vaber

Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100+ countries. If you use DAEMON Tools, run a malware scan immediately! [1/7]

@oct0xor @Skvern0 GREAT person. We will miss you(

Heartbroken to hear about the passing of @Skvern0. He was one of the best threat hunters in the industry - even APTs were afraid of him. I’m grateful for the time we worked together and for everything I learned from him. Rest in peace.

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

APT41 relying on unusual method for persistence @kucher1n speech at #defcamp

The HackingTeam is back! New name, new malware, new exploits securelist.com/forumtroll-apt…

🚀 If you plan to join @kaspersky #CTF and want advice from a seasoned player, check out the webinar recording from yesterday! @bzvr_, one of the CTF organizers, shares the basics and practical examples to help you win in Kaspersky{CTF}. 🌴 Winners of the five regional competitions will receive a complimentary #TheSAS2025 invitation to the CTF finals! The webinar recording is available without registration: lp.kaspersky.com/ctf/

#CFP extended — your last chance to rock the floor at #TheSAS2025! Just 10 days left to propose your research for the BIG stage and share your findings with peers from world-class cybersecurity organizations. If you research: ▪️ Transportation and smart city vulnerabilities ▪️ New tactics and tricks from notorious #APTs ▪️ Ransomware ▪️ Best incident response practices ▪️ Supply chain and #OSS security ▪️ OT and critical infrastructure security ▪️ Vulnerabilities and fixes then our program committee is waiting for you! ⚠️ Submit your topic by August 10th ⏩ kas.pr/6rx9

🚨 Less than 10 days until the SAS CTF 2025 Quals kick off! 🚨 Register your team now and claim the spot in the top 8 to compete for a share of the $18,000 prize pot at the on-site finals at the SAS conference in Thailand. Register: ctf.thesascon.com

⚡ We discovered a malicious campaign distributing a #SilentCryptoMiner disguised as a restriction bypass tool. Attackers, who pose as tool developers, blackmail YouTubers creating videos about bypassing blocks. Threatened with copyright strikes, content creators were being pressured to share a malicious link to an infected archive. #Malware #Miner #YouTube 🧵 Check more details below…

Malware developers don't necessarily have to invent something innovative to earn lots of money. Check out how this actor managed to steal almost $485,000 with the help of a dozen GitHub accounts, AI, and a bit of luck: securelist.com/gitvenom-campa…

EAGERBEE backdoor has been used in targeted attacks in APAC region. We (myself and @vaber_b) released a blog post about its recent activity in Middle East region, where it was being deployed at ISP and governmental entities in Middle East. securelist.com/eagerbee-backd…

@k_sec Next time should be bench press!)

no powerlifter here. But spent a morning session with Zack McChesney and picked up 335 pounds easy with decent form. Next time we'll put more on the bar!

My first #Lazarus report at #Kaspersky is out ! The newly discovered #CookiePlus is a plugin-based malware that has the ability to download both DLL and shellcode. It was a great experience working with great coworkers and learning a lot. securelist.com/lazarus-new-ma…

#Lazarus APT evolves its infection chain with old and new malware, targets nuclear-related organization 👉 kas.pr/x83u

Such an amazing pleasure to share the investigation I made with my colleague @kucher1n about #careto The paper it's public already: virusbulletin.com/uploads/pdf/co… and the post for securelist is here: securelist.com/careto-is-back… @kaspersky Feel free to also see the presentation at @virusbtn youtube.com/watch?v=d3DSPt…

@ryanaraine @juanandres_gs @craiu @stevenadair They also work under BootKitty for Windows

Catch the #ThreeBuddyProblem segment on Bootkitty being a Korean university project, LogoFAIL firmware exploits, inspectability below the OS... (with @juanandres_gs @craiu @stevenadair)

🚨 We discovered two malicious Python packages in #PyPI repository that remained undetected for over a year. These packages mimicked tools for working with popular AI language models (#ChatGPT and #Claude), silently exfiltrating data and compromising developer environments. Full details and IOCs in the thread 👇

Published blogpost about CloudComputating group using newly identified QSC framework to carry out cyber espionage activities. Blog link - securelist.com/cloudcomputati… #APT #CloudComputating #BackdoorDiplomacy #FakingDragon

@JusticeRage @Meta Congrats Ivan!

Some personal news: I will be joining @Meta's security team (focusing on WhatsApp) starting next week. This is a big life change, I'm also moving to London permanently. I took this opportunity to reflect on the state of threat intel: blog.kwiatkowski.fr/threat-intel-t… LMK if it resonates!