Another phishing email going around, targeting #netcup users

email comes from

contact [at] anghelhotel [dot] com

Domain registered 2012 so who knows why it's getting routed data like this now.

The phishing link in the email leads to:

hxxp://12229530 [dot] sophrologie-arles [dot] com/?id=$YOUR_DOMAIN

where $YOUR_DOMAIN is your registered domain/website that is hosted on netcup. Rather, the domain doesn't have to be managed DNS wise by netcup, just hosted on a netcup IP.

Another reference:
https://lowendtalk.com/discussion/comment/4469840/#Comment_4469840

#phishing #netsec #networkSecurity #cybersecurity

Spain awards Huawei contracts to manage intelligence agency wiretaps https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps

The Spanish government is using Huawei to manage and store judicially authorized wiretaps in the country used by both law enforcement and intelligence services, despite concerns about how the Chinese government could compel Huawei to assist Beijing with its own intelligence activities.

https://theobjective.com/economia/2025-07-07/gobierno-huawei-escuchas/

#spain #espionage #netsec #5g #mobile #privacy #china #huawei #policy #europe

Possible End to End to End Encryption: Come Help
https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

The never-ending battle where police and intelligence services demand more/total access to communications shows no sign of stopping, even in the face of mathematical and practical impossibilities.

#eu #privacy #netsec #eupol #eupolitics

Cybersecurity researchers have discovered two security flaws that can enable local attackers to escalate their privileges to root on Linux machines.

#Tech #Linux #InfoSec #Security #CyberSecurityNews #Technology #News #Computing #CyberSecurity #Netsec #TechNews #OpenSource

Rogue IT worker gets seven months in prison after changing all of his company's passwords after getting suspended — causing over $200,000 in digital rampage.

#Tech #PC #InfoSec #Security #CyberSecurityNews #Technology #News #Computing #CyberSecurity #Info #TechNews #Netsec #Windows #Linux #Dev #SocialMedia #Travel #Mastodon

Zoomer in der IT Security sind einfach anders wyld 😅

Schreibt mir eine Fachperson aus der genannten Demografie:

"Fun Fact: Die Raumbuchung hat keinerlei Zeichenbeschränkung in der Beschreibung. Habe letzte Woche einen Raum mit dem kompletten Bee Movie Script gebucht."

😂

#netsec #infosec #itsecurity #itsicherheit #lmao

Based on our testing, MS seems to have fixed CVE-2025-33073 by blocking the CredUnmarshalTargetInfo/CREDENTIAL_TARGET_INFORMATIONW trick!
@tiraniddo ‪@decoder_it #netsec #infosec #windows #cybersecurity

https://mastodon.social/@RedTeamPentesting/114663688487284108

"CVE-2025-49091: Konsole: Code execution from web browser using URL schemes handled by KDE's KTelnetService"

https://seclists.org/oss-sec/2025/q2/242

#security #netsec #kde #konsole

🔐 MACsec: Layer 2 Encryption for Modern Networks
When IPsec or TLS are too high in the stack, MACsec (IEEE 802.1AE) offers an efficient way to secure Ethernet frames at Layer 2—with low latency and line-rate performance.

In this post:
• How MACsec works (SCI, SAK, EAPoL)
• Trust model: Secure vs. insecure ports
• Hardware dependencies & deployment scope
• Typical use cases in data centers and enterprise access

📖 Full breakdown here:
🔗 https://cloudswit.ch/blogs/what-is-macsec-and-how-does-it-work/

#MACsec #8021AE #NetworkSecurity #L2Encryption #DataCenter #ZeroTrust #SONiC #CloudSwit #OpenNetworking #NetSec

IoT Security: Preventing a Possible Disaster

https://spectrum.ieee.org/iot-security-root-of-trust

#IoT #Embedded #Security #NetSec

Finding SSRFs in Azure DevOps - Part 2

https://binsec.no/posts/2025/05/finding-ssrfs-in-devops-part2

Discussions: https://discu.eu/q/https://binsec.no/posts/2025/05/finding-ssrfs-in-devops-part2

#devops #netsec

Anyone who seeks for a well-written analysis of unsolicited #TCP traffic should give Decoding TCP SYN for Stronger Network Security a read. The blog post goes into TCP-procotol specifications. Recommended to every #networkengineer .

Props go to @jtk for his strong analytical skills and excellent writing style.

#honeypots #tcpflood #tcpsyn #networkanomaly #netsec #ddos

#netsec

By default, your phone encodes your GPS location into any photos you take inside of the image’s EXIF metadata.

If you then share that image (on Mastodon for example), people will be able to tell where you were when you took that photo.

You can use websites like https://everestpipkin.github.io/image-scrubber/ to read and erase an image’s data – ctrl+f for “GPS” to see if your photo is storing it.

(1/2)

Critical Samlify SSO flaw lets attackers log in as admin
Samlify is used by several SaaS services 🤯❗️
#vulnerability #netsec
https://www.bleepingcomputer.com/news/security/critical-samlify-sso-flaw-lets-attackers-log-in-as-admin/

For people who run large public HTTP services, are there any IP/JA3/fingerprint lists that you use to create outright block lists at your network edge? I'm interested in ones that you know are safe and don't cause false positives for you.

I've used Firehol in the past but unsure how up to date they are these days. Retoots appreciated!

#netsec #ja3 #blocklist

China en North-Korea Produces half of the Attacks with APT Actors Globally! 🤯
#cybersecurity #infosec #Netsec
https://www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally

Mr Hamza is targeting NATO 🤯
https://www.hstoday.us/subject-matter-areas/cybersecurity/ongoing-threat-of-mr-hamza-and-allied-hacktivist-groups/
#cyberdefense #infosec #netsec

iClicker site hack targeted students with #malware via fake CAPTCHA 🤯
#infosec #netsec
https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/

I noticed a (minor but abusable) data leak in the RMM/PSA tool Atera a while ago, reported it and it's now fixed. I think it's somewhat interesting so I wrote it up.

https://fyr.io/post/atera-leaked-their-customers-to-mailinator

Tldr: if you tested your SMTP settings, it used a public mailbox on mailinator, allowing anyone to watch for (and respond to, if you're so inclined) mail. Phishing opportunity!

#infosec #atera #privacy #dataleak #mailinator #writeup #phishing #netsec

US indicts Black Kingdom ransomware admin for MS Exchange attacks. ‼️
#ransomware #netsec #infosec

https://www.bleepingcomputer.com/news/security/us-indicts-black-kingdom-ransomware-admin-for-microsoft-exchange-attacks/