sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!
Administered by:
Server stats:
612active users
sigmoid.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
OTX Bot<p>Applications of Snake Keylogger in Geopolitics: Abuse of Trusted Java Utilities in Cybercriminal Activities</p><p>A new phishing campaign using Snake Keylogger, a Russian-origin stealer, has been discovered targeting various victims including corporations, governments, and individuals. The campaign uses spear-phishing emails offering petroleum products, with malicious attachments exploiting the legitimate jsadebugd.exe binary through DLL sideloading to load Snake Keylogger. The attackers are leveraging current geopolitical tensions in the Middle East to expand their reach. The malware steals credentials from browsers and applications, collects system information, and exfiltrates data via SMTP. This campaign marks the first observed malicious use of jsadebugd.exe, indicating evolving tactics to evade detection.</p><p>Pulse ID: 686a64122fafa4b925fb6300<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/686a64122fafa4b925fb6300" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/686a6</span><span class="invisible">4122fafa4b925fb6300</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-06 11:54:58</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browser</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyLogger</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/MiddleEast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MiddleEast</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
mle✨<p>"Censys has made a list of some of the ICS products commonly targeted by Iranian hackers and scanned the internet to determine how widespread they are and whether their owners and operators have taken steps to secure them in recent months."</p><p><a href="https://www.securityweek.com/iranian-hackers-preferred-ics-targets-left-open-amid-fresh-us-attack-warning/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/iranian-hacke</span><span class="invisible">rs-preferred-ics-targets-left-open-amid-fresh-us-attack-warning/</span></a></p><p><a href="https://censys.com/blog/ics-iran-exposure-of-previously-targeted-devices" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">censys.com/blog/ics-iran-expos</span><span class="invisible">ure-of-previously-targeted-devices</span></a></p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ics</span></a></p>
OTX Bot<p>Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware</p><p>A phishing campaign has been identified that exploits Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn. Cybercriminals send phishing emails with links to a malicious page on Vercel, impersonating an Adobe PDF viewer and prompting users to download a disguised executable. Once executed, the malware installs and connects to a LogMeIn server, allowing remote access and control of the compromised machine. Over 28 distinct campaigns targeting more than 1,271 users have been observed in the past two months. The technique's effectiveness stems from the use of a legitimate platform, a genuine remote access tool, and social engineering tactics. Recommendations include monitoring suspicious Vercel subdomains, educating employees about fake support scams, and implementing strict controls for remote access software installations.</p><p>Pulse ID: 6855b5cc908313a5fb032505<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6855b5cc908313a5fb032505" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6855b</span><span class="invisible">5cc908313a5fb032505</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-20 19:26:04</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Adobe</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PDF</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Stealthy GitHub Malware Campaign Targets Devs</p><p>A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.</p><p>Pulse ID: 68548f8be824569a83f26ef4<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68548</span><span class="invisible">f8be824569a83f26ef4</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-19 22:30:35</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developers</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware</p><p>The SERPENTINE#CLOUD campaign leverages Cloudflare Tunnels and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated scripts. The attack begins with malicious .lnk files disguised as documents, fetching remote code from Cloudflare subdomains. The infection chain involves batch, VBScript, and Python stages, ultimately deploying shellcode that loads a Donut-packed PE payload. The campaign focuses on Western targets, using Cloudflare for payload hosting and anonymity. It demonstrates evolving tactics, shifting from simple .url files to sophisticated .lnk payloads. The final stage involves a RAT payload, giving attackers full control over infected hosts.</p><p>Pulse ID: 6854faeabddec88ea8dace57<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6854faeabddec88ea8dace57" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6854f</span><span class="invisible">aeabddec88ea8dace57</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-20 06:08:42</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LNK</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShellCode</span></a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VBS</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Inside the BlueNoroff Web3 macOS Intrusion Analysis</p><p>A detailed analysis of a sophisticated intrusion targeting a cryptocurrency foundation employee is presented. The attack, attributed to the North Korean APT group BlueNoroff, began with a social engineering lure via Telegram, leading to the installation of malicious software disguised as a Zoom extension. The intrusion involved multiple stages of malware deployment, including persistent implants, backdoors, keyloggers, and cryptocurrency stealers. The attackers utilized advanced techniques such as process injection on macOS and leveraged various tools to collect sensitive information, particularly focusing on cryptocurrency-related data. The analysis covers the initial access vector, technical details of the malware components, and their functionalities, providing insights into the evolving tactics of state-sponsored threat actors targeting macOS systems.