Mindly.Social

5 posts4 participants0 posts today

2somethingEDIT: It magically started working right after I posted this. I am struggling to switch from Google Calendar to Nextcloud calendar. I exported my Google Calendar data as an <code>.ics</code> file. Then I went to Nextcloud (web client), clicked on the Calendar tab, clicked settings, clicked "import calendar," and uploaded my data... and then nothing happened. None of my events showed up on my Nextcloud calendar. How do I fix this? I wanna leave Google Calendar. <a href="https://transfem.social/tags/Nextcloud" rel="nofollow noopener noreferrer" target="_blank">#Nextcloud</a> <a href="https://transfem.social/tags/NextcloudCalendar" rel="nofollow noopener noreferrer" target="_blank">#NextcloudCalendar</a> <a href="https://transfem.social/tags/ICS" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://transfem.social/tags/GoogleCalendar" rel="nofollow noopener noreferrer" target="_blank">#GoogleCalendar</a>

Sam Stepanyan :verified: 🐘<a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ivanti</a>: Critical Ivanti Connect Secure <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> Vulnerability CVE-2025-22457 (CVSS score: 9.0) is Actively Exploited by Attackers to Deploy TRAILBLAZE and BRUSHFIRE Malware. Patch now! 👇 <a href="https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html</a>

OTX BotDeobfuscating APT28's HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer ObfuscationThis analysis delves into APT28's cyber espionage campaign targeting Central Asia and Kazakhstan diplomatic relations, focusing on their HTA Trojan. The malware employs advanced obfuscation techniques, including VBE (VBScript Encoded) and multi-layer obfuscation. The investigation uses x32dbg debugging to decode the obfuscated code, revealing a custom map algorithm for character deobfuscation. The process involves decoding strings using embedded characters from Windows vbscript.dll. The analysis identifies the use of Microsoft's Windows Script Encoder (screnc.exe) to create VBE files. By employing various deobfuscation techniques, including a Python script, the final malware sample is extracted and analyzed, showcasing APT28's evolving tactics in cyber espionage.Pulse ID: 67efc6e712b49d46c1423ca9 Pulse Link: <a href="https://otx.alienvault.com/pulse/67efc6e712b49d46c1423ca9" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67efc6e712b49d46c1423ca9</a> Pulse Author: AlienVault Created: 2025-04-04 11:47:51Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/APT28" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT28</a> <a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/CentralAsia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CentralAsia</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Kazakhstan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kazakhstan</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VBS</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotRussian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing CampaignA Russian-speaking threat actor has launched a new phishing campaign using Cloudflare-branded pages themed around DMCA takedown notices. The attack abuses the ms-search protocol to deliver malicious LNK files disguised as PDFs. Once executed, the malware communicates with a Telegram bot to report the victim's IP address before connecting to Pyramid C2 servers. The campaign leverages Cloudflare Pages and Workers services to host phishing pages, and uses an open directory to store malicious files. The infection chain includes PowerShell and Python scripts, with incremental changes in tactics to evade detection. The actors' infrastructure spans multiple domains and IP addresses, primarily using Cloudflare's network.Pulse ID: 67efc6ed5285702a3440969a Pulse Link: <a href="https://otx.alienvault.com/pulse/67efc6ed5285702a3440969a" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67efc6ed5285702a3440969a</a> Pulse Author: AlienVault Created: 2025-04-04 11:47:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telegram</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Wokebloke for DemocracyNot sure if the American Gestapo cares about bad publicity, but here's one detainee story that's getting coverage.<a href="https://www.npr.org/2025/04/02/nx-s1-5341465/jasmine-mooney-canadian-actress-ice-detention" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.npr.org/2025/04/02/nx-s1-5341465/jasmine-mooney-canadian-actress-ice-detention</a> <a href="https://libretooth.gr/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://libretooth.gr/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trump</a> <a href="https://libretooth.gr/tags/Fascism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fascism</a>

AntoineÐPour une semaine d’événement, un agenda sur NextCloud a été créé et c’est super. Par contre pour en faire une version imprimée c’est moche et peu lisible… Est‑ce que vous connaissez des outils qui convertissent des .ics en un visuel lisible et beau ? <a href="https://kwak.cab/tags/agenda" rel="nofollow noopener noreferrer" target="_blank">#agenda</a> <a href="https://kwak.cab/tags/calendrier" rel="nofollow noopener noreferrer" target="_blank">#calendrier</a> <a href="https://kwak.cab/tags/ics" rel="nofollow noopener noreferrer" target="_blank">#ics</a>

⠠⠵ avuko<a href="https://infosec.exchange/@otmar" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@otmar</a> Can we please advise people to not turn their Ivanti Connect Secure (ICS) Version 9.x off? It is better to disconnect such devices from all networks and get your IR/CERT/SOC to take an HD image and memory dump*. Then turn it off.*) Contact your Ivanti rep to tell you how, because of course they've put all info behind their customer login.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/IvantiConnectSecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IvantiConnectSecure</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a>

Seth GroverThis has been a busy month for Malcolm! I pushed hard to get <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.<a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.03.1</a> contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.NOTE: If you have not already upgraded to v25.03.0, read the notes for <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.02.0" rel="nofollow noopener noreferrer" target="_blank">v25.02.0</a> and <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> and follow the Read Before Upgrading instructions on those releases.<a href="https://github.com/cisagov/Malcolm/compare/v25.03.0...v25.03.1" rel="nofollow noopener noreferrer" target="_blank">Changes in this release</a><ul><li>✨ Features and enhancements<ul><li>Incorporate new S7comm device identification log, <code>s7comm_known_devices.log</code> (<a href="https://github.com/cisagov/malcolm/issues/622" rel="nofollow noopener noreferrer" target="_blank">#622</a>)</li><li>Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux <a href="https://malcolm.fyi/docs/hedgehog-boot.html#HedgehogKioskMode" rel="nofollow noopener noreferrer" target="_blank">Kiosk mode</a> (<a href="https://github.com/cisagov/malcolm/issues/566" rel="nofollow noopener noreferrer" target="_blank">#566</a>)</li><li>Keycloak authentication: configurable group or role membership restrictions for login (<a href="https://github.com/cisagov/malcolm/issues/633" rel="nofollow noopener noreferrer" target="_blank">#633</a>) (see <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank">Requiring user groups and realm roles</a>)</li><li>Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (<a href="https://github.com/cisagov/malcolm/issues/573" rel="nofollow noopener noreferrer" target="_blank">#573</a>)</li><li>Added "Apply recommended system tweaks automatically without asking for confirmation?" question to <code>install.py</code> to allow the user to accept changes to <code>sysctl.conf</code>, grub kernel parameters, etc., without having to answer "yes" to each one.</li></ul></li><li>✅ Component version updates<ul><li>Arkime to <a href="https://github.com/arkime/arkime/blob/8c014b0e4e5c9a4dca05780b172def120a50bf30/CHANGELOG#L37-L52" rel="nofollow noopener noreferrer" target="_blank">v5.6.2</a></li><li>evtx to <a href="https://github.com/omerbenamram/evtx/releases/tag/v0.9.0" rel="nofollow noopener noreferrer" target="_blank">v0.9.0</a></li><li>Fluent Bit to <a href="https://github.com/fluent/fluent-bit/releases/tag/v3.2.10" rel="nofollow noopener noreferrer" target="_blank">v3.2.10</a></li><li>gunicorn to <a href="https://github.com/benoitc/gunicorn/releases/tag/23.0.0" rel="nofollow noopener noreferrer" target="_blank">v23.0.0</a> to address <a href="https://github.com/advisories/GHSA-hc5x-x2vx-497g" rel="nofollow noopener noreferrer" target="_blank">CVE-2024-6827</a>, "Gunicorn HTTP Request/Response Smuggling vulnerability"</li><li>Zeek to <a href="https://github.com/zeek/zeek/releases/tag/v7.1.1" rel="nofollow noopener noreferrer" target="_blank">v7.1.1</a></li></ul></li><li>🐛 Bug fixes<ul><li>Fix <code>install.py</code> error when answering yes to "Pull Malcolm images?" with podman (<a href="https://github.com/cisagov/malcolm/issues/604" rel="nofollow noopener noreferrer" target="_blank">#604</a>)</li><li>Order of user-provided tags from PCAP upload interface not preserved (<a href="https://github.com/cisagov/malcolm/issues/624" rel="nofollow noopener noreferrer" target="_blank">#624</a>)</li></ul></li><li>📄 Configuration changes (in <a href="https://malcolm.fyi/docs/malcolm-config.html#MalcolmConfigEnvVars" rel="nofollow noopener noreferrer" target="_blank">environment variables</a> in <a href="https://github.com/cisagov/Malcolm/blob/main/config" rel="nofollow noopener noreferrer" target="_blank"><code>./config/</code></a>) for Malcolm and in <a href="https://github.com/cisagov/Malcolm/blob/main/hedgehog-iso/interface/sensor_ctl/control_vars.conf" rel="nofollow noopener noreferrer" target="_blank"><code>control_vars.conf</code></a> for Hedgehog Linux<ul><li>added <code>NGINX_REQUIRE_GROUP</code> and <code>NGINX_REQUIRE_ROLE</code> to <a href="https://github.com/cisagov/Malcolm/blob/main/config/auth-common.env.example" rel="nofollow noopener noreferrer" target="_blank"><code>auth-common.env</code></a> to support <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank">Requiring user groups and realm roles</a> for Keycloak authentication</li></ul></li><li>🧹 Code and project maintenance<ul><li>Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in <code>docker-compose.yml</code> at runtime.</li></ul></li></ul><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank">Downloading Malcolm - Installer ISOs</a> for instructions.As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.<a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malcolm</a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HedgehogLinux</a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zeek</a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arkime</a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetBox</a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSearch</a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Elasticsearch</a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suricata</a> <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSO</a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OIDC</a> <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keycloak</a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PCAP</a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkTrafficAnalysis</a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecuritymonitoring</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icssecurity</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INL</a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DHS</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISAgov</a>

Pyrzout :vm:More Solar System Vulnerabilities Expose Power Grids to Hacking <a href="https://www.securityweek.com/more-solar-system-vulnerabilities-expose-power-grids-to-hacking/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/more-solar-system-vulnerabilities-expose-power-grids-to-hacking/</a> <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerabilities</a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://social.skynetcloud.site/tags/Featured" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Featured</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a>/OT <a href="https://social.skynetcloud.site/tags/energy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#energy</a> <a href="https://social.skynetcloud.site/tags/solar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#solar</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a>

OTX BotOperation FishMedley targeting governments, NGOs, and think tanksESET researchers have uncovered a global espionage operation called Operation FishMedley, conducted by the FishMonger APT group, which is operated by the Chinese contractor I-SOON. The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The attackers used implants like ShadowPad, SodaMaster, and Spyder, which are common or exclusive to China-aligned threat actors. The operation involved sophisticated tactics including lateral movement, credential theft, and custom malware deployment. Seven victims were identified across various countries and sectors. The analysis provides technical details on the malware used, initial access methods, and command and control infrastructure.Pulse ID: 67dd406f6ba9eecd280aa95e Pulse Link: <a href="https://otx.alienvault.com/pulse/67dd406f6ba9eecd280aa95e" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67dd406f6ba9eecd280aa95e</a> Pulse Author: AlienVault Created: 2025-03-21 10:33:19Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ESET</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Europe</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/ISoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ISoon</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/ShadowPad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShadowPad</a> <a href="https://social.raytec.co/tags/UnitedStates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnitedStates</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

starfrosch :mastodon:Ebenso unglücklich bin ich beim Ersatz von <a href="https://mastodon.social/tags/GoogleCalendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleCalendar</a> auf <a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a>. Ich bin mal ruckzuck vom Regen in die Traufe auf <a href="https://mastodon.social/tags/Samsung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Samsung</a> Kalender umgestiegen, aber die Wochenansicht mit zwei abonnierten Kalender per <a href="https://mastodon.social/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ics</a> URL ist doch sehr, sehr bescheiden. Welche App könnt ihr mir empfehlen, die vor allem mit <a href="https://mastodon.social/tags/Usability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Usability</a> punktet? Danke für eure Hinweise. <a href="https://mastodon.social/tags/unplugtrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#unplugtrump</a>

Seth Grover<a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.03.0</a> adds 🔐 <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloak" rel="nofollow noopener noreferrer" target="_blank">authentication via Keycloak</a> and all that entails: single sign-on (SSO), identity providers, federation of LDAP/Kerberos servers, and more! Malcolm can connect to an <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakRemote" rel="nofollow noopener noreferrer" target="_blank">existing Keycloak server</a> or it can use its own <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakEmbedded" rel="nofollow noopener noreferrer" target="_blank">embedded Keycloak instance</a>. This release also includes a few component version updates.Please read the <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">release notes</a> from this release and from v25.02.0 for some things to check prior to updating.<a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.<a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malcolm</a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HedgehogLinux</a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zeek</a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arkime</a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetBox</a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSearch</a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Elasticsearch</a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suricata</a> <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSO</a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OIDC</a> <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keycloak</a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PCAP</a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkTrafficAnalysis</a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecuritymonitoring</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icssecurity</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INL</a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DHS</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISAgov</a>

Seth Grover<a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DHS</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> is big on the building community aspect of <a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malcolm</a> right now, so as part of that we'll be having our first "Malcolm Office Hours" this Thursday. The plan is to have this monthly, every third Thursday, at 12pm Eastern time for 30 minutes. Details for the office hours can be found <a href="https://github.com/cisagov/Malcolm/discussions/615" rel="nofollow noopener noreferrer" target="_blank">here</a>. We'll be figuring out what works with this as we go and adjusting the format as needed. We hope to see any of you who might be interested there!Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.<a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HedgehogLinux</a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zeek</a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arkime</a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetBox</a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSearch</a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Elasticsearch</a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Suricata</a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PCAP</a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkTrafficAnalysis</a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecuritymonitoring</a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icssecurity</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INL</a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISAgov</a>

Nicco KunzmannThanks to the funding by <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a>, I added <a href="https://toot.wales/tags/event" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#event</a> sign up via email to the <a href="https://toot.wales/tags/OpenWebCalendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenWebCalendar</a>. In this tutorial, I show how to enable others to sign up to your events on your <a href="https://mastodon.xyz/@nextcloud" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nextcloud</a> <a href="https://toot.wales/tags/calendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#calendar</a>.Video: <a href="https://youtu.be/RnMz23p7UP0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/RnMz23p7UP0</a>Blog Post: <a href="https://open-web-calendar.quelltext.eu/news/2025-03-17-caldav-nextcloud-sign-up/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://open-web-calendar.quelltext.eu/news/2025-03-17-caldav-nextcloud-sign-up/</a><a href="https://toot.wales/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a> <a href="https://toot.wales/tags/caldav" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#caldav</a> <a href="https://toot.wales/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ics</a> <a href="https://toot.wales/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nextcloud</a>

mle✨Water utilities would get cybersecurity boost under bipartisan Senate bill: The Cybersecurity for Rural Water Systems Act would expand USDA’s Circuit Rider Program. <a href="https://cyberscoop.com/rural-water-utilities-cybersecurity-senate-bill/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cyberscoop.com/rural-water-utilities-cybersecurity-senate-bill/</a><a href="https://infosec.exchange/tags/water" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#water</a> <a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ics</a>

OTX BotCamera off: Akira deploys ransomware via webcamAkira, a prominent ransomware group, accounted for 15% of incidents in 2024, showcasing novel evasion techniques. In a recent attack, Akira circumvented an Endpoint Detection and Response (EDR) tool by compromising an unsecured webcam to deploy ransomware. After initial detection, the group pivoted to exploit IoT devices, particularly a vulnerable webcam running Linux. This allowed them to execute their Linux ransomware variant without EDR interference. The incident highlights the importance of comprehensive security measures, including IoT device monitoring, network segmentation, and regular audits. Key takeaways include prioritizing patch management for all devices, adapting to evolving threat actor tactics, and ensuring proper EDR implementation.Pulse ID: 67d046979aa7a5f6ddc6aa12 Pulse Link: <a href="https://otx.alienvault.com/pulse/67d046979aa7a5f6ddc6aa12" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67d046979aa7a5f6ddc6aa12</a> Pulse Author: AlienVault Created: 2025-03-11 14:20:07Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Akira" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Akira</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/EDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EDR</a> <a href="https://social.raytec.co/tags/Endpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Endpoint</a> <a href="https://social.raytec.co/tags/EndpointDetectionandResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EndpointDetectionandResponse</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/IoT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IoT</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RansomWare</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

