MastodonTech.de

OTX BotStealthy GitHub Malware Campaign Targets DevsA new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.Pulse ID: 68548f8be824569a83f26ef4 Pulse Link: <a href="https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4</a> Pulse Author: AlienVault Created: 2025-06-19 22:30:35Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#developers</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotAnalyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based MalwareThe SERPENTINE#CLOUD campaign leverages Cloudflare Tunnels and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated scripts. The attack begins with malicious .lnk files disguised as documents, fetching remote code from Cloudflare subdomains. The infection chain involves batch, VBScript, and Python stages, ultimately deploying shellcode that loads a Donut-packed PE payload. The campaign focuses on Western targets, using Cloudflare for payload hosting and anonymity. It demonstrates evolving tactics, shifting from simple .url files to sophisticated .lnk payloads. The final stage involves a RAT payload, giving attackers full control over infected hosts.Pulse ID: 6854faeabddec88ea8dace57 Pulse Link: <a href="https://otx.alienvault.com/pulse/6854faeabddec88ea8dace57" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/6854faeabddec88ea8dace57</a> Pulse Author: AlienVault Created: 2025-06-20 06:08:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShellCode</a> <a href="https://social.raytec.co/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VBS</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotInside the BlueNoroff Web3 macOS Intrusion AnalysisA detailed analysis of a sophisticated intrusion targeting a cryptocurrency foundation employee is presented. The attack, attributed to the North Korean APT group BlueNoroff, began with a social engineering lure via Telegram, leading to the installation of malicious software disguised as a Zoom extension. The intrusion involved multiple stages of malware deployment, including persistent implants, backdoors, keyloggers, and cryptocurrency stealers. The attackers utilized advanced techniques such as process injection on macOS and leveraged various tools to collect sensitive information, particularly focusing on cryptocurrency-related data. The analysis covers the initial access vector, technical details of the malware components, and their functionalities, providing insights into the evolving tactics of state-sponsored threat actors targeting macOS systems.Pulse ID: 6853be742df9d3db90e41219 Pulse Link: <a href="https://otx.alienvault.com/pulse/6853be742df9d3db90e41219" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/6853be742df9d3db90e41219</a> Pulse Author: AlienVault Created: 2025-06-19 07:38:28Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/BlueNoroff" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueNoroff</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#KeyLogger</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> <a href="https://social.raytec.co/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MacOS</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telegram</a> <a href="https://social.raytec.co/tags/Web3" class="mention hashtag" rel="nofollow noopener" target="_blank">#Web3</a> <a href="https://social.raytec.co/tags/Zoom" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zoom</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotMay 2025 APT Group Trends (South Korea)This analysis examines Advanced Persistent Threat (APT) attacks in South Korea during May 2025. The majority of identified attacks utilized spear phishing as the primary infiltration method. Two main types of attacks were observed: Type A, which uses LNK files to execute malicious scripts and download additional malware, and Type B, which employs LNK files to download and execute obfuscated Python scripts. Both types use deception techniques, including decoy documents and task scheduler manipulation. The attacks targeted various sectors, using topics such as financial reporting, privacy protection, and business registration to lure victims. The report provides detailed information on file names, decoy documents, and indicators of compromise, including MD5 hashes, URLs, FQDNs, and IP addresses associated with the malicious activities.Pulse ID: 6852fb631fbf46af0b21acb2 Pulse Link: <a href="https://otx.alienvault.com/pulse/6852fb631fbf46af0b21acb2" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/6852fb631fbf46af0b21acb2</a> Pulse Author: AlienVault Created: 2025-06-18 17:46:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a> <a href="https://social.raytec.co/tags/LNK" class="mention hashtag" rel="nofollow noopener" target="_blank">#LNK</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Privacy</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#SouthKorea</a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpearPhishing</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotAPT 41: Threat Intelligence Report and Malware AnalysisAPT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanese government website. Their attack chain involves spear-phishing emails, malicious ZIP archives, and a three-module malware system called ToughProgress. This malware uses stealthy techniques like in-memory execution, encryption, and process hollowing to evade detection. The unique aspect of ToughProgress is its use of Google Calendar events for covert data exchange, creating a stealthy communication channel for remote command execution and data exfiltration.Pulse ID: 68480e89dbe1f2bc0746a80c Pulse Link: <a href="https://otx.alienvault.com/pulse/68480e89dbe1f2bc0746a80c" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/68480e89dbe1f2bc0746a80c</a> Pulse Author: AlienVault Created: 2025-06-10 10:52:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryption</a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Espionage</a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/Healthcare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Healthcare</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RemoteCommandExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemoteCommandExecution</a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpearPhishing</a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telecom</a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZIP</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Pyrzout :vm:Russia-linked threat actors targets Ukraine with PathWiper wiper – Source: securityaffairs.com <a href="https://ciso2ciso.com/russia-linked-threat-actors-targets-ukraine-with-pathwiper-wiper-source-securityaffairs-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/russia-linked-threat-actors-targets-ukraine-with-pathwiper-wiper-source-securityaffairs-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/informationsecuritynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#informationsecuritynews</a> <a href="https://social.skynetcloud.site/tags/ITInformationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITInformationSecurity</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairscom" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAffairscom</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/PierluigiPaganini" class="mention hashtag" rel="nofollow noopener" target="_blank">#PierluigiPaganini</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAffairs</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAffairs</a> <a href="https://social.skynetcloud.site/tags/BreakingNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreakingNews</a> <a href="https://social.skynetcloud.site/tags/Cyberwarfare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberwarfare</a> <a href="https://social.skynetcloud.site/tags/SecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityNews</a> <a href="https://social.skynetcloud.site/tags/hackingnews" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackingnews</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a>/SCADA <a href="https://social.skynetcloud.site/tags/PathWiper" class="mention hashtag" rel="nofollow noopener" target="_blank">#PathWiper</a> <a href="https://social.skynetcloud.site/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.skynetcloud.site/tags/ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#ukraine</a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.skynetcloud.site/tags/Wiper" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wiper</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a>

Pyrzout :vm:Ransomware and USB attacks are hammering OT systems <a href="https://www.helpnetsecurity.com/2025/06/06/honeywell-2025-cyber-threat-report/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/06/06/honeywell-2025-cyber-threat-report/</a> <a href="https://social.skynetcloud.site/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#criticalinfrastructure</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Honeywell" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honeywell</a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a>/SCADA <a href="https://social.skynetcloud.site/tags/report" class="mention hashtag" rel="nofollow noopener" target="_blank">#report</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a>

MontagWilwarin FestivalFalls da jemand hin geht und wissen möchte was auf welchen Bühnen los ist habe ich hier ein Timetable im <a href="https://friendica.xyz/search?tag=ical" class="mention hashtag" rel="nofollow noopener" target="_blank">#ical</a> Format.<ul><li><a href="https://paste.schleicloud.de/?e4b6763b6805fa68#AeTxGuuBL2Jz5b987FrmjVmjyMgh427P2pbh8h6zeCkM" rel="nofollow noopener" target="_blank">paste.schleicloud.de/?e4b6763b…</a></li></ul><a href="https://friendica.xyz/search?tag=Wilwarin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wilwarin</a> <a href="https://friendica.xyz/search?tag=Timetable" class="mention hashtag" rel="nofollow noopener" target="_blank">#Timetable</a> <a href="https://friendica.xyz/search?tag=ical" class="mention hashtag" rel="nofollow noopener" target="_blank">#ical</a> <a href="https://friendica.xyz/search?tag=ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#ics</a>

CensysIn October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: <a href="https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis" rel="nofollow noopener" translate="no" target="_blank">https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis</a><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#ics</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/water" class="mention hashtag" rel="nofollow noopener" target="_blank">#water</a>

BillGotta admit, 35,000 solar panels would make a baaaaadass botnet.<a href="https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/</a><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#ics</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a>

🏳️‍🌈Trentskunk🏳️‍🌈:unverified:Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?<a href="https://mstdn.social/tags/emacs" class="mention hashtag" rel="nofollow noopener" target="_blank">#emacs</a> <a href="https://mstdn.social/tags/ics" class="mention hashtag" rel="nofollow noopener" target="_blank">#ics</a> <a href="https://mstdn.social/tags/calendar" class="mention hashtag" rel="nofollow noopener" target="_blank">#calendar</a> <a href="https://mstdn.social/tags/DeGoogle" class="mention hashtag" rel="nofollow noopener" target="_blank">#DeGoogle</a>

