bulwarkblack

SHODAN Dorks

READ ARTICLE By: ZION3R Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:”Bangalore” country: Find devices in a particular country. country:”IN” geo: Find devices by giving geographical coordinates. geo:”56.913055,118.250862″ Location country:us country:ru country:de city:chicago hostname: Find devices matching the hostname. server: “gws” hostname:”google” hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org net: Find devices based on an IP address or /x CIDR. net:210.214.0.0/16 Organization…

Read More

New Go loader pushes Rhadamanthys stealer

READ ARTICLE Posted: March 22, 2024 by Jérôme Segura Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other…

Read More

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

By Tom Fakterman, Daniel Frank and Jerome Tujague READ ARTICLE Executive Summary This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sandstorm) is a known espionage group that has previously targeted the aerospace and energy sectors. FalseFont is the latest…

Read More

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

READ ARTICLE A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an “aggressive” campaign. Google-owned Mandiant is tracking the activity under its uncategorized moniker UNC5174 (aka Uteus or Uetus), describing it as a “former member of Chinese hacktivist…

Read More

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

By Jonathan Munshaw READ ARTICLE Whether you want to call them “catfishing,” “pig butchering” or just good ‘old-fashioned “social engineering,” romance scams have been around forever.   I was first introduced to them through the MTV show “Catfish,” but recently they seem to be making headlines as the term “pig butchering” enters the public lexicon. John…

Read More

New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

READ ARTICLE By: Kevin Poireault Reporter, Infosecurity Magazine A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intelligence. In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine. The malware rendered…

Read More

Fancy Bear: Espionage group expands global phishing campaign

Source Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets. IBM X-Force has identified an ongoing phishing campaign conducted by ITG05, a Russia state-sponsored group also known as “Fancy Bear,” which involves the use of documents designed to impersonate government and…

Read More