The EMF Arcade calls for aid! Do you know someone with a laser cutter (that can do 6mm plywood) who might want to help build an amazing arcade for indie and small game devs? We urgently need help getting our arcade cabinets cut, more details at https://blog.emfcamp.org/2024/05/17/help-the-EMF-arcade/

@emf looks epic!
What do the "!" and the little people squares mean though?

There are still tickets available in this sale! If you know someone who wants an EMF ticket:

https://www.emfcamp.org/tickets

If you're planning on travelling to EMF by train, beware that the line to Ledbury station is closed on the Sunday (June 2nd) until 16:00. There are only a few trains after that and none run direct to London.

There are rail replacement buses, but we are planning on re-routing our shuttle buses to Worcestershire Parkway station instead. We recommend you leave on Monday if possible.

Our travel page will be kept up to date with the latest travel info:
https://www.emfcamp.org/about/travel

Looks like the British Library ransomware incident was Rhysida #ransomware

Have we heard any more on the 0day Lockbit claimed to have used on Boeing? #ransomware #lockbit

Almost 70% of Citrix Netscalers have webshell backdoors installed now, even after patching.

Pretty major backdoor due to Netscaler = internet facing by design, allows remote access, has AD credentials by design. https://blog.fox-it.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/

I'm still chasing some info on Ryhsida Linux/ESXi ransomware locker.

They're definitely encrypting ESXi environments, but I have not found a single sample in the wild. Does anyone have any insight or a sample they can share?

#Ryhsida #Ransomware #ESXi #Linux

Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more) #ransomware https://medium.com/@lcam/lighting-the-exfiltration-infrastructure-of-a-lockbit-affiliate-and-more-f57fbb7a4e79

I'd been wanting to do this for a while, cudos to unit42 for doing so, a great writeup. Tracking Cl0p's torrents and seeders:
https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/

#cl0p #ransomware

Does anyone have a Rhysida Linux/ESXi sample they can share?

#Ransomware #Rhysida

@PogoWasRight what a great site! I'd not come across it before but I can see this becoming a daily read for me

And yes I agree, it makes a ton of sense for the TA to take whatever they can in such cases

@PogoWasRight delete data = pretty regularly.

I'm not sure I've seen an instance where the victim has requested just a portion deleted, it's usually everything, but for victims who are recovering from backups requesting the data deleted but no decryption key is quite common and typically comes with a reasonable discount.

A lot of ransomware actors even have an "evidence of deletionn" process. They will typically even handle deletion requests after they have published the data.

This was just released and I highly recommend you read it, if you are in the cyber policy/national security space:
https://www.rand.org/pubs/conf_proceedings/CFA1775-1.html?utm_source=AdaptiveMailer&utm_medium=email&utm_campaign=701QK000000vi1DYAQ&utm_term=00vQK000000MnDOYA0&org=1674&lvl=100&ite=279657&lea=2316638&ctr=0&par=1&trk=a0wQK0000004pQXYAY

Microsoft released the findings of their investigation into how Storm-0558 managed to get hold of a signing key that have then access to customers email. Two points that jump out:

1) Turns out even Microsoft can't afford the ingestion fees for Sentinel! 😜

2) Let's also gloss over the fact the corporate network appears to be compromised 🙄

Those two points aside hats off to them for this investigation, can't deny that's impressive work.
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

#Microsoft #Storm0558

The reason why Windows ranks #1 on my blog is because it mainly focuses on IT and programming. If my blog was about lifestyle topics like yoga or clothing, I would expect to see more Apple iOS/macOS users in the top spot.

CISA Releases Cyber Defense Plan to Reduce RMM Software Risks https://www.securityweek.com/cisa-releases-cyber-defense-plan-to-reduce-rmm-software-risks/

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability. 

https://www.bleepingcomputer.com/news/security/new-cve-2023-3519-scanner-detects-hacked-citrix-adc-gateway-devices/

Victim of its own #ransomware success: LockBit's got problems, says ransomware hunter Jon DiMaggio
https://www.databreachtoday.com/victim-its-own-ransomware-success-lockbits-got-problems-a-22796