Abyss Ransomware Victim: aurobindousa[.]com - https://www.redpacketsecurity.com/abyss-ransomware-victim-aurobindousa-com/
US govt sanctions North Korea’s Kimsuky hacking group - https://www.redpacketsecurity.com/us-govt-sanctions-north-koreas-kimsuky-hacking-group/
Cactus ransomware exploiting Qlik Sense flaws to breach networks - https://www.redpacketsecurity.com/cactus-ransomware-exploiting-qlik-sense-flaws-to-breach-networks/
Capital Health Hospitals hit by cyberattack causing IT outages - https://www.redpacketsecurity.com/capital-health-hospitals-hit-by-cyberattack-causing-it-outages/
Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays - https://www.redpacketsecurity.com/get-off-emsisoft-s-enterprise-security-edr-solution-for-the-holidays/
Zyxel warns of multiple critical vulnerabilities in NAS devices - https://www.redpacketsecurity.com/zyxel-warns-of-multiple-critical-vulnerabilities-in-nas-devices/
LogoFAIL bugs in UEFI code allow planting bootkits via images - https://www.redpacketsecurity.com/logofail-bugs-in-uefi-code-allow-planting-bootkits-via-images/
Staples confirms cyberattack behind service outages, delivery issues - https://www.redpacketsecurity.com/staples-confirms-cyberattack-behind-service-outages-delivery-issues/
FjordPhantom Android malware uses virtualization to evade detection - https://www.redpacketsecurity.com/fjordphantom-android-malware-uses-virtualization-to-evade-detection/
WhatsApp's new Secret Code feature hides your locked chats - https://www.redpacketsecurity.com/whatsapp-s-new-secret-code-feature-hides-your-locked-chats/
US-CERT Vulnerability Summary for the Week of November 20, 2023 - https://www.redpacketsecurity.com/cisa-vulnerability-summary-for-the-week-of-november-20-2023-4/
Windiff - Web-based Tool That Allows Comparing Symbol, Type And Syscall Information Of Microsoft Windows Binaries Across Different Versions Of The OS - https://www.redpacketsecurity.com/windiff-web-based-tool-that-allows-comparing-symbol-type-and-syscall-information-of-microsoft-windows-binaries-across-different-versions-of-the-os/
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks - https://www.redpacketsecurity.com/north-korea-s-lazarus-group-rakes-in-billion-from-cryptocurrency-hacks-2/
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails - https://www.redpacketsecurity.com/google-unveils-retvec-gmail-s-new-defense-against-spam-and-malicious-emails-2/
CERTFR-2023-AVI-0985 : Multiples vulnérabilités dans Microsoft Edge (30 novembre 2023)
CERTFR-2023-AVI-0986 : Multiples vulnérabilités dans Tenable Nessus Network Monitor (30 novembre 2023)
Listening to Hannah Storm talk about it in a #Bellingcat stage talk about "Moral Injury" and "Vicarious Trauma". Very interesting talk that helps to put to words some of the impact I'm seeing from things in the #OSINT world along with just society and social media.
If you're curious check out the #Bellingcat podcast about it, or start here:
Black Basta Ransomware Victim: jacobsfarmdelcabo[.]com - https://www.redpacketsecurity.com/black-basta-ransomware-victim-jacobsfarmdelcabo-com/
Black Basta Ransomware Victim: andersonandjones[.]com - https://www.redpacketsecurity.com/black-basta-ransomware-victim-andersonandjones-com/
Podcast Episode 11-30-23. In this edition, we primarily cover some recent action by U.S. troops, the horrendous fighting happening in Ukraine, a first that has happened against China, some new drone/tech news, and plenty of motivation and wisdom.
#mil #podcast #military #ukraine #china #russia #politics #defensenews #OSINT
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks - https://www.redpacketsecurity.com/cactus-ransomware-exploits-qlik-sense-vulnerabilities-in-targeted-attacks-2/
This Free Solution Provides Essential Third-Party Risk Management for SaaS - https://www.redpacketsecurity.com/this-free-solution-provides-essential-third-party-risk-management-for-saas-2/
7 Uses for Generative AI to Enhance Security Operations - https://www.redpacketsecurity.com/uses-for-generative-ai-to-enhance-security-operations-2/
The @Bellingcat team recently hosted another hackathon and asked participants to:
- make public open data more accessible and useful
- visualize climate change and its consequences
- understand the visual culture of disinfo
The outcomes of the event are summarized in this post:
OSINT Tools for Analyzing Suspicious Emails
Follow @osintambition for more.
Dollar Tree hit by third-party data breach impacting 2 million people - https://www.redpacketsecurity.com/dollar-tree-hit-by-third-party-data-breach-impacting-million-people/
HiddenDesktop - HVNC For Cobalt Strike - https://www.redpacketsecurity.com/hiddendesktop-hvnc-for-cobalt-strike/
MaccaroniC2 - A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH - https://www.redpacketsecurity.com/maccaronic-a-poc-command-and-control-framework-that-utilizes-the-powerful-asyncssh/
Demain, c'est le CBC - Cybersecurity Business Convention !
