James_inthe_boxhttps://ssa-sharing\.cloud
https://app.any.run/tasks/dd8cfd7b-63ef-49b3-8fcc-3f8efb1bd51a
Olly 👾Fake Zoom, Teams Meeting Invites use Compromised Certificates to Drop Malware.
A new wave of phishing attacks is hitting office workers where they feel safest- their daily meeting invites. Instead of using obvious malware, threat actors are now using stolen digital certificates to trick computers into trusting malicious files.
⁉️According to researchers from the Microsoft Defender Security Research Team, these attacks involve highly convincing fake updates for apps like Zoom, Microsoft Teams, and Adobe Reader.⁉️
#zoom #microsoft #teams #adobe #reader #phishing #attacks #rmm #backdoors #it #security #privacy #engineer #media #infosec #tech #news
RedPacket SecuritySigned malware impersonating workplace apps deploys RMM backdoors - https://www.redpacketsecurity.com/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/
#threatintel
#phishing
#signed-malware
#TrustConnect Software
#RMM-backdoor
#ScreenConnect-backdoor
InfoSecSherpaEvery tech choice has a cost. You pay for infrastructure to avoid downtime, #RMM to scale, and security to keep clients. But if your email security creates more work than it saves—or fails to stop breaches—it’s no longer an investment. It’s a tax on your business!
"The Relationship Tax: What Staying With Your SEG Is Really Costing Your #MSP"
https://cybersec.ironscales.com/s/the-relationship-tax-what-staying-with-your-seg-is-really-costing-your-msp-25417
The Cyber UncNew by me: I’ve been seeing a spike in unwanted apps (PUPs/adware) sneaking onto client endpoints, so I built a practical workaround when allowlisting tools aren’t in the budget.
This post walks through:
✅ a PowerShell cleanup script (Audit vs Remediate)
✅ a JSON “bad app” list you can update over time
✅ how to automate it in your RMM (with a Kaseya VSA X example)
✅ why I avoid Win32_Product and how the fallback config works
MSPs: this is endpoint hygiene, not magic, but it’s consistent and scalable.
#MSP #PowerShell #RMM #Windows #Cybersecurity #EndpointSecurity #Kaseya
Martin ReitsmaWho's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
Who's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
#Fakeenterprisesoftware #Rmm
https://opr.news/30bfb55c260220en_us?link=1&client=ex_global
Download Now
https://opr.as/share
Who's watching who? Experts reveal criminals using fake enterprise software to gain access to company systems
Someone put in a lot of effort to hide a RAT in plain sight Proofpoint uncovered fake RMM tool “TrustConnect” built as cover for RAT malware Criminals created website, paid for certificate, tricking firms into $300/month subscriptions Tool gave attackers full remote control; linked to Redline infostealer customer
Manuel BisseyRMM abuse is exploding as hackers ditch traditional malware — living off legit remote tools to stay under the radar. When admin tools turn rogue, visibility is everything. 🛠️⚠️ #RMM #Malware
https://www.darkreading.com/application-security/rmm-abuse-explodes-hackers-ditch-malware
TechNadu🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions
Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access
The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.
Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.
Are you correlating RMM installations with VPN authentication anomalies?
Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.
#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel
So I made a mistake this weekend in our environment that caused me to get a call from our SOC at 1am yesterday morning. 😣
Post incoming.