Global operation targets NoName057(16) pro-Russian cybercrime network http://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network #cybersecurity #infosec
Global operation targets NoName057(16) pro-Russian cybercrime network http://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network #cybersecurity #infosec
https://www.europesays.com/2327099/ Trump shrugs off suspected Russian hack of U.S. courts #BreakingNews:Economy #BreakingNews:Politics #BusinessNews #courts #Crime #Cybersecurity #DonaldJTrump #DonaldTrump #Economy #elections #Hacking #KennedyCenter #Laws #NewYorkTimesCo #Politics #Russia #U.S.Economy #VladimirPutin #WhiteHouse
My nephew's having a terrible time getting hired after graduating in CS into this LLM-crazed job market, but he's hearing more about how vibe coders are opening new doors for those who know their chops in #infosec and have to clean up after the inevitable slop.
Are there any junior security roles out there I could throw in his direction, or perhaps things he could do to raise his chances?
Thoughts on conferences would also be welcome; he's too late for #Defcon but I doubt he'd be willing to run the ICE gauntlet as a brown guy anyways, so any European confs that are coming up in #cybersecurity would be great to point him at.
Notorious North Korean hacking group Kimsuky gets hacked itself - revealing some of its deepest secrets
The hacker claims the group is "morally perverted", and hacks for "all the wrong reasons"
#Clusit pubblica il primo manifesto per la #cybersecurity dedicato alle aziende.
Dieci raccomandazioni che consentono di limitare i rischi da attacchi informatici e difendere i dati aziendali (e i nostri).
I sistemi di difesa informatica sono più efficaci se chi opera è #formato, #informato e #consapevole.
Fortinet FortiGate 2025 Firewall Guide
Choosing the right firewall isn’t one-size-fits-all. We’ve compared five Fortinet FortiGate models—30G, 50G, 70G, 100F, and Rugged 70G-5G-DUAL—by performance, features, and best use cases.
From small office POS security to enterprise-scale SD-WAN to ruggedized IoT environments—there’s a FortiGate for every scenario.
Read: https://datacenter360.ca/news/fortinet-firewall-comparison-2025/
#CyberSecurity #Fortinet #Firewalls #InfoSec #NetworkSecurity #ThreatDetection
AI Applications in Cybersecurity
There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first <a href="htt... https://www.schneier.com/blog/archives/2025/08/ai-applications-in-cybersecurity.html
A flood of #AI #Deepfakes challenges the financial sector, with over 70% of new enrolments to some firms being fake, according to Tianyi Zhang, a general manager of risk management and #CyberSecurity at Singapore-based Ant International.
https://fortune.com/asia/2025/08/13/ant-international-ai-deepfakes-cybersecurity/
Security Now: Malicious repo libraries
| Perplexity’s duplicity
| CISA’s emergency SharePoint directive | NVIDIA says “no” to embedded chip gimmicks | & more with @SGgrc & @leo.
https://twit.tv/shows/security-now/episodes/1038 #CyberSecurity #InfoSec
#Ransomware Empire Falls: Feds Hit BlackSuit With $1M Crypto Seizure
Federal and international law enforcement officers moved in late July to disrupt the BlackSuit ransomware gang, seizing servers, domain names, and #CryptoCurrency
https://bitcoinist.com/ransomware-empire-falls-feds-hammer-blacksuit-with-1m-crypto-seizure/
"Fake accounts often use profile photos that seem too good to be true. Whether it’s flawless lighting, professional-looking headshots, or model-tier appearances."
Bitdefender (sales pitch included): How to Spot a Fake Social Media Profile https://www.bitdefender.com/en-us/blog/hotforsecurity/how-to-spot-a-fake-social-media-profile #cybersecurity #Infosec
Motorcycle manufacturer Royal Enfield hit by ransomware attack
Royal Enfield motorcycle manufacturer apparently suffered a ransomware attack where hackers claimed complete system compromise, encrypting all servers and wiping backups, resulting in paralyzed operations and temporary suspension of online ordering systems and workshop services. The company acknowledged the cybersecurity incident and launched an internal investigation.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/motorcycle-manufacturer-royal-enfield-hit-by-ransomware-attack-y-y-8-u-e/gD2P6Ple2L
Possible Phishing
on: hxxps[:]//enlineaaaaa33[.]z13[.]web[.]core[.]windows[.]net
Analysis at: https://urldna.io/scan/689bcb8a3b7750000a1212e9
#cybersecurity #phishing #infosec #urldna #scam #infosec
Beyond CVEs: Mastering the Landscape with Vulnerability-Lookup is finally online.
The talk was given at @firstdotorg conference.
#opensource #vulnerability #vulnerabilitymanagement #cybersecurity
Video https://youtu.be/PS6NuisVxBU?si=KbPbnHWgKM0wxmMR
Online instance https://vulnerability.circl.lu/
Open source project https://www.vulnerability-lookup.org/
How #Rhadamanthys Stealer Slips Past Defenses using ClickFix
Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging.
While earlier ClickFix campaigns mainly deployed #NetSupport RAT or #AsyncRAT, this C++ infostealer ranks in the upper tier for advanced evasion techniques and extensive data theft capabilities.
#ANYRUN Sandbox lets SOC teams observe and execute complex chains, revealing evasive behavior and providing intelligence that can be directly applied to detection rules, playbooks, and proactive hunting.
Execution Chain:
ClickFix msiexec
exe-file
infected system file
PNG-stego payload
In a recent campaign, the phishing domain initiates a ClickFix flow (#MITRE T1566), prompting the user to execute a malicious MSI payload hosted on a remote server.
The installer is silently executed in memory (#MITRE T1218.007), deploying a stealer component into a disguised software directory under the user profile.
The dropped binary performs anti-VM checks (T1497.001) to avoid analysis.
In later stages, a compromised system file is used to initiate a TLS connection directly to an IP address, bypassing DNS monitoring.
For encryption, attackers use self-signed TLS certificates with mismatched fields (e.g., Issuer or Subject), creating distinctive indicators for threat hunting and expanding an organization’s visibility into its threat landscape.
The C2 delivers an obfuscated PNG containing additional payloads via steganography (T1027.003), extending dwell time and complicating detection.
See execution on a live system and download actionable report: https://app.any.run/tasks/a101654d-70f9-40a5-af56-1a8361b4ceb0/?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_term=120825&utm_content=linktoservice
Use these #ANYRUN TI Lookup search queries to track similar campaigns and enrich #IOCs with live attack data from threat investigations across 15K SOCs:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522clickfix%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522rhadamanthys%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522netsupport%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522asyncrat%255C%2522%2522,%2522dateRange%2522:180%7D
IOCs:
84.200[.]80.8
179.43[.]141.35
194.87[.]29.253
flaxergaurds[.]com
temopix[.]com
zerontwoposh[.]live
loanauto[.]cloud
wetotal[.]net
Find more indicators in the comments
Protect critical assets with faster, deeper visibility into complex threats using #ANYRUN
Because FIDO-based authentication (Passkeys, YubiKeys, etc.) is so good the only way around it is to trick someone into not using it. That's essentially what a downgrade attack is. As a Microsoft #EntraID administrator you can prevent successful downgrade attack from affecting your users. Here's a few ways to mitigate the risk of downgrade attacks:
1) Have your users delete all MFA methods except for FIDO-based methods. That way there's no less secure method to downgrade to. Need redundancy? Register both a Passkey and a YubiKey.
2) Create Conditional Access policies requiring FIDO / Phishing-resistant MFA methods to access your important applications. Even if a user is successfully phished, the auth cookie they receive will not have the Phishing-resistant attribute, so it won't be able to be used to authenticate against apps that have these policies.
3) Create Conditional Access policies for important applications to require access from a managed device -- such as a EntraID-joined, Hybrid Joined or Intune-managed device. Similar to #2, if an auth cookie is stolen, it won't work from an attacker's system as that system won't be a managed device.
From: @threatinsight
https://infosec.exchange/@threatinsight/115017333270048604
At #DEFCON33, #Meshtastic ran its biggest mesh yet—2K+ nodes, thousands of msgs & an unexpected live vulnerability demo. Lessons learned Big plans for security, identity & UX.
Full recap https://meshtastic.org/blog/that-one-time-at-defcon/
From this morning: #DEFCON tidbits, US Pacer hack outs sealed arrests and witnesses, hackers infiltrate Google’s Gemini AI smart home functions via calendar invite, Reddit blocked Internet Archive, Meta surveilled period-tracker app users, and more:
https://www.patreon.com/posts/cybersecurity-12-136290025 #Cybersecurity
Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads customers.
Streaming live: Back from DEFCON | Hope my ISP actually fixed the internet | Cybersecurity, Tech, & Chill: Open Source, Gaming on Linux, Radio. Tune in at: https://twitch.tv/chiefgyk3d #Cybersecurity #Linux #Tech #Streamer #Twitch