GossiTheDog, 5 days ago to random

Synnovis aka Synlab, a key NHS frontline service supplier, has been hit by ransomware. #threatintel

GossiTheDog, 9 days ago to random

Ticketmaster have filed an 8-K with the SEC for a breach. https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm #threatintel

GossiTheDog, 9 days ago to random

On 10th May 2024, Keytronic filed an 8-K with the SEC for a data breach.

Turns out it was ransomware, Black Basta say they have 530gb of data. Keytronic haven’t informed customers. #threatintel

dubbel, 9 days ago to python

Reported 5 malicious #Python packages to #PyPI: numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.

All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?

#ThreatIntel #CTI #malware

neurovagrant, 11 days ago to infosec

we just out here findin' stuff on a wednesday, don't mind us.

#threatintel #infosec #cybersecurity

https://infosec.exchange/@securitysnacks/112526234384153881

neurovagrant, 11 days ago to random

Anyone have a good IOC IP list for RaspberryRobin?

(Starting to search now, but worth asking. External request from a pal, not an internal investigation)

#threatintel

nopatience, 14 days ago to Cybersecurity

MITRE Intrusion-Sets and ATT&CK Techniques mapped in an Obsidian Markdown node-network.

With inspiration from @screaminggoat and @mttaggart I have put together a first iteration of this.

https://publish.obsidian.md/nopatience/MITRE+-+Intrusion+Sets

Have a look, see what you think. How could I make it more useful to you?

It's generated using a custom-made graph-network abstraction layer I wrote in Python and then pulling some publicly available JSON-files for the Intrusion Sets and Techniques.

#ThreatIntel #CyberSecurity

GossiTheDog, 14 days ago to random

Some ‘free Palestine’ hacktivist style group called Handala have been defacing websites and claim to exfiltrate data. https://handala.to/ #threatintel

23 orgs hit so far.

christopherkunz, 17 days ago to random

A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.

Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.

#lockbit #threatintel

secana, 21 days ago to random

A lot of booking.com phishing is going on today. Did I miss something? #threatintel #itsec

neurovagrant, 27 days ago to Cybersecurity

Whole lot of IDN Homoglyph Attack registrations via GoDaddy and hosted on Amazon the past few days. Examples from yesterday and today:

xn--fcbook-pta36b[.]com (fácębook[.]com)

xn--xnt-rmal15isb[.]com (xƭínïtƴ[.]com)

xn--xnt-vmag15isb[.]com (xƭînïtƴ[.]com)

xn--goole-b3b[.]com (gooǵle[.]com)

#cybersecurity #infosec #threatintel

GossiTheDog, 1 month ago to random

BrandyWine have filed an 8-K with the SEC for a “third party deploying encryption” which is a unique way of saying ransomware

https://www.sec.gov/Archives/edgar/data/1060386/000119312524133132/d824906d8k.htm

#threatintel #ransomware

GossiTheDog, 1 month ago to random

DocGo have filed an 8-K with the SEC for a security breach. Medical records related to ambulances in the US.

https://www.sec.gov/Archives/edgar/data/1822359/000182235924000037/dcgo-20240507.htm

#threatintel

GossiTheDog, 1 month ago to random

LockBit are claiming they have hit Deutsche Telekom #threatintel #ransomware

nopatience, 1 month ago to random

NoName are going bananas with DDoS-attacks against Finland since a few days ago.

Sup?

#ThreatIntel #NoName #DDoS