Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Feb 28, 2023

    Blind Eagle has reappeared with a refined toolset

    Blind Eagle, a financially motivated threat actor also known as APT-C-36, has launched attacks targeting organizations in Colombia and Ecuador since at least 2018. … read more »
  • Feb 26, 2023

    Latest PureCrypter campaign targets government organisations

    Researchers at Menlo Security have discovered that a threat actor is targeting government agencies in the Asia-Pacific and North American regions with the PureCrypter malware downloader. … read more »
  • Feb 24, 2023

    StealC: a new advanced infostealer

    Analysts at cybersecurity firm Sekoia have uncovered a new strain of malware called StealC, an advanced infostealer designed to steal sensitive data from victims.… read more »
  • Feb 23, 2023

    How to detect Brute Ratel activities

    Brute Ratel (BRc4) is a Command and Control (C2) framework designed to help attackers evade defence systems and remain undetected while executing malicious commands. Used in simulations of real-world attacks, this tool helps red team members deploy badgers on remote… read more »
  • Feb 22, 2023

    Many threat actors begin to adopt Havoc Framework

    A recent research by security company ZScaler, reports that threat actors are increasingly using the Havoc Framework for their malicious activities. … read more »
  • Feb 21, 2023

    WIP26: a new threat actor targeting telecom service providers

    A new threat actor, dubbed WIP26 by security firm Sentinel One, has recently been identified that is targeting government agencies and telecommunication service providers in the United States.… read more »
  • Feb 20, 2023

    Frebniis: new malware targets Microsoft IIS

    Recent research by security firm Symantec has uncovered a new strain of malware called FrebniiS that is specifically designed to target servers running Microsoft Internet Information Services (IIS) software.… read more »
  • Feb 18, 2023

    Some thoughts on MLOps security

    MLOps, which stands for Machine Learning Operations, is a relatively new field that focuses on the integration of machine learning models into the development and deployment processes of software applications. … read more »
  • Feb 16, 2023

    Beep, a new highly evasive malware

    Analysis by MinervaLabs has revealed a new type of malware called BEEP, a highly stealthy malware that can evade detection by most antivirus software.… read more »
  • Feb 14, 2023

    Clipboard malware found in 450+ PyPI Packages

    A new cybersecurity threat for Python developers has been reported, where malicious actors have published over 451 unique Python packages to the official Python Package Index (PyPI) repository. The aim is to infect developer systems with a clipboard-based crypto wallet… read more »
  • Feb 13, 2023

    How to build a Security Operations Center on a budget

    As organizations continue to face increasingly sophisticated cyber threats, the importance of having a robust SOC has become clear. However, for many organizations, the cost of setting up a SOC can be prohibitive, especially for small to medium-sized businesses.… read more »
  • Feb 12, 2023

    How to detect Sliver C2 framework activities

    Sliver is an open source cross-platform adversary emulation/red team framework, developed for penetration testing purposes but, as other similar softwares like Cobalt Strike, is also used by cybercriminals to malicious activities. … read more »
  • Feb 10, 2023

    Most hi-end Android devices sold in China have pre-installed malware

    A recent study by researchers at the University of Edinburgh and Trinity College Dublin has revealed that most of top-of-the-range Android devices sold in China are being shipped with spyware.… read more »
  • Feb 8, 2023

    Russian threat group steal screenshots from victims devices

    A Russian threat group, dubbed TA866 by Proofpoint, is suspected of using a new technique to steal sensitive information. The group has been taking screenshots of infected devices and uploading them to a remote server.… read more »
  • Feb 7, 2023

    First Linux version of Clop ransomware has flaw in encryption algorithm

    The first Linux version of the Clop ransomware has been discovered, with a flaw in its encryption algorithm that allows it to be decrypted without paying the ransom.… read more »
  • Feb 6, 2023

    GuLoader: new version uses Nullsoft Scriptable Install System

    Several e-commerce industries in South Korea and the United States are being targeted by a GuLoader malware campaign, according to a report from cybersecurity firm Trellix. … read more »
  • Feb 3, 2023

    When the sunlight shines through the leaves of trees

    I have released my new musical work, Komorebi: a 4-track album that explores the world of electronic, lo-fi music, with each track designed to create a relaxing and peaceful atmosphere… read more »
  • Feb 2, 2023

    Prilex malware evolves to target NFC-enabled POS

    Kaspersky Lab cybersecurity experts have discovered a new version of the Prilex point-of-sale (PoS) malware that has been enhanced to target transactions using NFC technology … read more »
  • Feb 1, 2023

    NIST releases new framework for responsible use and development of AI

    The National Institute of Standards and Technology (NIST) has released the Artificial Intelligence Risk Management Framework which provides guidelines for organizations to manage risks and promote responsible use of AI systems. … read more »
  • Jan 31, 2023

    TrickGate: a shellcode-based packer undetected for years

    TrickGate is a shellcode-based packer that has been operating successfully and undetected for over six years. … read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician