Hacker Trends
04/20
04/21
04/22
Statistic
12/29 13:02 (UTC)
04/20
04/21
04/22
7 Posts
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe | Symantec Enterprise Blogs
https://
symantec-enterprise-blogs.security.com
/blogs/threat-intelligence/xtrader-3cx-supply-chain
6 Posts
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant
https://
www.mandiant.com
/resources/blog/3cx-software-supply-chain-compromise
5 Posts
Windows secrets extraction: a summary
https://
www.synacktiv.com
/publications/windows-secrets-extraction-a-summary
4 Posts
JAMESWT on Twitter: "#Spy #Mekotio #Italy #UniCredit https://lkdyglkd-emf5vs6xwq-uc.a.[run.[app http://90.4.154.34.bc.googleusercontent.[com/EMKT_CURSO_775-5693/47940.024663/ Zip https://t.co/0kXpgP7f7t Msi https://t.co/HANtXBbXjN https://t.co/iGsyWYTZ20" / Twitter
https://
twitter.com
/JAMESWT_MHT/status/1648238717067198465
4 Posts
AppLocker Bypass – CreateRestrictedToken – Penetration Testing Lab
https://
pentestlab.blog
/2017/07/07/applocker-bypass-createrestrictedtoken/
4 Posts
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
https://
thehackernews.com
/2023/04/kubernetes-rbac-exploited-in-large.html
4 Posts
girlshackvillage on Twitter: "Wanted to provide an update on GHV at @defcon https://t.co/dDC7RRG7jo TLDR: We were left with no seat at the table. GHV mission continues. #foldingchairs #ghv #defcon #defcon31 #girls #pressrelease #breakingnews @misstennisha @blackgirlshack https://t.co/SS83PxSVx4" / Twitter
https://
twitter.com
/girlshackvllg/status/1649458045049602066
4 Posts
Exposed Web Panel Reveals Gamaredon Group's Automated Spear Phishing Campaigns
https://
blog.eclecticiq.com
/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
4 Posts
Circumventing SRP and AppLocker to Create a New Process, By Design | Didier Stevens
https://
blog.didierstevens.com
/2011/01/25/circumventing-srp-and-applocker-to-create-a-new-process-by-design/
4 Posts
GitHub - IntelLabs/kAFL: A fuzzer for full VM kernel/driver targets
https://
github.com
/IntelLabs/kAFL
4 Posts
American Bar Association data breach hits 1.4 million members
https://
www.bleepingcomputer.com
/news/security/american-bar-association-data-breach-hits-14-million-members/
4 Posts
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
https://
thehackernews.com
/2023/04/nk-hackers-employ-matryoshka-doll-style.html
4 Posts
MalwareBazaar | Browse Checking your browser
https://
bazaar.abuse.ch
/sample/5013cf8a7cf2e0e230f8c7149d2c9eb99c681cda6d754f58e2409d6f3db98c56/
4 Posts
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
https://
thehackernews.com
/2023/04/cisco-and-vmware-release-security.html
4 Posts
GitHub - blasty/sonos
https://
github.com
/blasty/sonos
4 Posts
Oddvar Moe on Twitter: "This blog by @DidierStevens can be interesting to read if you are interested in this (2011): https://t.co/pJGqLqf2Wc This post by @netbiosX also covers it really well with a link to an example script https://t.co/xSbawYay8O Also as stated by @tiraniddo this was patched so that…" / Twitter
https://
twitter.com
/i/web/status/1649323611977572352
4 Posts
MalwareBazaar | Browse Checking your browser
https://
bazaar.abuse.ch
/sample/2bb49909ef6d4200d177dbaaa400ab01b185201c8e21b418c5bef53ce09e6cd5/
4 Posts
Needles Without The Thread: Threadless Process Injection - Ceri Coburn - YouTube
https://
www.youtube.com
/watch?v=z8GIjk0rfbI
4 Posts
GhostToken GCP flaw let attackers backdoor Google accounts
https://
www.bleepingcomputer.com
/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google-accounts/
3 Posts
billy leonard on Twitter: "TAGs favorite 🤖 @wxs has been finding new FROZENLAKE (APT2⃣8⃣) daily, including XSS on 🇺🇦 gov websites they are using for cred phishing. For the past few months, FL has been shipping phished creds to compromised Ubiquiti devices .. 6/🧵" / Twitter
https://
twitter.com
/billyleonard/status/1648699008263520257
3 Posts
Chetan Nayak (Brute Ratel C4 Author) on Twitter: "So here goes my journey of Brute Ratel...I usually never talk about it because it wasn't pleasant but over the past two years I was finally able to make peace with it. Here goes my roller coaster ride... I completed my graduation in accounting in 2013 but could not clear my CFA…" / Twitter
https://
twitter.com
/i/web/status/1649135466258759680
3 Posts
3CX Breach Was a Double Supply Chain Compromise – Krebs on Security
https://
krebsonsecurity.com
/2023/04/3cx-breach-was-a-double-supply-chain-compromise/
3 Posts
YaraDBG v0.0.2
https://
yaradbg.dev
/
3 Posts
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
https://
www.bleepingcomputer.com
/news/security/university-websites-using-mediawiki-twiki-hacked-to-serve-fortnite-spam/
3 Posts
Attackers use abandoned WordPress plugin to backdoor websites
https://
www.bleepingcomputer.com
