Carsten O. π― ππ»Bunt hier bei den schwarzen Massen!!
CyberNetsecIOπ° SharePoint Flaw Chain Exploited to Deploy Warlock Ransomware
Ransomware alert: Storm-2603 exploits SharePoint flaws (CVE-2025-49706) to deploy Warlock ransomware. Attackers abuse the legitimate DFIR tool 'Velociraptor' to evade detection. Patch SharePoint now! β οΈ #Ransomware #SharePoint #LotL
HabrLiving off the Land: ΠΠ°ΠΊ Π»Π΅Π³ΠΈΡΠΈΠΌΠ½ΡΠ΅ ΡΡΠΈΠ»ΠΈΡΡ ΡΡΠ°Π»ΠΈ ΠΎΡΡΠΆΠΈΠ΅ΠΌ Π² ΡΡΠΊΠ°Ρ Ρ Π°ΠΊΠ΅ΡΠΎΠ² Π½Π° ΠΏΡΠΈΠΌΠ΅ΡΠ΅ Rare Werewolf
Π ΠΌΠΈΡΠ΅ ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΠΆΠ΅ Π½Π΅ ΠΏΠ΅ΡΠ²ΡΠΉ Π³ΠΎΠ΄ Π½Π°Π±ΠΈΡΠ°Π΅Ρ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΠΎΡΡΡ ΡΠ°ΠΊΡΠΈΠΊΠ° Β«Living off the LandΒ» (LOTL) β Β«ΠΆΠΈΠ²ΡΡΠΈΠ΅ Π·Π° ΡΡΡΡ Π·Π΅ΠΌΠ»ΠΈΒ». ΠΡ ΡΡΡΡ Π·Π°ΠΊΠ»ΡΡΠ°Π΅ΡΡΡ Π² ΡΠΎΠΌ, ΡΡΠΎΠ±Ρ ΠΌΠ°ΠΊΡΠΈΠΌΠ°Π»ΡΠ½ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π»Π΅Π³ΠΈΡΠΈΠΌΠ½ΠΎΠ΅ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠ΅ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΠ΅ ΠΈ Π²ΡΡΡΠΎΠ΅Π½Π½ΡΠ΅ ΡΡΠ½ΠΊΡΠΈΠΈ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΡ Π΄Π»Ρ Π΄ΠΎΡΡΠΈΠΆΠ΅Π½ΠΈΡ Π·Π»ΠΎΠ½Π°ΠΌΠ΅ΡΠ΅Π½Π½ΡΡ ΡΠ΅Π»Π΅ΠΉ. ΠΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ°ΠΌ ΡΡΡΠ΅ΠΊΡΠΈΠ²Π½ΠΎ ΠΌΠ°ΡΠΊΠΈΡΠΎΠ²Π°ΡΡΡΡ Π½Π° Π·Π°ΡΠ°ΠΆΡΠ½Π½ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΠ΅, Π²Π΅Π΄Ρ Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌ Π²ΡΠΎΠ΄Π΅ curl.exe, AnyDesk.exe ΠΈΠ»ΠΈ ΡΡΡΠ°Π½ΠΎΠ²ΡΠΈΠΊΠ° WinRAR ΡΠ΅Π΄ΠΊΠΎ Π²ΡΠ·ΡΠ²Π°Π΅Ρ ΠΏΠΎΠ΄ΠΎΠ·ΡΠ΅Π½ΠΈΡ Ρ ΡΡΠ΄ΠΎΠ²ΡΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ ΠΈ Π΄Π°ΠΆΠ΅ Ρ Π½Π΅ΠΊΠΎΡΠΎΡΡΡ ΡΠΈΡΡΠ΅ΠΌ Π·Π°ΡΠΈΡΡ. ΠΠ°Π²Π°ΠΉΡΠ΅ Π΄Π΅ΡΠ°Π»ΡΠ½ΠΎ ΡΠ°Π·Π±Π΅ΡΡΠΌ ΠΎΠ΄ΠΈΠ½ ΠΈΠ· ΡΡΠΊΠΈΡ ΠΏΡΠΈΠΌΠ΅ΡΠΎΠ² ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ΡΡΠΎΠΉ ΡΠ°ΠΊΡΠΈΠΊΠΈ, ΡΡΠΎΠ±Ρ Π½Π°Π³Π»ΡΠ΄Π½ΠΎ ΡΠ²ΠΈΠ΄Π΅ΡΡ, ΠΊΠ°ΠΊ Π±Π΅Π·ΠΎΠ±ΠΈΠ΄Π½ΡΠ΅, Π½Π° ΠΏΠ΅ΡΠ²ΡΠΉ Π²Π·Π³Π»ΡΠ΄, ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΡ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ ΠΏΡΠ΅Π²ΡΠ°ΡΠ΅Π½Ρ Π² ΠΌΠΎΡΠ½ΠΎΠ΅ ΠΎΡΡΠΆΠΈΠ΅ Π΄Π»Ρ ΡΠ΅Π»Π΅Π²ΠΎΠΉ Π°ΡΠ°ΠΊΠΈ. ΠΡΠ΅ΠΌ ΠΏΡΠΈΠ²Π΅Ρ! ΠΠ΅Π½Ρ Π·ΠΎΠ²ΡΡ ΠΠ»Π΅ΠΊΡΠ°Π½Π΄Ρ, Ρ Π²ΠΈΡΡΡΠ½ΡΠΉ Π°Π½Π°Π»ΠΈΡΠΈΠΊ ΠΈ ΡΠ΅Π²Π΅ΡΡ-ΠΈΠ½ΠΆΠ΅Π½Π΅Ρ. ΠΠΎΠ΄ΠΏΠΈΡΡΠ²Π°ΠΉΡΠ΅ΡΡ Π½Π° ΠΌΠΎΠΉ ΡΠ³-ΠΊΠ°Π½Π°Π» - ΡΠ°ΠΌ ΠΌΠ½ΠΎΠ³ΠΎ ΠΏΠΎΠ»Π΅Π·Π½ΠΎΠ³ΠΎ ΠΊΠΎΠ½ΡΠ΅Π½ΡΠ°. ΠΠΎΠ΄Π½ΡΡΡ Π·Π°Π½Π°Π²Π΅Ρ Π°ΡΠ°ΠΊΠΈ
https://habr.com/ru/articles/967934/
#Π°Π½Π°Π»ΠΈΠ·_Π²ΡΠ΅Π΄ΠΎΠ½ΠΎΡΠΎΠ² #ΡΠ΅Π²Π΅ΡΡΠΈΠ½ΠΆΠΈΠ½ΠΈΡΠΈΠ½Π³ #Librarian_Ghouls #Rare_Werewolf #living_off_the_land #lotl #malware_analysis #ΡΡΠΎΡΠ½ #ΡΡΠΈΠ»Π΅Ρ #ΡΠΏΠ°ΠΊΠΎΠ²ΡΠΈΠΊ
Living off the Land: ΠΠ°ΠΊ Π»Π΅Π³ΠΈΡΠΈΠΌΠ½ΡΠ΅ ΡΡΠΈΠ»ΠΈΡΡ ΡΡΠ°Π»ΠΈ ΠΎΡΡΠΆΠΈΠ΅ΠΌ Π² ΡΡΠΊΠ°Ρ Ρ Π°ΠΊΠ΅ΡΠΎΠ² Π½Π° ΠΏΡΠΈΠΌΠ΅ΡΠ΅ Rare Werewolf
Π ΠΌΠΈΡΠ΅ ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΠΆΠ΅ Π½Π΅ ΠΏΠ΅ΡΠ²ΡΠΉ Π³ΠΎΠ΄ Π½Π°Π±ΠΈΡΠ°Π΅Ρ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΠΎΡΡΡ ΡΠ°ΠΊΡΠΈΠΊΠ° Β«Living off the LandΒ» (LOTL) β Β«ΠΆΠΈΠ²ΡΡΠΈΠ΅ Π·Π° ΡΡΡΡ Π·Π΅ΠΌΠ»ΠΈΒ». ΠΡ ΡΡΡΡ Π·Π°ΠΊΠ»ΡΡΠ°Π΅ΡΡΡ Π² ΡΠΎΠΌ, ΡΡΠΎΠ±Ρ ΠΌΠ°ΠΊΡΠΈΠΌΠ°Π»ΡΠ½ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π»Π΅Π³ΠΈΡΠΈΠΌΠ½ΠΎΠ΅...
AyamasaI had to cut this one down a bit too because it didn't even fit in the GD frame, nvm the mounting board. However it fits in much better than the card because the text isn't really necessary. I might change the picture out at one point but I really like this look and photograph. Not sure if it was the photographer they use now, but he takes amazing photos. The lighting is always so nice.
#LordOfTheLost #LotL #musicartwork #photography
#LordOfTheLost #LotL #musicartwork #photography
Heute gibtβs was auf die Ohren.
π€
#dusseldorf #MitsubishiElectricHalle #LOTL #LordOfTheLost #Feuerschwanz
Klaas and Benji have their collage pages done. I haven't done the drawing pages yet cos I can't really focus enough at the moment but hopefully soon.
Bits of an old calendar, some crepe wrapping paper, the Japanese napkins and some stickers my friend sent me. And ofc the lyric strips thanks to my charity shop typewriter:)
#scrapbooking #lotl #lordofthelost
Bits of an old calendar, some crepe wrapping paper, the Japanese napkins and some stickers my friend sent me. And ofc the lyric strips thanks to my charity shop typewriter:)
#scrapbooking #lotl #lordofthelost
ANY.RUNπ¨βπ» Evasive #malware is on the rise, and in our latest webinar, #ANYRUN experts revealed how to detect #phishkits, #ClickFix, and #LOTL attacks.
These methods help SOC teams cut triage time, gain better threat visibility, and respond faster.
Two days sleeping/bed rotting after a relatively ok Saturday...things not been very good tbh but I managed to just do the centrefold of my #lotl journal.
Nearly had a meltdown trying to get the paper into my typewriter before - after twenty minutes - realising I was actually putting it in the wrong place.
#scrapbooking #lordofthelost #journal
Nearly had a meltdown trying to get the paper into my typewriter before - after twenty minutes - realising I was actually putting it in the wrong place.
#scrapbooking #lordofthelost #journal
Being off work has freed up my brain and I've been able to make more and draw more. Let's see how it continues when I go back.
Obsessed with Kim Kitsuragi from Disco Elysium, despite having only played Day 1 so far...kinda scared to carry on because it seems like it's gonna be really intense and I will be sad when it's over, like RDR2. Mixture of the quiet kindness and patience with the sexy voice I think. Plus I think he likes notebooks and I think that's cute.
#discoelysium #kimkitsuragi #lotl
Obsessed with Kim Kitsuragi from Disco Elysium, despite having only played Day 1 so far...kinda scared to carry on because it seems like it's gonna be really intense and I will be sad when it's over, like RDR2. Mixture of the quiet kindness and patience with the sexy voice I think. Plus I think he likes notebooks and I think that's cute.
#discoelysium #kimkitsuragi #lotl
SOC GoulashMorning, cyber pros! It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a nasty WhatsApp zero-day, some clever abuse of forensic tools for C2, and a new infostealer campaign leveraging fake PDF editors. Let's dive in:
Actively Exploited Zero-Days in WhatsApp and Apple β οΈ
- WhatsApp has patched CVE-2025-55177, a vulnerability in its iOS and macOS apps, which may have been exploited in the wild.
- This flaw, related to insufficient authorisation of linked device sync messages, is believed to have been chained with Apple's CVE-2025-43300, an ImageIO out-of-bounds write, for targeted zero-click attacks.
- Amnesty International confirmed WhatsApp notified targeted individuals, including civil society members, suggesting an advanced spyware campaign. Users should factory reset and keep all software updated.
π€ The Hacker News | https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html
New Tradecraft: Velociraptor Abuse, Teams Phishing, and Infostealer Campaigns π‘οΈ
- Threat actors are evolving their living-off-the-land tactics by abusing legitimate tools like Velociraptor, an open-source forensic platform, to establish C2 tunnels and deploy Visual Studio Code.
- We're also seeing a rise in Microsoft Teams phishing, where attackers impersonate IT help desks to deliver remote access tools and PowerShell payloads for credential theft and RCE, bypassing traditional email defences.
- A new infostealer, "TamperedChef," is being distributed via fraudulent PDF editing apps promoted through Google ads, with the malicious payload activated days after installation to evade initial detection. Some of these apps also turn user systems into residential proxies.
π€ The Hacker News | https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/
#CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #Vulnerability #WhatsApp #Apple #Malware #Infostealer #Velociraptor #MicrosoftTeams #Phishing #SocialEngineering #LotL #IncidentResponse
