Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack

The Chinese APT group Silver Fox has launched an SEO poisoning campaign targeting Chinese-speaking users, impersonating Microsoft Teams. The campaign uses a modified ValleyRAT loader with Cyrillic elements to mislead attribution. Silver Fox aims to conduct espionage and financial fraud, posing a significant threat due to its dual mission. The attack chain involves a fake Teams website, malicious ZIP files, and binary data retrieval from XML and JSON files. The malware exploits rundll32.exe for binary proxy execution and establishes C2 communication. Attribution to Silver Fox is based on overlapping infrastructure and links to previous campaigns. Organizations with global operations, especially in China, are advised to implement robust security measures and logging capabilities to defend against this evolving threat.

Pulse ID: 6939ac62e469d4f7f250be99
Pulse Link: https://otx.alienvault.com/pulse/6939ac62e469d4f7f250be99
Pulse Author: AlienVault
Created: 2025-12-10 17:22:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#China #Chinese #CyberSecurity #Espionage #FinancialFraud #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #Proxy #RAT #Russia #SEOPoisoning #ZIP #bot #AlienVault

Don't forget that you can run tor's snowflake to enable those with restricted internet, access to information and free communication.

It's safe to host and doesn't put you on block lists. Technical information on the technology: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview

Knowledge is a human right.

https://snowflake.torproject.org/#03-donate-bandwidth

#snowflake #proxy #vpn #tor #anonymous #security

PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182

A critical vulnerability in React Server Components (CVE-2025-55182) is being exploited across various organizations. Attackers are deploying cryptominer malware, a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based post-exploitation implant dubbed ZinFoq. PeerBlight uses the BitTorrent DHT network as a fallback C2 mechanism. CowTunnel initiates outbound connections to attacker-controlled FRP servers. ZinFoq implements interactive shells, SOCKS5 proxying, and timestomping capabilities. A Kaiji botnet variant is also being distributed. The exploitation attempts target multiple industries and use automated tools. Immediate patching is recommended due to the ease of exploitation.

Pulse ID: 69398505e9eef97b07197db2
Pulse Link: https://otx.alienvault.com/pulse/69398505e9eef97b07197db2
Pulse Author: AlienVault
Created: 2025-12-10 14:34:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CryptoMiner #CyberSecurity #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Proxy #ReverseProxy #Troll #Vulnerability #bot #botnet #socks5 #AlienVault

Today I learned… if you are doing something naughty in JavaScript* (and let’s face it, of course you are) that TypeScript’s type checker is giving you an error for and you – being you – want to keep being naughty (because you can and that’s half the fun), there’s a better way to silence the error than using @ts-ignore which, umm, just ignores it.

Instead, you can use @ts-expect-error (with the error message, to remind yourself what you’re expecting).

This way, if the error ever goes away (which would likely signal… uh… an error), you will be notified.

So, yeah, how’s your morning going?

* Like returning a proxy from a constructor instead of an instance of the class itself.

#JavaScript #TypeScript #typeChecking #proxy #tsIgnore #tsExpectError

📙 Running TYPO3 behind a reverse proxy or load balancer

➡️ https://docs.typo3.org/m/typo3/reference-coreapi/13.4/en-us/Administration/Production/ReverseProxy/Index.html

#TYPO3 #proxy

Install and Configure #SOCKS #Proxy Server on Rocky Linux VPS

This article provides a guide for how to install and configure SOCKS proxy server on Rocky Linux VPS.

In this tutorial, we'll go through the process of installing and configuring a SOCKS proxy server on a Rocky Linux VPS. We will also discuss enabling SSH tunnelling from a PC using the SOCKS proxy server. This will allow you to route your ...
Continued 👉 https://blog.radwebhosting.com/install-and-configure-socks-proxy-server-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #rockylinux #proxyserver #installguide #vpsguide

Complete Guide to Setting Up an #Apache Reverse #Proxy for an #Ecommerce Website

This article provides a complete guide to setting up an Apache reverse proxy for an ecommerce website. We will provide a start-to-finish guide for installing all required software, configuring your reverse proxy and installing the SSL certificate ...
Continued 👉 https://blog.radwebhosting.com/complete-guide-to-setting-up-an-apache-reverse-proxy-for-an-ecommerce-website/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #loadbalancer #oraclelinux #loadbalancing #reverseproxy #letsencrypt #rockylinux #proxyserver #debian #almalinux #shoppingcart

7 Steps to Easily Configure #OpenLiteSpeed as a Reverse #Proxy for #Metabase

This article provides a guide to configure OpenLiteSpeed as a reverse proxy for Metabase.
What is OpenLiteSpeed?
OpenLiteSpeed Web Server is great for building and deploying web applications. The WebAdmin Console enables you to quickly configure features that allow you to deliver a fast web ...
Continued 👉 https://blog.radwebhosting.com/configure-openlitespeed-as-a-reverse-proxy-for-metabase/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #openjdk #jre #letsencrypt #installguide #debian #proxyserver #reverseproxy #vps

How to Setup a Reverse #Proxy with HTTPS Using #Nginx and #Certbot (5 Minute Quick-Start Guide)

This article outlines how to setup a reverse proxy with HTTPS using Nginx and Certbot.
What is a Reverse Proxy?
A reverse proxy is a server that sits between client devices and a backend server, forwarding client requests to the backend server and returning the server's response to the clients. Unlike a forward proxy, ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-a-reverse-proxy-with-https-using-nginx-and-certbot-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #letsencrypt #proxyserver #reverseproxy

C'est une lecture essentielle pour tout SysAdmin qui veut tirer le maximum de son matériel, même reconditionné ! 😉

➡️ Découvrez le guide complet : https://wiki.blablalinux.be/fr/meilleurs-headers-npm-nginx-securite-gzip

#linux #nginx #proxy #sysadmin #hearders

3 Easy Steps to Integrate Monitoring Tools for #Apache Reverse #Proxy Server

This article provides a step-by-step guide to integrate monitoring tools for Apache reverse proxy server. Integrating monitoring tools with your Apache reverse proxy server setup allows you to track performance, detect issues, and optimize your infrastructure efficiently.
How to Integrate Monitoring Tools for Apache Reverse Proxy Server
Below, ...
Continued 👉 https://blog.radwebhosting.com/3-easy-steps-to-integrate-monitoring-tools-for-apache-reverse-proxy-server/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #proxyserver #reverseproxy

Kann mir jemand sagen, ob und wie man ein Client Zertifikat zur Authentifizierung bei squid verwenden kann?

#Linux #Debian #GNU #WWW #Internet #Proxy #squid

GitHub - fosrl/pangolin: Identity-Aware Tunneled Reverse Proxy Server with Dashboard UI https://github.com/fosrl/pangolin #OpenSource #dashboard #reverse #GitHub #tunnel #proxy

"Russian proxies in front of the Stalin-named palace calling for leaving off the European Union A thousand words picture" Radosław Sikorski #antieurope #russia #putin #proxy #wedgeops #wedge

RE: https://bsky.app/profile/did:plc:wllbn2umomryduhirogqb36z/post/3m76e7g6di22i

@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:

1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).

(Apart from those, both serving endpoint AND client MUST be trustworthy).

🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.

🚨 Furthermore, "legitimate" MitM's * break 2️⃣.

* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.

😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.

😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").

@cendyne @soatok @chazh

#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil

IPCola: A Tangled Mess

IPCola, a new proxy service, claims to have millions of active IPs sourced from IoT, Desktop, and Mobile devices. Investigation reveals connections to Gaganode, a decentralized bandwidth monetization service with features resembling a botnet. Gaganode's SDK includes remote code execution capabilities, posing significant security risks. The service is widely distributed through various applications, including Chinese TV boxes and free software. IPCola is linked to InstaIP and NuoChen Technology, suggesting a complex network of proxy providers. The investigation exposes the intricate relationships between proxy providers and SDKs, highlighting the methods used to acquire unique IP pools.

Pulse ID: 692f568ace05763e9b6d44a7
Pulse Link: https://otx.alienvault.com/pulse/692f568ace05763e9b6d44a7
Pulse Author: AlienVault
Created: 2025-12-02 21:13:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #CyberSecurity #InfoSec #IoT #OTX #OpenThreatExchange #Proxy #RCE #RemoteCodeExecution #bot #botnet #AlienVault

A couple of simple bones makes posing items much easier! Here I do not have to readjust the hydraulics when altering the cannons angle.

#3dprinting #warhammer #40k #warhammer40k #proxy #scifi #blender

https://remind-warranty-folks-promptly.trycloudflare.com/

new proxy service up on an @upcloud.com vps

purposefully not putting on a real domain, since the school blocks mine, i hope it's not blocked

RE: https://bsky.app/profile/did:plc:q7suwaz53ztc4mbiqyygbn43/post/3m6yfctdwrk23

#UpCloud #Proxy #Tech

Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.

Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.

We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.

Here is a short blog about the campaign and actor, including involved domains and IPs.

https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login

Vous utilisez Nginx Proxy Manager ? Ma page d'erreur personnalisée pour les hôtes inconnus est maintenant plus complète ! Nouvelle section sur le Wiki : comment intégrer un logo cliquable qui flotte en :

Bas à Gauche (left: 15px;)

Bas à Droite (right: 15px;)

Le guide complet et les codes (base et versions logo) sont là : 📚 https://wiki.blablalinux.be/fr/page-erreur-npm-hote-inconnu

#NPM #Nginx #proxy