#100DaysofYARA in checking out some Mac malwares, a few reference keys with brackets around them - lets check for a few for potential keyloggers! github.com/100DaysofYARA/

Costin Raiu

@craiu

Jan 19

Thinking of a career in Reverse Engineering? Don't miss this RE101 Training Walkthrough with

@JusticeRage

on Feb 16:

brighttalk.com

Starting Career In Reverse Engineering: RE101 Training Walkthrough

Reverse engineering is one of the most challenging and promising fields in cybersecurity. It enables you to get into the most notorious APTs, build a career as a malware analyst, or threat hunter....

Costin Raiu Retweeted

Daniel Cuthbert

@dcuthbert

Jan 16

A threat intel firm hacking a .ru drug market to divert cash to Ukrainian efforts. holdsecurity.com/news/2023/01/s Motive aside, this is still a very dodgy approach to take.

Show this thread

Costin Raiu Retweeted

Mandiant

@Mandiant

Jan 5

🚨 New research alert! Mandiant has observed a new espionage operation targeting #Ukraine. We suspect this activity is being conducted by the Russian #cyberespionage group, Turla Team. Read the blog to learn more. ⬇️

mandiant.com

Turla: A Galaxy of Opportunity

A suspected Turla Team operation distributing a reconnaissance utility and malware to victims in Ukraine.

Costin Raiu Retweeted

Eva

@evacide

Dec 28, 2022

NYT's opinion page gets in under the wire in the competition for Worst Take of 2022: Signal is bad because the people who build it are morally committed to preserving the privacy of its users.

nytimes.com

Opinion | The Signal App and the Danger of Privacy at All Costs

The debate about dilemmas posed by the text messaging system.

360

1,436

Costin Raiu Retweeted

LABScon

@labscon_io

Dec 16, 2022

LABScon Replay: A Look at Chinese Vulnerability Discovery and Disclosure <-- by

@kristindelrosso

This talk covers the discovery of a CNVD that is not listed on the US NVD, and the larger picture behind the discovery and disclosure of vulns in China.

youtube.com

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability...

The US is still lagging behind China in terms of vulnerability discovery and disclosure. While the gap between the US National Vulnerability Database (NVD) a...

Show this thread

Costin Raiu Retweeted

Check Point Research

@_CPResearch_

Dec 12, 2022

As the number of new #Azov #Ransomware-related samples is still growing and has already exceeded several thousands, we took a deep dive into its internal workings and technical features, revealing it not being a Skidsware but an advanced Polymorphic Wiper.

research.checkpoint.com

Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point...

Highlights: Introduction During the past few weeks, we have shared the preliminary results of our investigation of the Azov ransomware on social media, as well as with Bleeping Computer. The below...

Show this thread

Costin Raiu Retweeted

Ivan Kwiatkowski

@JusticeRage

Dec 14, 2022

Takeaways of the war in Ukraine for the cybersecurity community: securelist.com/reassessing-cy I contributed to this article along with

@craiu

and

@securechicken

. As with any analysis piece, there's some deal of personal opinion in there, so I'm very interested in other assessments.

securelist.com

Reassessing cyberwarfare. Lessons learned in 2022

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict,...

Costin Raiu Retweeted

Andreas Sfakianakis / @asfakian@infosec.exchange

@asfakian

Dec 13, 2022

Patch patch patch!

Quote Tweet

Costin Raiu

@craiu

Dec 13, 2022

CVE-2022-42475 0-day RCE affecting Fortinet appliances, exploited in the wild: bleepingcomputer.com/news/security/

Show this thread

Costin Raiu

@craiu

Dec 13, 2022

"Fortinet quietly fixed the bug on November 28th in FortiOS 7.2.3 (other versions released earlier) without releasing any information about it being exploited as a zero-day."

Some network IOCs from the official advisory: 188.34.130[.]40:444 103.131.189[.]143:30080,30081,30443,20443 192.36.119[.]61:8443,444 172.247.168[.]153:8033

CVE-2022-42475 0-day RCE affecting Fortinet appliances, exploited in the wild:

bleepingcomputer.com

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices.

Show this thread

Costin Raiu Retweeted

Félix Aimé

@felixaime

Dec 13, 2022

Some PLAY ransomware C2s: - onemusicllc[.]com - ateliernow[.]com - realmacnow[.]com

Costin Raiu

@craiu

Dec 13, 2022

Context: techcrunch.com/2022/12/12/xns by

@zackwhittaker

techcrunch.com

Xnspy stalkerware spied on thousands of iPhones and Android devices

Meet the Pakistan-based startup, whose spyware has compromised at least 66,000 devices.

Worried about the Xnspy stalkerware? Check your network logs for connections to xiz4me[.]com. Full set of indicators added to the mobiletrackers list on Github.

github.com

mobiletrackers/list.txt at master · craiu/mobiletrackers

A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries. - mobiletrackers/list.txt at master · craiu/mobiletrackers

Show this thread

Costin Raiu Retweeted

Cyber_OSINT

@Cyber_O51NT

Dec 10, 2022

APT Cloud Atlas: Unbroken Threat

ptsecurity.com

APT Cloud Atlas: Unbroken Threat

Costin Raiu Retweeted

Join

, Mauro Vignati and Vladimir Radunović for our latest webinar. They'll discuss: ✔️ Did the cyberwar take place - why or why not? What key events in 2022 shall we as the international community study? ✔️ What can we expect in 2023? More: kas.pr/m83f

Costin Raiu Retweeted

Ivan Kwiatkowski

@JusticeRage

Dec 7, 2022

On Dec 14, we organize a webinar to study the cybersecurity aspects of the war in Ukraine: kas.pr/56gv In particular,

@craiu

@vignus

and

@VRadunovic

will discuss the nature of cyberwar. Also watch out for the upcoming paper, which I helped write!

Costin Raiu Retweeted

Kaspersky GovAffairs

@Kaspersky_Gov

Dec 7, 2022

STORY OF THE YEAR? Concluding #2022 with great experts

#GReAT to discuss key cyber events & reflect on what the international community needs to focus on in 2023 for #cyberstability. Join us at kas.pr/56gv

Costin Raiu

@craiu

Dec 5, 2022

If you're into reverse engineering, this will rock your world:

Quote Tweet

Ivan Kwiatkowski

@JusticeRage

Dec 4, 2022

I wrote an IDA plugin that queries #ChatGPT and explains decompiled functions. It's still very bleeding edge, but you can find the code here and try it out: github.com/JusticeRage/Ge (Yes, the video was performed on a very basic case for simplicity's sake.)

Show this thread

0:10

50.7K views

My own list:

How to protect from Pegasus and other advanced spyware

How to protect your iPhone or Android smartphone from Pegasus and similar mobile APTs.

Heh regarding point 2.

Show this thread

Costin Raiu Retweeted

Ivan Kwiatkowski

@JusticeRage

Dec 2, 2022

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

1,068

4,803

Show this thread

Costin Raiu Retweeted

Lex Fridman

@lexfridman

Nov 27, 2022

Back in my day...

453

1,602

24.5K

Costin Raiu Retweeted

305

Don't miss this #Ghidra hands-on reverse engineering bootcamp with master

@2igosha

: xtraining.kaspersky.com/bootcamps/reve

Costin Raiu Retweeted

Edward Snowden

@Snowden

Nov 4, 2022

I use GrapheneOS every day. twitter.com/Schwubdiwub1/s

This Tweet is unavailable.

116

298

1,804

Costin Raiu

@craiu

Nov 4, 2022

This is an important development for the security of cyberspace, kudos to the ICRC team for putting it together:

Quote Tweet

ICRC

@ICRC

Nov 3, 2022

Cyber operations are a reality of armed conflict and can cause real harm. We are proposing a digital emblem that would signal protection for digital infrastructure of medical facilities and identify the Red Cross/Crescent Movement in cyberspace. How would it work?

Show this thread

1:53

8.4K views

Costin Raiu Retweeted

Suffoca °

@Suffoca

Nov 2, 2022

Last night i dreamt of spring and fall.✨

126

Show this thread

Costin Raiu Retweeted

Alexey Firsh

@alexey_firsh

Nov 3, 2022

Check out our quick follow-up on

@Mandiant

research on UNC4034 apt cluster who distribute their malware in a form of job offers from a big tech companies. blog.virustotal.com/2022/11/not-dr

Costin Raiu

@craiu

Nov 2, 2022

Istanbul, October 2022

Costin Raiu Retweeted

Kim Zetter

@KimZetter

Oct 29, 2022

“hacked messages are also believed to have included highly sensitive discussions with senior international foreign ministers about the war in Ukraine.” Obvious question is why was she using personal phone for top-secret conversations?

dailymail.co.uk

Liz Truss's personal phone hacked by Putin's spies

One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

655

1,496

Show this thread

Costin Raiu Retweeted

Daniel Cuthbert

@dcuthbert

Oct 14, 2022

If 41 lines of code can bypass the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances, then something is very wrong. This is not acceptable

@Fortinet

exploit code on a screen https://github.com/horizon3ai/CVE-2022-40684/blob/master/CVE-2022-40684.py

read image description

ALT

453

1,725

Show this thread

Costin Raiu Retweeted

Raj Samani

@Raj_Samani

Oct 15, 2022

Technical analysis of CVE-2022-40684 a critical authentication bypass vulnerability in Fortinet FortiOS (firewall) FortiProxy (web proxy), and FortiSwitch Manager products now available on

@AttackerKb

attackerkb.com/topics/QWOxGIK H/T

@iagox86

#cybersecurity #infsoec