Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#cyberattack

11 posts7 participants1 post today
Public
Opalsec :verified:

👋 Ready for a fresh day of Cyber horrors? Me neither!

Oh well, here you go: opalsec.ghost.io/daily-news-up

Here's a few of the key items to be aware of:

🚨 Palo Alto GlobalProtect Scans: Observed a significant spike in scans targeting Palo Alto Network GlobalProtect login portals, possibly prior to new exploit releases. Time to audit those logs! 🧐

🇨🇳 China as Top Cyber Threat: Gen. Paul Nakasone (former NSA/Cyber Command Head) highlights China's unprecedented cyber activities, including malicious code in critical infrastructure and rapid exploitation of vulnerabilities. It's time to rethink our defense strategies! 🛡️

🇰🇵 North Korean IT Worker Expansion: North Korean "IT warriors" are infiltrating European companies, using fake identities to secure remote work and fund their regime. Stay vigilant and double-check those remote hires! 🕵️

🔑 Identity Flaws in Breaches: A new report indicates 60% of incidents involved an identity attack, with compromised valid accounts being a top initial access vector. Focus on robust MFA, least privilege, and AD security! 🔒

Read the full post for all the details and more actionable insights, and if you want all this straight to your inbox, you're in luck! 👉 opalsec.ghost.io/daily-news-up

Opalsec · Daily News Update: Wednesday, April 2, 2025 (Australia/Melbourne)Increased scans of Palo Alto GlobalProtect devices may indicate imminent attack. Nakasone names China the biggest Cyber threat to the US. DPRK expands prolific IT Worker campaigns to Europe. Talos finds Identity a key culprit in 69% of Ransomware incidents.
#Cybersecurity#InfoSec#ThreatIntel
Public
Opalsec :verified:

The North Koreans and Russians have been busy, Insiders abound, and attacker tradecraft continues to evolve!

Catch all this and more in our latest wrap-up of the day's news:

🗞️ opalsec.io/daily-news-update-m

There are a few noteworthy stories to get across - here's the TL;DR to get you up to speed:

🕵️ North Korean Infiltration: This is way bigger than many think. DPRK nationals are landing jobs inside global companies, gaining privileged access ("keys to the kingdom" level!). DTEX reports active investigations in 7% of their Fortune Global 2000 clients, and CrowdStrike notes nearly 40% of their NK-related IR cases involved insiders. They move fast post-hire, pivoting to supply chains and installing RATs disguised as onboarding. Watch out for highly anomalous login behaviour (like days-long sessions!). Rigorous remote hiring checks (camera on, resume checks, comms style) are crucial.

🎣 ClickFix Tactics by Lazarus: The infamous North Korean group is evolving its 'Contagious Interview' campaign (now dubbed 'ClickFake' by Sekoia). They're targeting crypto job seekers (shifting focus to non-tech roles too!) with fake website/document errors ('ClickFix'). These prompt users to run PowerShell/curl commands, dropping the 'GolangGhost' backdoor. Watch out for lures impersonating giants like Coinbase or Kraken. Sekoia has shared YARA rules – definitely worth checking out.

💻 WordPress MU-Plugin Abuse: Bad actors are getting stealthy by hiding malicious code in WordPress "Must-Use Plugins" (wp-content/mu-plugins/). These execute automatically on every page load without activation, making them hard to spot. Sucuri is seeing redirects to fake browser updates, webshell backdoors fetching code from GitHub, and JS hijackers replacing content or links. Keep those instances patched, clean up unused plugins/themes, and lock down admin accounts (MFA!).

Check out what else happened in the past 24 hours, and subscribe to get each edition straight to your inbox:
📨 opalsec.io/daily-news-update-m

Opalsec · Daily News Update: Monday, April 1, 2025 (Australia/Melbourne)DPRK actors actively infiltrate global businesses, gaining privileged access and pivoting to 3rd parties. Lazarus adopts "ClickFix" tactics, luring job seekers and targeting non-technical roles. Attackers abuse malicious WordPress mu-plugins, a stealthy technique to inject code into every page.
#CyberSecurity#InfoSec#ThreatIntelligence
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!

It includes the following and much more:

➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,

#Trump administration accidentally texted a journalist its war plans,

➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,

#Cyberattack hits Ukraine's state railway,

➝ Troy Hunt's Mailchimp account was successfully phished,

#OpenAI Offering $100K Bounties for Critical #Vulnerabilities,

#Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 13/2025DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
Public
Opalsec :verified:

Hey #CyberSecurity pros! 👋 Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

🗞️ opalsec.io/daily-news-update-t

Here's a quick rundown of what's inside:

🕵️‍♂️ FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

🗄️ RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

😬 StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

🏛️ NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

👨‍🎓 NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

💰 Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

🤖 Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

🚨 Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

👦 UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here 👉 opalsec.io/daily-news-update-t

Opalsec · Daily News Update: Thursday, March 27, 2025 (Australia/Melbourne)Audio Summary: Thursday, March 27, 2025 (Australia/Melbourne)0:00/292.1521× Chinese ‘FamousSparrow’ Hackers Resurface The Chinese government-backed hacking group FamousSparrow, thought to be dormant since 2022, has allegedly been targeting organisations in the U.S., Mexico, and Honduras. ESET researchers discovered suspicious activity on a U.S. trade
#InfoSec#DataBreach#Ransomware
Public *
Opalsec :verified:

Hey Cyber Security Pros! 👋

Ready to dive into the latest security updates and breaches that should be on your radar? We've got you covered.

🗞️ opalsec.io/daily-news-update-w

At a high level, here are the main stories:

- EncryptHub's Zero-Day Exploits: Trend Micro links EncryptHub (a.k.a. Water Gamayun) to attacks leveraging a Microsoft Management Console (MMC) zero-day vulnerability (CVE-2025-26633). Discover how they're bypassing Windows protections and deploying various payloads.

- Windows NTLM Hash Leak Zero-Day: A new zero-day flaw allows remote attackers to steal NTLM credentials. Learn how this vulnerability affects all Windows versions and how 0Patch is providing unofficial fixes. Don't forget about those older, unpatched vulnerabilities too!

- HaveIBeenPwned Gets Phished: Even security experts aren't immune! Troy Hunt shares his experience of a sophisticated Mailchimp phishing attack. Lessons learned on OTP security and the importance of monitoring password manager behavior.

- Oracle Breach Controversy: Customers are confirming the legitimacy of leaked data despite Oracle Cloud's denial. Could this lead to supply chain and ransomware attacks? Ensure you're rotating those SSO and LDAP credentials and enforcing strong MFA!

- Astral Foods Cyberattack: South Africa's largest chicken producer faced a $1 million loss due to a recent cyberattack.

- Android Malware Evolution: New Android malware is using .NET MAUI to evade detection. Learn how it's disguising itself and targeting users in China and India.

- CS2 Phishing Attacks: Browser-in-the-Browser attacks are targeting Counter-Strike 2 players' Steam accounts.

- VMware Tools Vulnerability: Broadcom warns of an authentication bypass vulnerability in VMware Tools for Windows. Update those systems ASAP!

- CrushFTP Unauthenticated Access Flaw: CrushFTP warns users to patch an unauthenticated HTTP(S) port access vulnerability.

- Kubernetes IngressNightmare: Wiz researchers uncovered critical vulnerabilities in Ingress-Nginx Controller that could lead to complete cluster takeovers.

- Trump Officials' Signal SNAFU: High-profile officials accidentally shared classified Yemen airstrike plans in a Signal group with a journalist.

- FCC Investigates Huawei: The FCC is scrutinizing Chinese manufacturers for circumventing US regulations.

- Privacy-Boosting Tech: A new report suggests governments should prioritize privacy-enhancing technologies to prevent breaches.

Check out the full blog post 👉 opalsec.io/daily-news-update-w

Opalsec · Daily News Update: Wednesday, March 26, 2025 (Australia/Melbourne)Audio Summary: Wednesday, March 26, 2025 (Australia/Melbourne)0:00/305.0161× EncryptHub Linked to MMC Zero-Day Attacks on Windows Systems Trend Micro have linked the threat actor EncryptHub to attacks exploiting a zero-day vulnerability in Microsoft Management Console (MMC) vulnerability dubbed 'MSC EvilTwin' (CVE-2025-26633), as far back as April
#cybersecurity#infosec#securitybreach
ExploreLive feeds
About