Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

250
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#ThreatIntelligence

14 posts7 participants0 posts today
Public
Alexandre Dulaunoy

A new release of the AIL project is coming soon, featuring a significant improvement in language detection.

A lot of work has been done on LexiLang by @terrtia to clean up dictionaries and improve support for localized languages and slang.

In the example below, you can see a user active in different Telegram channels, using both Russian and Ukrainian.

🔗 ail-project.org/

If you're interested in the topic, join us at a 2-day hackathon in Luxembourg on April 8–9, 2025, focused on open-source security tools. The developers of the AIL project will be there in person!

🔗 hackathon.lu/

#threatintel #threatintelligence #opensource #ail #intelligence

@ail_project
@circl

Language detection in the next release of AIL project. We can see that a user on different telegram channels used different languages.
Public
Infoblox Threat Intel

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

Public
Opalsec :verified:

Our latest newsletter is out, get it while it's hot!

🗞️ opalsec.io/daily-news-update-f

Key stories:

🏥 Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

🛒 Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

📡Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: opalsec.io/daily-news-update-f

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

📨opalsec.io/daily-news-update-f

Opalsec · Daily News Update: Saturday, March 29, 2025 (Australia/Melbourne)A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. A Walmart subsidiary is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability.
#CyberSecurity#DataBreach#Ransomware
Public
Opalsec :verified:

Our latest newsletter is out, get it while it's hot!

🗞️ opalsec.io/daily-news-update-f

Key stories:

🏥 Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

🛒 Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

📡Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: opalsec.io/daily-news-update-f

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

📨opalsec.io/daily-news-update-f

Opalsec · Daily News Update: Saturday, March 29, 2025 (Australia/Melbourne)A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. A Walmart subsidiary is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability.
#CyberSecurity#DataBreach#Ransomware
Public
Opalsec :verified:

Hey #CyberSecurity pros! 👋 Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

🗞️ opalsec.io/daily-news-update-t

Here's a quick rundown of what's inside:

🕵️‍♂️ FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

🗄️ RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

😬 StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

🏛️ NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

👨‍🎓 NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

💰 Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

🤖 Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

🚨 Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

👦 UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here 👉 opalsec.io/daily-news-update-t

Opalsec · Daily News Update: Thursday, March 27, 2025 (Australia/Melbourne)Audio Summary: Thursday, March 27, 2025 (Australia/Melbourne)0:00/292.1521× Chinese ‘FamousSparrow’ Hackers Resurface The Chinese government-backed hacking group FamousSparrow, thought to be dormant since 2022, has allegedly been targeting organisations in the U.S., Mexico, and Honduras. ESET researchers discovered suspicious activity on a U.S. trade
#InfoSec#DataBreach#Ransomware
Public
Infoblox Threat Intel

For one reason or another, some domain registrars seem to attract threat actors. This leads to domains registered through these registrars having higher associated risk. Unlike TLD reputation scores, which are fairly consistent from month to month, registrar reputation scores can vary quite a bit month to month. In fact, this month's riskiest registrar, Dominit (HK) Ltd., increased from a score of 7 to 9 and jumped a whopping 29 spots to reach #1.

An explanation and minimum-working-example of our reputation algorithm can be found here: blogs.infoblox.com/threat-inte

The riskiest registrars for Mach 2025 as determined by Infoblox's publicly available reputation scoring algorithm
#dns#threatintel#cybercrime
Public
SecuritySnacks

DomainTools Investigations (DTI) shares its latest analysis: “Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict.”

The infrastructure comprises a small number of mail servers, each supporting a set of domains designed to spoof that of a specific organization. These domains currently host webmail login pages likely intended to harvest credentials from targeted entities.

🔹The phishing infrastructure targets defense and aerospace entities linked to the Ukraine conflict.
🔹Infrastructure comprises a small number of mail servers supporting domains designed to spoof specific organizations.
🔹Likely intended to harvest credentials from targeted entities.
🔹Motivated by cyber espionage, focusing on intelligence related to the Ukraine/Russia conflict.

Stay informed and help us combat these threats - read the full article and join the discussion.

dti.domaintools.com/phishing-c

DomainTools Investigations (DTI) shares its latest analysis: “Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict.”
#CyberSecurity#Ukraine#ThreatIntelligence
Public
Taggart :donor:

Fine that H-ISAC is publishing this out of "an abundance of caution," but the originating account looks like total crap. I do not think ISIS-K is planning car bombings of hospitals, nor has any evidence been presented that they are.

#ThreatIntel #ThreatIntelligence

dd80b675424c132b90b3-e48385e38

ExploreLive feeds
About