The conflict between Israel and Hamas is happening online as well as on the ground – with phishing attacks and hacking efforts targeting civilians on both sides.
Generative AI is not just teaching cyber bad guys new tricks — it’s also making it easier for anyone to become a bad guy, according to Cybersecurity and Infrastructure Security Agency (CISA) chief Jen Easterly.
“I look at AI: how fast it’s moving, how unpredictable it is, how powerful it is,” Easterly told @AxiosNews. “I think it’ll make people who are less sophisticated actually better at doing some of the bad things that they want to do.” Here’s more from the interview.
The focus of the third part of Elastic's "Dissecting #REMCOS#RAT: An in-depth analysis of a widespread 2024 malware" is all about the command and control (C2) configuration and commands. Looking at the long list of capabilities, it is easy to see why this is a formidable malware indeed. Some of the commands that can be issued control the persistence between two registry run keys, can enable key logging, it can disable the User Account Control (UAC) within the registry and much more. I really don't have enough space or time to list everything that it is capable of, you just have to check it out yourself!
One of the TTPs and Behaviors that shows up time and time again when it comes to persistence is the abuse of the AutoRun registry key locations. In this instance, we see that the Remcos rat can modifies the CurrentVersion\Run keys in both the HKCU and HKLM hive. As always, if we can help we do! Cyborg Security has a community hunt package that captures this activity as well as other registry run locations. Enjoy and Happy Hunting!
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000.
All this and much much more is discussed in the latest edition of the @smashingsecurity podcast with yours truly and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.
Jumping around a bit because that is just how my brain works! But, here is Elastic's part two of their "Dissecting #REMCOS#RAT: An in-depth analysis of a widespread 2024 malware" series. This episode they focus on the watchdog, keylogger, and screen and audio recording capabilities and much more! The technical details here are amazing and I can't wait to finish the rest of the series!
Enjoy and Happy Hunting!
“We take the privacy and confidentiality of your information seriously.”
TRANSLATION:
“Every time we have a data breach we’ll let you know about it! Mainly ‘cuz we are required to in order to minimize our legal liability… and of course after we’ve consulted with our legal firm and our new 3rd party incident response vendor.”
A malicious lookalike domain for Scotiabank Canada scotiabankcanada-auth[.]com was recently registered 5/5/2024. This domain features a landing page with a reCAPTCHA that changes languages depending on the user's geolocation. It resolves to a Russian IP 141[.]8[.]193[.]14 hosting a number of other malicious lookalikes for Scotiabank, the Royal Bank of Canada, and Telus Mobility. These domains appear to be used for phishing. auth-scotiaonline-scotiabank-secure[.]com previously resolved to a page imitating the Scotiabank login page shown in the screenshot below.
📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️
Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.
Using a 16 character password seems to work. Everything else above does not always work.
Also, passwords that are too long are still changed, so you have to reset them by email.
Confidential and highly critical logs packed with credentials
SMTP Access
PAuth Pointer Auth Access
SSL Passkeys & SSL Certificates
some others (will be on contact)
Price: $20K in XMR or ETH
Middleman / Escrow accepted (Auto Escrow or @Baphomet
)
Message me on the forums for a point of contact.
Proof of funds is required.
I am only selling to reputable members. No time wasters or default rank users.
I am flattered that I have the opportunity to present my 2-day training "A Beginner's Guide To Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" again at Black Hat USA 2024 and that early bird registration is open and you have two opportunities to take the course!
Day 1 begins with a theory section where we discuss resources and models that can help aid our threat hunting from both an intel and communication perspective. We then move to a section that covers how to extract artifacts from an intel report and how to make those artifacts actionable. Then we create some hypotheses and test them against a set of data to see what we can find.
Day 2 will put all the theory and applications to the test where the students will break into teams, process another intel report, create hypotheses, and hunt again!
Last year was a lot of fun and we receive high ratings, so we hope you can join us again this year for the fun! I hope to see you there, but until then, Happy Hunting!