186998 author: grey@infosec.exchange 21 Feb 15:36
tags: #BlackBasta #cti #ctiforall #gayint #leak #ransomware #threatintel #threatintelligence

For some reason people are sharing llm garbage instead of the real chat logs for black basta. Here are the real logs and the telegram channel they're being shared in: https://t[.]me/shopotbasta/21

CTI is a team sport. Not a secret boys club. Sharing is caring.

167428 author: InfobloxThreatIntel@infosec.exchange 30 Jan 2025 18:56
tags: #c2 #cybercrime #cybersecurity #fakeaccounts #infoblox #infobloxthreatintel #infosec #malware #mastodon #stealer #threatintel #threatintelligence #vidar

Mastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account.

We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users.

There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster.

For our fellow security nerds... this was #vidar malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d
and a c2 IP 78[.]47[.]227[.]68 from the instance.
there is still at least one more Mastodon instance impacted that we are trying to reach.

165508 author: reynardsec@infosec.exchange 28 Jan 2025 18:09
tags: #programming #socialengineering #threatintel #threatintelligence

Ever seen a single QR code that can lead you to two different URLs? 🤯

Christian Walther just demoed that. He merged two QR codes in such a way that each “pixel” can be interpreted as black or white, depending on angle, focus settings, or even plain luck. Same device, same scanner - yet sometimes you get https://mstdn.social/@isziaui, other times it’s https://github.com/cwalther.

While this is currently just a wicked proof-of-concept, it’s a red flag for possible future scams

Check full threat: https://mstdn.social/@isziaui/113874436953157913

@gvy_dvpont Got me thinking… can it be done without the lens? This one seems to work!

164770 author: mttaggart@infosec.exchange 27 Jan 2025 18:48
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
tags: #cve #threatintel #threatintelligence

A detailed, well-written, and hilarious breakdown of the details of CVE-2024-55591, one of the latest Fortinet fiascos:

#ThreatIntel #ThreatIntelligence #CVE

162504 author: mttaggart@infosec.exchange 24 Jan 2025 16:33
tags: #ebpf #malware #threatintel #threatintelligence

Hey hey! More #eBPF #malware in the wild, this one targeting Juniper devices.

https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/