Pablo Martini (Geezer)<p>The ugly inside: Rupert Lowe and the Reform civil war</p><p>Read the full article, but do it before you eat! as you might be well spitting feathers.</p><p>By SKWAWKBOX (SW) on 02/04/2025</p><p>'Spot the link between fascism and football' - Rupert Lowe and a local football fanzine front page from his time as Southampton FC chair.</p><p>This guest article was written by Resistance Street. Rupert Lowe MP was sent a draft of this article and given more than forty-eight hours to comment but did not respond.</p><p>A former Labour councillor has reacted to the civil war between Reform UK's Rupert Lowe and Nigel Farage, with a hard hitting summary of his own long term experience of Lowe's conduct as chair of Southampton Football Club.</p><p>Perry McMillan, who was an elected Labour councillor for the Bitterne Ward in Southampton, was also the chairman of the Southampton Independent Supporters Association for nearly ten years. In that position he experienced numerous meetings and dealings - both private and public - with Rupert Lowe and says that the recent ruptures within Reform UK do not surprise him in the least.</p><p>Do read on! It seems the state of Reform Ltd is chokker with these entitled '<a href="https://climatejustice.social/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rce</span></a>'s!</p><p><a href="https://skwawkbox.org/2025/04/02/the-ugly-inside-rupert-lowe-and-the-reform-civil-war/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">skwawkbox.org/2025/04/02/the-u</span><span class="invisible">gly-inside-rupert-lowe-and-the-reform-civil-war/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#RCE
9 posts · 6 participants · 0 posts today
Pyrzout :vm:<p>CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands – Source: socprime.com <a href="https://ciso2ciso.com/cve-2025-1449-rockwell-automation-verve-asset-manager-vulnerability-enables-adversaries-to-gain-access-to-run-arbitrary-commands-source-socprime-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/cve-2025-1449-ro</span><span class="invisible">ckwell-automation-verve-asset-manager-vulnerability-enables-adversaries-to-gain-access-to-run-arbitrary-commands-source-socprime-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-1449 <a href="https://social.skynetcloud.site/tags/Latestthreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Latestthreats</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/socprimecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socprimecom</span></a> <a href="https://social.skynetcloud.site/tags/socprime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socprime</span></a> <a href="https://social.skynetcloud.site/tags/Blog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blog</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://social.skynetcloud.site/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rce</span></a></p>
OTX Bot<p>Analysis of New Mobile Banking Malware</p><p>Salvador Stealer is a newly discovered Android malware that poses as a banking application to steal sensitive user information. It employs a multi-stage attack chain, utilizing a dropper APK to install the main payload. The malware incorporates a phishing website within the app to collect personal and banking data, including Aadhaar numbers, PAN card details, and net banking credentials. It exfiltrates stolen information in real-time to both a phishing server and a Telegram-based Command and Control server. Salvador Stealer also intercepts SMS messages to capture one-time passwords and banking verification codes, bypassing two-factor authentication. The malware demonstrates persistence mechanisms, automatically restarting itself if stopped and surviving device reboots. Analysis revealed exposed infrastructure, including an accessible admin panel, potentially linking the attacker to India.</p><p>Pulse ID: 67ec5957bfba1cac452b1059<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ec5957bfba1cac452b1059" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ec5</span><span class="invisible">957bfba1cac452b1059</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-01 21:23:35</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/APK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APK</span></a> <a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bank</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ELF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ELF</span></a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>India</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/MobileBanking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileBanking</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telegram</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream</p><p>In January 2025, a Managed Service Provider administrator was targeted by a sophisticated phishing attack impersonating a ScreenConnect authentication alert. The attackers, affiliated with Qilin ransomware and tracked as STAC4365, used an adversary-in-the-middle technique to bypass multi-factor authentication and gain access to the MSP's ScreenConnect environment. They deployed their own ScreenConnect instance across multiple customer networks, performed reconnaissance, collected and exfiltrated data, and ultimately deployed Qilin ransomware. This attack matches a pattern of similar incidents dating back to 2022, utilizing fake ScreenConnect domains and the evilginx framework to intercept credentials and session cookies. The attackers employed various tools for lateral movement and defense evasion, including PsExec, NetExec, and WinRM.</p><p>Pulse ID: 67ec0539824c09e5b3ce991c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ec0539824c09e5b3ce991c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ec0</span><span class="invisible">539824c09e5b3ce991c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-01 15:24:41</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/AdversaryInTheMiddle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AdversaryInTheMiddle</span></a> <a href="https://social.raytec.co/tags/Cookies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cookies</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/PsExec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PsExec</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/ScreenConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScreenConnect</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Remcos RAT Malware Disguised as Major Carrier's Waybill</p><p>A sophisticated malware campaign has been discovered, utilizing the Remcos RAT disguised as a shipping company waybill. The attack begins with an email containing an HTML script, which when executed, downloads a JavaScript file. This file creates and downloads several components, including a configuration file, an encoded Remcos binary, a legitimate AutoIt loader, and a malicious AutoIt script. The AutoIt script employs evasion techniques, establishes persistence, decrypts the Remcos binary, and executes shellcode. The shellcode injects Remcos into a legitimate process (RegSvcs.exe) using various API calls. The Remcos RAT, once active, can steal information and execute remote commands based on C2 instructions. The campaign demonstrates the evolving tactics of cybercriminals, emphasizing the need for caution when handling emails from unknown sources.</p><p>Pulse ID: 67ebfc9f824c09e5b3ce991b<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfc9f824c09e5b3ce991b" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ebf</span><span class="invisible">c9f824c09e5b3ce991b</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-01 14:47:59</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Autoit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Autoit</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> <a href="https://social.raytec.co/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemcosRAT</span></a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ShellCode</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>SVG Phishing Malware Being Distributed with Analysis Obstruction Feature</p><p>A sophisticated phishing malware using Scalable Vector Graphics (SVG) format has been identified. The malware embeds malicious scripts within SVG files, using Base64 encoding to bypass detection. It employs various techniques to obstruct analysis, including blocking automation tools, preventing specific keyboard shortcuts, disabling right-clicks, and detecting debugging attempts. The malware redirects users to a fake CAPTCHA page, which, when interacted with, leads to further malicious actions, potentially a phishing site impersonating Microsoft login pages. This evolving threat highlights the need for increased user vigilance, especially when dealing with SVG files from unknown sources.</p><p>Pulse ID: 67ebfca3de542aee8e8fc2ef<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca3de542aee8e8fc2ef" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ebf</span><span class="invisible">ca3de542aee8e8fc2ef</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-01 14:48:03</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CAPTCHA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAPTCHA</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SVG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SVG</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>TsarBot Trojan Hits 750+ Banking & Crypto Apps!</p><p>A newly discovered Android banking Trojan, TsarBot, targets over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce apps. It spreads through phishing sites masquerading as legitimate financial platforms and is installed via a dropper disguised as Google Play Services. TsarBot employs overlay attacks to steal credentials, records and remotely controls screens, and uses a fake lock screen to capture device lock credentials. It communicates with its C&C server using WebSocket across multiple ports to receive commands, send stolen data, and execute on-device fraud. The malware's capabilities include screen recording, keylogging, and SMS interception. Evidence suggests the threat actor behind TsarBot is likely of Russian origin.</p><p>Pulse ID: 67ebfca5b1693b0052687f72<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfca5b1693b0052687f72" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ebf</span><span class="invisible">ca5b1693b0052687f72</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-01 14:48:05</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bank</span></a> <a href="https://social.raytec.co/tags/BankingTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BankingTrojan</span></a> <a href="https://social.raytec.co/tags/CandC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CandC</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GooglePlay</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Stefan Müller :verified:<p>1/ War heute im <span class="h-card" translate="no"><a href="https://mastodon.art/@blnensemble" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>blnensemble</span></a></span> und habe mir <a href="https://climatejustice.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> angesehen. Ich hatte den Roman von Sibylle Berg ja letztes Jahr gelesen. War sehr gut. Wir waren auch bei der Einführung:</p><p>Aus dem 700seitigen Roman wurde mit KI eine 50seitige Zusammenfassung erzeugt. Diese wurde dann mit Text to Speech vorgelesen. Ein Mensch hat Musik darufgepackt. Mehrere Videokünstler aus verschiedenen europäischen Ländern haben dann mit KI Videos und Bilder dazu gemacht.</p><p>Das Stück ist ein dystopisches mit Revolution durch Nerds. Alles ist digitalisiert und dadurch angreifbar. Stromnetze, Transport, Lebensmittelversorgung, Heizung im <a href="https://climatejustice.social/tags/Smarthome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smarthome</span></a>.</p><p>Laut Aussage des Einführenden gab es auch bei den Proben Stromausfälle. Das Buch ist der Bauplan für die Weltrevolution.</p><p>Paar so Fetzen aus dem Stück:</p><p>„Es braucht eine Revolution zu der man tanzen kann.“ </p><p>„Nerds retten die Welt.“ </p><p>„Verzichten kann wieder Spass machen.“</p><p>Nach dem Stück haben alle geklatscht und sind dann nach Hause gefahren.</p><p>Sie träumen davon, dass die Nerds demnächst Revolution machen.</p><p>Vielleicht träumen sie auch nichts, weil sie zu viel Alkohol trinken oder zu starke Schlaftabletten nehmen.</p><p>Wenn Ihr weder träumt noch schlaft, dann lest mal <a href="https://climatejustice.social/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteCodeExecution</span></a>. Ist lustig. Oder traurig. Je nachdem, wie Ihr so seid.</p><p>Ach so: Wir waren uns nicht ganz einig, ob die erste Zusammenfassung mit KI gemacht wurde, oder per Hand. Vielleicht kann das BE das ja noch mal aufklären.</p><p>Ich finde es auf einer Meta-Ebene lustig, dass die Menschen, die Angst davor haben, von KI ersetzt zu werden, diese benutzen, um die dystopische Welt zu zeigen.</p>
OTX Bot<p>When Getting Phished Puts You in Mortal Danger</p><p>The article discusses a network of phishing domains targeting Russians searching for anti-Putin organizations. These domains mimic recruitment websites of Ukrainian paramilitary groups and intelligence agencies. The scam aims to collect personal information from potential recruits, likely for Russian intelligence services. Victims who fall for these phishing attempts risk severe legal consequences, including lengthy prison sentences for alleged treason. The phishing sites are promoted through search engine manipulation, appearing at the top of results on platforms like Yandex, DuckDuckGo, and Bing. The campaign's effectiveness is demonstrated by regular reports of arrests in Russia related to alleged attempts to aid Ukrainian forces.</p><p>Pulse ID: 67e5eeb430f5fd5d34a4ecda<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67e5eeb430f5fd5d34a4ecda" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67e5e</span><span class="invisible">eb430f5fd5d34a4ecda</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-28 00:35:00</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Military" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Military</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukr</span></a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukrainian</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw</p><p>A critical vulnerability, CVE-2025-29927, with a CVSS score of 9.1 was disclosed on March 21, 2025. This flaw allows attackers to bypass authorization checks in Next.js Middleware, potentially granting unauthorized access to protected resources. The vulnerability affects applications using Middleware for user authorization, session data validation, route access control, redirections, and UI visibility management. The issue stems from how the runMiddleware function handles the x-middleware-subrequest header. Attackers can craft malicious headers to bypass middleware controls. Affected versions range from 11.1.4 to 15.2.3. Users are urged to update to patched versions or implement mitigation strategies to block external requests containing the vulnerable header.</p><p>Pulse ID: 67e59d30fc2fe9b7ddaded28<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67e59d30fc2fe9b7ddaded28" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67e59</span><span class="invisible">d30fc2fe9b7ddaded28</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-27 18:47:12</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Shifting the sands of RansomHub's EDRKillShifter</p><p>ESET researchers analyze the ransomware ecosystem in 2024, focusing on the newly emerged RansomHub gang. They uncover connections between RansomHub affiliates and rival gangs Play, Medusa, and BianLian through the use of EDRKillShifter, a custom EDR killer developed by RansomHub. The researchers leverage the widespread adoption of EDRKillShifter to track affiliate activities across multiple gangs and reconstruct its development timeline. The article also discusses the rise of EDR killers in ransomware attacks and provides insights into their anatomy and defense strategies. Despite disruptions to major ransomware groups, new threats like RansomHub quickly filled the void, highlighting the need for continued vigilance and law enforcement efforts targeting both operators and affiliates.</p><p>Pulse ID: 67e5309c175c81db27157632<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67e5309c175c81db27157632" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67e53</span><span class="invisible">09c175c81db27157632</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-27 11:03:56</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BianLian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BianLian</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/EDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EDR</span></a> <a href="https://social.raytec.co/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESET</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LawEnforcement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LawEnforcement</span></a> <a href="https://social.raytec.co/tags/NATO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NATO</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>A Practical Guide to Uncovering Malicious Infrastructure With Hunt.io</p><p>This guide demonstrates how to use Hunt.io to investigate and track malicious infrastructure. Starting with a single suspicious IP address, the process involves analyzing hosting providers, domain information, open ports, HTTP responses, and TLS certificates. The investigation reveals connections to potential cryptocurrency fraud and malware operations. By leveraging Hunt's scan data and SQL queries, a small cluster of related servers is identified, possibly linked to Latrodectus malware. The guide emphasizes the importance of persistence, pattern recognition, and correlating data from multiple intelligence sources to effectively track threat actor operations.</p><p>Pulse ID: 67e342d7a17ba37eb960497a<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67e342d7a17ba37eb960497a" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67e34</span><span class="invisible">2d7a17ba37eb960497a</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-25 23:57:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/HTTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTP</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQL</span></a> <a href="https://social.raytec.co/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Hacker News<p>Heap-overflowing Llama.cpp to RCE</p><p><a href="https://retr0.blog/blog/llama-rpc-rce" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">retr0.blog/blog/llama-rpc-rce</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/HeapOverflow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HeapOverflow</span></a> <a href="https://mastodon.social/tags/LlamaCpp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LlamaCpp</span></a> <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a></p>
TechNadu<p>Unauthenticated Remote Code Execution vulnerabilities found in the Ingress NGINX Controller for Kubernetes could allow the stealing of data stored across all namespaces in the Kubernetes cluster.</p><p>Read more:<br><a href="https://www.technadu.com/critical-kubernetes-vulnerability-in-ingress-nginx-controller-exposes-thousands-of-clusters-to-attack/581925/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">technadu.com/critical-kubernet</span><span class="invisible">es-vulnerability-in-ingress-nginx-controller-exposes-thousands-of-clusters-to-attack/581925/</span></a></p><p><a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> <a href="https://infosec.exchange/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/Ingress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ingress</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/NGINX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NGINX</span></a> Critical Ingress NGINX Controller for <a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> Vulnerability Allows <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> Without Authentication. A set of 5 critical security CVE with CVSS scores 4.8-9.8 affecting ~43% of cloud environments globally:</p><p><a href="https://infosec.exchange/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a></p><p><a href="https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/03/crit</span><span class="invisible">ical-ingress-nginx-controller.html</span></a></p>
OTX Bot<p>New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI</p><p>Cybercriminals are exploiting .NET MAUI, a cross-platform development framework, to create Android malware that evades detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information. The malware campaigns use techniques such as hiding code in blob files, multi-stage dynamic loading, and encrypted communications to avoid security measures. Two examples are discussed: a fake bank app targeting Indian users and a fake social media app targeting Chinese-speaking users. The latter employs advanced evasion techniques like excessive permissions in the AndroidManifest.xml file and encrypted socket communication. Users are advised to be cautious when downloading apps from unofficial sources and to use up-to-date security software for protection.</p><p>Pulse ID: 67e2fc78ccb151dba8f9e868<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67e2fc78ccb151dba8f9e868" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67e2f</span><span class="invisible">c78ccb151dba8f9e868</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-25 18:56:54</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bank</span></a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>India</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NET</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialMedia</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
vote.ninja<p><a href="https://mastodon.social/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a>: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in <a href="https://mastodon.social/tags/Ingress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ingress</span></a> <a href="https://mastodon.social/tags/NGINX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NGINX</span></a><br>Over 40% of cloud environments are vulnerable to <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a>, likely leading to a complete cluster takeover.<br><a href="https://tech.lgbt/@risottobias/114220608346941943" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tech.lgbt/@risottobias/1142206</span><span class="invisible">08346941943</span></a></p>
Habr<p>Специалист по обнаружению атак в сети: как выглядит эта работа на самом деле</p><p>Привет, Хабр! Меня зовут Андрей Тюленев, я старший специалист отдела обнаружения атак в сети в Positive Technologies. Моя работа — отслеживать атаки, затем разбирать их по косточкам, чтобы не дать злоумышленникам реализовать недопустимое событие, и создавать детекты — чтобы продукты Positive Technologies могли их обнаруживать. Сегодня я расскажу, как выглядит работа специалиста по обнаружению атак, какие инструменты мы используем, как попасть в эту профессию и какие скилы реально важны. Разберем, чем мы занимаемся на практике: от написания правил детектирования и анализа трафика до участия в расследованиях, где на кону — безопасность крупных компаний.</p><p><a href="https://habr.com/ru/companies/pt/articles/894004/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/pt/artic</span><span class="invisible">les/894004/</span></a></p><p><a href="https://zhub.link/tags/%D0%BE%D0%B1%D0%BD%D0%B0%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5_%D0%B0%D1%82%D0%B0%D0%BA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>обнаружение_атак</span></a> <a href="https://zhub.link/tags/threat_hunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threat_hunting</span></a> <a href="https://zhub.link/tags/%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B8_%D0%B8_%D0%B8%D1%85_%D1%8D%D0%BA%D1%81%D0%BF%D0%BB%D1%83%D0%B0%D1%82%D0%B0%D1%86%D0%B8%D1%8F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>уязвимости_и_их_эксплуатация</span></a> <a href="https://zhub.link/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rce</span></a> <a href="https://zhub.link/tags/wireshark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wireshark</span></a> <a href="https://zhub.link/tags/osi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osi</span></a> <a href="https://zhub.link/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>python</span></a> <a href="https://zhub.link/tags/nta%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ntaсистемы</span></a> <a href="https://zhub.link/tags/middle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>middle</span></a> <a href="https://zhub.link/tags/senior" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>senior</span></a></p>
:mastodon: decio<p>⚠️ Alerte sécurité sur Kubernetes : <a href="https://infosec.exchange/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a></p><p>Le 24 mars 2025, l’équipe de recherche de Wiz et les mainteneurs de Kubernetes ont dévoilé 5 vulnérabilités majeures affectant le très populaire Ingress-NGINX Controller (présent sur +40% des clusters).</p><p>Ces failles, dont la plus grave est CVE-2025-1974 (CVSS 9.8), permettent à un attaquant sans identifiants d’exécuter du code à distance (Remote Code Execution) et de prendre le contrôle complet du cluster Kubernetes, en accédant à tous les secrets (mots de passe, clés d’API, etc.).</p><p>Ce qui est en cause :<br>Le composant vulnérable est le Validating Admission Controller d’Ingress-NGINX. Il valide les objets "Ingress" mais est, par défaut, accessible sans authentification depuis le réseau interne du cluster – parfois même exposé publiquement.</p><p>Les chercheurs ont réussi à injecter des configurations NGINX malveillantes, puis à exécuter du code en important des bibliothèques à partir de fichiers temporaires via NGINX. Une véritable porte d’entrée invisible.</p><p>✅ Ce que vous devez faire rapidement:<br>Vérifiez si vous utilisez ingress-nginx :</p><blockquote><p>kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx </p></blockquote><p>Mettez à jour vers une version corrigée :</p><p>v1.12.1 ou v1.11.5</p><p>Si vous ne pouvez pas mettre à jour tout de suite :</p><p>Désactivez temporairement le webhook d’admission (voir instructions officielles).</p><p>[Sources officielles]<br>⬇️ <br>Blog de recherche Wiz :<br>"IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX"<br>👇 <br><a href="https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wiz.io/blog/ingress-nginx-kube</span><span class="invisible">rnetes-vulnerabilities</span></a></p><p>📢 Annonce de Kubernetes (Security Response Committee) :<br>"Ingress-nginx CVE-2025-1974: What You Need to Know"<br>👇 <br><a href="https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kubernetes.io/blog/2025/03/24/</span><span class="invisible">ingress-nginx-cve-2025-1974/</span></a></p><p><a href="https://infosec.exchange/tags/CyberVeille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberVeille</span></a> <a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/CVE_2025_1974" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_1974</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a></p>
OTX Bot<p>SVC New Stealer on the Horizon</p><p>SvcStealer 2025 is a newly discovered information stealer malware distributed through spear phishing emails. It targets sensitive data including machine information, installed software, user credentials, cryptocurrency wallets, and browser data. The malware creates a unique folder, terminates specific processes, and harvests data from various sources. It compresses the collected information and sends it to a command and control server. The malware can also download additional payloads and implements evasion techniques. It targets multiple browsers, messaging applications, and specific file types. The campaign was observed in late January 2025, with the threat actors potentially selling the stolen data on underground forums and marketplaces.</p><p>Pulse ID: 67ddb4246d6a14c692975873<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ddb4246d6a14c692975873" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ddb</span><span class="invisible">4246d6a14c692975873</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-21 18:47:00</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browser</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload