XZ Utils Backdoor (CVE-2024-3094): Personal Notes

 

In a surprising discovery that’s set the tech world abuzz, a hidden backdoor was found in XZ Utils, a widely-used library that facilitates lossless data compression. Given its popularity across various Linux distributions and numerous applications on Linux and macOS, the implications of this discovery are significant. The Essence of the Backdoor At its core, […]

Read more "XZ Utils Backdoor (CVE-2024-3094): Personal Notes"

i-SOON Data Leak: Key Points

  

Introduction i-SOON (上海安洵), a prominent contractor for various Chinese government agencies such as the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army, experienced a significant data breach during the weekend of Feb 16th. The breach has shed light on the internal workings of a state-affiliated hacking contractor, although the source and […]

Read more "i-SOON Data Leak: Key Points"

X Gold Badges: a new proliferating market

   

When I saw a threat actor hijacking the X account of Google’s Mandiant division and promoting a cryptocurrency scam I suddenly became curious about this new prominent trend. Indeed this attack was just one of many happened during the past few weeks (HERE). A new black market trend Establishing a presence on a prominent social […]

Read more "X Gold Badges: a new proliferating market"

Technical Data Sheet: NoName057(16)

  

NoName057(16) is a notorious hacktivist group with a primary focus on targeting 8-10 victims daily. Operating on a global scale, this group engages in cyber activities to promote its ideological agenda. Further monitoring tasks and for having more analyses on the cyber threat panorama, consider to subscribe to personal Cyber Intelligence Feeds . (AI-Powered) Category […]

Read more "Technical Data Sheet: NoName057(16)"

The Rising of Protestware During Times of War

  

In the ever-evolving landscape of cybersecurity threats, a disconcerting phenomenon has emerged, challenging the conventional notions of malicious software. Enter “protestware” — a term that sends shivers down the spines of cybersecurity experts and individuals alike. Unlike traditional malware, protestware isn’t designed with the sole purpose of exploiting vulnerabilities or stealing sensitive information. Instead, it […]

Read more "The Rising of Protestware During Times of War"

Understanding and Defending Against Microsoft 365 Attacks

As the use of Microsoft 365 continues to grow, cyber attackers are increasingly targeting its cloud-based infrastructure. In this extensive post, we will delve into the realm of new Microsoft 365 attacks, exploring the attackers’ methods of gaining persistence within the Microsoft 365 cloud, and provide detailed countermeasures and best practices to enhance your organization’s […]

Read more "Understanding and Defending Against Microsoft 365 Attacks"

Malware Persistence Locations: Windows and Linux

   

Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, […]

Read more "Malware Persistence Locations: Windows and Linux"

Leading the uncertainty: the decision-driven approach

  

Many of my readers know me as a cybersecurity expert. More than 12 years of blogging on “security stuff”, malware analyses, cyber attack attributions, new tools and a personal (public here) cybersecurity observatory contributed a lot to push me into this specific direction. However during the past 10 years I did play many different roles. […]

Read more "Leading the uncertainty: the decision-driven approach"