OTX BotThe Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating ViberAPT36, also known as Transparent Tribe, has been observed using VPS provider Contabo to host malicious infrastructure for CapraRAT and Crimson RAT. Their latest tactic involves disguising spyware as the popular messaging app Viber, granting extensive permissions to record calls, read messages, and track location. The investigation traced the infrastructure, identified key Indicators of Compromise, and uncovered the full extent of this Android surveillance campaign. The threat actor employs social engineering tactics to distribute their Android Remote Access Trojans, with lures crafted to align with the RAT's disguise. The malware's capabilities include targeted surveillance, credential theft, and infrastructure abuse, potentially eroding brand trust in legitimate communication platforms.Pulse ID: 683f3e21d4bf7a5db1887800 Pulse Link: <a href="https://otx.alienvault.com/pulse/683f3e21d4bf7a5db1887800" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/683f3e21d4bf7a5db1887800</a> Pulse Author: AlienVault Created: 2025-06-03 18:25:37Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> <a href="https://social.raytec.co/tags/CapraRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#CapraRAT</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemoteAccessTrojan</a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rust</a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> <a href="https://social.raytec.co/tags/SpyWare" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpyWare</a> <a href="https://social.raytec.co/tags/TransparentTribe" class="mention hashtag" rel="nofollow noopener" target="_blank">#TransparentTribe</a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trojan</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotPyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name ConfusionA malicious package campaign targeting Python and NPM users on Windows and Linux has been discovered. The attack uses typo-squatting and name-confusion tactics against the popular colorama Python package and the similar colorizr JavaScript package. Multiple packages with risky payloads were uploaded to PyPI, using names similar to legitimate packages in both PyPI and NPM. The unusual tactic of using an NPM package name to attack PyPI users was observed. The payloads allow remote access, control of desktops and servers, and exfiltration of sensitive data. Windows payloads attempt to bypass antivirus protection. The campaign's sophistication suggests targeted adversarial activity, although attribution remains unclear.Pulse ID: 683e1f7f063d60138cc2ccf6 Pulse Link: <a href="https://otx.alienvault.com/pulse/683e1f7f063d60138cc2ccf6" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/683e1f7f063d60138cc2ccf6</a> Pulse Author: AlienVault Created: 2025-06-02 22:02:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Colorama" class="mention hashtag" rel="nofollow noopener" target="_blank">#Colorama</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://social.raytec.co/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#PyPI</a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Hans Zelf 🇪🇺🌻Serieus, <a href="https://mas.to/tags/ANWB" class="mention hashtag" rel="nofollow noopener" target="_blank">#ANWB</a> <a href="https://mas.to/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a>? Een wijziging van betaalrekening door een formulier te printen en in te vullen? Welkom in 2025...

OTX BotCustom Arsenal Developed to Target Multiple IndustriesEarth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.Pulse ID: 68359559953d95d9c98f6268 Pulse Link: <a href="https://otx.alienvault.com/pulse/68359559953d95d9c98f6268" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/68359559953d95d9c98f6268</a> Pulse Author: AlienVault Created: 2025-05-27 10:35:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Asia</a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#BackDoor</a> <a href="https://social.raytec.co/tags/Brazil" class="mention hashtag" rel="nofollow noopener" target="_blank">#Brazil</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener" target="_blank">#India</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/SQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SQL</a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#SideLoading</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

Hacker NewsExposed Industrial Control Systems and Honeypots in the Wild [pdf]<a href="https://gsmaragd.github.io/publications/EuroSP2025-ICS/EuroSP2025-ICS.pdf" rel="nofollow noopener" translate="no" target="_blank">https://gsmaragd.github.io/publications/EuroSP2025-ICS/EuroSP2025-ICS.pdf</a><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/Exposed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Exposed</a> <a href="https://mastodon.social/tags/Industrial" class="mention hashtag" rel="nofollow noopener" target="_blank">#Industrial</a> <a href="https://mastodon.social/tags/Control" class="mention hashtag" rel="nofollow noopener" target="_blank">#Control</a> <a href="https://mastodon.social/tags/Systems" class="mention hashtag" rel="nofollow noopener" target="_blank">#Systems</a> <a href="https://mastodon.social/tags/Honeypots" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honeypots</a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a>

