Infoblox Threat Intel<p>Is the sky fluxxing?! Last week a CISA advisory on DNS Fast Flux created a lot of buzz. We have an insider's take.<br> <br>Fast Flux is a nearly 20 year old technique and is essentially the malicious use of dynamic DNS. It is critical that protective DNS services understand this -- and all other DNS techniques -- on that we agree. </p><p>What we also know as experts in DNS is that there are many ways to skin a cat, as they say. </p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> </p><p><a href="https://blogs.infoblox.com/threat-intelligence/disrupting-fast-flux-and-much-more-with-protective-dns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/disrupting-fast-flux-and-much-more-with-protective-dns/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
293active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#malware
10 posts · 10 participants · 0 posts today
TantiLink<p>Gaming sicuro: come difendersi da minacce e truffe su PC e Mobile</p><p>Leggi articolo: <a href="https://www.tantilink.net/2025/04/Gaming-minacce-truffe-PC-Mobile.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tantilink.net/2025/04/Gaming-m</span><span class="invisible">inacce-truffe-PC-Mobile.html</span></a></p><p><a href="https://mastodon.uno/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.uno/tags/gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gaming</span></a> <a href="https://mastodon.uno/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.uno/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.uno/tags/videogiochi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>videogiochi</span></a> <a href="https://mastodon.uno/tags/games" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>games</span></a></p>
Glyn Moody<p>"Starting on January 19, 2025 Facebook's internal policy makers decided that <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> is <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> and labelled groups associated with Linux as being "cybersecurity threats". Any posts mentioning <a href="https://mastodon.social/tags/DistroWatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DistroWatch</span></a> and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed. " <a href="https://distrowatch.com/weekly.php?issue=20250127#sitenews" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">distrowatch.com/weekly.php?iss</span><span class="invisible">ue=20250127#sitenews</span></a> is this madness still going on?</p>
Scripter :verified_flashing:<p>Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware<br><a href="https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/04/micr</span><span class="invisible">osoft-warns-of-tax-themed-email.html</span></a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.tchncs.de/tags/EMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EMail</span></a> <a href="https://social.tchncs.de/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PDF</span></a> <a href="https://social.tchncs.de/tags/QRCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QRCode</span></a></p>
r1cksec<p>Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel🕵️♂️ </p><p><a href="https://github.com/Zouuup/landrun" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zouuup/landrun</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p>
Frankie ✅<p>Cyberattacks by AI agents are coming</p><p>Agents could make it easier and cheaper for criminals to hack systems at scale. We need to be ready. </p><p><a href="https://www.technologyreview.com/2025/04/04/1114228/cyberattacks-by-ai-agents-are-coming" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">technologyreview.com/2025/04/0</span><span class="invisible">4/1114228/cyberattacks-by-ai-agents-are-coming</span></a> </p><p><a href="https://mastodon.social/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JessTheUnstill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JessTheUnstill</span></a></span> <span class="h-card" translate="no"><a href="https://mamot.fr/@bohwaz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bohwaz</span></a></span> <span class="h-card" translate="no"><a href="https://indieweb.social/@punkfairie" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>punkfairie</span></a></span> <span class="h-card" translate="no"><a href="https://social.vivaldi.net/@ajsadauskas" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ajsadauskas</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@tomiahonen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tomiahonen</span></a></span> <span class="h-card" translate="no"><a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fuchsiii</span></a></span> <em>Exactly</em>...</p><p>Coincidentially, that's why <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> (and <a href="https://infosec.space/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a>) doesn't let users have <a href="https://infosec.space/tags/root" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>root</span></a> access because billions of devices owned by mostly <em>"<a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a>"</em> that hardly get <a href="https://infosec.space/tags/SecurityUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityUpdates</span></a> would be an even bigger risk if they didn't boot a locked-down <a href="https://infosec.space/tags/ROM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ROM</span></a> image, thus only allowing for <a href="https://infosec.space/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> in user-privilegued userspace!</p><ul><li>I'd even go so far that I'd wish for <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> to basically merge fmr. <a href="https://infosec.space/tags/FirefoxOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FirefoxOS</span></a> / <a href="https://infosec.space/tags/KaiOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KaiOS</span></a> & <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tails</span></a> to build a <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a>-focussed <a href="https://infosec.space/tags/ROM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ROM</span></a> for <a href="https://infosec.space/tags/Smartphones" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smartphones</span></a> and <a href="https://infosec.space/tags/Tablets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tablets</span></a> i.e. <em>"<a href="https://infosec.space/tags/TailsMobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TailsMobile</span></a>"</em> or sth.