Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
12 résultats taggé medium  ✕
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination https://medium.com/@callyso0414/tracing-ransomware-threat-actors-through-stylometric-analysis-and-chat-log-examination-23f0f84abba8
28/06/2023 21:24:41
QRCode
archive.org
thumbnail

I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)

callyso0414 YUCA medium EN 2023 ransomware logs log chats Stylometric Analysis
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service https://medium.com/checkmarx-security/who-broke-npm-malicious-packages-flood-leading-to-denial-of-service-77ac707ddbf1
05/04/2023 08:42:35
QRCode
archive.org
thumbnail

We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…

checkmarx-security EN 2023 NPM spam campaign flood DoS scam medium
A Fake Project Related to the Sandbox Malspam https://iamdeadlyz.medium.com/pureland-a-fake-project-related-to-the-sandbox-malspam-13b9abe751d1#c03b
20/03/2023 20:47:35
QRCode
archive.org
thumbnail

On February 27, 2023, a “The Sandbox” employee was compromised, resulting in sending malspam which introduced them to “PureLand”. It leads to a RedLine Stealer and an unknown stealer for macOS. A…

iamdeadlyz EN 2023 medium Malspam PureLand macos Redline stealer
CashRewindo: How to age domains for an investment scam like fine scotch https://blog.confiant.com/cashrewindo-how-to-age-domains-for-an-investment-scam-like-fine-scotch-a48d22788c84
30/11/2022 09:57:13
QRCode
archive.org

Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker.

confiant EN 2022 Medium CashRewindo investment scam analysis
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year https://medium.com/checkmarx-security/lofygang-aad0c32d801c
10/10/2022 06:26:22
QRCode
archive.org
thumbnail

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.

Medium LofyGang EN 2022 Jossef_Harush npm supply-chain attack
The Majority of PostgreSQL Servers on the Internet are Insecure https://innerjoin.bit.io/the-majority-of-postgresql-servers-on-the-internet-are-insecure-f1e5ea4b3da3
09/10/2022 00:09:25
QRCode
archive.org

At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.

innerjoin.bit.io EN 2022 PostgreSQL research Insecure internet medium
MSSQL, meet Maggie. A novel backdoor for Microsoft SQL… https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01
05/10/2022 23:20:17
QRCode
archive.org
thumbnail

Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…

DCSO_CyTec EN 2022 Medium Maggie backdoor malware MicrosoftSQL servers
ProxyNotShell— the story of the claimed zero days in Microsoft Exchange https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9
02/10/2022 10:20:25
QRCode
archive.org

Yesterday, cybersecurity vendor GTSC Cyber Security dropped a blog saying they had detected exploitation of a new Microsoft Exchange zero…

ProxyNotShell doublepulsar EN 2022 Medium KevinBeaumont ProxyNotShell CVE-2022–41040 CVE-2022–41082
An inside view of domain anonymization as-a-service https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145
17/08/2022 14:47:33
QRCode
archive.org
thumbnail

One, if not the main, challenge with producing good intelligence is to have access to the right information at the right moment. The right telemetry from the right angle helps you to detect and dig…

medium EN 2022 Ancel anonymization-as-a-service intelligence BraZZZerSFF BraZZZerS
Investigation report about the abuse of the Mac Appstore | by Privacy1St https://privacyis1st.medium.com/abuse-of-the-mac-appstore-investigation-6151114bb10e
01/08/2022 21:48:46
QRCode
archive.org
thumbnail

This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…

privacyis1st medium EN 2022 Apple developer investigation app macos AppStore abuse malicious
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs) https://medium.com/asecuritysite-when-bob-met-alice/crypto-bug-in-samsung-galaxy-devices-breaking-trusted-execution-environments-tees-b442f9dea77f
06/03/2022 09:54:50
QRCode
archive.org
thumbnail

If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.

asecuritysite bug samsung galaxy EN 2022 CVE-2021-25444 medium CVE-2021–25490
2022 Russia-Ukraine war — Cyber group tracker https://cyberknow.medium.com/2022-russia-ukraine-war-cyber-group-tracker-6e08ef31c533
28/02/2022 14:01:02
QRCode
archive.org
thumbnail

A tracker to collate cyber groups engaged in cyber activities during the Russia-Ukraine war 2022.

Medium Cyberknow 2022 EN tracker gangs cyberwar engaged Russia Ukraine
1765 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio