PEN-200 tier. The 1st prize for each tier is a year long LearnOne subscription to the tier course, 2nd place is a 90 day course subscription to the tier course, and 3rd place is a 90 day subscription to the PG Practice environment.

While SANS is the king of wildly expensive courses, the OffSec subscriptions definitely aren't cheap either, especially if you're self-paying. I get the irony of making people pay for entry into a contest where they might win a subscription they otherwise couldn't afford, but it's better than nothing I guess.

Just wanted to post a couple of really interesting medium articles I found on Iphone pentesting. As an Iphone user, I have always wanted to see the source code of the apps I use, so it has been really interesting going through the process of jailbreaking my old iphone and ftping the .ipas to my host machine for analysis. The articles I found most interesting from this user were:

Setting Up a Jailbreak Environment For Beginners

Preparing IPhone for Application Security

Extracting the IPA File and Local Data Storage of an IOS Application

Hope y'all enjoy!

10 chars, no special characters and that's it

Just tell me that you want to have access to my videos and be done with it

Fortigate published a patch for CVE-2023-27997, a Remote Code Execution vulnerability reachable pre-authentication, on every SSL VPN appliance.

The researcher chained an insecure password reset API route to bypass authentication, then discovered an IDOR vulnerability could be leveraged to access sensitive customer data.

For everyone that says "The real world can't be as easy as training labs make it seem out to be!", sometime it really do be that ez.

This new stealer has five stages, and shows a high level of sophistication, akin to APTs. Targeted victims have been seen in Europe, the USA, and Latin America.

Several pieces of Russian text were found in the malware.

The first part of the C2 URL is “Privetsvoyu” which is a misspelled transliteration of the Russian word for “Greetings.” Secondly, we found the string “salamvsembratyamyazadehayustutlokeretodlyagadovveubilinashusferu.” Despite the weird transliteration, it roughly translates to: “Greetings to all brothers, I’m suffocating here, locker is for bastards, you’ve messed up our area of interest.”

MD5 sum and C2 URL IOCs are included at the end of the report.

With this new community, I figured it would be interesting to get a gauge on if there are any security professionals within the community, and what roles everyone holds?

I personally specialize in GRC, but have also worked in network engineering in the past.