3 minutes ago

Cannot install `libdrm-dev` on Ubuntu 20.04 because it requires dependencies which are older than what I have #apt #packagemanagement #upgrade #dependencies #downgrade

2 hours ago

Installing displaylink-driver on Ubuntu 20.04: unmet dependency `evdi` #apt #dependencies #displaylink

6 hours ago

System display time is out of sync with specified install time on Ubuntu 22.04.02 LTS install #apt #updates #time #intelcpu

12 hours ago

How to fix the error of complete removing python from Ubuntu 20.04 #apt #2004 #xubuntu #python

22 hours ago

I have an problem after sudo apt upgrade and i reboot my system then it's show one screen "exited with irqs disabled"...any one help me out #boot #apt #upgrade #sudo

1 day ago

(Ubuntu 22.04.3 LTS) Cannot install python3-pip, error message (code 1) appear #apt #packagemanagement #python #dpkg #python3

2 days ago

Upgrading an old dusty 20.04 installation on a new motherboard, ethernet not working #apt #upgrade #chroot

2 days ago

NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors: BlackTech (a.k.a. Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda) actors have targeted government, industrial, technology, media, electronics, and telecommunication sectors, including entities that support the militaries of the U.S. and Japan. BlackTech actors use custom malware, dual-use tools, and living off the land tactics, such as disabling logging on routers, to conceal their operations.

Tags: #blacktech #palmerworm
#tempoverboard #circuitpanda #radiopanda #APT #China #cyberespionage

"🎯 #EvilBamboo Unleashed: A Multi-Year Assault on Mobile Devices 📱"

In a recent expose, Volexity delves into the menacing operations of EvilBamboo, a nefarious entity targeting mobile devices in a multi-year campaign. The meticulous analysis sheds light on their modus operandi, unveiling a grim reality for mobile security. 🛡️

Volexity has spotted ongoing malicious campaigns by a group they call EvilBamboo, targeting folks from Tibet, Uyghur, and Taiwan. These groups are on China's naughty list, known as the Five Poisonous Groups. EvilBamboo has been on the radar for over five years, pulling off new stunts now and then. They've made nasty software for Android and iOS, tricking people into downloading malware through fake websites and social media. They even sneaked malicious apps into Apple's App Store. Volexity is pretty sure that EvilBamboo is playing dirty games for the Chinese government, sharing their findings in a recent conference and reports.

Source: Volexity Blog

Tags: #CyberSecurity #MobileSecurity #APT #EvilBamboo #CyberThreats #InfoSec

Teri Radichel
3 days ago

Where Are Your Yum Packages Coming From?
ACM.321 This issue could be applicable to any cloud provider — check where your packages originate on the network
#yum #apt #software #network #cloud #security

3 days ago

Ubuntu system problem help or help me forward to the relevant personnel, please give me a reply #apt #upgrade #updates

"🕵️ Chinese APT Flax Typhoon: Master of Stealth in Cyber Espionage 🕵️"

Microsoft unveils a meticulous investigation into the Chinese government-backed APT group, Flax Typhoon, known for its stealthy cyber espionage campaigns against Taiwanese organizations since mid-2021. Unlike other APT groups, Flax Typhoon shuns heavy reliance on malware, instead, it exploits legitimate OS tools and benign software to maintain persistence on targeted networks. This strategy not only aids in cyber espionage but also ensures long-term access to a plethora of organizations across diverse industries. 🕵️💻🔍

The group, also dubbed Ethereal Panda, orchestrates its operations with a finesse that could easily mislead organizations, employing commonplace techniques often overlooked. Its focus on persistence, credential access, and lateral movement makes detection and mitigation a challenging task. The group's previous campaigns have also targeted entities in Southeast Asia, Africa, and North America, hinting at its extensive cyber espionage activities. 🌏🎯

Microsoft's Threat Intelligence Team has shared an in-depth analysis, shedding light on Flax Typhoon's modus operandi, which includes the use of China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz, and more. The group's knack for exploiting known vulnerabilities in publicly accessible servers underscores the need for robust cybersecurity measures. 🛡️🔐

Source: HackRead Article by Deeba Ahmed

Tags: #APT #CyberEspionage #FlaxTyphoon #EtherealPanda #Microsoft #CyberSecurity #Taiwan #StealthyOperations #LegitTools #CyberThreats

Lumificyber - Threat Brief: Flax Typhoon APT

3 days ago

No apt_pkg and black screen after installing Python version #boot #apt #python

3 days ago

The initial compromise of Gelsemium’s targets was achieved by installing web shells, likely exploiting vulnerabilities in servers accessible via the internet.

#Cybersecurity #Backdoor #CyberAttack #APT #AsianGovernment

4 days ago

Counterfeit Aptos Token Deposited on Upbit Leads to APT Withdrawals Being Temporarily Suspended - Exchange has resumed operations, but many are left wondering how such an issue will be pr... - #markets #aptos #upbit #news #apt

4 days ago

Crypto exchange Upbit stems fake APT token flood, resumes services - The newly created fake APT token called “” made i... - #systemmaintenance #withdrawals #faketoken #deposits #refund #upbit #apt

4 days ago

Is it safe to remove linux-generic-hwe-20.04? #apt #packagemanagement #kernel

4 days ago

Install ros2 humble desktop in my Ubuntu it shows E : unable to locate package #apt

5 days ago

Hey mam, I am trying to install ros2 humble desktop in my Ubuntu it shows E : unable to locate and not released like this what to do anyone help me #apt

6 days ago

ESET Research reported on a new Deadglyph backdoor used by the UAE-based Stealth Falcon group. They described the infection chain with a multi-stage shellcode downloader, as well as backdoor features. IOC included.

Tags: #freethewhales #StealthFalcon #cyberthreatintelligence #APT #Deadglyph

6 days ago
6 days ago

problems in running sudo apt update and upgrade #apt #upgrade #updates

6 days ago

Volexity reports that Chinese APT EvilBamboo aka Poison Carp (Citizen Lab), Evil Eye, Earth Empusa (Trend Micro), Red Dev 16 (PWC), targets mobile devices of Tibetan, Uyghur, and Taiwanese individuals and organizations. IOC included.

Tags: #evilbamboo #evileye #earthempusa #freethewhales #reddev16 #China #APT #cyberespionage #cyberthreatintelligence

1 week ago

The command-and-control communication of LuaDream is established by connecting to a domain named “mode.encagil[.]com” using the WebSocket protocol.

#Cybersecurity #APT #Malware #Sandman

1 week ago

Errors when installing g++ #apt #g++

1 week ago
1 week ago

Mandiant reports on Russian state-sponsored APT29 (Cozy Bear) and their evolving TTPs this year. IOCs included.

Tags: #APT29 #cozybear #Russia #APT #cyberespionage #cyberthreatintelligence

"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT 🌐🔐🎯

Indicators of Compromise (IoCs):

  • Domains: mode.encagil[.]com, ssl.explorecell[.]com
  • File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
  • SHA1:
    • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
    • fax.Application: 27894955aaf082a606337ebe29d263263be52154
    • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
    • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
    • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
    • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
    • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

Just Another Blue Teamer
1 week ago

Happy Friday everyone!

The SentinelOne Labs research team has discovered a new #APT they named #Sandman. This group targets telecommunication providers and uses a modular backdoor known as #LuaDream. They used techniques that included pass-the-hash and DLL hijacking to meet their objectives! Enjoy and Happy Hunting!

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Components of LuaDream (from source)
1 week ago

#APT #Konni




entry02.bat will use the bitsadmin tool to download the pmny04.crt and qmny04.crt files from the specified URL address and save them to the specified path C:\Users\Public\Documents\ on the local computer.


1 week ago

How to answer "Which services should be restarted?" after apt dist-upgrade in console #commandline #apt #server #upgrade #2204

1 week ago

Sentinel Labs reported on a new APT they dubbed Sandman. Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent.They identified a novel backdoor dubbed LuaDream. IOCs provided.

Tags: #Sandman #APT #LuaDream #IOC #cyberthreatintelligence

🇨🇳 Chinese TAG-74 Group Deploys .chm Files for Malware 📂

Chinese state-backed group TAG-74 uses .chm files to deploy customized ReVBShell VBScript backdoors. Targets include South Korea, Japan, and Russia.

Source: Cyber Security News
Tags: #TAG74 #APT #StateBacked #Malware #ReVBShell

1 week ago

apt --fix-broken install doent work or cannot upgrade #apt #server #debian #errorhandling

1 week ago

Ubuntu 22.04 Jammy, libc6 breaks after update. How to recover half-installed libc6 #apt #upgrade #dpkg #dependencies

1 week ago
1 week ago

The repository ' kinetic-security Release' does not have a Release file #apt #2004 #updates

1 week ago

I closed the terminal while updating and did not reboot because upgrading apt is in progress #boot #networking #commandline #apt #reboot

1 week ago

Recorded Future: Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities (IOC included)

Tags #China #APT #TAG74 #cyberespionage #cyberthreatintelligence #IOC

"🚨 Earth Lusca's New Linux Backdoor: SprySOCKS Unveiled! 🐙"

Earth Lusca, a China-linked threat actor, has been spotted employing a novel Linux backdoor, dubbed "SprySOCKS". This malware seems to have evolved from the open-source Windows backdoor Trochilus. The backdoor showcases swift behavior and a SOCKS implementation, hence the name. 🐍💼

SprySOCKS's structure is reminiscent of the RedLeaves backdoor, a RAT known to infect Windows machines. This backdoor is still under development, with different versions observed. Its interactive shell seems to draw inspiration from the Linux variant of the Derusbi malware. 🕵️‍♂️🔍

Recent activities of Earth Lusca indicate a focus on Southeast Asia, Central Asia, and the Balkans. Their primary targets? Government departments in foreign affairs, technology, and telecommunications. They've been exploiting server-based N-day vulnerabilities, including CVE-2022-40684, CVE-2022-39952, and more. Once inside, they deploy Cobalt Strike for lateral movement, aiming to exfiltrate sensitive data and conduct long-term espionage. 🌍🎯

Source: Trend Micro Research

Tags: #EarthLusca #SprySOCKS #LinuxBackdoor #CyberSecurity #APT #ThreatIntelligence #RedLeaves #Trochilus #CobaltStrike 🌐🔐🖥️

"🚨 Juniper Firewalls Under Siege: Over 12,000 Vulnerable Devices Exposed! 🔥"

New research reveals nearly 12,000 internet-facing Juniper firewall devices are susceptible to a recently disclosed remote code execution flaw. The vulnerability, identified as CVE-2023-36845, allows an unauthenticated remote attacker to execute arbitrary code without creating a file on the system. This medium-severity flaw in the J-Web component of Junos OS can be weaponized by adversaries to control certain environment variables. Juniper Networks patched this alongside other vulnerabilities last month. A proof-of-concept (PoC) exploit by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload malicious PHP files and achieve code execution. Jacob Baines points out, "Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure." Juniper has acknowledged the vulnerability but is unaware of any successful exploits against its customers. However, they've detected exploitation attempts in the wild, urging users to apply necessary patches. 🛡️

Source: The Hacker News

Tags: #Juniper #Firewall #Cybersecurity #Vulnerability #CVE202336845 #RemoteCodeExecution #JunosOS #APT #ThreatLandscape 🌐🔐🔍

"🔥 CapraTube Alert! Transparent Tribe's Sneaky Move 📺📲"

Transparent Tribe, a suspected Pakistani actor, has unveiled CapraTube, a deceptive Android application that mimics YouTube. SentinelLabs discovered three Android application packages (APKs) linked to Transparent Tribe's CapraRAT mobile remote access trojan (RAT). These apps give the illusion of being YouTube but are far less feature-rich than the genuine Android YouTube app.

CapraRAT is a potent tool, granting attackers control over vast amounts of data on infected Android devices. This RAT has been used for surveillance against targets related to the disputed Kashmir region and human rights activists focusing on Pakistan. The group distributes these Android apps outside the Google Play Store, using self-hosted websites and social engineering to lure users into installing weaponized applications.

In 2023, the group spread CapraRAT Android apps disguised as a dating service that carried out spyware activities. One of the newly identified APKs connects to a YouTube channel owned by Piya Sharma, suggesting the actor continues to employ romance-based social engineering tactics.

Key features of CapraRAT include:

  • Recording via microphone, front & rear cameras 🎥
  • Collecting SMS, multimedia message contents, call logs 📞
  • Sending SMS messages, blocking incoming SMS 📩
  • Initiating phone calls 📲
  • Taking screen captures 🖼️
  • Overriding system settings like GPS & Network 🛰️
  • Modifying files on the phone's filesystem 📁

For those in the India and Pakistan regions linked to diplomatic, military, or activist matters, it's crucial to be cautious of this actor and threat. Always be wary of apps outside the Google Play store and evaluate the permissions they request.

Source: SentinelOne Labs

Tags: #CapraTube #TransparentTribe #CapraRAT #CyberSecurity #AndroidMalware #SentinelLabs #MobileSecurity #APT 🌐🔐📱

Author: Alex Delamotte.

2 weeks ago

SentinelLabs identified three Android application packages (APK) linked to Pakistan-based APT Transparent Tribe’s CapraRAT mobile remote access trojan (RAT). These apps mimic the appearance of YouTube, though they are less fully featured than the legitimate native Android YouTube application. CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects. IOCs provided.

Tags: #transparenttribe #Pakistan #APT #cyberthreatintelligence #CapraRAT

Just Another Blue Teamer
2 weeks ago

Happy Friday everyone, I hope everyone survived this week!

The Microsoft Threat Intel team has been tracking an Iranian #APT known as #PeachSandstorm. They start with a password spray attack and if they are successful they then utilize both publicly available and custom tools. They cover the attacks in much more detail and provide us with some mitigations and detections! Enjoy and Happy Hunting!

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #APT33 #Elfin #RefinedKitten

Peach Sandstorm 2023 tradecraft (From Source)
Gabriel :verified_paw:
2 weeks ago

Wow, did I miss this or did I forget? Microsoft switched their naming from elements to... something-weather..

checks the Risky Business Podcast archive Oh yes... They talked about this in April (#702 around ~34m) so I did hear about it I just forgot...

Either way, I'm not the only one who has missed this (or simply stopped caring), Wikipedia's page on Lazarus still says Microsoft calls them ZINC, malpedia hasn't updated...

So PSA or reminder to everyone.

I guess they ran out of elements, and decided to throw it all out and start anew. As if it was not confusing enough that everyone has their own names for the threat groups, now Microsoft has two.

Here is the full list

#apt #microsoft #infosec #riskybusiness

Screenshot from microsoft page explaining that they have renamed Zinc to Diamond Sleet
2 weeks ago

Crypto Traders Grow Bearish as Aptos Plans $103M APT Token Unlock in November - The collective 20 million APT to be unlocked then equates to 112% of the average daily tr... - #unlocked #markets #supply #aptos #news #apt

2 weeks ago

I’ve just published a new Ansible module called perlmod_install_info whose purpose is to help you install Perl modules on systems in the most portable way possible.

Specifically, this module knows how to search for Perl modules in dnf, yum, and apt repositories as well as in cpanm. It prefers the OS repositories over CPAN because generally speaking you’re better off going with the OS-packaged versions of modules when they’re available, both because that’s more robust and because the OS packages install much faster than CPAN. CPAN is needed as a backstop because the OS distributions don’t include all Perl modules.

What’s especially clever about this module is that when it does need to resort to CPAN to find a module that isn’t available in the OS repository, it recursively determines all of the dependencies of that module and checks for them in the OS repository. It then returns lists of modules you can install from the OS and modules you need to install from CPAN, so you can minimize the number of modules that end up coming from CPAN.