/news/security/attackers-use-abandoned-wordpress-plugin-to-backdoor-websites/
3 Posts
Threat Advisory: Undetected North Korean Malware: A Looming Threat to Financial Institutions
https://
www.bridewell.com
/insights/news/detail/cti-advisory-undetected-nk-malware
3 Posts
Speak – BSides Belfast
https://
bsidesbelfast.org
/speak
3 Posts
Randori Attack Team on Twitter: "We've been able to trigger CVE-2023-21554 AKA #QueueJumper, a recently patched RCE in Microsoft’s Message Queueing Service reported by @_CPResearch_. We can confirm it appears exploitable. IOCs and more: https://t.co/NxMiZIAb9P" / Twitter
https://
twitter.com
/RandoriAttack/status/1649170230797541378
3 Posts
GitHub - Orange-Cyberdefense/GOAD: game of active directory
https://
github.com
/Orange-Cyberdefense/GOAD
3 Posts
Mullvad VPN was subject to a search warrant. Customer data not compromised - Blog | Mullvad VPN
https://
mullvad.net
/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/
3 Posts
FortiMailを侵入経路としたインシデントについての事例紹介, Yuki Suzuki
https://
insight-jp.nttsecurity.com
/post/102i448/fortimail
3 Posts
GitHub - BC-SECURITY/Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
https://
github.com
/BC-SECURITY/Empire
3 Posts
Compromising Garmin's Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine - Anvil Secure
https://
www.anvilsecure.com
/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html
3 Posts
Ricerca Security on Twitter: "🚩Ricerca CTF 2023 registration is open🚩 We’ve just opened the registration for #RicercaCTF 2023 which starts tomorrow, Apr 22 (Sat) 01:00 UTC. Visit https://t.co/y78HU6jNSm to play the CTF. Challenges with a wide range of difficulty from rev, pwn, crypto, web, etc." / Twitter
https://
twitter.com
/RicercaSec/status/1649322080264163331
3 Posts
Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan | Recorded Future
https://
www.recordedfuture.com
/xiaoqiying-genesis-day-threat-actor-group-targets-south-korea-taiwan
3 Posts
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
https://
thehackernews.com
/2023/04/ghosttoken-flaw-could-let-attackers.html
3 Posts
BlueHat IL 2023 - Benny Zeltser & Jonathan Lusky - RingHopper – Hopping from User-space to God Mode - YouTube
https://
www.youtube.com
/watch?v=CJDv_bcIQx0
3 Posts
Chris Duggan on Twitter: "🚨🔥TA444 #C2 IP Alert!🔥🚨 Our Feb report on 104.255.172.56 now shows intriguing activity! 🔍Hash: 8a7ba38d597e8230609df4153039d1bb898479d486e653a6d92d206dd4848c80 🌐💥 "Fast Changes in the StableCoin" ⚡💱🔄 ☠️💻 #Lazarus on the move!👣🌏 🔗https://t.co/ignzZ2L5D4… https://t.co/P9GdDK1nRP" / Twitter
https://
twitter.com
/i/web/status/1649139722059411507
3 Posts
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
https://
thehackernews.com
/2023/04/fortra-sheds-light-on-goanywhere-mft.html
3 Posts
Trimarc on Twitter: "New Trimarc webinar on deck! Saving The Marriage: Easy Wins So vSphere and Active Directory Can Live Happily Ever After. Thursday June 15th 2pm ET / 11am PT / 1900 UTC https://t.co/NyZVe6GVR0" / Twitter
https://
twitter.com
/TrimarcSecurity/status/1647054186926710784
3 Posts
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
https://
www.wired.com
/story/3cx-supply-chain-attack-times-two/
3 Posts
Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction - USNI News
https://
news.usni.org
/2023/04/20/ransomware-attack-hits-marinette-marine-shipyard-results-in-short-term-delay-of-frigate-freedom-lcs-construction
3 Posts
Michael Koczwara on Twitter: "Hunting C2 redirections 🎯 Just with a few clicks, you can catch all of them nicely 🤝 Threat Actor infra⚡️ /weatherth.com [namcheap register fresh one 7 days old] /www.weatherjps.com 119.42.149.2 119.42.149.3 119.42.149.4 119.42.149.5 119.42.149.6 All of them are… https://t.co/eg83KZcvBF" / Twitter
https://
twitter.com
/i/web/status/1649376010788298758
3 Posts
proxmox | Mayfly
https://
mayfly277.github.io
/categories/proxmox/
3 Posts
Dropbox - Empire Wiki
https://
bc-security.gitbook.io
/empire-wiki/listeners/dropbox
3 Posts
'RustBucket' malware targets macOS
https://
www.jamf.com
/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
3 Posts
Release YARA v4.3.1 · VirusTotal/yara · GitHub
https://
github.com
/VirusTotal/yara/releases/tag/v4.3.1
3 Posts
GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
https://
github.com
/Hackplayers/evil-winrm
3 Posts
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
https://
github.com
/optiv/ScareCrow
3 Posts
CYBERWARCON - YouTube
https://
youtube.com
/@cyberwarcon
3 Posts
Sebastien Larinier on Twitter: "After a year to work on this version, with @tomchop_ we are proud to annonce a new version of Yeti 🤩🤩🤩 the changes are explained here: https://t.co/y3k2ptgUqo and to test this new version it's here ! https://t.co/kwYSoVNo9F #CTI #python #threatintel" / Twitter
https://
twitter.com
/Sebdraven/status/1649405214477152265