Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Mar 27, 2023

    MacStealer malware targets Apple's macOS devices to steal sensitive information

    According to a recent research from cybersecurity firm Uptycs, a new malware named MacStealer is targeting Apple's macOS operating system to steal sensitive information, including documents, cookies, and login credentials.… read more »
  • Mar 26, 2023

    Nim programming language used to create Dark Power ransomware

    A new ransomware operation called Dark Power has surfaced, targeting organisations around the world and demanding relatively small ransom payments of $10,000.… read more »
  • Mar 24, 2023

    Untitled Goose Tool: CISA's query and analysis tool for Azure and M365

    The US Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.… read more »
  • Mar 22, 2023

    Android phones vulnerable to remote hacking via phone numbers

    Google has released a warning that certain Android phones may be remotely hacked without the need for the victim to interact with anything.… read more »
  • Mar 21, 2023

    Chaos Engineering: breaking systems to make them stronger

    Chaos Engineering is a practice that aims to identify potential issues and vulnerabilities in a system by deliberately introducing controlled failures. The goal is to expose weaknesses before they cause significant damage in a real-world scenario.… read more »
  • Mar 20, 2023

    Vulnerability allows restoration of sensitive information on Google Pixel screenshots

    Security researchers David Buchanan and Simon Aarons have discovered a serious vulnerability in Google Markup, the screenshot editing tool available on Pixel devices. The bug, dubbed 'aCropalypse', allows certain parts of the image to be restored, potentially exposing sensitive information.… read more »
  • Mar 15, 2023

    Dero cryptocurrency mining campaign discovered by CrowdStrike

    CrowdStrike has discovered a cryptojacking campaign targeting Kubernetes infrastructure, believed to be the first Dero cryptojacking operation. … read more »
  • Mar 15, 2023

    March 2023 Patch Tuesday: Two actively exploited zero days disclosed

    Microsoft has release patches for two actively exploited zero-day vulnerabilities: a Critical elevation of privilege within Microsoft Outlook (CVE-2023-23397) and a Moderate security feature bypass within Windows SmartScreen (CVE-2023-24880)… read more »
  • Mar 14, 2023

    GoBruteforcer: new malware targets web servers

    Researchers at Palo Alto Networks Unit 42 have discovered a new malware called GoBruteforcer, written in Golang and targeting web servers running phpMyAdmin, MySQL, FTP and Postgres. … read more »
  • Mar 13, 2023

    Essential Tools for Gathering and Analyzing IOCs

    In Cyber Threat Intelligence, the collection and analysis of Indicators of Compromise (IOCs) is critical because they provide valuable information that can help organisations detect and respond to cyber threats more effectively. In this post, I have compiled some useful… read more »
  • Mar 11, 2023

    Plaso 20230226 has been released

    Plaso is a Python-based engine that can automatically create timelines from various files found on typical computer systems. It can extract timestamps from file system metadata, log files, registry files, browser history, email archives, and many other sources, and can… read more »
  • Mar 10, 2023

    UNC4540 targets unpatched SonicWall gateways with credential-stealing malware

    According to a recent report from cybersecurity firm Mandiant, Chinese cybercriminals are targeting unpatched SonicWall gateways with credential-stealing malware that persists through firmware upgrades.… read more »
  • Mar 9, 2023

    CERT, CSIRT or SOC?

    CERT and CSIRT are often used synonymously describing incident response teams, while SOC has a broader cyber security scope.… read more »
  • Mar 9, 2023

    Bitwarden vulnerability allows attackers to steal passwords using iframes

    The popular open-source password management service, Bitwarden, offers an auto-fill feature that can automatically fill in users' saved credentials when they visit a website. However, this feature has a potentially dangerous behavior that could allow malicious iframes embedded in trusted… read more »
  • Mar 8, 2023

    Sharp Panda is starting to use a new version of the Soul framework

    Chinese threat actor Sharp Panda has targeted high-profile government agencies in Southeast Asia with a cyber espionage campaign using a new version of the Soul modular framework. … read more »
  • Mar 6, 2023

    MITIGA expose Google Cloud Platform's lack of forensic storage visibility

    A new report from cybersecurity firm MITIGA has revealed that malicious actors can exploit a lack of forensic visibility in Google Cloud Platform to exfiltrate sensitive data.… read more »
  • Mar 5, 2023

    CrowdStrike released the 2023 Global Threat Report

    CrowdStrike has released its 9th Annual Global Threat Report, which provides a comprehensive overview of threat actor behaviour, tactics and trends over the past year. The report is based on the activities of more than 200 cyber adversaries and covers… read more »
  • Mar 3, 2023

    CISA released DECIDER, an open source tool that helps generate MITRE ATT&CK mappings.

    The Cybersecurity and Infrastructure Security Agency (CISA) recently launched a free tool called Decider to help the cybersecurity community map threat actor behaviour to the MITRE ATT&CK Framework. … read more »
  • Mar 2, 2023

    Iron Tiger group creates Linux version of its custom malware

    According to research recently published by cybersecurity firm Trend Micro, Iron Tiger, a Chinese-speaking threat group known for targeting organisations in East Asia, has created a Linux version of its custom malware known as SysUpdate.… read more »
  • Feb 28, 2023

    Blind Eagle has reappeared with a refined toolset

    Blind Eagle, a financially motivated threat actor also known as APT-C-36, has launched attacks targeting organizations in Colombia and Ecuador since at least 2018. … read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician