Andrea Fortuna
AboutRss
  • Apr 29, 2023

    Cybercriminals advertise Atomic macOS stealer on Dark Web

    A new information stealer for Apple macOS, called Atomic macOS Stealer (AMOS), is being advertised on Telegram for $1,000 per month. According to a recent research from Cyble, the malware can steal various types of information from the victim’s machine,… read more »
  • Apr 26, 2023

    Alloy Taurus, known for telecom attacks, adapts with linux PingPull and Sword2033 malware tools

    Alloy Taurus, a Chinese nation-state group known for attacking telecom companies since at least 2012, has been found to be using a Linux variant of the PingPull backdoor and a new tool called Sword2033, according to cybersecurity company Palo Alto… read more »
  • Apr 25, 2023

    North Korea-Linked APT group BlueNoroff uses new macOS malware RustBucket in recent attacks

    North Korea-linked BlueNoroff APT group has been observed by security firm Jamf using a new macOS malware called RustBucket in recent attacks. The RustBucket malware allows operators to download and execute various payloads. The first-stage was contained within an unsigned… read more »
  • Apr 24, 2023

    How to setup a personal, private wiki with TiddlyWiki, GitHub, Cloudflare Pages and Cloudfare Access

    Several years ago, during a SANS course, I discovered TiddlyWiki for the first time. Since then, I have never stopped using it, despite its somewhat dated UI. TiddlyWiki is a highly versatile and customizable personal wiki that allows me to… read more »
  • Apr 21, 2023

    RBAC Buster: A New Method for Persistent Backdoor Accounts on Kubernetes Clusters

    Cybercriminals are using a new method called RBAC Buster to create persistent backdoor accounts on Kubernetes clusters and use their resources for Monero crypto-mining. The RBAC (Role-Based Access Control) system is used by admins to define which users or service… read more »
  • Apr 21, 2023

    GhostToken: Google Cloud Platform security flaw allows attackers to gain unremovable access to accounts

    Google has fixed a security flaw called GhostToken that allowed attackers to backdoor Google Cloud Platform (GCP) users’ accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. According to a research by Astrix Security, after being… read more »
  • Apr 20, 2023

    New Lazarus Group campaign uses fake job offers to deliver Linux malware

    The Lazarus Group, a North Korea-aligned state-sponsored actor, has been attributed to a new campaign called Operation Dream Job that targets Linux users. In a report recently published, analists from cybersecurity firm ESET revealed that this social engineering scheme involves… read more »
  • Apr 19, 2023

    AuKill: a BYOVD attack tool used to disable EDR softwares

    AuKill is a new hacking tool used by threat actors to disable Endpoint Detection & Response (EDR) software on victims’ systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware, first spotted by Sophos… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician