#Tag
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains
OH! Excited to dive into this - few places doing deeper & more insightful research than GA Tech & friends.
Also gonna note with pride that @DomainTools has 3 citations, and my pal Pawel Foremski from our Research team also has a citation herein!
ASN: AS209641
Location: Moscow, RU
Added: 2025-12-05T19:52
PSA: If you use #Nextcloud, make sure to update to the latest server and app versions. They published a bunch of CVEs.
Ohh I like this... Aikdo has presented a more detailed analysis of the early steps for the Shai Hulud 2.0 worm.
Attempting to map what steps the original threat actor took to gain a foothold. Useful stuff IMHO
https://www.aikido.dev/blog/shai-hulud-2-0-unknown-wonderer-supply-chain-attack
It's been a few days since I posted about https://readily.news AKA "open.news", a service which:
1. asks for complete access to your Mastodon/fedi account
2. ingests whatever your account can see via your account and summarizes it using LLMs (seemingly from OpenAI?)
3. sends you a daily, personalized newsletter
It's a particularly bad kind of scraper because it basically hijacks existing community infra to do the scraping for it.
Because accounts' host instances are the actors gathering up all the content there's no way for remote servers to detect which of their followers' accounts have been compromised, nor to block their posts from ending up in the hands of the upstream LLM providers.
We'll probably need admins of affected instances to run a database query to detect and revoke permissions granted to this service via OAuth to limit its access.
I asked the guy who
the guy who appears to be behind it (https://mastodon.social/@librenews
) if he could confirm his affiliation, but he doesn't actually seem to be very active on Mastodon (preferring Bluesky) and so he still hasn't responded.
I'm actually a little surprised at how little reaction there's been to this based on how quickly other scrapers were run off the network, but I get that people are busy.
If you want more details, the specifics of my investigation are in this post:
https://cryptography.dog/blog/what-little-i-know-about-readily-news/
...and I'd appreciate if others could corroborate my findings.
I just published a blog post summing up my most pertinent thoughts about dealing with badly-behaved web-scraping bots:
https://cryptography.dog/blog/AI-scrapers-request-commented-scripts/
It isn't exactly a Hallowe'en-themed article, but today is the 31st and the topic is concerned with pranking people who come knocking on my website's ports, so it's somewhat appropriate.
#infosec #bots #halloween #scrapers #AI #someMoreHashtagsHere
Dear Fediverse, thank you for being a safe haven from AI slop.
This morning, I checked out Pinterest for the first time in forever and saw an image purporting to be a LEGO set that was obviously AI generated - yuck!
Then on Reddit's popular page there was a video compilation of people saving children from terrible falls = AI slop.
YouTube's homepage: a short video showing a child and her dog covered in mud = AI slop.
What was I thinking? I should visit #Lemmy and #PeerTube instead...
@_elena There are definitely accounts here that post #AISlop images. Many of the ones i see are using them along with the #infosec hashtag which i follow.
While it's certainly better than many other places, there are people who for some reason or another will post links to articles, blogs or whatever and instead of allowing the link preview to generate, will add some AI image.
Usually these are very small accounts here doing it, but i've muted a few large ones doing it as well.
Every day, Quad9 helps protect more than 100M users globally from malware, phishing, and online threats — completely free of charge and without collecting personal data.
This #GivingTuesday, please consider making a donation to continue our work. Your support helps sustain a public-benefit cybersecurity service that puts users first, not profit.
Together, we can keep building a more secure and privacy-respecting internet. 🫶
ASN: AS9824
Location: Tokyo, JP
Added: 2025-11-30T15:41
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains
OH! Excited to dive into this - few places doing deeper & more insightful research than GA Tech & friends.
Also gonna note with pride that @DomainTools has 3 citations, and my pal Pawel Foremski from our Research team also has a citation herein!
You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻
🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉
#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Status of reproductible Builds for open source Messengers (Matrix, Session, Signal, Telegram...) - Project by BarbossHack #OSS #Infosec https://github.com/BarbossHack/reproducible
ASN: AS209641
Location: Moscow, RU
Added: 2025-12-05T19:52
Secret diplomatic message deciphered after 350 years
#cybersecurity #hacking #security #technology #hacker #infosec #ethicalhacking
Meta asks Canada to adopt app-store age-verification requirements
https://www.technadu.com/meta-pushes-canada-for-app-store-age-verification-id-laws/615047/
• 83% of Canadian parents support app-store age checks
• Critics warn about centralized identity systems + reduced anonymity
• Google opposes, citing responsibility shifting
• Potential impact on open-source and privacy-focused tools
Follow us for more cybersecurity + policy updates.
#Meta #AgeVerification #Privacy #Infosec #DigitalRights #TechPolicy
A space for Bonfire maintainers and contributors to communicate