If this sounds useful to you, you can check it out on GitHub.

#Ansible #apt #CPAN #cpanm #dnf #Perl #perlmodInstallInfo #yum

2 weeks ago

Zscaler provides a threat actor profile on Pakistani APT36 (aka Transparent Tribe). They described a new Remote Access Trojan, Linux malware and attack vectors, MITRE ATT&CK mapped TTPs, and provided IOC.

Tags: #APT36 #transparenttribe #APT #IOC #cyberthreatintelligence #ElizaRAT #Pakistan

"🎯 Ballistic Bobcat APT Targets Government & Healthcare! 🎯"

The Iran-aligned APT group, Ballistic Bobcat, has initiated a new campaign, Sponsor Malware, targeting government and healthcare organizations. Stay alert and informed! 🌍🔍

Source: GBHackers On Security

Tags: #BallisticBobcat #APT #CyberSecurity

Mitre - Ballistic Bobcat

what can be causes of errors in #apt hashes, down to details? #ubuntu

Kunal Mehta
3 weeks ago

TIL `nala` is an alternative #apt CLI frontend

#Debian #DebConf

DebConf talk slide showing nala
Taylor Parizo
3 weeks ago

Starting this one tonight #APT#FancyBear #ThreatIntel

4 weeks ago

Dia 67 #ElternzeitTour2023

Hem arribat a destinació: el Llac de #SainteCroix, on la previsió és d'una setmana de Sol i vora 30°C. Ha estat tirada llarga travessant el Parc Natural de #Luberon, fent parada a la vila d' #Apt que avui dissabte el poble era tot un mercadillo, ideal per passejar-hi.

Ara ja plantats, la idea és gaudir del bon temps, del llac i de l'última estada abans d'enfilar cap a la freda Alemanya.

La furgoneta viatgera aparcada en una parcel·la amb terra de grava i uns arbustos baixos separadors. Es veuen pocs arbres. El toldo, cadires, taula, cotxet i bicicleta estan estesos, i del toldo penja una cadena de llums ornamentals. És vespre, la foto és fosca.
Alexis Dorais-Joncas
1 month ago

Two openings for APT researchers in my team just went live today:

Senior APT Threat Researcher (

Staff APT Threat Researcher (

Elevator pitch: full remote USA/Canada, the job is to team up with the other team members to hunt for state-aligned activity in the richest email-centric telemetry I know of in the whole security vendor space. You will triage, cluster, analyze and attribute suspected state-aligned activity to generate top-of-the-line threat intelligence and have a real day-to-day impact in keeping Proofpoint customers safe.

Of course there is much more to tell about these positions, have a look at the full postings for the full details. Feel free to DM with any questions!
#hiring #jobs #cti #threatintelligence #apt #threatresearch

1 month ago

Microsoft reported on a Chinese APT dubbed Flax Typhoon conducting cyberespionage against Taiwanese organizations. Flax Typhoon is known for living off the land techniques as well as China Chopper web shell, Metasploit, Juicy Potato PrivEsc tool, Mimikatz, and SoftEthernet VPN client. Microsoft described TTPs and provided IOCs.

Tags: #China #APT #FlaxTyphoon #livingofftheland #lolbin #IOC

utzer [Friendica]
1 month ago

Never bothered to get into #snapper for #Linux, but now I am just amazed how easy the #snapshots for #BTRFS are automatically managed. In this case for #Debian, there is even hooks for #apt that are installed with snapper.

A remaining question is, if the pre and post snapshots are also cleaned automatically?

2 months ago

Hmm #emacs #lsp-mode helpfully offered to auto install an lsp server for #json but it failed due to lack of #npm. I did briefly contemplate it until I saw the #apt list and noped out.

Neil Craig
2 months ago

What's best APT group name?
APT35 AKA "Charming Kitten" is probably my personal favourite.
#InfoSec #APT

ricardo :mastodon:
2 months ago

Mastering #APT Linux Commands: A Comprehensive Guide With 15 Practical Examples

omg ubuntu
2 months ago

These apt warnings were annoying me but I found a tool to automatically fix 'em #apt #aptlavistababy

a screenshot showing a linux terminal printing row after tow of errors about packages, repos, and DEP-11 being configured multiple times in /etc/apt/sources.list
Mathieu Poussin
2 months ago

I really wish there was a proper history/rollback management in #apt like on #dnf
#linux #debian #redhat #ubuntu

Anonymous Germany
2 months ago

CERT-UA (Ukraine) und #Microsoft skizzieren ein aktuelles Angriffsszenario auf den #Verteidigungssektor in der #Ukraine und Osteuropa durch die staatlich-russische #APT-Gruppe #Turla.

Im Visier: #Exchange.

E-Mails mit #XLSM-Anhängen; enthaltene Makros führen einen #PowerShell-Befehl aus und erstellen eine geplante Aufgabe, die sich als Firefox-Browser-Updater ausgibt. Geladen wird Malware, die den Server auf und zu einem #C2Server für die #Hacker macht.


deltatux :donor:
2 months ago

#CyberSecurity experts are sounding the alarm over a so-called "Microsoft Logging Tax" where incident response teams can only see the full picture of an attack against their #Microsoft365 tenant if their organization subscribed to the E5 license (or "Security and Compliance add-on license with E3).

In the case of the recent
#email #hack by #Chinese #APT group #Storm_0558, an affected human rights organization was unable to find any evidence of compromise in their logs because they didn't have the upgraded subscription. They only learned that they were compromised after Microsoft reached out to them to tell them they were breached.

#infosec #cybersecurity #Microsoft #Azure #AzureAD #IncidentResponse

@thelinuxcast I've always had my share of issues with #apt, and that is the top reason I'm not a #debian user in the past. After a conversation with a group of friends where we were discussing #redhat going closed source, they promised me all past issues with apt are gone and that it is very safe now. I'm giving it a run on a VM for sometime and might use one server for it as a trial, bit I'm also thinking of #opensuse at this point as it a distro I keep visiting between times, and also RPM.

As someone who’s always used Debian based distros. Could someone explain why Apt gets so much hate? #apt #debian #ubuntu #linux #packagemanager

3 months ago

finally ran an update on my computer that doesn't do automatic updates through Gnome. don't remember if I used this computer since June 10th, but that's when #Debian released the next version. While reading through the release notes, I noticed how we can use #apt through #Tor. I have been contemplating this for a while. Required putting tor+ before http: and/or https: in /etc/apt/sources.list and installing apt-transport-tor.

realcaseyrollins ✝️
3 months ago

@colinsmatt11 @hyde I actually didn’t know that there was a #GUI for #snap.

#Apt ain’t bad, but it’s not as simple as #snap

Preston Maness ☭
3 months ago

@ablackcatstail I don't know if `nvm` is available for `bookworm` or not -- I mean, it's a POSIX-compliant shell script but I don't know for sure if it'll work -- but that's typically what I use for managing multiple versions of `node` on my machine. This project needs X, that package needs Y, etc etc.

>nvm is a version manager for node.js, designed to be installed per-user, and invoked per-shell. nvm works on any POSIX-compliant shell (sh, dash, ksh, zsh, bash), in particular on these platforms: unix, macOS, and windows WSL.

If your use-case involves working within the shell -- or at least has the ability to toss a pre-flight `nvm` command to get the environment properly set first -- then I imagine it'll work.

#nvm #node #nodejs #debian #bookworm #apt

Meow.tar.gz :verified:
3 months ago

@SpaceLifeForm Hey! Hope you're doing well and that you don't mind me asking question about #debian #apt. I added a repo for nodesource so I could install an older version of #nodejs. How do I then tell apt to use that repo instead of the one for #bookworm ? Thank you in advance. Google wasn't netting me the answer and quite possibly because of my using the wrong keywords. Ugh.

John Goerzen
4 months ago

Check out #nala, the new #apt front end in #Debian #bookworm! Among other things, it supports #aria2c for multi-connection apt downloads, a better history log, and so forth

Just Another Blue Teamer
4 months ago

The #APT known as #Kimsuky strikes again, this time targeting think tanks, academia, and media organizations with a social engineering. The goal? Stealing Google and subscription credentials of a news and analysis service that focuses on North Korea. Enjoy and Happy Hunting!

Link in the comments!

***This one is a little different. In this article, SentinelLabs mentioned ReconShark being used. Can you provide me with any TTPs that are associated with that #malware?***

TA0001 - Initial Access
T1566.002 - Phishing: Spearphishing Link
T1566.001 - Phishing: Spearphishing File

TA0002 - Execution
T1204.001 - User Execution: Malicious Link
T1204.002 - User Execution: Malicious File

TA0006 - Credential Access
T1056.003 - Input Capture: Web Portal Capture

ReconShark TTPs:
Here is your chance to shine! Let me know what TTPs are associated with this malware!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Initial Email (from source)
Malicious Google Docs site (from source)
Ed Howland
4 months ago

Is there anyway in the upcoming #Bookworm or #Debian 12 to see if your favorite package is in the #APT package system?
I am looking for htmlq a jq like utility but for raw HTML say from curl that let you slice and dice things using #CSS selectors.

"This attack has been attributed to Aurora Panda aka APT17 aka Deputy Dog aka Hidden Lynx aka Tailgater Team aka Group 8 aka Burning Umbrella."

FFS. Why. Just why.

Am I the only one who gets so frustrated with all of the different threat actor naming conventions? Why cant we all agree on a standard? #CTI #APT

Mastodon Linux users, I need your help!!

I've been looking around for a new #Linux #distro to #distrohop (even though I swore to never distrohop again :P), but I can't find one that fits my needs:

- Built on #Debian Linux latest
- Supports more #apt providers
- Does not use #systemd, #pulseaudio & #x11
- Does use #PipeWire and #Wayland
- Has a big userbase and is maintained by a group of people, not an individual

I'd go for MX, but it breaks #3

I'm ok with X11 but I'd like it toggleable

4 months ago

@c0nac @thelinuxexperiment So you are kind of making my point - there is no obvious (and therefore, no easy) way to save a package for later use. And also, if that package has dependencies, then saving the package may not be enough, you might also need to save some or all of its dependencies. AND if you don't realize you have a problem with a new version, finding a source for the older package may prove a challenge.

Back in my Windows days, every time I downloaded an .exe file I saved it until a newer version of the program came along and I was satisfied that the new version hadn't broken anything important. Today I do the same thing with MacOS programs, except for the handful I get from the app store. But with #Linux, because it all comes from a repository, I am never given the opportunity to save the file. Even with #snaps and #flatpaks I do not believe you are given the opportunity to set them aside for later use. I run #Ubuntu so I don't know about flatpaks, but snaps seem to give you even less control than #apt, they upgrade automatically in the background and you never even know when something is being upgraded (until maybe you notice something is broken).

Taylor Parizo
5 months ago

APT37 has updated Rokrat's infection chain revisiting LNKs and PowerShell scripts. Overlaps with Amadey and Goldbackdoor
#APT #RAT #ThreatIntel

@Natanox I mean comprared to that even #Snap & #flatpak are as nice as #yum and #apt.

Mike Gerdts
6 months ago

I was having some troubles with #apt in an #ubuntu 22.04 #container using #podman on #fedora 37 with the latest LTS kernel. It seems there’s a bad interaction with #zfs that I don’t understand. SELinux is disabled. Does anyone have any clues for me?

821ec39800471963a4ccef10b587b8d6 #APT #MustangPanda I know this is not a new sample but did anyone notice that the config block is straight up gone now?

