Software Microsegmentation Promises Security—But Is It Falling Short?
https://youtu.be/dYJUWje-Y1g #cybersecurity #microsegmentation #zerotrust #riskmanagment #FIPS-140-2 #hardware #software #BYOS #manufacturing #legacynetworks #energy #healthcare #ICS #OT
Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Introduces New Banking Phishing Kit
The Chinese eCrime group Smishing Triad has launched a global SMS phishing campaign targeting over 121 countries across various industries. Their infrastructure generates over one million page visits in 20 days, averaging 50,000 daily. The group has introduced a new 'Lighthouse' phishing kit focusing on banking and financial organizations, particularly in Australia and the Asia-Pacific region. Smishing Triad claims to have '300+ front desk staff worldwide' supporting their operations. They frequently rotate domains, with approximately 25,000 active during any 8-day period. The majority of phishing sites are hosted by Chinese companies Tencent and Alibaba. The campaign primarily targets postal, logistics, telecommunications, transportation, finance, retail, and public sectors.
Pulse ID: 67f80a4937d04f9036252cf7
Pulse Link: https://otx.alienvault.com/pulse/67f80a4937d04f9036252cf7
Pulse Author: AlienVault
Created: 2025-04-10 18:13:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
The Lotus Blossom espionage group has been conducting cyber espionage campaigns targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan. The group employs various versions of the Sagerunex backdoor, including new variants that use cloud services like Dropbox, Twitter, and Zimbra for command and control. Lotus Blossom utilizes multiple hacking tools and techniques to maintain long-term persistence in compromised networks. The attacks involve multi-stage operations, including reconnaissance, lateral movement, and data exfiltration. The group has been active since at least 2012 and continues to evolve its tactics and malware to evade detection.
Pulse ID: 67f038f22c3d7acc43c35cb7
Pulse Link: https://otx.alienvault.com/pulse/67f038f22c3d7acc43c35cb7
Pulse Author: AlienVault
Created: 2025-04-04 19:54:26
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
EDIT: It magically started working right after I posted this.
I am struggling to switch from Google Calendar to Nextcloud calendar. I exported my Google Calendar data as an .ics file. Then I went to Nextcloud (web client), clicked on the Calendar tab, clicked settings, clicked "import calendar," and uploaded my data...
and then nothing happened. None of my events showed up on my Nextcloud calendar.
How do I fix this? I wanna leave Google Calendar.
#Nextcloud #NextcloudCalendar #ICS #GoogleCalendar
Deobfuscating APT28's HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer Obfuscation
This analysis delves into APT28's cyber espionage campaign targeting Central Asia and Kazakhstan diplomatic relations, focusing on their HTA Trojan. The malware employs advanced obfuscation techniques, including VBE (VBScript Encoded) and multi-layer obfuscation. The investigation uses x32dbg debugging to decode the obfuscated code, revealing a custom map algorithm for character deobfuscation. The process involves decoding strings using embedded characters from Windows vbscript.dll. The analysis identifies the use of Microsoft's Windows Script Encoder (screnc.exe) to create VBE files. By employing various deobfuscation techniques, including a Python script, the final malware sample is extracted and analyzed, showcasing APT28's evolving tactics in cyber espionage.
Pulse ID: 67efc6e712b49d46c1423ca9
Pulse Link: https://otx.alienvault.com/pulse/67efc6e712b49d46c1423ca9
Pulse Author: AlienVault
Created: 2025-04-04 11:47:51
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign
A Russian-speaking threat actor has launched a new phishing campaign using Cloudflare-branded pages themed around DMCA takedown notices. The attack abuses the ms-search protocol to deliver malicious LNK files disguised as PDFs. Once executed, the malware communicates with a Telegram bot to report the victim's IP address before connecting to Pyramid C2 servers. The campaign leverages Cloudflare Pages and Workers services to host phishing pages, and uses an open directory to store malicious files. The infection chain includes PowerShell and Python scripts, with incremental changes in tactics to evade detection. The actors' infrastructure spans multiple domains and IP addresses, primarily using Cloudflare's network.
