GossiTheDog, 3 days ago to random

PSA: If you use ComfyUI_LLMVISION in ComfyUI, it was hacked by "Nullbulge Group" and had malware injected. It had Async remote access trojan for Windows embedded in it.

Github repo was https://github.com/AppleBotzz/ComfyUI_LLMVISION, has been pulled now.

"This repository provides integration of GPT-4 and Claude 3 models into ComfyUI, allowing for both image and text-based interactions within the ComfyUI workflow." #threatintel

neurovagrant, 7 days ago to infosec

Oh this domain looks fun. HMRC is most familiar to me as "His/Her Majesty's Revenue & Customs" - which is the title of gov[.]uk

hmrc-authentications[.]com

Registrar: CNOBIN (rebranded bizcn, so, China)
IP&NS: Cloudflared
First seen: 2024-06-04

#threatintel #infosec #cybersecurity

GossiTheDog, 9 days ago to random

Synnovis aka Synlab, a key NHS frontline service supplier, has been hit by ransomware. #threatintel

GossiTheDog, 13 days ago to random

On 10th May 2024, Keytronic filed an 8-K with the SEC for a data breach.

Turns out it was ransomware, Black Basta say they have 530gb of data. Keytronic haven’t informed customers. #threatintel

dubbel, 13 days ago to python

Reported 5 malicious #Python packages to #PyPI: numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.

All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?

#ThreatIntel #CTI #malware

neurovagrant, 14 days ago to infosec

we just out here findin' stuff on a wednesday, don't mind us.

#threatintel #infosec #cybersecurity

https://infosec.exchange/@securitysnacks/112526234384153881

neurovagrant, 15 days ago to random

Anyone have a good IOC IP list for RaspberryRobin?

(Starting to search now, but worth asking. External request from a pal, not an internal investigation)

#threatintel

nopatience, 17 days ago to Cybersecurity

MITRE Intrusion-Sets and ATT&CK Techniques mapped in an Obsidian Markdown node-network.

With inspiration from @screaminggoat and @mttaggart I have put together a first iteration of this.

https://publish.obsidian.md/nopatience/MITRE+-+Intrusion+Sets

Have a look, see what you think. How could I make it more useful to you?

It's generated using a custom-made graph-network abstraction layer I wrote in Python and then pulling some publicly available JSON-files for the Intrusion Sets and Techniques.

#ThreatIntel #CyberSecurity

GossiTheDog, 18 days ago to random

Some ‘free Palestine’ hacktivist style group called Handala have been defacing websites and claim to exfiltrate data. https://handala.to/ #threatintel

23 orgs hit so far.

christopherkunz, 21 days ago to random

A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.

Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.

#lockbit #threatintel

secana, 25 days ago to random

A lot of booking.com phishing is going on today. Did I miss something? #threatintel #itsec

neurovagrant, 1 month ago to Cybersecurity

Whole lot of IDN Homoglyph Attack registrations via GoDaddy and hosted on Amazon the past few days. Examples from yesterday and today:

xn--fcbook-pta36b[.]com (fácębook[.]com)

xn--xnt-rmal15isb[.]com (xƭínïtƴ[.]com)

xn--xnt-vmag15isb[.]com (xƭînïtƴ[.]com)

xn--goole-b3b[.]com (gooǵle[.]com)

#cybersecurity #infosec #threatintel

GossiTheDog, 1 month ago to random

BrandyWine have filed an 8-K with the SEC for a “third party deploying encryption” which is a unique way of saying ransomware

https://www.sec.gov/Archives/edgar/data/1060386/000119312524133132/d824906d8k.htm

#threatintel #ransomware

GossiTheDog, 1 month ago to random

DocGo have filed an 8-K with the SEC for a security breach. Medical records related to ambulances in the US.

https://www.sec.gov/Archives/edgar/data/1822359/000182235924000037/dcgo-20240507.htm

#threatintel

GossiTheDog, 1 month ago to random

LockBit are claiming they have hit Deutsche Telekom #threatintel #ransomware

nopatience, 1 month ago to random

NoName are going bananas with DDoS-attacks against Finland since a few days ago.

Sup?

#ThreatIntel #NoName #DDoS

GossiTheDog, 2 months ago to random

INC Ransomware claim they have 3tb of NHS Scotland data.

It may be related to the ongoing ransomware breach at NHS Dumfries and Galloway (“cyber attack”)

#threatintel

GossiTheDog, 3 months ago to random

A few days ago, IT systems and services at Leicester City Council stopped working. Councillors were not told the cause. (Link: https://www.leicestermercury.co.uk/news/leicester-news/systems-outage-leicester-city-council-9151322)

At 7pm this Friday, they tweeted it is a "cyber incident". Services are still offline.

#threatintel

GossiTheDog, 5 months ago to random

Werewolves Group are a ransomware group who attack primarily Russian organisations, although orgs across Europe in total. They've been operating under the radar for a few months.

There are many ransomware operators who aren't in Russia and aren't being tracked properly, so I imagine the odds are the problem is going to keep spiralling into other regions. Shout out to Kazakhstan.

#threatintel