Interesting findings this time around:

  1. Starting from this version of the EU-specific payload, the PlugX no longer uses the launcher as its primary process image; instead, it now injects into a newly spawned mshta.exe as specified in the config block.
  2. The config block is no longer presented in the decoded payload blob. No idea where it went - but it is certainly not located at the beginning of the data section anymore.
  3. An awful lots of unrelated files present in the parent archive - noise?
  4. No persistence...? There's no path configured in the config block either. Weird.
  5. They finally removed the computer name ("desktop-n2v1smh") from the LNK - only took them almost a year.
Daniel Lunghi
7 months ago

My latest #APT research on #IronTiger (#APT27/#EmissaryPanda/#LuckyMouse) is out ! It includes analysis of a new version of SysUpdate ported to Linux, a new communication protocol through DNS TXT requests, a VMProtect certificate compromise, and probable infection vector

Ali would not have approved ...

B&W portrait photo of Muhammad Ali encoded to audio using APT, re-encoded to 8 kHz MP3 by the very fast lo-fi shineenc encoder, then decoded to a picture again.

APT is the audio format used by weather satellite transmissions. I am (mis)using it here for art purposes

#art #glitch #audio #othernetworks #apt #mp3 #wefax #TheGreatest

Very distorted and glitchy B&W portrait photo of the later boxer Muhammad Ali distorted by transmission via a very low fidelity mp3 encoder
Thorsten Leemhuis (2/4)
7 months ago

Things you learn about the world when you google for #zypper:

* there is a commune in France called #apt

* there is a company "#Yum! Brands" that is building restaurant brands


Neil Craig
8 months ago

Currently having a tinker with Google Cloud's native container image scanning...
I'm hoping I can wrap this in with a more concrete version on my base container image and not running `apt update` to make builds more repeatable but without losing too much in the way of security assurance.
Will report back in due course...
#googlecloud #containers #security #debian #apt

Jonathan D. Abolins
8 months ago

«UK cyber experts warn of targeted phishing attacks from actors based in Russia and Iran» Rather than using surprise #phishing, these campaigns seek to develop rapport with their targets. #NCSC #Malware #APT #CyberSecurity

FOSS Surveys
8 months ago

Which #package manager(s) do you use?

Boost for more range

#apt #dnf #pacman #packagemanager #foss #opensource #freesoftware #linux #poll #polls #survey

1eea10u :verified:
9 months ago

Every once in a while I remember that this is in an official US Government report from CISA and it always makes me giggle.

#cybersecurity #infosec #QBot #apt

A photo of baby chickens on top of a laptop showing an Ars Technica article. The photo claims they are “Not the actual QakBot/Qbot operators, but still formidable Advanced Persistent Chickens”

@ppatel I'm shure #Apple will copy & paste their approach from #macOS to #iOS, defaulting to "certified developers" but allowing users with admin privilegues to click through safety permissions and explicity say "yes, let me install untrusted apps I know what I'm doing!"

Similar to how @fdroidorg or amy other #PackageManager like #yum / #zypper & #apt allows adding 3rd party repos...

The Owner of Mastodon 🤞
10 months ago

The #Linux #distro trip didn't stop. I decided to give a proper try to #PopOS and am glad I did it. Some of the software I use is ni #apt but not immediately (or at all) in #rpm.


Yoshi :verified:
10 months ago

“As part of ongoing hunting and continuous monitoring efforts … intelligence team recently came across an interesting RAR file”

You could just tell us you found it on VirusTotal like everyone else. #APT

tom :verified_paw:
10 months ago

CISA and FBI reported that Iranian government-sponsored APT actors compromised Federal Civilian Executive Branch (FCEB) network.

The attackers deployed crypto miner and credential harvester.

Detailed reports and IOCs listed below.

CISA report Alert (AA22-320A):

Malware Analysis Report (AR22-320A)10387061-1.v1 XMRig Cryptocurrency Mining Software:

#Iran #CISA #FBI #Government #FederalNetwork #IOC #CyberSecurity #InfoSec #APT

11 months ago

I haven't gotten around to it yet, but here goes: #introduction
#anarchist working as a #malware researcher in Montreal.
Will post mostly stuff related to #privacy #infosec #DigitalRights #surveillance #unions #APT #threatintel #Workersrights #ReverseEngineering

Show me your Adversarial interoperability (aka Competitive compatibility) projects, I love that stuff!