Avast says that in recent attacks, the ViperSoftX infostealer operators have switched to using their malware to install an extension for Chromium-based browsers in order to execute a MitM attack when users visit cryptocurrency platforms to steal credentials and swap wallet addresses with one they operate.
I should warn you all that my self-help and philosophy content is not posted here. I view Mastodon as a place where I can share hacking and tech content openly without breaking any terms-of-services and have true freedom of speech. My instance is self-hosted out of Iceland along with my peertube and Matrix service, e-mail is handled offshore in Sweden. You should consider this account the hackerfantastic but an after-dark edition...
I moved from gVim to Atom as a cross-platform text editor a few years ago, have just learned that they are "sunsetting" the editor. I am a big fan of VSCode and Visual Studio in general, XCode on MacOS but these are more fully-featured IDE's. What text editors will run on Windows, Linux and MacOS that offered the same flexibility as Atom? Seeking recommendations before I just go back to GTK+Vim and die a little inside. More info on the sunset for Atom 😢 https://github.blog/2022-06-08-sunsetting-atom/
Brokenflow : A simple PoC to invoke an encrypted shellcode by using an hidden call : https://github.com/enkomio/BrokenFlow credits @s4tan (twiiter)
NEW: According to a leaked document, the cybersecurity startup Corellium offered trials to controversial surveillance companies NSO Group and DarkMatter.
Corellium also sold to cellphone cracking firms Cellebrite (Israel) and Elcomsoft (Russia), as well as Pwnzen, a hacking firm with ties to China's government, according to the document.
Corellium declined to answer most of the questions we asked about its customers.
Corellium said NSO and DarkMatter only had access to “a limited time/limited functionality trial version of Corellium's software” and that both were later denied requests to purchase the full version following its vetting process.
The company told us that it has a careful vetting process, and that it has had “opportunities to profit from these bad actors and have chosen not to."
If you send a direct message to me on Mastodon, the only persons who will see it are you, me, your server admin, anyone else who happens to be in a privileged infrastructure position, the FBI, NSA, a dozen of my lawyers, my wife and possibly the neighbors kid who is hacking my wifi (he thinks he is cool and my honeypot appreciates the traffic). If you want to talk to me privately, please use my GPG key and consider joining Matrix which is a modern IRC. My personal contacts - hackerfraternity.org
Very lucky to have none other than @lorenzofb writing for WIRED for the first time in a decade and dropping a serious phone-hacking scoop right out of the gate. https://www.wired.com/story/corellium-nso-group-darkmatter-apple-lawsuit/
Somewhere, someone finally made this and I think it's beautiful: https://www.thingiverse.com/thing:4687836
The Google Cloud security team has released a set of open-source YARA Rules and a VirusTotal Collection to help security practitioners flag and identify Cobalt Strike components and specific Cobalt Strike versions on their networks.
The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users.
Today I coded a keylogger and clipboard monitor in Go. Compiled it to obfuscated binary. It took less than an hour, everything included. Running it on a target system (red team exercise) with Defender gave no detections :-) Just because I was curious, I added a check for target domain and an exit if it didn't match to avoid sandboxes, then I tried uploading it to Virus Total - here's how that went:
- 12 detections based on it being "suspicious" (heavily obfuscated is my guess)
- 59 clean verdicts
- absolutely unusable sandbox output: claiming outbound network, drops temp files, Go screenshot ability, and it setting something in the registry ... no to all, the binary does nothing on their systems!
Conclusion? IDK, it's not pretty, that's for sure. #malware #virustotal #hacking
Key government institutions in China's cybersecurity ecosystem
Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.
Brett Johnson, AKA Gollumfun was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed.
Hidden gem in the paper just shared by @vanhoefm https://dl.acm.org/doi/abs/10.1145/3495243.3560530
A single frame can wake up (from power saving) all devices on a network and get them to respond with their real, not randomized MAC address. A beacon management frame with the Traffic Indication Bitmap (TIM) set to FF for all devices.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!