</p><p>Pulse ID: 6853be742df9d3db90e41219<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6853be742df9d3db90e41219" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6853b</span><span class="invisible">e742df9d3db90e41219</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-19 07:38:28</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/BlueNoroff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueNoroff</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyLogger</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MacOS</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telegram</span></a> <a href="https://social.raytec.co/tags/Web3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Web3</span></a> <a href="https://social.raytec.co/tags/Zoom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zoom</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>May 2025 APT Group Trends (South Korea)</p><p>This analysis examines Advanced Persistent Threat (APT) attacks in South Korea during May 2025. The majority of identified attacks utilized spear phishing as the primary infiltration method. Two main types of attacks were observed: Type A, which uses LNK files to execute malicious scripts and download additional malware, and Type B, which employs LNK files to download and execute obfuscated Python scripts. Both types use deception techniques, including decoy documents and task scheduler manipulation. The attacks targeted various sectors, using topics such as financial reporting, privacy protection, and business registration to lure victims. The report provides detailed information on file names, decoy documents, and indicators of compromise, including MD5 hashes, URLs, FQDNs, and IP addresses associated with the malicious activities.</p><p>Pulse ID: 6852fb631fbf46af0b21acb2<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6852fb631fbf46af0b21acb2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6852f</span><span class="invisible">b631fbf46af0b21acb2</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-18 17:46:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LNK</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SouthKorea</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
SleepyCattenUpdate on NHS gender-affirming care stuff; largely negative, with a teeny-tiny bit of good; here be trauma dragons!
Montag<p><b>Wilwarin Festival</b></p><p>Falls da jemand hin geht und wissen möchte was auf welchen Bühnen los ist habe ich hier ein Timetable im <a href="https://friendica.xyz/search?tag=ical" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ical</span></a> Format.</p><ul><li><a href="https://paste.schleicloud.de/?e4b6763b6805fa68#AeTxGuuBL2Jz5b987FrmjVmjyMgh427P2pbh8h6zeCkM" rel="nofollow noopener" target="_blank">paste.schleicloud.de/?e4b6763b…</a></li></ul><p><a href="https://friendica.xyz/search?tag=Wilwarin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wilwarin</span></a> <a href="https://friendica.xyz/search?tag=Timetable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Timetable</span></a> <a href="https://friendica.xyz/search?tag=ical" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ical</span></a> <a href="https://friendica.xyz/search?tag=ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ics</span></a></p>
Censys<p>In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: </p><p><a href="https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">censys.com/blog/turning-off-th</span><span class="invisible">e-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/water" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>water</span></a></p>
Bill<p>Gotta admit, 35,000 solar panels would make a baaaaadass botnet.</p><p><a href="https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/35000-solar-p</span><span class="invisible">ower-systems-exposed-to-internet/</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a></p>
🏳️🌈Trentskunk🏳️🌈:unverified:<p>Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?</p><p><a href="https://mstdn.social/tags/emacs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>emacs</span></a> <br><a href="https://mstdn.social/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ics</span></a> <br><a href="https://mstdn.social/tags/calendar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>calendar</span></a> <br><a href="https://mstdn.social/tags/DeGoogle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeGoogle</span></a></p>
OTX Bot<p>The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber</p><p>APT36, also known as Transparent Tribe, has been observed using VPS provider Contabo to host malicious infrastructure for CapraRAT and Crimson RAT. Their latest tactic involves disguising spyware as the popular messaging app Viber, granting extensive permissions to record calls, read messages, and track location. The investigation traced the infrastructure, identified key Indicators of Compromise, and uncovered the full extent of this Android surveillance campaign. The threat actor employs social engineering tactics to distribute their Android Remote Access Trojans, with lures crafted to align with the RAT's disguise. The malware's capabilities include targeted surveillance, credential theft, and infrastructure abuse, potentially eroding brand trust in legitimate communication platforms.</p><p>Pulse ID: 683f3e21d4bf7a5db1887800<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/683f3e21d4bf7a5db1887800" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/683f3</span><span class="invisible">e21d4bf7a5db1887800</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-03 18:25:37</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/CapraRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CapraRAT</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteAccessTrojan</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://social.raytec.co/tags/SpyWare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpyWare</span></a> <a href="https://social.raytec.co/tags/TransparentTribe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TransparentTribe</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion</p><p>A malicious package campaign targeting Python and NPM users on Windows and Linux has been discovered. The attack uses typo-squatting and name-confusion tactics against the popular colorama Python package and the similar colorizr JavaScript package. Multiple packages with risky payloads were uploaded to PyPI, using names similar to legitimate packages in both PyPI and NPM. The unusual tactic of using an NPM package name to attack PyPI users was observed. The payloads allow remote access, control of desktops and servers, and exfiltration of sensitive data. Windows payloads attempt to bypass antivirus protection. The campaign's sophistication suggests targeted adversarial activity, although attribution remains unclear.