Lmst

A view on a recent Salt Typhoon intrusion

Salt Typhoon, a China-linked cyber espionage group, has been observed targeting global infrastructure using stealthy techniques like DLL sideloading and zero-day exploits. Darktrace identified early-stage intrusion activity consistent with Salt Typhoon's tactics in a European telecommunications organization. The intrusion likely began with exploitation of a Citrix NetScaler Gateway appliance, followed by pivoting to Citrix VDA hosts. The threat actor delivered a SNAPPYBEE backdoor via DLL side-loading, used LightNode VPS endpoints for command and control, and attempted data exfiltration. Darktrace's anomaly-based detections played a key role in surfacing and neutralizing the threat before it could escalate further, highlighting the importance of proactive defense against sophisticated state-sponsored actors.

Pulse ID: 68f6536b549a38d68528a530
Pulse Link: https://otx.alienvault.com/pulse/68f6536b549a38d68528a530
Pulse Author: AlienVault
Created: 2025-10-20 15:21:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #Citrix #CyberSecurity #Darktrace #Endpoint #Espionage #Europe #ICS #InfoSec #NetScaler #OTX #OpenThreatExchange #RAT #SideLoading #Telecom #Telecommunication #ZeroDay #bot #AlienVault

GlassWorm: O novo worm que usa código invisível para atacar developers no VS Code
🔗 https://tugatech.com.pt/t73188-glassworm-o-novo-worm-que-usa-codigo-invisivel-para-atacar-developers-no-vs-code

#ataque #blockchain #criptomoedas #endpoint #git #Github #google #javascript #malware #marketplace #marketplaces #microsoft #npm #payload #proxy #rust #segurança #sem #servidores #VSCode

Mit diesem Album teste ich gerade meinen neuen 3-Tier ROON Endpoint mit AudioLinux auf dem Raspberry Pi 4 als Diretta-Host und dem Raspberry Pi 5 als Diretta-Target. Stunning!

Arne Domnerus: „Jazz at the Pawnshop“
Das berühmte Stockholmer Konzert von 1976, aufgenommen von Gert Palmcrantz, zählt zu den audiophilen Dauerbrennern schlechthin. Es gibt Dutzende Versionen des Albums, das von vielen als eine der bestklingenden Jazz-Aufnahmen überhaupt gehandelt wird.

#roon #diretta #endpoint #jazz

O Windows 10 chegou ao fim, mas a Microsoft garante uma última linha de defesa para todos
🔗 https://tugatech.com.pt/t72894-o-windows-10-chegou-ao-fim-mas-a-microsoft-garante-uma-ultima-linha-de-defesa-para-todos

#endpoint #microsoft #segurança #sem #windows

Microsoft Defender volta a dar falsos alertas e marca SQL Server como obsoleto
🔗 https://tugatech.com.pt/t72671-microsoft-defender-volta-a-dar-falsos-alertas-e-marca-sql-server-como-obsoleto

#apple #BIOS #cronograma #endpoint #firmware #framework #macos #microsoft #online #segurança #software #sql #ti #xdr

#IT admins! #Security leads!

Your next breach could be a single rogue #USB or a “harmless” file copy to an external drive.

Defend your data with Veltar:

- Create precise access rules for specific storage devices
- Enforce encryption so that only encrypted devices can connect
- Filter by type—#USBs, #SD cards, external drives

Lock it down before someone else unlocks it for you.

Know more about #Veltar #Endpoint #DLP -https://scalefusion.com/products/veltar/endpoint-dlp

Copilot com problemas? Microsoft investiga bug que afeta o Office quando usa várias apps
🔗 https://tugatech.com.pt/t72444-copilot-com-problemas-microsoft-investiga-bug-que-afeta-o-office-quando-usa-varias-apps

#BIOS #copilot #cpu #endpoint #firmware #ia #microsoft #sem #software #web #windows

Microsoft Defender está a gerar falsos alertas de BIOS em equipamentos Dell
🔗 https://tugatech.com.pt/t72210-microsoft-defender-esta-a-gerar-falsos-alertas-de-bios-em-equipamentos-dell

#Adobe #apple #BIOS #endpoint #firmware #framework #macos #microsoft #online #produtividade #segurança #ti #vulnerabilidade #vulnerabilidades

Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators

An analysis of robots.txt files revealed over 60 cryptocurrency phishing pages impersonating hardware wallet brands Trezor and Ledger. The actor behind these pages attempted to block phishing reporting sites by including their endpoints in the robots.txt file, demonstrating a misunderstanding of its function. Most sites were hosted on Cloudflare Pages, with a few on custom domains. The campaign's unusual robots.txt pattern was also found in GitHub repositories containing crypto-themed spoof pages. Merge conflicts in README files suggest the actor may lack web development expertise. Various free web hosting providers were used for similar spoofed pages. The campaign highlights the ongoing targeting of cryptocurrency users and the potential effectiveness of even poorly executed phishing attempts.

Pulse ID: 68dc1d57df2b39428324e2b6
Pulse Link: https://otx.alienvault.com/pulse/68dc1d57df2b39428324e2b6
Pulse Author: AlienVault
Created: 2025-09-30 18:11:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #Edge #Endpoint #GitHub #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault

Brickstorm: o novo malware chinês que espia empresas durante mais de um ano sem ser detetado
🔗 https://tugatech.com.pt/t71981-brickstorm-o-novo-malware-chines-que-espia-empresas-durante-mais-de-um-ano-sem-ser-detetado

#ataque #backdoor #ciberespionagem #cloudflare #detetado #digital #edr #endpoint #Go #google #hackers #java #linux #malware #microsoft #programação #saas #segurança #sem #servidor #servidores #software #ssh #tecnologia #vulnerabilidades #web #windows

Malicious Listener for Ivanti Endpoint Mobile Management Systems

An attack on a UK telecoms provider is being investigated by the UK Computer Security Agency (CSA) as part of its anti-virus programme, which aims to identify and prevent cyber-attacks.

Pulse ID: 68d3752f4586543730e22af1
Pulse Link: https://otx.alienvault.com/pulse/68d3752f4586543730e22af1
Pulse Author: Tr1sa111
Created: 2025-09-24 04:35:59

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #InfoSec #Ivanti #OTX #OpenThreatExchange #Telecom #UK #bot #Tr1sa111

My new favourite uBlock Origin filter:

`www.youtube.com###endpoint[title=Shorts]`

Finally I can stop accidentally clicking that fucking awful thing.

Velociraptor spans the full attack lifecycle. It's delivering forensic insight into past compromise, enabling rapid triage now, and continuous detection for future threats.
A cohesive lens across all phases.
#DFIR #Endpoint #Zoom