Milan Brutovsky

Darknet buyers are receiving mail threatening to report them to police if they don't pay up. Is this a new low vendors are reaching to recoup exit losses, or a former admin, or "dirty" cop monetizing their stash of unencrypted shipping addresses? https://darknetlive.com/post/dark-vendors-are-sending-extortion-letters/ …pic.twitter.com/aZXCgKSPUz

Four malware researchers launched the AZORult Tracker earlier this year The tracker helps other researchers track active AZORult C&C servers Created and operated by: @DrStache_ @b0oml @Zeecka_ @HippolyteBertho https://azorult-tracker.net/ pic.twitter.com/tdHM6u1OtX

From Hyper-V Admin to SYSTEM Write-up: https://decoder.cloud/2020/01/20/from-hyper-v-admin-to-system/ … PoC: https://github.com/decoder-it/Hyper-V-admin-EOP/ …pic.twitter.com/rZ2z0jhXiB

Someone dropped a PHP zero-day on GitHub. Talked to the PHP team last night. Bug requires local foothold to exploit, so not usable for remote attacks. Also, this is the second exploit for this "disable_functions bypass" in the last few months. https://github.com/mm0r1/exploits/tree/master/php7-backtrace-bypass …pic.twitter.com/MAWD8FpBRx

An overview of the Royal Road RTF document weaponizer https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html …pic.twitter.com/YbT2ZJeeZq

Here's a collection of pew-pew cyber maps: https://threatmap.checkpoint.com/  https://cybermap.kaspersky.com/  https://www.fireeye.com/cyber-map/threat-map.html … https://threatmap.fortiguard.com/  https://threatmap.bitdefender.com/  https://map.lookingglasscyber.com/ pic.twitter.com/aFqteiPRVB

Per Gemini Advisory, the Wawa card dump appears to contain: - 30 million US card records for users across 40 states - 1 million international cards from 100 countries US cards are sold for $17/card International cards are sold for $210/card https://www.zdnet.com/article/wawa-card-breach-may-rank-as-one-of-the-biggest-of-all-times/ …pic.twitter.com/PRg6zXsRIa

NEW: With 30 million card details put up for sale on Joker's Stash, the Wawa card breach may rank as one of the biggest of all times, second to the Home Depot and Target breaches only https://www.zdnet.com/article/wawa-card-breach-may-rank-as-one-of-the-biggest-of-all-times/ …pic.twitter.com/OTPQ5qe2EC

NEW: RCE in OpenSMTPD library impacts BSD and Linux distros - Tracked as CVE-2020-7247 - Bug is an LPE & RCE - Some limitations exist in exploiting this issue, but researchers said they bypassed them by borrowing a technique from the Morris worm https://www.zdnet.com/article/rce-in-opensmtpd-library-impacts-bsd-and-linux-distros/ …pic.twitter.com/PCJAeyHXmC

interesting sample, using minimal macro to write to startup folder for persistence & uses IE via COM to download 2 txt files (no noisy ps or abnormal exec). https://app.any.run/tasks/866b7e6a-4657-4a1f-bba9-44bfb42b7390/ …pic.twitter.com/NPlTC35ZeH

Class-action lawsuit filed against Clearview AI, the NY startup that scraped social media for 3 billion photos and created a facial recognition database that it's now selling to law enforcement https://www.zdnet.com/article/class-action-lawsuit-filed-against-controversial-clearview-ai-startup/ …pic.twitter.com/tSL8ZocyBT

EXIF Hound is a pay-what-you-want app designed for the digital forensics community for tracking EXIF metadata in the real world https://gumroad.com/l/EXIFHound pic.twitter.com/7NGaY2ECko

Eagerly awaiting https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html …pic.twitter.com/oGG68G7n1u

The average ransom demand for a REvil ransomware infection is a whopping $260,000 * Average for full network compromise is $470,000 * When network compromise fails and REvil infects only one PC, average is $48,000 https://www.zdnet.com/article/the-average-ransom-demand-for-a-revil-ransomware-infection-is-a-whopping-260000/ …pic.twitter.com/r2zfWAZfMU