Toute la journée, venez découvrir sur le stand de Predicta Lab | Protect your digital life nos solutions #OSINT qui vous permettront un meilleur contrôle de votre empreinte numérique.
A 11h00, j'aurai la chance de donner une conférence sur la nécessité de maitriser l'empreinte numérique pour les personnes physiques ET morales !
Überflüssiger Tröt, weil jeder, der dem Hashtag #osint folgt, ohnehin den Newsletter von @craigsilverman folgt - aber diese Ausgabe lohnt sich allein schon wegen des Tipps mit dem Google-Recherche-GPT-Bot von @henkvaness. https://digitalinvestigations.substack.com/p/tools-and-tips-round-up-the-decline
The latest edition of my free newsletter looks at investigating munitions, how to build your own database, and what to do about the decline of Google Search results.
Plus, I recommend a couple of interesting academic articles: https://digitalinvestigations.substack.com/p/tools-and-tips-round-up-the-decline #osint #journalism
A YouTube channel has bought satellite imagery to count tanks in storage in Russia.
On average, Russia is losing about 75 tanks per month, but only about 57 tanks seem to be drawn from storage. This could indicate they are able to build around 18 new tanks per month as well.
However, with a net loss of 57 tanks per month, it is getting harder to keep up. This is why Russia is sending very old tank types to the frontline, as they are easier to renovate.
So there's an #OSINT account on #Twitter inciting violence (murder) against anyone resembling Hamas. Be careful if you're protesting and are Arab as they can't tell the difference. They are armed and they are killing on sight. Vermont is in the United States btw.
Also if you are in the west the news is being censored on #Google. This article is being suppressed despite going viral.
After what seems like a month or two long hiatus, it appears that @Tendar is actively posting on Mastodon again. He’s a great source of information on the war in #Ukraine. Give him a follow. Help encourage him to keep actively posting on Mastodon. Perhaps it will inspire others in the #OSINT and #NAFO community to post on Mastodon as well.
A number of things about this most recent capture is eyebrow raising. First, the vessel owned by Israeli citizen Eyal Ofer was carrying phosphoric acid which is a critical fertilizer component that could also be used to synthesize white phosphorus for bombs.
Second is the location of the capture in the Gulf of Aden, far from Houthi controlled waters.
Or do you think the dozens of operatives of Mossad and ShinBet in Gaza are criminally incompetent?
The location is basically #OSINT and they even released damning evidence, including calls complaining about the resource theft by Hamas from said hospital...
From Ukraine to Gaza, livestreams have proven one of the most effective sources for tracking fast-moving breaking news events. Open source researcher Aram Shabanian has put together a guide to finding livestreams to monitor crises and conflict, with some valuable tips on what not to do.
Ukraine has a lot of balls in the air. Congressional funding is on the line, Zelensky and his commanding General disagree about messaging/stalemate, and you have to wonder if the General might need a pep talk (or worse). I talk about that a lot in the podcast that just dropped.
There is a lot on the line for Ukraine -- and for the world -- and it feels like something big needs to happen. And happen fast.
#ukraine #russia #RussiaUkraineWar #nafo #fellas #osint
"Airwars is a not-for-profit transparency watchdog which tracks, assesses, archives and investigates civilian harm claims in conflict-affected nations."
It takes a little time, but for incidents where civilian casualties in a conflict zone are claimed, they research the incident and try to quantify and identify the victims.
If a real #journalist was ever interested in investigating claims by countries that said airstrike "killed [x] terrorists" this would be a good place to start.
When slowed down the lie becomes unmistakable.
Now the question becomes, "who is lying to whom and why?"
I haven't been keep close track but this is at least the second or third time I've noticed Israeli officials attempt to pass off training footage as recent combat wins.
Two hours ago the Israeli Prime Minister's spokesperson posted a video on twitter which he claimed to be from recent IDF combat operations. Ofir states:
"A must watch: IDF attack dogs go after Hamas-ISIS terrorists inside their tunnels in the Gaza Strip and take them down.
Hear the terrorists scream."
Only problem though, is that the "terrorist" is clearly wearing a dog bite suit.
Incredibly important work by @ZekuZelalem documenting an atrocity in Ethiopia I'd never heard of through #OSINT, meticulous, detauled and horrifying.
Footage has been released this morning by the Hamas (Al-Qassam Brigades) showing the defenders of Gaza engaging IDF vehicles both in farm land and in urban spaces.
Here’s the latest podcast. A smart, sophisticated look at foreign policy affecting the United States, Ukraine, and the world, without the hyperventilating, ramping up of fear, or clickbait material.
Includes some motivation and words of encouragement at the end. (Timestamps available in episode notes.)
You can still join the 2-day training class "Practical Social Engineering & Open-source Intelligence for Security Teams" I will be delivering at this year's #DeepSec conference, in which you will...
🌐 Learn how attackers leverage OSINT to identify organizational vulnerabilities.
🎯 Understand the psychology and methodology behind social engineering attacks.
🔍 Acquire necessary skills & knowledge that will help you prevent and better simulate social engineering attack scenarios.
💼 Examine real-life case studies and attack methodologies.
📚 Build better protective measures, inform your security strategy, and learn to provide realistic insights to clients.
Date: 14 & 15 November 2023
Location: Vienna, Austria
⬇️ Course Content & Registration Details: https://deepsec.net/speaker.html#WSLOT626
I look forward to seeing you there!
Ein sehr interessantes Whitepaper zu #VPN hat das Fazit: "Of the 16 VPNs we analyzed, Mullvad, PIA, IVPN, and Mozilla VPN (which runs on Mullvad’s servers)—in that order—were among the highest ranked in both privacy and security. However, PIA has never had a public third-party security audit. #OPSEC #OSINT 1/x
Interesting bit of OSINT. Some numpty used my phone number on their Temu orders. I presume this is accidental. She orders quite a bit of stuff and the text messages as orders are dispatched and delivered are starting to get quite annoying.
However these SMS have links to track the order. Here comes the OSINT bit.
If I follow the tracking link in the SMS it takes me to a partially redacted version of her address. Counting characters I can figure out the county is Lincolnshire.
Google a list of towns in Lincolnshire and there are two starting with "sp". One has 7 characters, the other has 8. There are 8 characters in the partially redacted town name.
I then have the number and first 4 letters of the street address. Going into Google Maps I type in the town name and the partial street address. This gives me four possible hits including postcodes.
Now back to the Temu site, there is a link to the Evri parcel tracker. I have the tracking number but Evri just needs the postcode. Trying one post code after another I get it on the third try. Evri then gives me the full name and address. Bingo!
Typing the person's name and town in to Google, the first hit is her Facebook profile. Facebook gives me her photo, her husband's photo and photos of her two young kids. It also tells me where she works, her job title, which schools she went to, when she graduated and a list of nearly 20 family members. I wouldn't be surprised if the name of her first pet is in there too.
There is more about you on the internet than you might be aware of! Don't make all your personal information public folks.
(There might be some editing to this post as time comes along.)
Hi, I'm V'ger. If you want to know my real name, just ask. You might also be successful doing some #OSINT 😉
First things first: I have been suffering from #depression for more than a decade. This dark thing comes and goes as it sees fit. So I might be posting stuff regarding my personal monster.
Now the fun stuff; I am an #InfoSec professional from Germany and run this account on my own Mastodon instance.
I’ve asked KIU a few times to create an active account on Mastodon. Unfortunately every response has been “no”. I’m really not sure what KIU has against Mastodon. #OSINT
Just hear me out: if you're doing #OSINT and don't know what Finite Element Methods are, maybe you shouldn't be trusted by journalists to brainworm your way to conclusions about bombings. If you're a reader, perhaps you should even be concerned about why journalists are eager to outsource investigations to those with no accountability.
Where 20 people died. The footage was available nearly instantly. Photos everywhere.
So far, I have not seen images or video of a hospital destroyed with such power that 500 civilians died in #Gaza, as is being constantly circulated online today. I’ve seen a parking lot and burned cars. No smoking craters where the hospital was. #osint folks help?
Calling the explosion on the Ahli hospital's car park (next to a lawn where upwards of a thousand Palestinians were seeking refuge) an "attack" — referring to an intentional act — was a little hasty and unhelpful by a #Unicef director no less. The territory of the incident (Gaza) and *claimed* "intent" can only implicate the #IDF.
The Palestinian jihadists, naturally, instantly blamed Israel for the "attack" and within hours the usual networks along with much of the media (including presumably *all* of the regional islamic media) had apportioned guilt and lynching parties were being formed on the "Arab street".
Yet #OSINT accounts — with visual and geolocating evidence trickling in — found no evidence of Israeli involvement. The netanyahu regime and even the IDF have in the past committed criminal acts which, after denials, the OSINT analysts have proven to have been their responsibility.
In this tragic case of mass casualties *all* the evidence really points at one in a volley of PIJ (Hamas allies Palestinian Islamic Jihad) unguided rockets failing soon after launch and landing on that hospital car park, still carrying and spilling most of its unspent propellant fuel, with the rocket's explosion also leading to secondary explosions of the surrounding cars.
Parroting science-illiterate jihadist propaganda only fuels those jihadists' agenda and does nothing to help the Palestinian cause. If anything positive comes from this tragedy it's given us a way to distinguish malignant propagandists from genuine seekers of solutions.
On the sad state of #osint on the bird site:
“But what the current war in Israel and Gaza has made clear in recent days is that there are many verified, popular accounts on Twitter that use the OSINT term to give legitimacy to shoddy work that only creates more confusion. What exists now is a profit and engagement driven ecosystem of non-experts who in some cases may be spreading videos for the clout and cash, rather than to inform readers about what is actually true.”