Shakedown Social

Pen Test PartnersA critical vulnerability in old Telerik software gave an attacker remote code execution on an SFTP-only Windows server. That meant they didn’t need credentials, antivirus didn’t trigger, and default log sizes meant almost nothing useful was captured.From there? PowerShell exclusions, admin account created, RDP tunnelled in via Ngrok, ransomware deployed. They even opened Pornhub either to cover traffic or celebrate the moment. Who knows?This attack wasn’t subtle. But it worked because basic controls were missing. We’ve broken down the incident. Plus, recommendations you can act on now to prevent the same thing.📌<a href="https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/" rel="nofollow noopener" translate="no" target="_blank">https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

Kunai Project🚀 New Blog Post: Kunai vs io_uring (<a href="https://why.kunai.rocks/blog/kunai-vs-io_uring" rel="nofollow noopener" translate="no" target="_blank">https://why.kunai.rocks/blog/kunai-vs-io_uring</a>) 🚀💡 Ever wondered how io_uring revolutionizes I/O operations in the Linux kernel? Inspired by Armo's blog post (<a href="https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/" rel="nofollow noopener" translate="no" target="_blank">https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/</a>) about a PoC rootkit using io_uring, we explored this feature's security implications and how tools like Kunai can monitor these operations.🔍 Key Takeaways: 🔹 io_uring boosts I/O performance by reducing system call overhead and enabling asynchronous operations 🔹 Security tools struggle to monitor io_uring due to its unique handling of operations 🔹 Kunai now provides visibility into io_uring operations, though blocking malicious activities remains challenging 🔹 Recent kernel versions have introduced auditing and security controls for io_uring, but these are still limited📖 Read more: <a href="https://why.kunai.rocks/blog/kunai-vs-io_uring" rel="nofollow noopener" translate="no" target="_blank">https://why.kunai.rocks/blog/kunai-vs-io_uring</a><a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://infosec.exchange/tags/io_uring" class="mention hashtag" rel="nofollow noopener" target="_blank">#io_uring</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOC</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a>

Slim Bill (He/Him)The Risks of AI for Detecting Threats - A Bit of Security for March 17, 2025 What is the downside of relying on AI to detect threats? Listen to this - <a href="https://youtu.be/_0AdSztIT9Y" rel="nofollow noopener" target="_blank">https://youtu.be/_0AdSztIT9Y</a> <a href="https://noc.social/tags/cybersecuritytips" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecuritytips</a> <a href="https://noc.social/tags/attachsurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#attachsurface</a> <a href="https://noc.social/tags/antimalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#antimalware</a> <a href="https://noc.social/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://noc.social/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://noc.social/tags/BitofSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#BitofSec</a>

DomainTools🚨 Now Available in the AWS Marketplace!Check out our listing to see how we enable security practitioners to stop threats before they happen, using best-in-class internet intelligence data, detection and monitoring tools, and predictive risk scoring.<a href="https://aws.amazon.com/marketplace/pp/prodview-dzycfqt76d5ew?sr=0-1&ref_=beagle&applicationId=AWSMPContessa" rel="nofollow noopener" translate="no" target="_blank">https://aws.amazon.com/marketplace/pp/prodview-dzycfqt76d5ew?sr=0-1&ref_=beagle&applicationId=AWSMPContessa</a> <a href="https://infosec.exchange/tags/AWSMarketplace" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWSMarketplace</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/SecuritySolutions" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecuritySolutions</a>

DomainToolsScattered Spider continues its operations despite high-profile arrests. These arrests have pushed the group to iterate and adopt new tactics, including using different domain name patterns to target new employees unfamiliar with security protocols.<a href="https://www.govinfosecurity.com/tracking-elusive-cybercriminals-through-domain-analysis-a-26022" rel="nofollow noopener" translate="no" target="_blank">https://www.govinfosecurity.com/tracking-elusive-cybercriminals-through-domain-analysis-a-26022</a>🔍 Key Insights from Malachi Walker, Security Adviser at DomainTools: 🔹 The group’s decentralized structure allows it to remain resilient and operational. 🔹Analyzing domain registrations and IP addresses can uncover connections between campaigns and aid law enforcement. 🔹Knowing when a domain was created helps narrow down the compromise window and block associated domains.📽️ Watch Malachi Walker’s interview at DEF CON 2024 with Information Security Media Group (ISMG) to learn more about: 🔹Scattered Spider’s decentralized operations 🔹The importance of a domain activity timeline 🔹Proactive threat detection and incident responseStay vigilant and proactive! 🛡️ <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/DEFCON2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON2024</a> <a href="https://infosec.exchange/tags/DomainTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainTools</a>

Just Another Blue TeamerHappy Monday everyone!We are going to start our week off with a <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#readoftheday</a> that focuses on an <a href="https://ioc.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> group known as <a href="https://ioc.exchange/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kimsuky</a> and how they used a new Google Chrome extension to spy on their victims. This tool, dubbed "TRANSLATEXT" was used for cyber espionage and was able to steal emails, usernames, passwords, cookies, and captures browser screenshots, according to the article. Looking at the attack chain, Kimsuky delivered the malicious files via a zipped archive with two decoy files, one an HWP document and the other a Windows executable. This executable pulls down a PowerShell script (T1059.001 - Command and Scripting Interpreter: PowerShell) which would gather information (TA0007 - Discovery) about the victims machine and transfer that to a command and control server (TA0011 - Command and Control) and retrieve a shortcut file. One interesting take-away was that the script checked for the presence of installed Chrome extensions (T1012 - Query Registry). The registry key in question is HKCU\Software\Policies\Google\Chrome\ExtensionInstallForcelist. This may be a nice registry key to add to your list that you monitor. Enjoy and Happy Hunting!Kimsuky deploys TRANSLATEXT to target South Korean academia<a href="https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia" rel="nofollow noopener" translate="no" target="_blank">https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia</a>Intel 471 <a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSecurity</a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueTeam</a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#HappyHunting</a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#gethunting</a> <a href="https://ioc.exchange/tags/Intel471" class="mention hashtag" rel="nofollow noopener" target="_blank">#Intel471</a>

IT NewsUS Bans Kaspersky Software - Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’... - <a href="https://www.wired.com/story/us-bans-kaspersky-software/" rel="nofollow noopener" translate="no" target="_blank">https://www.wired.com/story/us-bans-kaspersky-software/</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>/nationalsecurity <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>/securitynews <a href="https://schleuss.online/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

da_667Also consider that you can create columns that you can use to follow up to four hashtags at once. I have a column following: <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/iocsharing" class="mention hashtag" rel="nofollow noopener" target="_blank">#iocsharing</a>

Recent searches

Search options

Administered by:

Server stats:

#threatdetection