social.bund.de

5 posts5 participants0 posts today

RedPacket SecurityCollaboration Gaps in Cybersecurity: Insights from Former GCHQ Director - <a href="https://www.redpacketsecurity.com/cybersecurity-industry-falls-short-on-collaboration-says-former-gchq-director/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/cybersecurity-industry-falls-short-on-collaboration-says-former-gchq-director/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/geopolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#geopolitics</a>

RedPacket SecurityUK ICO Issues GDPR Warning Over Children's Data Usage - <a href="https://www.redpacketsecurity.com/uk-ico-fires-gdpr-warning-shot-over-use-of-children-s-data/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/uk-ico-fires-gdpr-warning-shot-over-use-of-children-s-data/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/data_protection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_protection</a> <a href="https://mastodon.social/tags/children" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#children</a> <a href="https://mastodon.social/tags/TikTok" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TikTok</a>

MISPThe MISP project maintains and offers a comprehensive knowledge base covering threat actors, ransomware groups, malware, and more. Even if you don't use MISP, you can now easily search across all MISP Project knowledge bases, including galaxies, taxonomies, and MISP object templates.<a href="https://search.misp-community.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://search.misp-community.org</a><a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://misp-community.org/tags/opendata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opendata</a> <a href="https://misp-community.org/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#misp</a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/threatactor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatactor</a> <a href="https://misp-community.org/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a>

Jérôme MeyerAbout this X DDoS campaign: I've seen reports of attribution to Ukraine, and at least based on attack data at network level — I just don't see it. (And I should note: attribution is hard, so I am generally skeptical.)Top contributors are 🇺🇸🇲🇽🇪🇸🇮🇹🇧🇷, and as with most botnets: very geographically distributed.Most of the source IPs intersect with <a href="https://infosec.exchange/tags/Eleven11bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Eleven11bot</a> as we started seeing them on 26 February.OK, now back to regularly scheduled skiing.<a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

RedPacket SecurityNation-State Hackers Threaten UK AI Research Progress - <a href="https://www.redpacketsecurity.com/uk-ai-research-under-threat-from-nation-state-hackers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/uk-ai-research-under-threat-from-nation-state-hackers/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#research</a>

RedPacket SecurityGeopolitical Tensions Boost APT Attacks and Hacktivism in 2024 - <a href="https://www.redpacketsecurity.com/geopolitical-tension-fuels-apt-and-hacktivism-surge/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/geopolitical-tension-fuels-apt-and-hacktivism-surge/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://mastodon.social/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://mastodon.social/tags/geopolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#geopolitics</a>

Infoblox Threat IntelLumma Stealer is currently one of the most popular malware. Campaigns involving this info stealer have a notable presence in DNS. We’ve been tracking a threat actor that deploys large number of domains to advertise file share links dropping Lumma Stealer. These campaigns are interesting because the actor uses traffic distribution system (TDS), cloaking, and web tracking technology (e.g. Matomo, Bablosoft) to hide and protect the malicious content. Here are recent examples of the TDS and landing page domains. :::TDS + Cloaking::: am4[.]myidmcrack[.]site bjnhuy[.]shop filefetch[.]click mplopop[.]shop oyoclean[.]sbs psldi3z[.]com readyf1[.]click volopi[.]cfd :::Landing Page::: 14redirect[.]cfd downf[.]lol fbfgsnew[.]com icjvueszx[.]com lkjpoisjnil[.]site sikoip[.]cfd zulmie[.]cfd An attack that we investigated today showed a new Lumma Stealer payload and C2 domain that is only a day old. :::Lumma Stealer executable SHA256::: df148680db17e221e6c4e8aed89b4d3623f4a8ad86a3a4d43c64d6b1768c5406 :::Text sites containing Lumma Stealer configuration details::: hXXps://rentry[.]co/feouewe5/raw hXXps://pastebin[.]com/raw/uh1GCpxx :::Newly created Lumma Stealer C2::: hXXps://urbjanjungle[.]tech/api<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/lummastealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lummastealer</a> <a href="https://infosec.exchange/tags/c2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#c2</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/tracker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tracker</a> <a href="https://infosec.exchange/tags/cloaking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloaking</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a>

RedPacket SecurityOpenAI Account Breach Claim Debunked by Researchers - <a href="https://www.redpacketsecurity.com/openai-was-not-breached-say-researchers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/openai-was-not-breached-say-researchers/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenAI</a> <a href="https://mastodon.social/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infostealer</a> <a href="https://mastodon.social/tags/breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#breach</a>

Kevin Beaumont8base ransomware group has apparently been seized or done an exit scam.Two of its Tor portals say "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg"They had been hitting some high profile targets in recent times.HT <a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cR0w</a> <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://cyberplace.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

