Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#Phishing

443 posts100 participants56 posts today
Public
OTX Bot

PhaaS actor uses DoH and DNS MX to dynamically distribute phishing

Infoblox discovered a phishing kit that creatively employs DNS mail exchange (MX) records to dynamically serve fake, tailored, login pages, spoofing over 100 brands.

Pulse ID: 67eaf35a20355ae846b8269d
Pulse Link: otx.alienvault.com/pulse/67eaf
Pulse Author: AlienVault
Created: 2025-03-31 19:56:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#DNS#InfoSec
Public
Habr

Security Week 2514: утечка данных у Троя Ханта

25 марта в сервис Have I Been Pwned, собирающий сведения об утечках персональных данных, была добавлена информация о краже базы электронных адресов у основателя этого сервиса Троя Ханта. Данные были украдены из учетной записи на сервисе Mailchimp, которую Трой использовал для рассылки писем на персональном веб-сайте. Хант подробно рассказал о том, как он стал жертвой фишинга, и это очень интересный кейс. На уловки мошенников попался человек с огромным опытом именно в сфере защиты персональных данных. Главной причиной успеха фишинговой атаки Трой Хант посчитал усталость. Он получил письмо сразу после длительного авиаперелета из Австралии в Великобританию. В сообщении говорилось о том, что на учетную запись в сервисе почтовых рассылок Mailchimp наложены ограничения якобы из-за подозрения в рассылке спама. Кликнув на ссылку в письме, Трой ввел свой логин и пароль, а затем и код двухфакторной аутентификации. Свою ошибку исследователь обнаружил сразу же, сменил пароль доступа, но база из 16 тысяч адресов электронной почты уже была похищена.

habr.com/ru/companies/kaspersk

ХабрSecurity Week 2514: утечка данных у Троя Ханта25 марта в сервис Have I Been Pwned, собирающий сведения об утечках персональных данных, была добавлена информация о краже базы электронных адресов у основателя этого сервиса Троя Ханта. Данные были...
#phishing#mailchimp
Public
0x40k

Man, Gamaredon (aka Shuckworm & Co.) is really at it again! 🎣 Seeing Ukraine-themed phishing pushing Remcos RAT... and nope, it's not just déjà vu!

Honestly, these campaigns are a stark reminder of why awareness and *real* deep-dive analysis are so incredibly vital. Thing is, your standard automated scans? They often just won't cut it against these kinds of tricks; they'll likely fly right under the radar.

Sound familiar? Actually, a client mentioned something interesting today that really hit home: it seems like too many security providers are just pushing generic solutions instead of figuring out what genuinely *fits* the client's actual needs. We absolutely need to dig deeper than that!

So, what about you all? Have you spotted similar phishing campaigns making the rounds lately? More importantly, what tools or techniques are you finding effective for catching these attacks early, before they can really do damage? Let's talk tactics.

#infosec#pentesting#phishing
Public
securityskeptic :donor: :verified:

Access to domain registration data is neither timely nor uniform. In today's Interisle Insights post, Colin Strutt shares the challenges that law enforcement, first responders, and researchers face in collecting even the “non contact registration data” elements to identify where cybercriminals acquire resources for their attacks.

interisle.substack.com/p/limit

Interisle Insights · Limiting Access to Domain Registration DataBy Interisle Consulting Group
#whois#gdpr#rdap
Replied in thread
Public
Erik van Straten

@odr_k4tana wrote:

"A website that does not pretend to be a website the user has an account in by definition cannot be a phishing website."

contradicts your next sentence:

"Phishing mimics electronic communication to trick people to divulge sensitive information."

Ignoring whatever definition of phishing, the problem is that, GIVEN A DOMAIN NAME, people have no reliable way to find out whether a website is reliable.

That includes fake postal websites, faje webshops, fake donation websites, fake signup websites, fake "you have to re-video-ident for org. X, we take care of that", fake Avast websites (the downladed executable typically is Teamviewer or Anydesk, including their mobile versions) and fake usher sites (Gerichtsvollzieher - there are a lot of fake webites stating that Dutch people have to pay money to GGN, see ggn.nl/contact/phishing/).

You are 100% right if you state that some "document", signed by a TTP (Trusted Third Party) and proof of possession of a private key by a website, DOES NOT guarantee reliability of the website.

However, you are 100% wrong about AUTHENTICITY: an amount of reliability of which entity (identified in such a way that you know whether you can sue them, and what your chances will be - if the entity is not in Russia) is RESPONSIBLE for the reliability of information, such as a website.

Screenshot of a small part of https://www.virustotal.com/gui/ip-address/193.143.1.14/relations It is a server in Russia hosting zillions of fake websites, including "depost-zahlen dot com".
#Phishing#DefinitionOfPhishing
ExploreLive feeds
About