On this DISCARDED episode, we uncover real-world detection wins, explore persistent threats like #TA505 and #Emotet, and dive into the importance of instincts in cybersecurity...
Because, as our guest puts it, sometimes good detection is all about the vibes. https://www.proofpoint.com/us/podcasts/hiding-in-plain-sight
In their most recent campaign, TA505 introduced a new weapon in their arsenal: the Remote Manipulator System (RMS) tool.
#TA505 #Cybersecurity #HackerGroup #Phishing #Ransomware #RMS
Another week, another newsletter - catch up on the week's infosec news here:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.
#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.
#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign
#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?
The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.
Have a great week ahead folks, I hope this newsletter proves helpful!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423
#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD
[Threatview.io]🌀 Our proactive hunter detected malicious #zoom download site distributing #TA505 malware
⚠️zoomapp[.]tech
🚫c2: download-cdn[.]com
⚙️tria.ge/230123-hmkksad…
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.
Threat Insight
Uncle Joe
Freemind
GripNews
Opalsec 
Malwar3Ninja | Threatview.io
ITSEC News
dispatch
OPSEC Cybersecurity News Live