Trellix: Threat actors, including APTs, are abusing the Discord application for payload delivery, information stealing and data exfiltration. Trellix identified several malware families leveraging Discord's capabilities to conduct their operations, uncovering when they started abusing them. IOC provided. Link:https://www.trellix.com/en-us/about/newsroom/stories/research/discord-i-want-to-play-a-game.html
What's the latest thinking on installing software on #Linux? Should I use #apt and connect directly to repositories? I'm using #PopOS and their "Pop! Shop" uses flatpak. Personally, I think I prefer using their flatpak thing but am I missing a benefit from using apt?
**Symantec:**new APT Grayling targets Taiwanese organizations in manufacturing, IT, and biomedical... as well as Pacific Island government org, Vietnam and U.S. orgs. Activity from February to May 2023. They exploit public facing applications, use DLL side-loading, and load custom malware and multiple publicly available tools. IOC provided. Link:https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks
ESET assesses with medium confidence that a cyberespionage campaign targeting a Guyana government entity is linked to a China-aligned threat actor. Initial infection was through spearphishing emails. ESET detailed the use of a new C++ backdoor dubbed DinodasRAT used for C2, with the exfiltrated data encrypted using the Tiny Encryption Algorithm (TEA). The threat actors also deployed Korplug. IOC provided. Link:https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/
"🚨 Juniper Firewalls Under Siege: Over 12,000 Vulnerable Devices Exposed! 🔥"
New research reveals nearly 12,000 internet-facing Juniper firewall devices are susceptible to a recently disclosed remote code execution flaw. The vulnerability, identified as CVE-2023-36845, allows an unauthenticated remote attacker to execute arbitrary code without creating a file on the system. This medium-severity flaw in the J-Web component of Junos OS can be weaponized by adversaries to control certain environment variables. Juniper Networks patched this alongside other vulnerabilities last month. A proof-of-concept (PoC) exploit by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload malicious PHP files and achieve code execution. Jacob Baines points out, "Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure." Juniper has acknowledged the vulnerability but is unaware of any successful exploits against its customers. However, they've detected exploitation attempts in the wild, urging users to apply necessary patches. 🛡️
Elevator pitch: full remote USA/Canada, the job is to team up with the other team members to hunt for state-aligned activity in the richest email-centric telemetry I know of in the whole security vendor space. You will triage, cluster, analyze and attribute suspected state-aligned activity to generate top-of-the-line threat intelligence and have a real day-to-day impact in keeping Proofpoint customers safe.
Hi Debian 12 users, I have an installation question :
Debian 12 activates the non-free-firmware component for apt by default. However, nvidia drivers (which, sadly, I need) are still packaged in the non-free component, which is not activated by default. In a netinst iso, is there any way to control which components are added to the sources.list ?
If you want out of their broken xfce desktop and need to burn a new ISO, install Gnome.
KDE would not let me switch between windows, because of Rhino Linux's configs somewhere conflicted. Additionally, you could not move or close windows either, so you end up with windows over windows.
XFCE wouldn't even display in the boot menu or start via the terminal.
Balena Etcher would ask for sudo but Either would hide the sudo menu prompt.
Nach Erkenntnissen des Bundesamtes für #Verfassungsschutz (#BfV) ist seit Ende 2022 von konkreten Ausspähversuchen der #APT-Gruppe #CharmingKitten gegen iranische Personen und Organisationen in Deutschland auszugehen.
Insbesondere warnt das BfV im "Cyber-Brief Nr. 01/2023" vom 10. August 23 vor #Phishing-Angriffen gegen #Dissidenten-Organisationen und Einzelpersonen – wie Juristen, Journalisten oder #Menschenrechtsaktivisten – innerhalb und außerhalb des #Iran.
russian APT phished government employees via Microsoft Teams
An #APT group linked to russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with #phishing attacks via Microsoft Teams, says #Microsoft
Microsoft says that the targets in this campaign were government and non-government organizations, and organizations in the IT services, technology, discrete manufacturing, and media sectors