Pulse ID: 67efc6ed5285702a3440969a
Pulse Link: https://otx.alienvault.com/pulse/67efc6ed5285702a3440969a
Pulse Author: AlienVault
Created: 2025-04-04 11:47:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Not sure if the American Gestapo cares about bad publicity, but here's one detainee story that's getting coverage.
https://www.npr.org/2025/04/02/nx-s1-5341465/jasmine-mooney-canadian-actress-ice-detention
#ICS #Trump #Fascism
The Latest Buzz About #OTsecurity
Our cyber adversaries are not stopping; nor are we when it comes to protecting #CriticalInfrastructure. We help you keep your fingers on the pulse of the OT cyber world.
And for the right solutions, download the Industrial Cyber 2025 Buyers Guide. https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/
Find us here: https://blueridgenetworks.com/
#CyberCloak #RiskManagement #AssetManagement #NetworkSecurity #NetworkProtection #ICS #IT #OT#NetworkSegementation #SecureRemoteAccess
Pour une semaine d’événement, un agenda sur NextCloud a été créé et c’est super.
Par contre pour en faire une version imprimée c’est moche et peu lisible…
Est‑ce que vous connaissez des outils qui convertissent des .ics en un visuel lisible et beau ?
#agenda #calendrier #ics
@otmar Can we please advise people to not turn their Ivanti Connect Secure (ICS) Version 9.x off?
It is better to disconnect such devices from all networks and get your IR/CERT/SOC to take an HD image and memory dump*. Then turn it off.
*) Contact your Ivanti rep to tell you how, because of course they've put all info behind their customer login.
Exciting news! 
We’re Featured in the Industrial Cybersecurity Buyer’s Guide 2025!
https://industrialcyber.co/download/industrial-cybersecurity-buyers-guide-2025/
Head straight to page 30 to see how we’re making industrial cybersecurity stronger!
Operation FishMedley targeting governments, NGOs, and think tanks
ESET researchers have uncovered a global espionage operation called Operation FishMedley, conducted by the FishMonger APT group, which is operated by the Chinese contractor I-SOON. The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The attackers used implants like ShadowPad, SodaMaster, and Spyder, which are common or exclusive to China-aligned threat actors. The operation involved sophisticated tactics including lateral movement, credential theft, and custom malware deployment. Seven victims were identified across various countries and sectors. The analysis provides technical details on the malware used, initial access methods, and command and control infrastructure.
Pulse ID: 67dd406f6ba9eecd280aa95e
Pulse Link: https://otx.alienvault.com/pulse/67dd406f6ba9eecd280aa95e
Pulse Author: AlienVault
Created: 2025-03-21 10:33:19
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Ebenso unglücklich bin ich beim Ersatz von #GoogleCalendar auf #Android. Ich bin mal ruckzuck vom Regen in die Traufe auf #Samsung Kalender umgestiegen, aber die Wochenansicht mit zwei abonnierten Kalender per #ics URL ist doch sehr, sehr bescheiden. Welche App könnt ihr mir empfehlen, die vor allem mit #Usability punktet? Danke für eure Hinweise. #unplugtrump
How do you secure embedded system in #ICS / #OT?
ANSWER 
March 26th @ 11:00 a.m. Eastern.
Join an informative webinar offered by Industrial Cyber. https://tinyurl.com/SecuringICS
Here's what you'll take away:
Identifying the top risks to embedded systems Actionable strategies and solutions Hearing real-life experiences on what works
Thanks to the funding by @nlnet, I added #event sign up via email to the #OpenWebCalendar. In this tutorial, I show how to enable others to sign up to your events on your @nextcloud #calendar.
Video: https://youtu.be/RnMz23p7UP0
Blog Post: https://open-web-calendar.quelltext.eu/news/2025-03-17-caldav-nextcloud-sign-up/
Water utilities would get cybersecurity boost under bipartisan Senate bill:
The Cybersecurity for Rural Water Systems Act would expand USDA’s Circuit Rider Program.
https://cyberscoop.com/rural-water-utilities-cybersecurity-senate-bill/
Sprites & sinusoidal waves.
Walking near I-80 last night so decided to head up to a nearby walking bridge that crosses it. Haven't done one of these in a few yrs. Don't have a cityscape as a backdrop to my traffic pics so I "liven" them up.
