Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • May 19, 2023

    Microsoft identify connection between FIN7 and Clop Ransomware

    The FIN7 cybercrime group has added the Clop ransomware to its arsenal after a period of inactivity. They are known for previously using ransomware variants like REvil and Maze. … read more »
  • May 18, 2023

    Lemon Group exploiting pre-infected Android phones for malicious activities

    A cybercrime group called Lemon Group is using millions of pre-infected Android smartphones globally to carry out malicious activities, such as stealing and selling SMS messages, social media and online messaging accounts, as well as generating revenue through advertisements and… read more »
  • May 13, 2023

    New Stealthy Variant of Linux Malware BPFDoor Discovered

    A new version of the Linux malware BPFDoor has been discovered, which is more stealthy and has stronger encryption and reverse shell communications. BPFDoor is a backdoor malware that was first discovered by security researchers about a year ago but… read more »
  • May 11, 2023

    Threat actors exploit Babuk code leak to develop ransomware variants targeting VMware ESXi

    The leak of the Babuk ransomware code in September 2021 has led to the development of multiple ransomware families capable of targeting VMware ESXi systems. Several cybercrime groups have used the leaked source code to create new variants, indicating a… read more »
  • May 9, 2023

    A simple TO-DO manager in .bashrc

    I am a big fan of to-do lists: having a to-do list always at hand relaxes me :-).… read more »
  • May 5, 2023

    Researchers discover hardware bug in AMD Ryzen processors that bypasses BitLocker

    Researchers from the Technical University of Berlin have discovered an exploit called faultTPM that can bypass security protections like BitLocker by exploiting a hardware bug in the firmware TPM (fTPM) of AMD Ryzen processors based on Zen 2 and 3… read more »
  • May 4, 2023

    FluHorse Malware Campaign: Over 100,000 Android Users Affected

    Check Point Research has discovered a new strain of malware, FluHorse, that is highly effective in infiltrating Android apps. The campaign is currently active in East Asia and has affected over 100,000 users. … read more »
  • May 4, 2023

    Dragon Breath APT group uses complex variations of DLL Sideloading technique

    According to a research by cybersecurity from Sophos, the APT group Dragon Breath (also known as Golden Eye Dog) is using complex variations of the classic DLL sideloading technique to evade detection. … read more »
  • May 2, 2023

    New Remote Access Trojan LOBSHOT spotted in Google Ads impersonating AnyDesk

    A new malware called LOBSHOT is being distributed through Google Ads by impersonating a legitimate remote management software, AnyDesk. … read more »
  • Apr 29, 2023

    TrendMicro discovers new ransomware threat: Rapture

    In March and April 2023, cybersecurity firm TrendMicro discovered a new type of ransomware called Rapture that targets its victims using a minimalistic approach with tools that leave only a minimal footprint behind. … read more »
  • Apr 29, 2023

    Cybercriminals advertise Atomic macOS stealer on Dark Web

    A new information stealer for Apple macOS, called Atomic macOS Stealer (AMOS), is being advertised on Telegram for $1,000 per month. … read more »
  • Apr 26, 2023

    Alloy Taurus, known for telecom attacks, adapts with linux PingPull and Sword2033 malware tools

    Alloy Taurus, a Chinese nation-state group known for attacking telecom companies since at least 2012, has been found to be using a Linux variant of the PingPull backdoor and a new tool called Sword2033, according to cybersecurity company Palo Alto… read more »
  • Apr 25, 2023

    North Korea-Linked APT group BlueNoroff uses new macOS malware RustBucket in recent attacks

    North Korea-linked BlueNoroff APT group has been observed by security firm Jamf using a new macOS malware called RustBucket in recent attacks.… read more »
  • Apr 24, 2023

    How to setup a personal, private wiki with TiddlyWiki, GitHub, Cloudflare Pages and Cloudfare Access

    A simple, self-hosted and secure solution to publish a TiddlyWiki site.… read more »
  • Apr 21, 2023

    RBAC Buster: A New Method for Persistent Backdoor Accounts on Kubernetes Clusters

    Cybercriminals are using a new method called RBAC Buster to create persistent backdoor accounts on Kubernetes clusters and use their resources for Monero crypto-mining.… read more »
  • Apr 21, 2023

    GhostToken: Google Cloud Platform security flaw allows attackers to gain unremovable access to accounts

    Google has fixed a security flaw called GhostToken that allowed attackers to backdoor Google Cloud Platform (GCP) users' accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. … read more »
  • Apr 20, 2023

    New Lazarus Group campaign uses fake job offers to deliver Linux malware

    The Lazarus Group, a North Korea-aligned state-sponsored actor, has been attributed to a new campaign called Operation Dream Job that targets Linux users.… read more »
  • Apr 19, 2023

    AuKill: a BYOVD attack tool used to disable EDR softwares

    AuKill is a new hacking tool used by threat actors to disable Endpoint Detection & Response (EDR) software on victims' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.… read more »
  • Apr 18, 2023

    China-linked APT41 group uses Open-Source red teaming tool in cyber attacks

    The China-linked APT41 cyberespionage group used the open-source red teaming tool GC2 in an attack against an unnamed Taiwanese media organization in October 2022, using as payload an open source red teaming tool called 'Google Command and Control' (GC2).… read more »
  • Apr 17, 2023

    QBot malware returns with new techniques in corporate attacks

    QBot, a dangerous Windows banking Trojan, is being used in a new series of attacks against corporate targets.… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician