home.social

Search

179 results for “siderolabs”

  1. Crypto News @[email protected] ·

    Trustwave Spiderlabs Researchers Warn of New Strain of Malware That Drains Crypto Funds - According to researchers at Trustwave Spiderlabs, a strain of malware known as Ril... - news.bitcoin.com/trustwave-spi #phishingattacks #wojciechcieslak #cybersecurity #pawelknapczyk #cybercrimes #security #malware

    #malware #security #cybercrimes #pawelknapczyk #cybersecurity #wojciechcieslak
  2. Crypto News @[email protected] ·

    Trustwave Spiderlabs Researchers Warn of New Strain of Malware That Drains Crypto Funds - According to researchers at Trustwave Spiderlabs, a strain of malware known as Ril... - news.bitcoin.com/trustwave-spi #phishingattacks #wojciechcieslak #cybersecurity #pawelknapczyk #cybercrimes #security #malware

    #malware #security #cybercrimes #pawelknapczyk #cybersecurity #wojciechcieslak
  3. Crypto News @[email protected] ·

    Trustwave Spiderlabs Researchers Warn of New Strain of Malware That Drains Crypto Funds - According to researchers at Trustwave Spiderlabs, a strain of malware known as Ril... - news.bitcoin.com/trustwave-spi #phishingattacks #wojciechcieslak #cybersecurity #pawelknapczyk #cybercrimes #security #malware

    #phishingattacks #wojciechcieslak #cybersecurity #pawelknapczyk #cybercrimes #security
  4. Crypto News @[email protected] ·

    Trustwave Spiderlabs Researchers Warn of New Strain of Malware That Drains Crypto Funds - According to researchers at Trustwave Spiderlabs, a strain of malware known as Ril... - news.bitcoin.com/trustwave-spi #phishingattacks #wojciechcieslak #cybersecurity #pawelknapczyk #cybercrimes #security #malware

    #malware #security #cybercrimes #pawelknapczyk #cybersecurity #wojciechcieslak
  5. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @[email protected] ·

    LevelBlue's SpiderLabs uncovers how attackers abuse Blob URLs in HTML smuggling to deliver sneaky phishing pages—like fake AmEx sites—bypassing email scanners and security tools. JavaScript decodes Base64-hidden HTML client-side for stealthy attacks. Stay vigilant! 🔒🕵️ #Cybersecurity #Phishing #HTMLSmuggling levelblue.com/blogs/spiderlabs

    mas.to/@nemo/115724156463085920

    #htmlsmuggling #phishing #cybersecurity
  6. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @[email protected] ·

    LevelBlue's SpiderLabs uncovers how attackers abuse Blob URLs in HTML smuggling to deliver sneaky phishing pages—like fake AmEx sites—bypassing email scanners and security tools. JavaScript decodes Base64-hidden HTML client-side for stealthy attacks. Stay vigilant! 🔒🕵️ #Cybersecurity #Phishing #HTMLSmuggling levelblue.com/blogs/spiderlabs

    mas.to/@nemo/115724156463085920

    #htmlsmuggling #phishing #cybersecurity
  7. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @[email protected] ·

    LevelBlue's SpiderLabs uncovers how attackers abuse Blob URLs in HTML smuggling to deliver sneaky phishing pages—like fake AmEx sites—bypassing email scanners and security tools. JavaScript decodes Base64-hidden HTML client-side for stealthy attacks. Stay vigilant! 🔒🕵️ #Cybersecurity #Phishing #HTMLSmuggling levelblue.com/blogs/spiderlabs

    mas.to/@nemo/115724156463085920

    #htmlsmuggling #phishing #cybersecurity
  8. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @nemo ·

    LevelBlue's SpiderLabs uncovers how attackers abuse Blob URLs in HTML smuggling to deliver sneaky phishing pages—like fake AmEx sites—bypassing email scanners and security tools. JavaScript decodes Base64-hidden HTML client-side for stealthy attacks. Stay vigilant! 🔒🕵️ levelblue.com/blogs/spiderlabs

    mas.to/@nemo/115724156463085920

    #htmlsmuggling #phishing #cybersecurity
  9. :awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉 @[email protected] ·

    LevelBlue's SpiderLabs uncovers how attackers abuse Blob URLs in HTML smuggling to deliver sneaky phishing pages—like fake AmEx sites—bypassing email scanners and security tools. JavaScript decodes Base64-hidden HTML client-side for stealthy attacks. Stay vigilant! 🔒🕵️ #Cybersecurity #Phishing #HTMLSmuggling levelblue.com/blogs/spiderlabs

    mas.to/@nemo/115724156463085920

    #htmlsmuggling #phishing #cybersecurity
  10. Pyrzout :vm: @[email protected] ·

    New Eternidade Stealer Uses WhatsApp to Steal Banking Data hackread.com/eternidade-steale #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

    #eternidadestealer #spiderlabs #smsishing #trustwave #security #whatsapp
  11. Pyrzout :vm: @[email protected] ·

    New Eternidade Stealer Uses WhatsApp to Steal Banking Data hackread.com/eternidade-steale #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

    #eternidadestealer #spiderlabs #smsishing #trustwave #security #whatsapp
  12. Pyrzout :vm: @[email protected] ·

    New Eternidade Stealer Uses WhatsApp to Steal Banking Data hackread.com/eternidade-steale #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

    #eternidadestealer #spiderlabs #smsishing #trustwave #security #whatsapp
  13. Pyrzout :vm: @[email protected] ·

    New Eternidade Stealer Uses WhatsApp to Steal Banking Data hackread.com/eternidade-steale #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

    #scam #fraud #trojan #brazil #banking #malware
  14. The Threat Codex @[email protected] ·

    Tracing Blind Eagle to Proton66
    #BlindEagle
    trustwave.com/en-us/resources/

    #blindeagle
  15. The Threat Codex @[email protected] ·

    Tracing Blind Eagle to Proton66
    #BlindEagle
    trustwave.com/en-us/resources/

    #blindeagle
  16. The Threat Codex @[email protected] ·

    Tracing Blind Eagle to Proton66
    #BlindEagle
    trustwave.com/en-us/resources/

    #blindeagle
  17. The Threat Codex @[email protected] ·

    Tracing Blind Eagle to Proton66
    #BlindEagle
    trustwave.com/en-us/resources/

    #blindeagle
  18. The Threat Codex @[email protected] ·

    Tracing Blind Eagle to Proton66
    #BlindEagle
    trustwave.com/en-us/resources/

    #blindeagle
  19. Saltmyhash @[email protected] ·

    Good article on ErrTraffic TDS with some hunting queries.

    levelblue.com/blogs/spiderlabs

    #errtraffic #tds #threathunting #clickfix

    #errtraffic #tds #threathunting #clickfix
  20. Hackread.com @[email protected] ·

    ⚠️ SuperBlack & WeaXor ransomware, XWorm, Strela Stealer, Android malware, and hacked WordPress sites all linked to Russian host #Proton66, per SpiderLabs.

    Read: hackread.com/russian-host-prot

    #CyberSecurity #CyberCrime #Russia #Ransomware

    #proton66 #cybersecurity #cybercrime #russia #ransomware
  21. The Threat Codex @[email protected] ·

    Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
    #Rockstar2FA #Storm_1575
    trustwave.com/en-us/resources/

    #rockstar2fa #storm_1575
  22. The Threat Codex @[email protected] ·

    Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
    #Rockstar2FA #Storm_1575
    trustwave.com/en-us/resources/

    #rockstar2fa #storm_1575
  23. The Threat Codex @[email protected] ·

    Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
    #Rockstar2FA #Storm_1575
    trustwave.com/en-us/resources/

    #rockstar2fa #storm_1575
  24. Tech Cybersecurity Nieuws @[email protected] ·

    De opkomst van sys01 infostealer: een nieuwe dreiging voor facebook pagina’s en bedrijven trendingtech.news/trending-new #SYS01 Infostealer #Facebook beveiliging #kwaadaardige advertenties #cybercriminaliteit #Trustwave SpiderLabs #Trending #News #Nieuws

    #sys01 #facebook #kwaadaardige #cybercriminaliteit #trustwave #trending
  25. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    Search & Spoof: Abuse of Windows Search to Redirect to Malware

    Date: June 11, 2024
    CVE: Not specified
    Vulnerability Type: URL Redirection to Untrusted Site
    CWE: [[CWE-601]]
    Sources: SpiderLabs Blog

    Synopsis

    A phishing campaign leverages the Windows search protocol via HTML attachments to redirect users to malware, exploiting system vulnerabilities and user behavior.

    Issue Summary

    The campaign starts with a phishing email containing a ZIP-archived HTML file disguised as a routine document. Upon opening, the HTML file exploits the Windows search protocol to execute malicious commands. The file uses a <meta http-equiv="refresh" tag to reload the page and redirect the browser to a new URL, and an anchor tag as a fallback should the browser block the redirect.

    Technical Key Findings

    The attack uses the search: protocol to directly interact with Windows Explorer, directing searches to malicious servers. It involves parameters like query, crumb, displayname, and location, making the malicious activity appear legitimate. The attack concludes with the user being prompted to run a batch script disguised as a shortcut file.

    ![[Figure 5. Search window displaying results after invoking the search query..webp]]

    Vulnerable Products

    The specific vulnerability affects Windows systems that allow search-ms and search URI protocols to execute without adequate validation.

    Impact Assessment

    If exploited, this vulnerability can lead to unauthorized execution of malicious scripts, potentially compromising the user’s system and allowing further malicious activities, such as data theft or additional malware installation.

    Patches or Workaround

    Mitigation involves disabling the search-ms and search URI handlers by deleting associated registry entries with the following commands:

    reg delete HKEY_CLASSES_ROOT\search /f
    reg delete HKEY_CLASSES_ROOT\search-ms /f

    Additionally, security updates for email scanners can detect and block such malicious HTML files.

    Tags

    #Windows #Malware #Phishing #URLRedirection #CyberSecurity #Cloudflare #IPFS #Trustwave

    #windows #malware #phishing #urlredirection #cybersecurity #cloudflare
  26. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    "🛡️ Mitigation Tips Against Stealthy VBA Macros 📝"**

    To protect against these stealthy VBA macros, consider disabling macros in Microsoft Office and restricting execution to trusted sources. 🚫📄

    Educate users about the risks associated with enabling macros and employ robust email gateways for scanning attachments. 🎓📧

    A YARA rule is also available to flag potential threats without relying on PDF header checks. 🚩🔍

    key points:

    Malicious Word Document in a PDF-like Header: The malicious Word document is concealed within a PDF-like header that contains the signature %PDF-1.7, typically associated with PDF files.

    MIME Encapsulation of HTML Documents: Within the fake PDF structure, there is a MIME encapsulation of aggregate HTML documents (MHTML Web Archive) that contains an embedded Base64 encoded ActiveMIME object. ActiveMIME is an undocumented Microsoft file format often used to store VBA Macros.

    Obfuscation Techniques: Various obfuscation techniques are employed to evade detection based on signatures. These include the use of a non-compliant MIME type, fragmentation of Base64 encoded strings, and URL percent-encoded strings to obscure links.

    PDF Header Not Required: Interestingly, the embedded MHT document file doesn't actually require a PDF header. Any text preceding the MHT file allows Microsoft Word to open the document file and execute the malicious macro if enabled.

    Evasion of Signature-Based Detection: This technique can evade signature-based detection systems that specifically scan for a PDF header. The analysis shows a significant difference in detection rates between samples with and without the fake PDF header.

    Mitigation Advice: To protect users from such threats, the summary provides several mitigation recommendations, including configuring Microsoft Office to disable macros by default, restricting macro execution to trusted sources, educating users about macro risks, and using robust email gateways for scanning attachments.

    YARA Rule: A YARA rule is provided to identify potential malicious macros embedded in files without conducting PDF header checking. This rule checks for specific strings and patterns within files to flag potential threats.

    Source: Trustwave SpiderLabs Blog

    Tags: #Cybersecurity #Mitigation #UserEducation #YARARule #Trustwave #SpiderLabs #EmailSecurity 🌐🔐🛡️

    #cybersecurity #mitigation #usereducation #yararule #trustwave #spiderlabs
  27. NorthSec @[email protected] ·

    🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (11/12): "Practical AI Security - Go Beyond Theory: Build, Break, and Defend" 𝗽𝗮𝗿/𝗯𝘆 Harish Ramadoss

    📅 Dates: May 11, 12 and 13, 2026 (3 days)
    📊 Difficulty: Medium
    🖥️ Mode: On-Site

    Description: Learn AI security from first principles with a Build, Break, Defend approach. Build production-grade GenAI applications using LLM APIs, embeddings, RAG pipelines, agentic systems, and MCPs. Attack real applications through prompt injection, sensitive data disclosure, and MCP exploitation. Implement guardrails, MCP gateways for observability, and agentic security patterns. Integrate AI security tooling into your SDLC.

    About the trainer:
    Harish Ramadoss has several years of expertise in Product Security, Red Teaming, and Security Research. Previously, he was a Principal at Trustwave Spiderlabs, where he led their Application Security efforts. He joined Rippling as a founding member of the Security Engineering team and leads their AI Security and Appsec efforts. Harish built DejaVu, an open-source deception platform. He has presented at Black Hat, DEFCON, HITB, and other conferences globally.

    🔗 Training details: nsec.io/training/2026-practica

    #NorthSec #cybersecurity #AI #aisecurity #generativeai

    #northsec #cybersecurity #ai #aisecurity #generativeai
  28. heise online (inoffiziell) @[email protected] ·
    Eine Analyse des BlackByte-Codes zeigt, dass bei Ransomware längst nicht nur Profis am Werk sind. Leere Drohungen und ein Gratis-Werkzeug lassen Opfer aufatmen.
    Ransomware: Entschlüsselung dank Schwäche in "Blackbyte"-Code
    #reverseengineering #malware #ransomware #trustwave #spiderlabs #blackbyte
  29. heise online (inoffiziell) @[email protected] ·
    heise+ | Chinesische Pflichtsoftware mit Malware: Warum "GoldenSpy" kein Einzelfall ist

    Wer in China unternehmerisch tätig ist, kommt um das Installieren regierungsseitig vorgegebener Programme nicht herum – die manchmal mit Malware daherkommen.
    Chinesische Pflichtsoftware mit Malware: Warum "GoldenSpy" kein Einzelfall ist
    #china #spionage #verfassungsschutz #malware #goldenspy #pflichtsoftware