Mastodon Chapril

6 messages5 participants1 message aujourd’hui

Christoffer S.(google.com / Mandiant) Windows Remote Desktop Protocol: Remote to Rogue - Analysis of Novel Russian APT Campaign <a href="https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/</a>As always a very good write-up and detailed analysis of some novel use of RDP by Russian APTs. Involves signed RDP, and interesting proxy-behaviour.Worth reading (as always!)<a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://swecyb.com/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APT</a> <a href="https://swecyb.com/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> #

OTX BotStripe API Skimming Campaign: Additional Victims & InsightsA sophisticated web skimming campaign has been discovered, utilizing a legacy Stripe API to validate stolen payment details before exfiltration. The attack involves multiple stages, including malicious loader injection, decoding, and skimming. Jscrambler's research team identified 49 affected merchants and uncovered additional domains potentially involved in the campaign. The skimmers are tailored for each targeted site and exploit vulnerabilities in e-commerce platforms. The attackers employ minimal obfuscation and transmit stolen data without encryption. The campaign has been active since August 2024, primarily targeting WooCommerce and WordPress sites. To protect against such attacks, merchants are advised to implement real-time webpage monitoring and adopt hardened iframe implementations.Pulse ID: 67ef0694c316fa098bbc9279 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef0694c316fa098bbc9279" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ef0694c316fa098bbc9279</a> Pulse Author: AlienVault Created: 2025-04-03 22:07:16Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Encryption</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Nim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nim</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotGootloader Returns: Malware Hidden in Google Ads for Legal DocumentsThe Gootloader malware campaign has evolved its tactics, now using Google Ads to target victims seeking legal templates. The threat actor advertises legal documents, primarily agreements, through compromised ad accounts. Users searching for templates are directed to a malicious website where they are prompted to enter their email address. They then receive an email with a link to download a seemingly legitimate document, which is actually a zipped .JS file containing malware. When executed, the malware creates a scheduled task and uses PowerShell to communicate with compromised WordPress blogs. The campaign demonstrates a shift in Gootloader's strategy, moving from poisoned search results to controlled infrastructure for malware delivery.Pulse ID: 67ef0696f2790ccbd23c46a9 Pulse Link: <a href="https://otx.alienvault.com/pulse/67ef0696f2790ccbd23c46a9" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ef0696f2790ccbd23c46a9</a> Pulse Author: AlienVault Created: 2025-04-03 22:07:18Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/GootLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GootLoader</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Troll</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZIP</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

Pyrzout :vm:No hace falta pagar para tener un escritorio remoto: Rustdesk es Open Source y funciona a las mil maravillas en el móvil <a href="https://blog.elhacker.net/2025/04/rustdesk-escritorio-remoto-rdp-gratis.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.elhacker.net/2025/04/rustdesk-escritorio-remoto-rdp-gratis.html</a> <a href="https://social.skynetcloud.site/tags/softwarelibre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#softwarelibre</a> <a href="https://social.skynetcloud.site/tags/escritorio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#escritorio</a> <a href="https://social.skynetcloud.site/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rust</a> <a href="https://social.skynetcloud.site/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a>

OTX BotFake Cloudflare prompts spread LummaStealer via Infected WordPress sitesPulse ID: 67edfc250405a4fa45f016c0 Pulse Link: <a href="https://otx.alienvault.com/pulse/67edfc250405a4fa45f016c0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67edfc250405a4fa45f016c0</a> Pulse Author: cryptocti Created: 2025-04-03 03:10:29Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocti</a>

OTX BotFake Zoom Installer to Gain RDP Access & Deploy MalwarePulse ID: 67eb262df81eb135a2d0d383 Pulse Link: <a href="https://otx.alienvault.com/pulse/67eb262df81eb135a2d0d383" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eb262df81eb135a2d0d383</a> Pulse Author: cryptocti Created: 2025-03-31 23:33:01Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Zoom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zoom</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocti</a>

OTX BotFake Zoom Ends in BlackSuit RansomwareA malicious website mimicking Zoom led to the installation of a trojanized installer, initiating a multi-stage attack. The initial payload, d3f@ckloader, downloaded additional components, including SectopRAT. After nine days, the threat actor deployed Brute Ratel and Cobalt Strike beacons for lateral movement. They used various techniques for discovery and credential access, including LSASS memory dumping. The attacker employed QDoor for proxying RDP connections, facilitating data collection and exfiltration via the cloud service Bublup. The intrusion culminated in the deployment of BlackSuit ransomware across multiple systems using PsExec, with a total time to ransomware of 194 hours over nine days.Pulse ID: 67ea2ad332f874a45a095bed Pulse Link: <a href="https://otx.alienvault.com/pulse/67ea2ad332f874a45a095bed" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ea2ad332f874a45a095bed</a> Pulse Author: AlienVault Created: 2025-03-31 05:40:35Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Proxy</a> <a href="https://social.raytec.co/tags/PsExec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PsExec</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RansomWare</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/Zoom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zoom</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

F-DroidThis week in <a href="https://floss.social/tags/FDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FDroid</a> (TWIF) is live:- <a href="https://floss.social/tags/afreerdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#afreerdp</a> / <a href="https://floss.social/tags/freerdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#freerdp</a> big update for your <a href="https://floss.social/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a> needs - <a href="https://floss.social/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeltaChat</a> & <a href="https://floss.social/tags/ArcaneChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ArcaneChat</a> message edits & deletes - Hello new <a href="https://floss.social/tags/Fossify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fossify</a> Calc, goodbye old Calc - <a href="https://floss.social/tags/Jami" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Jami</a> welcomes <a href="https://floss.social/tags/Skype" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Skype</a> refugees + 7 new apps + 231 updates & 170 archived appsScroll by <a href="https://f-droid.org/2025/03/27/twif.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://f-droid.org/2025/03/27/twif.html</a>

OTX BotDollyWay Malware campaign Targets WordPress SitesThe full text of this year's Â£1.3bn World War Two-related cyber-attack on the Russian government, as compiled by the European Union's Institute for Strategic Studies.Pulse ID: 67dc0896bfa5087942de08a4 Pulse Link: <a href="https://otx.alienvault.com/pulse/67dc0896bfa5087942de08a4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67dc0896bfa5087942de08a4</a> Pulse Author: cryptocti Created: 2025-03-20 12:22:46Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Europe</a> <a href="https://social.raytec.co/tags/EuropeanUnion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EuropeanUnion</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocti</a>

OTX BotFake Cloudflare Verification Results in LummaStealer Trojan InfectionsA malicious campaign targeting Windows users through WordPress websites is deploying the LummaStealer trojan. Attackers use fake Cloudflare verification prompts to trick users into running malicious PowerShell commands. The infection is spread through compromised plugins or injected JavaScript in legitimate files. Victims are directed to execute commands that download and install the LummaStealer malware, which can steal sensitive data like login credentials and cryptocurrency information. The attackers also create hidden admin users in infected WordPress sites for persistence. Multiple variants of this attack have been observed, with some using URL shortening services to obfuscate malicious links. Website owners are advised to keep software updated, use strong passwords, and implement 2FA to mitigate risks.Pulse ID: 67db9c0884278dab69dc2215 Pulse Link: <a href="https://otx.alienvault.com/pulse/67db9c0884278dab69dc2215" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67db9c0884278dab69dc2215</a> Pulse Author: AlienVault Created: 2025-03-20 04:39:36Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> <a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Password</a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PowerShell</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/URLShortening" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#URLShortening</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

RedPacket SecurityCommon Passwords in RDP Attacks: New Report Reveals Disturbing Trends - <a href="https://www.redpacketsecurity.com/new-report-highlights-common-passwords-in-rdp-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.redpacketsecurity.com/new-report-highlights-common-passwords-in-rdp-attacks/</a><a href="https://mastodon.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://mastodon.social/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a>

OTX BotStilachiRAT analysis: From system reconnaissance to cryptocurrency theftMicrosoft Incident Response researchers discovered a novel remote access trojan named StilachiRAT, demonstrating sophisticated evasion, persistence, and data exfiltration techniques. The malware collects extensive system information, targets cryptocurrency wallet extensions, steals browser credentials, establishes command-and-control communication, executes remote commands, achieves persistence through Windows services, monitors RDP sessions, collects clipboard data, and employs anti-forensic measures. StilachiRAT's capabilities include system reconnaissance, digital wallet targeting, credential theft, command execution, and clipboard monitoring. The analysis reveals its potential for cryptocurrency theft and system manipulation.Pulse ID: 67d8a06929a383efc5db4f71 Pulse Link: <a href="https://otx.alienvault.com/pulse/67d8a06929a383efc5db4f71" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67d8a06929a383efc5db4f71</a> Pulse Author: AlienVault Created: 2025-03-17 22:21:29Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Browser</a> <a href="https://social.raytec.co/tags/Clipboard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Clipboard</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RemoteAccessTrojan</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotCredit Card Skimmer and Backdoor on WordPress E-commerce SiteA sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout page, collected payment and billing information, sending it to a malicious server. A PHP backdoor allowed remote system command execution, while a reconnaissance script gathered server information. The attack demonstrates the evolving complexity of e-commerce platform threats, emphasizing the need for strict security measures, regular scans, proper access controls, and timely updates to prevent such exploits.Pulse ID: 67d52aad906732f7bad24dfa Pulse Link: <a href="https://otx.alienvault.com/pulse/67d52aad906732f7bad24dfa" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67d52aad906732f7bad24dfa</a> Pulse Author: AlienVault Created: 2025-03-15 07:22:21Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CreditCard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CreditCard</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PHP</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotCredit Card Skimmer and Hidden Backdoor Discovered on Compromised WordPress E-Commerce SitePulse ID: 67d7a9617b999e6d26f99bb4 Pulse Link: <a href="https://otx.alienvault.com/pulse/67d7a9617b999e6d26f99bb4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67d7a9617b999e6d26f99bb4</a> Pulse Author: cryptocti Created: 2025-03-17 04:47:29Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CreditCard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CreditCard</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocti</a>

Kevin Karhan :verified:<a href="https://mastodon.social/@tommorris" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tommorris</a> not really.<ul><li><a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> can't even autoclick <a href="https://infosec.space/tags/blender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blender</a>!</li></ul>The best in terms if "AI <a href="https://infosec.space/tags/Automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Automation</a>" I've seen is a <a href="https://infosec.space/tags/SaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SaaS</a>-based <a href="https://infosec.space/tags/Autoclicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autoclicker</a> / <a href="https://infosec.space/tags/macro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macro</a> system that allows dynamically replaying stuff (i.e. fill out forms with variables given).<ul><li>Basically what happens when you mix <a href="https://infosec.space/tags/CamtasiaStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CamtasiaStudio</a>, <a href="https://infosec.space/tags/AutoHotkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoHotkey</a> and <a href="https://infosec.space/tags/VNC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VNC</a> / <a href="https://infosec.space/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> / <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSH</a> to log and edit how to fill out something.</li></ul>

AskUbuntuUsing windows RDP to connect to Ubuntu Desktop on 24.04.05 LTS #2004 <a href="https://ubuntu.social/tags/gnome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gnome</a> <a href="https://ubuntu.social/tags/remotedesktop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#remotedesktop</a> <a href="https://ubuntu.social/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a><a href="https://askubuntu.com/q/1543529/612" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://askubuntu.com/q/1543529/612</a>

AskUbuntuUbuntu 22 - RDP [from Windows 11] takes me to a black screen - however I can still control the remote device #2204 <a href="https://ubuntu.social/tags/vnc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vnc</a> <a href="https://ubuntu.social/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a><a href="https://askubuntu.com/q/1543191/612" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://askubuntu.com/q/1543191/612</a>

argv minus oneThe <a href="https://mastodon.sdf.org/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a> server in <a href="https://mastodon.sdf.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> 10 Pro keeps changing its certificate. I have to pretty much blindly trust that any change in certificate is legit and not an MITM attack. It also won't let me set a certificate myself.Apparently <a href="https://mastodon.sdf.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> considers basic <a href="https://mastodon.sdf.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> to be a premium enterprise feature. 🤦‍♂️<a href="https://mastodon.sdf.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

argv minus one<a href="https://mastodon.sdf.org/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a>, <a href="https://mastodon.sdf.org/tags/MacOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacOS</a>, <a href="https://mastodon.sdf.org/tags/VNC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VNC</a>, generally all GUIs in <a href="https://mastodon.sdf.org/tags/retrocomputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#retrocomputing</a>: “Just draw into local video RAM.”<a href="https://mastodon.sdf.org/tags/X11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X11</a>, <a href="https://mastodon.sdf.org/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RDP</a>: “Send all draw calls over a network socket! Sophisticated! Impressive! Network transparent!”<a href="https://mastodon.sdf.org/tags/Wayland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wayland</a>, RDPv7.1: “Just draw into local video RAM.”

Ryan PetersWhat is everyone using for <a href="https://social.binarydad.com/tags/rdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdp</a> to <a href="https://social.binarydad.com/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windows</a> clients? I've noticed the recent (guessing within the last year) for Windows 11 causes weird issues and artifacts with older Windows clients. What are some good, 3rd party utilities? Thanks!<a href="https://social.binarydad.com/tags/recommendations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#recommendations</a> <a href="https://social.binarydad.com/tags/boost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#boost</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#rdp