Kevin BeaumontThe US Treasury Department has put out a cyber threat intelligence briefing saying "Continued access to any payment systems by DOGE members, even 'read only,' likely poses the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced." <a href="https://www.wired.com/story/treasury-bfs-doge-insider-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/treasury-bfs-doge-insider-threat/</a><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

ReynardSecEver seen a single QR code that can lead you to two different URLs? 🤯Christian Walther just demoed that. He merged two QR codes in such a way that each “pixel” can be interpreted as black or white, depending on angle, focus settings, or even plain luck. Same device, same scanner - yet sometimes you get <a href="https://mstdn.social/@isziaui" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mstdn.social/@isziaui</a>, other times it’s <a href="https://github.com/cwalther" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cwalther</a>.While this is currently just a wicked proof-of-concept, it’s a red flag for possible future scamsCheck full thread: <a href="https://mstdn.social/@isziaui/113874436953157913" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mstdn.social/@isziaui/113874436953157913</a><a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialengineering</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#programming</a>

Thomas Roccia :verified:🤓 Quick interesting tool for data extraction with LLM.Extract Thinker is a document intelligence tool to extract and classify structured data from documents, like an Object-Relational Mapping system for document processing workflows.Pretty useful if you need to process a variety of data in threat intelligence.Check the code below for IOC extractions. 👇➡️ <a href="https://enoch3712.github.io/ExtractThinker/getting-started/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://enoch3712.github.io/ExtractThinker/getting-started/</a><a href="https://infosec.exchange/tags/genai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#genai</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/dataextraction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataextraction</a> <a href="https://infosec.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#llm</a>

RedPacket SecurityCyber Inequity Grows Amid Increasing Cyberspace Complexities - <a href="https://www.redpacketsecurity.com/wef-warns-of-growing-cyber-inequity-amid-escalating-complexities-in-cyberspace/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/wef-warns-of-growing-cyber-inequity-amid-escalating-complexities-in-cyberspace/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/inequity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#inequity</a> <a href="https://mastodon.social/tags/geopolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#geopolitics</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Gesellschaft für Informatik eV📅 Event-Tipp für <a href="https://mas.to/tags/Frankfurt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Frankfurt</a>: Wie steht es 2025 um <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>? Wie agieren verschiedene Angreifer – und wie können wir uns effektiv schützen?Um diese Fragen dreht sich ein Workshop unserer Fachgruppe Management von Informationssicherheit. Denn mehr denn je gilt: „Die Frage ist nicht, ob, sondern wann ein Angriff erfolgt.“Die Anmeldung ist kostenlos, auch für Noch-nicht-Mitglieder: <a href="https://fg-secmgt.gi.de/veranstaltung/aktueller-stand-von-cybersecurity-defence-und-der-bekaempfung-von-cyber-kriminalitaet" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://fg-secmgt.gi.de/veranstaltung/aktueller-stand-von-cybersecurity-defence-und-der-bekaempfung-von-cyber-kriminalitaet</a><a href="https://mas.to/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://mas.to/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsec</a> <a href="https://mas.to/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mas.to/tags/WirSindInformatik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WirSindInformatik</a>

RedPacket Security€15 Million Fine Imposed on OpenAI by Italy's Data Protection Authority Over ChatGPT Violations - <a href="https://www.redpacketsecurity.com/italy-s-data-protection-watchdog-issues-15m-fine-to-openai-over-chatgpt-probe/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/italy-s-data-protection-watchdog-issues-15m-fine-to-openai-over-chatgpt-probe/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenAI</a> <a href="https://mastodon.social/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> <a href="https://mastodon.social/tags/data_protection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data_protection</a>

Kevin BeaumontThe Polyfill.io domain and sub domains have been nuked from orbit. <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

Kevin BeaumontThe researchers who found the Polyfill supply chain attack are being DDoS’d <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

Kevin BeaumontCan’t find my thread to update it, but after a Chinese company acquired Polyfill.io last year (embedded in over 100k websites), it has started serving malware to users of said websites - prepare to be surprised. <a href="https://sansec.io/research/polyfill-supply-chain-attack" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sansec.io/research/polyfill-supply-chain-attack</a><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

RandyPut out a fresh analysis of <a href="https://infosec.exchange/tags/ClearFake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ClearFake</a>. It has some new features.<ul><li>A fake “How to fix” user experience</li><li>Instead of a download, they convince the user to copy/paste malicious Powershell</li><li>Very curious delayed 2-10 day go-live for infected websites</li></ul><a href="https://rmceoin.github.io/malware-analysis/2024/05/07/clearfake2.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://rmceoin.github.io/malware-analysis/2024/05/07/clearfake2.html</a><a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a>

Kevin BeaumontLockBit are claiming they have hit Deutsche Telekom <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://cyberplace.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

Recent searches

Search options

Administered by:

Server stats:

#threatintel