</p><p>Pulse ID: 683e1f7f063d60138cc2ccf6<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/683e1f7f063d60138cc2ccf6" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/683e1</span><span class="invisible">f7f063d60138cc2ccf6</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-02 22:02:39</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Colorama" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Colorama</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.raytec.co/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Hans Zelf 🇪🇺🌻<p>Serieus, <a href="https://mas.to/tags/ANWB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANWB</span></a> <a href="https://mas.to/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a>? Een wijziging van betaalrekening door een formulier te printen en in te vullen?<br>Welkom in 2025...</p>
OTX Bot<p>Custom Arsenal Developed to Target Multiple Industries</p><p>Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.</p><p>Pulse ID: 68359559953d95d9c98f6268<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68359559953d95d9c98f6268" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68359</span><span class="invisible">559953d95d9c98f6268</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-27 10:35:05</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/Brazil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brazil</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>India</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/SQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SQL</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Geriatric Gardener<p>“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”</p><p>by Skwawkbox <span class="h-card" translate="no"><a href="https://mastodon.social/@skwawkbox" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>skwawkbox</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.cloud/@UKLabour" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>UKLabour</span></a></span> </p><p>“Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”</p><p><a href="https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">skwawkbox.org/2025/05/23/inves</span><span class="invisible">tors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/</span></a></p><p><a href="https://mstdn.social/tags/Press" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Press</span></a> <a href="https://mstdn.social/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UK</span></a> <a href="https://mstdn.social/tags/NHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NHS</span></a> <a href="https://mstdn.social/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedHealth</span></a> <a href="https://mstdn.social/tags/Insurance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Insurance</span></a> <a href="https://mstdn.social/tags/Treatment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Treatment</span></a> <a href="https://mstdn.social/tags/Refusal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Refusal</span></a> <a href="https://mstdn.social/tags/Denial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Denial</span></a> <a href="https://mstdn.social/tags/UHG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UHG</span></a> <a href="https://mstdn.social/tags/OptumRX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OptumRX</span></a> <a href="https://mstdn.social/tags/Labour" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Labour</span></a> <a href="https://mstdn.social/tags/Streeting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Streeting</span></a> <a href="https://mstdn.social/tags/Starmer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Starmer</span></a> <a href="https://mstdn.social/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a></p>
OTX Bot<p>Exploits Cityworks zero-day vulnerability to deliver malware</p><p>Chinese-speaking threat actors, dubbed UAT-6382, have been exploiting a remote-code-execution vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system. The attacks, which began in January 2025, target local governing bodies in the United States, focusing on utilities management systems. The threat actors deploy various web shells, including AntSword and Chopper, and use custom Rust-based loaders called TetraLoader to deliver Cobalt Strike beacons and VSHell malware. The attackers conduct reconnaissance, enumerate directories, and stage files for exfiltration. Their tooling and tactics indicate a high level of proficiency in the Chinese language, suggesting a Chinese origin for the threat group.</p><p>Pulse ID: 682f383c63fd8a92ece6dfce<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/682f383c63fd8a92ece6dfce" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/682f3</span><span class="invisible">83c63fd8a92ece6dfce</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-22 14:44:12</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/UnitedStates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnitedStates</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
mle✨<p>While there's a huge existing body of research on Internet-exposed <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> devices, much of the prior work in this space disregards the existence of ICS honeypots. This can lead to inaccurate measurements and an inflated sense of real device exposure. </p><p>A recent paper by researchers from the Norwegian University of Science and the Delft University of Technology leverages Censys data to address this challenge (<a href="https://gsmaragd.github.io/publications/EuroSP2025-ICS/EuroSP2025-ICS.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gsmaragd.github.io/publication</span><span class="invisible">s/EuroSP2025-ICS/EuroSP2025-ICS.pdf</span></a>).</p><p>Specifically, they outline their approach to classifying ICS services as real or deceptive based on various metadata characteristics.</p><p>It's exciting to see researchers working on this problem and trying to more accurately measure ICS exposure. More of my thoughts on this paper were included in this SecurityWeek article: </p><p><a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>honeypot</span></a> </p><p><a href="https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/up-to-25-of-i</span><span class="invisible">nternet-exposed-ics-are-honeypots-researchers/</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload