Mastodawn

IFIN - The Independent Federated Intelligence Network 1d ago

We've been tracking this Adobe 0-day in Acrobat Reader. Still no patch from Adobe (and no word on affected versions). Per the discoverer, this attack has been ongoing for months.

https://discourse.ifin.network/t/adobe-0-day-seen-in-the-wild/250

#Adobe #0day #ThreatIntel #IFIN

Adobe 0-day seen in the wild

This is an interesting find. PDF exploits are rare and this one looks to be very targeted. Also "yummy_adobe_exploit_uwu.pdf" is a malware naming convention that reminds me why I love this community. I’m struggling to come up with some good detections for this one though. I was hoping for the process tree behavior but this seems very common with acrobat.exe: ``` Acrobat.exe (PID:6416) “manual.pdf” ├── AdobeCollabSync.exe -c (PID:3520) ├── AdobeCollabSync.exe -c (PID:5424) [stealth_timeo...

IFIN

IFIN - The Independent Federated Intelligence Network 2d ago

CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:

https://discourse.ifin.network/t/hwmonitor-download-compromised/249

#ThreatIntel #IFIN #ThreatIntelligence

HWMonitor Download Compromised

Observable: CPUID Downloads with Malware Observable Type: Supply Chain compromise (?) Details: Users reporting getting a malware executable while downloading HWMonitor software from the official CPUID website A discussion on Reddit from an everyday user, with some analysis in the comments: Reddit - Please wait for verification Some press coverage: https://cybernews.com/security/cpuid-hwmonitor-hwinfo-cpuz-deliver-malware/

IFIN

J. Trent Adams 2d ago

RE: https://infosec.exchange/@ifin/116364140515996363

I'm honored to be the founding Chair of the Board for the Independent Federated Intelligence Network (IFIN)... a nonprofit organization operating a decentralized, federated network (and supporting services) dedicated to the threat intelligence community.

#ifin #osint #threatintel #cybersecurity #infosec

cR0w