</li></ul><p>Cuz having a mobile OS that shoves everything through <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> and only allows <a href="https://infosec.space/tags/userspace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>userspace</span></a>-Apps in the form modern web technologies would be a big <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> and <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> gain.</p><ul><li>Not to mention <a href="https://infosec.space/tags/amd64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>amd64</span></a> is on it's way out and inevitably they gotta have to transition to supporting <a href="https://infosec.space/tags/arm64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arm64</span></a> and eventually <a href="https://infosec.space/tags/RISCv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RISCv</span></a>-<a href="https://infosec.space/tags/64bit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>64bit</span></a> at some point.</li></ul>
TWiT Podcasts<p>🔐 Cloudflare shuts down port 80 API access, malware devs turn to obscure languages like FORTH, and password reuse remains rampant. <span class="h-card" translate="no"><a href="https://infosec.exchange/@SGgrc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SGgrc</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.social/@leo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>leo</span></a></span> Laporte unpack the latest on Security Now 1019!</p><p>🧠 <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a><br>📲 Download and subscribe here:<br>🔗 <a href="https://buff.ly/aqfGWFq" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">buff.ly/aqfGWFq</span><span class="invisible"></span></a></p>
0x40k<p>FIN7 *again*? Seriously, these guys just don't quit, do they? 🙄</p><p>Heads up – they've cooked up an Anubis backdoor using Python. And nope, *it's not* the Android Trojan people know. It's pretty wild what this thing packs: we're talking remote shell capabilities, file uploads, messing with the registry... 🤯 Basically, the keys to the kingdom!</p><p>And let me tell you from a pentester's perspective: Just relying on AV? That's *definitely* not gonna cut it anymore. We all know that, right?</p><p>Looks like they're slipping in through compromised SharePoint sites now? Yikes. The nasty part? A Python script decrypts the payload *directly in memory*, making it incredibly tough to spot! 🥴 Plus, their command and control chats happen over a Base64-encoded TCP socket.</p><p>So, keep a *sharp eye* on those ZIP attachments! Double-check your SharePoint sites' integrity. You'll also want to monitor network traffic closely (especially that TCP activity!). And make sure your endpoint security is actually up to snuff – remember, they love finding ways to bypass defenses!</p><p>How are *you* tackling threats like this one? What are your go-to tools and strategies for defense? 🤔 Let's share some knowledge!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/FIN7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIN7</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/WindowsSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSecurity</span></a></p>
beardedtechguy@infosec:~$<p>"What 'experts' recommend installing Kaspersky?" Hard pass... </p><p>New Triada Trojan comes preinstalled on Android devices <a href="https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/176143/mal</span><span class="invisible">ware/new-triada-comes-preinstalled-on-android-devices.html</span></a></p><p><a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p>
heise Security<p>CISA warnt vor Malware "Resurge" nach Ivanti-ICS-Attacken</p><p>Seit Anfang Januar sind Angriffe auf Ivantis ICS bekannt. Die CISA hat die Malware analysiert, die Angreifer installiert haben.</p><p><a href="https://www.heise.de/news/CISA-warnt-vor-Malware-Resurge-nach-Ivanti-ICS-Attacken-10333868.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/CISA-warnt-vor-M</span><span class="invisible">alware-Resurge-nach-Ivanti-ICS-Attacken-10333868.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Fotoptikon<p><a href="https://photog.social/tags/trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trojan</span></a> <a href="https://photog.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://photog.social/tags/warning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>warning</span></a></p>
Infoblox Threat Intel<p>Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware. </p><p>Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments. <br> <br>One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.</p><p>Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.<br> <br>Block these:</p><p>user2ilogon[.]es<br>viewer-ssa-gov[.]es <br>wellsffrago[.]com<br>nf-prime[.]com<br>deilvery-us[.]com<br>wllesfrarqo-home[.]com<br>nahud[.]com. <br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikes</span></a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikeDomain</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pdns</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/ssa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssa</span></a></p>
0x40k<p>Whoa, things are heating up again in the Android world... Watch out for "Crocodilus," a nasty new banking trojan that's currently zeroing in on folks in Spain and Turkey. 🐊 Now, it might sound like your standard-issue malware at first, but this one's got some particularly devious tricks. It's not *just* snagging login details – it's also after the seed phrases for crypto wallets. 🤯</p><p>Here’s the kicker: it disguises itself as Google Chrome and tries to trick you into granting Accessibility Services permissions. If you give it that access, you've basically handed over the keys to your device. Seriously, it can then read everything on your screen, see every tap you make... and you wouldn't even know, because it can black out the screen while it does its dirty work. 🙈 Total stealth mode.</p><p>As someone in penetration testing, I unfortunately run into this kind of threat all too often. Clients sometimes say, "But I have antivirus software!" The hard truth? Against sophisticated attacks like this, basic AV often won't cut it.</p><p>So, the usual advice is more critical than ever: Be super careful about the apps you install and *always* double-check the permissions they ask for! And please, use Multi-Factor Authentication (MFA) wherever you can! 🔐</p><p>I'm curious – what security measures do you have running on your smartphone? Drop your tips below!</p><p><a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AndroidSecurity</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BankingTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BankingTrojan</span></a></p>
defnull<p>Yearly reminder that <a href="https://chaos.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> on <a href="https://chaos.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> can just shutdown <a href="https://chaos.social/tags/ClamAV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClamAV</span></a> before downloading payload to avoid real-time detection, and <a href="https://chaos.social/tags/cisco" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisco</span></a> does not think this is a problem.</p><p><a href="https://github.com/Cisco-Talos/clamav/issues/1169" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Cisco-Talos/clamav/</span><span class="invisible">issues/1169</span></a></p><p><a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://chaos.social/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a></p>
your auntifa liza 🇵🇷 🦛 🦦<p>it should be obvious by now that anything created by the <a href="https://mastodon.social/tags/techbros" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>techbros</span></a> behind this coup needs to be considered <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p><p><a href="https://www.wired.com/story/doge-rebuild-social-security-administration-cobol-benefits/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/doge-rebuild-s</span><span class="invisible">ocial-security-administration-cobol-benefits/</span></a></p><p>and that includes the 2-3 years of <a href="https://mastodon.social/tags/Palantir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Palantir</span></a> having free reign hacking everything related to not just <a href="https://mastodon.social/tags/immigration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>immigration</span></a> but <a href="https://mastodon.social/tags/passports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passports</span></a> </p><p>DOGE IS MORE THAN <a href="https://mastodon.social/tags/MALWARE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MALWARE</span></a> IT’S <a href="https://mastodon.social/tags/RANSOMWARE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RANSOMWARE</span></a> </p><p>so who is putting up contingencies to use all the <a href="https://mastodon.social/tags/OpenGOV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenGOV</span></a> tools we have had developed the last 20 years, to audit the White House’s acts of digital terrorism?</p>
securityskeptic :donor: :verified:<p>In today's post, Interisle peeks at the cybercrime activity (for phishing, malware, and spam) for the month of February 2025. We’ll point out anything that strikes us as particularly interesting in overall numbers as well as significant changes in ranking for TLDs, Registrars, and Hosting Networks.</p><p><a href="https://interisle.substack.com/p/cybercrime-reported-in-february-2025" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">interisle.substack.com/p/cyber</span><span class="invisible">crime-reported-in-february-2025</span></a></p><p><a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a></p>
Infoblox Threat Intel<p>Last week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens.<br> <br>Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies.<br> <br>Here are a few samples of the domains:</p><p>- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil.<br>- creo--ia[.]com Lookalike for an industrial fabrication firm in WA State.<br>- admiralsmetal[.]com Lookalike for US based metals provider.<br>- ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor.<br>- elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication.<br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikes</span></a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikeDomain</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pdns</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/dod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dod</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://greywolf.social/@growlph" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>growlph</span></a></span> roflmao!</p><p>Shite like this should be outlawed as <a href="https://infosec.space/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> alongside <a href="https://infosec.space/tags/DRM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DRM</span></a>!</p>
Alexandre Borges<p>Even though I've been away from the field for years, it's great to see that a simple tool that I initially launched in 2018 and with great collaborators (Artur Marzano, Corey Forman and Christian Clauss) has been used by so many professionals.</p><p><a href="https://www.helpnetsecurity.com/2025/03/26/malwoverview-first-response-tool-threat-hunting/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/03/26</span><span class="invisible">/malwoverview-first-response-tool-threat-hunting/</span></a></p><p><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload