Sekoia tracked and monitored adversary C2 infrastructures set up and used by lucrative and state-sponsored intrusion sets to carry out malicious cyber activities. Their analysts identified more than 85,000 IP addresses used as C2 servers in 2023, an increase of more than 30% compared to 2022. (No IOC listed.)
The democratisation of phishing kits, particularly those capable of relaying Multi-Factor Authentication (MFA) challenges, has become a dominant trend. Phishing-as-a-Service platforms like EvilProxy and NakedPages have lowered the technical barriers for conducting adversary-in-the-middle attacks, with a notable rise in Microsoft 365 account compromises observed in the latter half of the year.
You are KIDDING ME, #Synology! With THIS cost I could buy HOW MANY hard drives and new Synology units - and do it myself and NOT have the ongoing cost of #C2 services! @siracusa@caseyliss
Sophos X-Ops is raising the alarm to the #hotel industry, warning that threat actors appear to be using requests or complaints as a lure to convince front-desk workers to infect their own computers with password stealing #malware. 1/
We found that many of the samples were variants of #malware alternately called #Redline Stealer or #Vidar Stealer. They connect to #Telegram to get their #C2 address, then transmit stolen data to it.
Getting around to reading the 'new' "Absolute minimum" blog post about dev knowledge about #Unicode, and I assume parts of it are going to rub me the wrong way
I am nearly sure that the article is wrong in saying that editing a ZWJ sequence addressing individual codepoints is incorrect behavior. I admit that the example of backspacing over a "family" sequence is going to be confusing to users, but to say it's wrong is just muddying the waters IMO.
The relevant specification of behavior is UTS-51 ("Unicode Emoji"), and the relevant conformance requirement is C2:
Just released some research and a proof-of-concept tool on leveraging DuckDuckGo’s image proxy as a C2 channel. Was a quick side project that led in an interesting direction.
Sophos X-Ops is currently tracking a campaign by threat actors targeting unpatched #Citrix#NetScaler systems exposed to the internet. Our data indicates strong similarity between #attacks using CVE-2023-3519 delivering #malware and #webshells and previous attacks using a number of the same #TTPs.
I just knew our kababayan would be there. The only question was how many 😨
The Philippine government is preparing to evacuate #Filipinos from #Sudan, a country caught in a deadly power struggle between the military and paramilitary groups. President Ferdinand Marcos Jr. has requested more information to ensure the safety of around 300 Filipinos in the African country.
The 3rd plane is a #KC767 aerial refueling plane. The rescue team from #Japan is coming in fully prepared. They're throwing in 370 personnel from the Ground and Air Self-Defense forces.
"The three planes, including a #C130 and #C2 transport aircraft, will be stationed in #Djibouti, a country in the #HornOfAfrica about 1,200 kilometers southeast of #Khartoum, the capital of #Sudan, while the ministry and #SDF assess the situation.. "
Footnote: The Kawasaki #C2 transport aircraft is designed to carry heavy equipment. A truck crane or even a wheeled tank destroyer. But my guess is that it's probably carrying this 👇 | #Japan#Sudan
🌊 #introduction HI! I'm a security researcher interested in weird things on the Internet. In particular, I love following rabbit holes around phishing emails and infrastructure, C2s, and botnets.
I got my start in tech in data science, where I helped colleagues find users who were doing "weird" and "interesting" things with our company's software. They wanted to find users who were pushing the boundaries of the software, not doing nefarious things, necessarily.
TL;DR I've spent most of my career looking for weird stuff in data.
Now, I'm especially interested in applications of data science methods–including but NOT limited to AI/ML–to problems in the infosec space.
Excited to see the community here and get to know others with similar interests! #phishing#c2#botnet#cybersecurity#ai#machinelearning