shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

252
active users

#malware

27 posts21 participants5 posts today

New Malware Campaign Targets MySQL Servers with RAT Payloads

A recent campaign has targeted MySQL servers, where attackers are exploiting User Defined Functions (UDFs) to gain persistent access and deploy multiple types of malware.

Pulse ID: 685a59bd8dd1d56505c728c5
Pulse Link: otx.alienvault.com/pulse/685a5
Pulse Author: cryptocti
Created: 2025-06-24 07:54:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

#Introduction

Hello, my name is Christoff.

I live in Illinois, USA, outside the St. Louis area. Below I'll talk about my technology and creative interests, and a bit about me personally. I'm going to hashtag the heck out of this post.

the whole "deadbeef" thing is the magic number from #Solaris for freed memory. I simply chose .monster TLD because it seemed cool and I like "extended" TLDs.

#Technology

I have been using a OpenBSD, #NetBSD, or #GNU/#Linux since the late 1990s as a primary workstation. I used macOS from 2020 to 2025, switching to the #KDE neon distro (KDE plasma is amazing and KDE isn't bloated anymore, yay!).

My current career is as a #pentester where I break into web applications, IP networks, mobile applications (especially #Android), and people to their face or over the phone; code #malware; write documentation; and enjoy helping clients in a third party contractor/consultant role. I started that job change in 2020, when I earned the #OSCP certification at the height of "#infosec twitter" when I did well there.

Previously I worked for about 20 years as a senior-level programmer, and systems, infrastructure, and database administrator. Burnout was very real and I was extremely bored/unfulfilled.

Now that programming and sysadmin stuff isn't my career, I find I enjoy programming and tinkering again.

I am a big fan of NetBSD and always have been. I am not a huge fan of GNU/Linux but I do appreciate things "just working", even if it is full of closed-source binary blobs and other garbage. It was fun in the 1990s.

I know many programming languages but have been paid professionally to code in #C, #Perl, #Python, #PHP, #Java, and #Groovy for big commercial entities like eBay, small companies, and the US government.

I've maintained 99.99% uptime for a 60MM+ platform for years, including failover and backups (that were regularly tested... you test your failover and backups, right?!).

I always wanted to be a cool C and low-level programmer, which I thought for the longest time was being a kernel programmer, but now I know that isn't the life for me.

Emacs is something I've enjoyed since the beginning and I still can't code a #Lisp well. I'd love to be a cool #lisper with #CommonLisp, but haven't gotten there yet. I'm on the #c64 and #embedded #retrocomputing train now.

#Creative

For creative stuff, I aim to do a lot but tend to hop around as interests take me. I could use some discipline there (someday?).

For #music, I have an electric #bass (Fender Jazz) and electric #guitar. I love #jambands (#GratefulDead, #Phish, #Goose) and that's the type of music I like to play along to.

For #art, I like #acrylic and #watercolor painting. I rarely do it, but think about it a lot and love it when I do it. I don't have any skill or talent, but that's not the point. It's for me and no one else.

For #computing, I am venturing into #C64 #demoscene programming and exploration. Not only was I too poor to get one when I was little but I sorta forgot about it over time. The desire to do cool things in a restricted environment where folks are playing in the sandbox, too, is very exciting and attractive to me. I don't know how to code the #Commodore64 stuff yet, but will! Learning the assembly language (I have zero desire to code in BASIC again and I can just code assembly).

#Personal

I live with my soulmate and our five amazing cats in a small town outside St. Louis living a quiet life. Just doing our jobs, taking care of daily life stuff, and enjoying each other and life as much as we can. Ups and downs of life chaos, like anyone else, but we're doing alright!

We enjoy exploring places within driving distance and there are a lot of places to go to.

Currently, we're really into playing two-player games together and just started collecting #boardgames. Right now, we're really digging #SkyTeam, #RoyalGameOfUr, #ForrestShuffle, #SentinelsOfTheMultiverse, and this magnet game I don't know the name of. We have #SpiritIsland and #ArcNova to unwrap and learn. We tried really really hard to get into #ArkhamHorrorTheCardGame but the rules are too complicated and confusing, where it felt like we were doing the wrong thing all the time.

I am 46. I grew up loving Star Wars, Star Trek, #SciFi, reading novels non-stop, horror, and watching movies. I collect classic SciFi books from 1960s and 1970s.

I would perhaps describe myself as an extremely curious person, that loves #puzzles and #mysteries, #exploration, figuring out #HumanBehavior like I'm an alien studying humans (I'm good at it, it turns out), that has a keen eye for detail, remembering random little things, and a good listener. I'm fairly adaptable and fluid in most things, which works well for me. My brain works differently than a lot of people, and while frustrating a lot of the time for things I don't understand fully, it is me and serves me well in niches.

Making people laugh makes me happy. I am a #hacker and #tinkerer.

Continued thread

@BrodieOnLinux @torproject @guardianproject

At this point I'd like to ask when @EUCommission and other #regulators start #banning #StasiBook and other #GAFAM|s for their blatant actions as #OrganizedCrime to violate #privacy standards in the #EU and elsewhere?

infosec.space/@kkarhan/1147336

Cuz at this point the €32B fines at maximum are a joke.

Simply because this isn't a mere violation of #GDPR, #BDSG and other standards, but literal #malware that has been deployed against users in the wild...

  • Anything but actual prison sentences & arrest warrants against the persons responsible would be undue leniency.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)The fact that #NSAbook is literally developing #Govware to track users and bypass #Android #sandbox as well as #tracking them regardless of #VPN, #Cookies or #IncognitoMode use or blockage. https://www.youtube.com/watch?v=LUtctMShGJw via @BrodieOnLinux@mstdn.social More to readup upon. https://redact.dev/blog/meta-yandex-localhost-tracking https://www.zeropartydata.es/p/localhost-tracking-explained-it-could #Spyware #InfoSec #ComSec #ITsec #OpSec #Malware #LocalhostTracking #Govware #StasiBook #Facebook #Meta

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #25/2025 is out!

It includes the following and much more:

🇺🇸 📰 The Washington Post experienced a #cyberattack that compromised the email accounts of several journalists;

🇬🇧 The U.K. watchdog fined #23andMe £2.31 million;

🇨🇭 🏦 #UBS Confirms Data Stolen After Hack at External Supplier;

👾 Over 1,500 #Minecraft players have been infected by a new Java #malware;

🤖 🛠️ Researchers say #AI hacking tools sold online were powered by #Grok, #Mixtral;

📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

The Washington Post experienced a cyberattack that compromised the email accounts of several journalists; The U.K. watchdog fined 23andMe £2.31 million; UBS Confirms Data Stolen After Hack at External Supplier; Over 1,500 Minecraft players have been infected by a new Java malware; Researchers say AI hacking tools sold online were powered by Grok, Mixtral;
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 25/2025The Washington Post experienced a cyberattack that compromised the email accounts of several journalists; The U.K. watchdog fined 23andMe £2.31 million; UBS Confirms Data Stolen After Hack at External Supplier; Over 1,500 Minecraft players have been infected by a new Java malware; Researchers say AI hacking tools sold online were powered by Grok, Mixtral;

Okay. computer novice here with hopes of advice.

Are we all supposed to be using a protection subscription like McAfee, bitdefender, Norton, Total AV, etc., ALONG WITH something like Malwarebytes, etc.; or, is one or the other all we need? I have no clue anymore as to all, some, one of the services I'm supposed to use for my little world here.

How many different computer protection services am I supposed to keep up to date?

#Help #Computer
#malware #hacking
#protection #IT #software

DuckDuckGo’s Scam Blocker now protects against fake crypto sites, scareware, phishing, and malware—without tracking your data 🔒.

It’s built into their browser with regular updates from independent firm Netcraft 🛡️.

Privacy Pro subscribers get full-device protection via VPN 🔐.

@duckduckgo

spreadprivacy.com/scam-blocker/

Spread Privacy · DuckDuckGo Browser's Scam Blocker Now Covers More ThreatsPhishing sites, malware, and other common online scams.

Stealthy GitHub Malware Campaign Targets Devs

A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.

Pulse ID: 68548f8be824569a83f26ef4
Pulse Link: otx.alienvault.com/pulse/68548
Pulse Author: AlienVault
Created: 2025-06-19 22:30:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Analysis of a Malicious WordPress Plugin: The Covert Redirector

A malicious WordPress plugin named 'wordpress-player.php' has been discovered, affecting at least 26 websites. The plugin injects a hidden HTML5 video player and establishes a WebSocket connection to a command and control server. It redirects visitors to suspicious websites after 4-5 seconds, avoiding execution for logged-in users. The malware uses a fake 'WordPress Core' author name to evade detection. It impacts website integrity through unauthorized redirects, SEO degradation, and potential security risks to visitors. Mitigation steps include thorough scanning, malware removal, credential resets, software updates, and implementing a Web Application Firewall.

Pulse ID: 68536e4f88b62f5f7d8c4865
Pulse Link: otx.alienvault.com/pulse/68536
Pulse Author: AlienVault
Created: 2025-06-19 01:56:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Inside the BlueNoroff Web3 macOS Intrusion Analysis

A detailed analysis of a sophisticated intrusion targeting a cryptocurrency foundation employee is presented. The attack, attributed to the North Korean APT group BlueNoroff, began with a social engineering lure via Telegram, leading to the installation of malicious software disguised as a Zoom extension. The intrusion involved multiple stages of malware deployment, including persistent implants, backdoors, keyloggers, and cryptocurrency stealers. The attackers utilized advanced techniques such as process injection on macOS and leveraged various tools to collect sensitive information, particularly focusing on cryptocurrency-related data. The analysis covers the initial access vector, technical details of the malware components, and their functionalities, providing insights into the evolving tactics of state-sponsored threat actors targeting macOS systems.

Pulse ID: 6853be742df9d3db90e41219
Pulse Link: otx.alienvault.com/pulse/6853b
Pulse Author: AlienVault
Created: 2025-06-19 07:38:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.