David Rushmer

My father died before just before Christmas and the Internet was in his name. @EE created an account for my mum and gave her 14 days to cancel her contract. She did within the 14 days and was told that there wouldn't be any further charges. So why @EE are you referring her to a debt collection company when she did everything you asked of her and is no longer a customer?

From nearly 1k applications, we are pleased to say that @RevEng_AI has been selected as one of 53 AI startups joining the first ever @GoogleStartups Gemini Founders Forum cohort; and we couldn't be more thrilled. Find out more by going here: blog.google/outreach-initi…

@Laughing_Mantis This is bonkers!

x.com/Laughing_Manti… Several years back I encountered a threat actor that would mimic your local ISP including delivering targeted ads that would display your ISP + numbers to call for support that eventually would result in a physical hardware implant delivery campaign. The team i worked with identified a few campaigns: "Internet slowdown" issues (generic) "Internet lag" (gaming) "Faster Internet available now in your area" (fast campaign) These would lead to websites number would then redirect to a group that would social engineer the victim into gathering their information and then tell the victim they needed to have a technician come in and replace the device. The device would be a router of the same style as the targeted victim's ISP provided device (In a few cases an upgrade), and the team would physically install it while the victim was there. After this one of 3 actions would occur: Had the victim help assist on calling the ISP to approve the new device (1 cases) Clone the existing real ISP supplied one using hardware sticker on the replaced device (2 cases) Call using stolen info from the initial call to act as the victim and approve the new device (suspected 1 case). The devices had modified firmware to use attacker supplied DNS information for presumably AiTM content later. This included some spoofed values and details appearing as the ISP. The UI even displayed fake values at times to trick the victim if they logged in. We managed to track down one of the physical install teams and they said they were part time contract workers doing an ISP support role for a 3rd party company we later determined had no relations to the ISP. They got the job via online recruiter and received hardware essentially drop shipped to them spontaneously. They genuinely believed they were subcontractors working for the victim's ISP. I wanted to discuss this scenario as a talk but it's bound by an NDA that likely is too strict to help benefit anyone outside of the details of this post So why am I discussing this now? Some of the IPs, Domains, and ASN information we were able to extract and track down just happened to appeared in the DSLRoot investigation from @infrawatch_app here: infrawatch.app/blog/dslroot-u…

@vxunderground @infrawatch_app Hell yea @infrawatch_app !

August 14th we posted this and mocked, sayiny it was probably North Korea. Some people (for reasons I don't understand) said it was probably safe (it's not) Thankfully, @infrawatch_app went way out there way to investigate the company mentioned in the Reddit post (DSLRoot) and much more The tl;dr: - Guy in Belarus owns the company - Owner travels between Minsk and Moscow - He pays you $250/month to plug in devices - He connects to it with Remote Desktop Software - He sells network access to your home to other people - Advertises on BlackHatWorld - Random people use your residential IP for ???

@infrawatch_app More information (worth reading): infrawatch.app/blog/dslroot-u…

🚨 New blog post from @RevEng_AI! 🚨 blog.reveng.ai/unmasking-korp… We continue exploring the KorPlug malware family, focusing on its complex second-stage execution. This analysis outlines methods to bypass advanced obfuscation and extract key intelligence. #revengai #malwareanalysis #cybersecurity #threatintelligence #KorPlug

Check Out RevEng.AI's latest writeup on KorPlug Unmasking KorPlug: Journey into a Chinese Cyberattack - Part 1 blog.reveng.ai/unmasking-korp…

📣 We're hosting a CTF Event in Washington DC 📣 Join us on the 12th of May for the inaugural RevEng.AI CTF at the stunning Sands Capital building. Experience a sneak peek into RevEng.AI's cutting-edge AI platform. eventbrite.co.uk/e/revengai-inp…

During continued analysis of #LummaStealer @RevEng_AI uncovered an ongoing campaign using stealthy DLL hijacking tactics, different from the previously documented ClickFix method. Read our latest findings here: blog.reveng.ai/lummastealer-m… #CyberSecurity #ThreatIntel #MalwareAnalysis

With LummaStealer reCAPTCHA'ing people's attention, @RevEng_AI wanted to share research conducted around this particular malware. If you enjoy part 1, remember to keep an eye out for part 2. If anyone would like to see a demo of RevEng.AI you can always just follow this link here to register your interest - reveng.ai/register blog.reveng.ai/one-clickfix-a… #cyber #cybersecurity #ai #malware #infosec

🚨 New CVE Alert: CVE-2024-41498 🚨 You probably won't find anything on this CVE yet because it's brand new! 🆕 Discovered by Daniele Linguaglossa at RevEng.AI, the details are just emerging. Be among the first to read about it 👉 blog.reveng.ai/physmem-e-when… #infosec #cybersecurity #vulnerability #CVE #AI #AICybersecurity

If you're using Ivanti Avalanche, now is the time to update because 𝟲.𝟰.𝟯 addressed quite a bit. 𝗖𝗩𝗘-𝟮𝟬𝟮𝟰-𝟮𝟳𝟵𝟴𝟰 a Path Traversal Vulnerability was added to the list this morning. Although personally I would be more concerned with 𝗖𝗩𝗘-𝟮𝟬𝟮𝟰-𝟮𝟰𝟵𝟵𝟲 published on the 18th - "A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands." There are more but it'll be faster if you just go 𝐏𝐀𝐓𝐂𝐇 :D

Trying to pay @O2 money for an account I never setup because they've decimated my credit score, and they keep hanging up. 8 hours on the phone and 3 trips to the store all for £45 that I had to find out about through Experian... great work @O2

@BlackpointUS is honored to celebrate and empower women in tech today, and every day. #internationalwomensday #womenintech #diversity #blackpoint #blackpointcyber #MSP #channel

Bypassing WAF by adding multiple slashes to gain SSI/ Path traversal. This is my 2nd successful shot in the dark attempt. Payload: GET /assets/css///////../../../../../../../../etc/passwd #BugBounty

@RedSenseIntel @4D435A Nothing like some good news going into the weekend!

Today, RedSense can confirm that #ALPHV aka #BlackCat ransomware gang’s site has been taken down by law enforcement @4D435A

Cisco Talos exposes a critical flaw in WPS Office 11.2.0.11537, allowing remote code execution through a malformed Excel file (CVE-2023-31275). Use caution when opening unknown files, which could lead to potential system compromise. talosintelligence.com/vulnerability_…