Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.

Administered by:

Server stats:

2.9K
active users

c.im: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#malware

135 posts108 participants11 posts today
Public
Infoblox Threat Intel

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

Public
0x40k

Whoa, things are heating up again in the Android world... Watch out for "Crocodilus," a nasty new banking trojan that's currently zeroing in on folks in Spain and Turkey. 🐊 Now, it might sound like your standard-issue malware at first, but this one's got some particularly devious tricks. It's not *just* snagging login details – it's also after the seed phrases for crypto wallets. 🤯

Here’s the kicker: it disguises itself as Google Chrome and tries to trick you into granting Accessibility Services permissions. If you give it that access, you've basically handed over the keys to your device. Seriously, it can then read everything on your screen, see every tap you make... and you wouldn't even know, because it can black out the screen while it does its dirty work. 🙈 Total stealth mode.

As someone in penetration testing, I unfortunately run into this kind of threat all too often. Clients sometimes say, "But I have antivirus software!" The hard truth? Against sophisticated attacks like this, basic AV often won't cut it.

So, the usual advice is more critical than ever: Be super careful about the apps you install and *always* double-check the permissions they ask for! And please, use Multi-Factor Authentication (MFA) wherever you can! 🔐

I'm curious – what security measures do you have running on your smartphone? Drop your tips below!

#AndroidSecurity#Malware#InfoSec
Public
Opalsec :verified:

Our latest newsletter is out, get it while it's hot!

🗞️ opalsec.io/daily-news-update-f

Key stories:

🏥 Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

🛒 Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

📡Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: opalsec.io/daily-news-update-f

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

📨opalsec.io/daily-news-update-f

Opalsec · Daily News Update: Saturday, March 29, 2025 (Australia/Melbourne)A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. A Walmart subsidiary is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability.
#CyberSecurity#DataBreach#Ransomware
Public
Opalsec :verified:

Our latest newsletter is out, get it while it's hot!

🗞️ opalsec.io/daily-news-update-f

Key stories:

🏥 Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

🛒 Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

📡Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: opalsec.io/daily-news-update-f

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

📨opalsec.io/daily-news-update-f

Opalsec · Daily News Update: Saturday, March 29, 2025 (Australia/Melbourne)A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. A Walmart subsidiary is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability.
#CyberSecurity#DataBreach#Ransomware
Public
your auntifa liza 🇵🇷 🦛 🦦

it should be obvious by now that anything created by the #techbros behind this coup needs to be considered #malware

wired.com/story/doge-rebuild-s

and that includes the 2-3 years of #Palantir having free reign hacking everything related to not just #immigration but #passports

DOGE IS MORE THAN #MALWARE IT’S #RANSOMWARE

so who is putting up contingencies to use all the #OpenGOV tools we have had developed the last 20 years, to audit the White House’s acts of digital terrorism?

WIRED · DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System CollapseBy Makena Kelly
Public
Christoffer S.

(cyfirma.com) Konni RAT Analysis: Multi-Stage Attack Process and Evasion Techniques cyfirma.com/research/analysis-

Executive Summary:
This report provides a comprehensive analysis of Konni RAT, a sophisticated remote access Trojan linked to North Korean cyber espionage group APT37. The malware employs a multi-stage attack process involving batch files, PowerShell scripts, and VBScript to exfiltrate sensitive data and maintain persistence. The attack begins with a zip archive containing a malicious LNK file disguised as a document. The malware exploits Windows Explorer limitations to hide malicious commands and uses obfuscation techniques to evade detection. Key capabilities include data exfiltration from user directories, system information gathering, persistence through registry modifications, and communication with command-and-control servers. The report includes detailed technical analysis of the attack stages, from initial infection to data exfiltration, along with indicators of compromise and YARA detection rules.

#Cybersecurity#NorthKorea#APT37
Public
securityskeptic :donor: :verified:

In today's post, Interisle peeks at the cybercrime activity (for phishing, malware, and spam) for the month of February 2025. We’ll point out anything that strikes us as particularly interesting in overall numbers as well as significant changes in ranking for TLDs, Registrars, and Hosting Networks.

interisle.substack.com/p/cyber

Interisle Insights · Cybercrime Reported in February 2025By Interisle Consulting Group
#spam#malware#phishing
Public
Ænðr E. Feldstraw

patreon.com/posts/write-settin

Your applications should be writing logs and preferences into a user-specific folder to which the user already has write access. Otherwise you force computer admins to break the model of secure access to application folders, and open up the computer to malware.

PatreonWrite application settings and logs to a user-accessible folder | aev_softwareGet more from aev_software on Patreon
#security#malware#usability
Public *
Infoblox Threat Intel

Last week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens.

Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies.

Here are a few samples of the domains:

- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil.
- creo--ia[.]com Lookalike for an industrial fabrication firm in WA State.
- admiralsmetal[.]com Lookalike for US based metals provider.
- ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor.
- elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #phishing #malware #scam #dod

ExploreLive feeds
About