🦅 🪿RKeller Photography🏳️‍🌈Light tunneling and squiggles.<a href="https://toot.community/tags/PhotoHour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhotoHour</a> <a href="https://toot.community/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#abstract</a> <a href="https://toot.community/tags/AbstractPhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AbstractPhotography</a> <a href="https://toot.community/tags/improvisation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#improvisation</a> <a href="https://toot.community/tags/night" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#night</a> <a href="https://toot.community/tags/nightphotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nightphotography</a> <a href="https://toot.community/tags/street" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#street</a> <a href="https://toot.community/tags/interstate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#interstate</a> <a href="https://toot.community/tags/I80" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#I80</a> <a href="https://toot.community/tags/icm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icm</a> <a href="https://toot.community/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ics</a> <a href="https://toot.community/tags/photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#photography</a> <a href="https://toot.community/tags/AltText" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AltText</a>

🦅 🪿RKeller Photography🏳️‍🌈Sprites & sinusoidal waves.Walking near I-80 last night so decided to head up to a nearby walking bridge that crosses it. Haven't done one of these in a few yrs. Don't have a cityscape as a backdrop to my traffic pics so I "liven" them up.<a href="https://toot.community/tags/StormHour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StormHour</a> <a href="https://toot.community/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ics</a> <a href="https://toot.community/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#abstract</a> <a href="https://toot.community/tags/AbstractPhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AbstractPhotography</a> <a href="https://toot.community/tags/photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#photography</a> <a href="https://toot.community/tags/AltText" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AltText</a>

OTX BotHighway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing ScamsA massive SMS phishing campaign targeting U.S. drivers exploits various toll systems, including E-ZPass, SunPass, and TxTag. The scam uses fake payment alerts sent via iMessage and SMS from foreign numbers to lure victims to fraudulent websites. Analysis reveals a pattern in domain names and infrastructure, with most phishing sites hosted on Chinese ASNs like Tencent and Alibaba Cloud. The campaign employs nginx web servers and constantly shifts tactics to evade detection. Over 2,000 complaints have been filed with the FBI's Internet Crime Complaint Center, prompting warnings from the FTC and toll authorities. The scam's effectiveness stems from the inconsistency in legitimate toll collection domain names, making it challenging for users to distinguish between real and fake websites.Pulse ID: 67cee3481de685393015d1b3 Pulse Link: <a href="https://otx.alienvault.com/pulse/67cee3481de685393015d1b3" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67cee3481de685393015d1b3</a> Pulse Author: AlienVault Created: 2025-03-10 13:04:08Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/FBI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FBI</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nginx</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMS</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotRussian State Actors: Development in Group AttributionsThis analysis explores the evolution of Russian state-backed cyber actors and their operations. It highlights the activities of several prominent groups, including UNC2589, APT44 (Sandworm), APT29, and APT28. These actors, associated with various Russian intelligence agencies, have been involved in global espionage, sabotage, and influence operations. The report details their targets, which include government organizations, critical infrastructure, and diplomatic entities across multiple countries. It also describes the groups' adaptation to new security measures and their use of advanced techniques such as zero-day exploits, social engineering, and living off the land tactics. The analysis emphasizes the importance of understanding these actors' methods for improving global cybersecurity resilience.Pulse ID: 67cc2ca27d4672d04ef4eb01 Pulse Link: <a href="https://otx.alienvault.com/pulse/67cc2ca27d4672d04ef4eb01" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67cc2ca27d4672d04ef4eb01</a> Pulse Author: AlienVault Created: 2025-03-08 11:40:18Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/APT28" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT28</a> <a href="https://social.raytec.co/tags/APT29" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT29</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Sandworm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sandworm</a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialEngineering</a> <a href="https://social.raytec.co/tags/Worm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Worm</a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroDay</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Recent searches

Search options

Administered by:

Server stats:

#ics