Geriatric Gardener“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”by Skwawkbox <a href="https://mastodon.social/@skwawkbox" class="u-url mention" rel="nofollow noopener" target="_blank">@skwawkbox</a> <a href="https://mastodon.cloud/@UKLabour" class="u-url mention" rel="nofollow noopener" target="_blank">@UKLabour</a> “Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”<a href="https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/" rel="nofollow noopener" translate="no" target="_blank">https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/</a><a href="https://mstdn.social/tags/Press" class="mention hashtag" rel="nofollow noopener" target="_blank">#Press</a> <a href="https://mstdn.social/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#UK</a> <a href="https://mstdn.social/tags/NHS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NHS</a> <a href="https://mstdn.social/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#UnitedHealth</a> <a href="https://mstdn.social/tags/Insurance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Insurance</a> <a href="https://mstdn.social/tags/Treatment" class="mention hashtag" rel="nofollow noopener" target="_blank">#Treatment</a> <a href="https://mstdn.social/tags/Refusal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Refusal</a> <a href="https://mstdn.social/tags/Denial" class="mention hashtag" rel="nofollow noopener" target="_blank">#Denial</a> <a href="https://mstdn.social/tags/UHG" class="mention hashtag" rel="nofollow noopener" target="_blank">#UHG</a> <a href="https://mstdn.social/tags/OptumRX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OptumRX</a> <a href="https://mstdn.social/tags/Labour" class="mention hashtag" rel="nofollow noopener" target="_blank">#Labour</a> <a href="https://mstdn.social/tags/Streeting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Streeting</a> <a href="https://mstdn.social/tags/Starmer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Starmer</a> <a href="https://mstdn.social/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a>

OTX BotExploits Cityworks zero-day vulnerability to deliver malwareChinese-speaking threat actors, dubbed UAT-6382, have been exploiting a remote-code-execution vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system. The attacks, which began in January 2025, target local governing bodies in the United States, focusing on utilities management systems. The threat actors deploy various web shells, including AntSword and Chopper, and use custom Rust-based loaders called TetraLoader to deliver Cobalt Strike beacons and VSHell malware. The attackers conduct reconnaissance, enumerate directories, and stage files for exfiltration. Their tooling and tactics indicate a high level of proficiency in the Chinese language, suggesting a Chinese origin for the threat group.Pulse ID: 682f383c63fd8a92ece6dfce Pulse Link: <a href="https://otx.alienvault.com/pulse/682f383c63fd8a92ece6dfce" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/682f383c63fd8a92ece6dfce</a> Pulse Author: AlienVault Created: 2025-05-22 14:44:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chinese</a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rust</a> <a href="https://social.raytec.co/tags/UnitedStates" class="mention hashtag" rel="nofollow noopener" target="_blank">#UnitedStates</a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#Word</a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroDay</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

BSides Boulder⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵 Trace attack paths in ICS with Gilberto "Gil" Garcia's <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSidesBoulder25</a> talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows. Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 <a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSides</a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener" target="_blank">#BSidesBoulder</a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTSecurity</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener" translate="no" target="_blank">https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389</a>

scyHabt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem) • Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)Einmalige Downloads sind okay, Feed-URLs wären fast besser.<a href="https://chaos.social/tags/iCal" class="mention hashtag" rel="nofollow noopener" target="_blank">#iCal</a> <a href="https://chaos.social/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://chaos.social/tags/Kalender" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kalender</a> <a href="https://chaos.social/tags/KalenderFeed" class="mention hashtag" rel="nofollow noopener" target="_blank">#KalenderFeed</a> <a href="https://chaos.social/tags/Feiertag" class="mention hashtag" rel="nofollow noopener" target="_blank">#Feiertag</a> <a href="https://chaos.social/tags/Feiertage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Feiertage</a> <a href="https://chaos.social/tags/Schulferien" class="mention hashtag" rel="nofollow noopener" target="_blank">#Schulferien</a> <a href="https://chaos.social/tags/Ferien" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ferien</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#ics