ClickFix-Variante nutzt WebDAV und trojanisierte Electron-App zur Malware-Verteilung

Entdeckt wurde die Aktivität ausschließlich durch gezieltes Threat Hunting – automatisierte Sicherheitskontrollen schlugen zu keinem Zeitpunkt Alarm.

https://www.all-about-security.de/clickfix-variante-nutzt-webdav-und-trojanisierte-electron-app-zur-malware-verteilung/

#threathunter #threat #clickfix #app #malware

Inside the Mind of a Cybersecurity Threat Hunter:

- Part 1: https://corelight.com/blog/confronting-initial-access-techniques

- Part 2: https://corelight.com/blog/newsroom/news/persistence-techniques

- Part 3: https://corelight.com/blog/detecting-lateral-movement-and-evasion

#soc #threathunter

ATT&CK-Updates im Blick behalten: Neue Funktionen für Sync & Mappings Editor

Damit Sicherheitsverantwortliche, Threat Hunter und Incident Responder nicht den Anschluss verlieren, hat MITRE zwei zentrale Werkzeuge überarbeitet: ATT&CK Sync und den Mappings Editor. Beide sollen helfen, Mappings schneller zu aktualisieren – und damit eine moderne, bedrohungsorientierte Verteidigung zu gewährleisten.

https://www.all-about-security.de/attck-updates-im-blick-behalten-neue-funktionen-fuer-sync-mappings-editor/

#att&ck #mitre #incidentresponse #threat #threathunter

Is your State Government running game (zerzetsung) on you?

Call the #threathunter

https://www.huntress.com/why-huntress/managed-security-demgen-lp?utm_source=google&utm_medium=cpc&utm_campaign=google-mofu-na-demgen-prospecting-x-eng-x-edr&hnt=17zmhg1ctq89&utm_term=&campaignid=21818422236&adgroupid=174720756168&adid=717706495614&hsa_acc=7071168637&hsa_cam=21818422236&hsa_grp=174720756168&hsa_ad=717706495614&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_src=&hsa_tgt=&hsa_ver=3&gad_source=2&gad_campaignid=21818422236&gbraid=0AAAAABmU8LTmJT8Y_ui3O8X7jX_yIfeXA&gclid=CjwKCAjwjffHBhBuEiwAKMb8pCXx6vPRu0AP2LJ9SpRRrSjVYOTsOtsN8tljMr2ecN1vd7Br2YKxEhoCiBAQAvD_BwE

New post in the Logwatcher's Zenit category has been published. It's the first part about how VS Code is a great tool for Cyberthreat Analysts. We're starting with key commands to speed up the workflow.

#threathunter #threathunting #threatanalysis #cybersecurity #blog

https://threathunter-chronicles.medium.com/logwatchers-zenit-01-vs-code-for-analysts-part-1-b7ead9123ed9

“While human investigations tend to have a more strategic aim, dropping metaphorical anvils on internet infrastructure that poses a threat to users is only a fraction of the process.”

👨‍💻 Join one of Spamhaus' threat investigators as he reflects on the role of human investigation in the fight against Internet abuse and the reality of dealing with the weird world and quirks of cyber criminals.

Read the blog here:
https://www.spamhaus.org/resource-hub/investigations/between-input-and-output-the-enigma-of-being-a-spamhaus-threat-investigator/

#ThreatInvestigator #ThreatHunter #WeirdWorld #Cybercrime #InternetAbuse #CyberInvestigations #Spamhaus #TrustAndSafety #ThreatIntel #ThreatIntelligence #ThreatHunting

🌐 Every online interaction, every click, every message involves a domain and IP address. By submitting malicious activity you have the potential to effect change and contribute to a safer internet for millions 🛡️👫

Learn more about Spamhaus and how IP and domain data is used 🔽
https://submit.spamhaus.org/resources/why-submit

💪 Let’s make a difference together, one submission at a time!

#ThreatIntel #IP #Domains #Malware #EffectChange #ThreatHunter #infoSec #Community #ThreatResearch

🕵️​ Spamhaus researchers are observing a phishing scam imitating USAA - financial services for military personnel and veterans - sent from hijacked ISP accounts.

🔗​ The scammers are using link shortening services like bitly.ws and u.to to carry out their malicious deeds…and while it’s not always rocket science to spot a phishing attempt 🎣​, it’s alarming how these fraudsters can craft seemingly genuine emails.

We’ll let you hazard a guess at which one we are talking about!

❗​Stay vigilant, always check the from address, never follow suspicious links, and always use your bookmarked links.

And please submit any phishing scams you receive to the Threat Intel Community below 👇​👇​
https://submit.spamhaus.org

#Phishing #PhishOfTheWeek #ThreatIntel #ThreatHunter #ThreatIntelligence #SecurityResearch #CyberThreats

🎉​ And we’re on Mastodon!

If you’re new to The Spamhaus Project, check out our bio above 🔝​

Ultimately, we’re here to build a community. A community of like-minded individuals, who want to make the internet a safer place. On Mastodon, we’ll be sharing latest threat intelligence from our researchers and threat hunters, and we’d like to invite you to do the same….

Earlier this month, we launched our Threat Intel Community, giving anyone the ability to submit malicious domains, IPs, email source codes, or URLs to Spamhaus through our user-friendly portal.

If you’re curious to know more, read this blog:
https://www.spamhaus.org/news/article/821/want-to-submit-data-be-our-guest

Or visit the Threat Intel Community here:
https://submit.spamhaus.org

#ThreatHunter #ThreatIntelligence #SecurityResearch #Phishing #Malware #Botnets #CyberThreats

If you're involved in #cybersecurity and #threathunting, @ActiveCountermeasures has a free 6-hour training course this Tuesday on how to use their AC-Hunter #linux #virtualmachine. They include everything needed ahead of time from presentation slides to lab downloads. Let me know if you'll be there!

#infosec #c2 #commandandcontrol #threathunter #cyberthreats #cyber #ubuntu

https://www.activecountermeasures.com/hunt-training/