Andrea Fortuna
AboutRss
  • Apr 26, 2023

    Alloy Taurus, known for telecom attacks, adapts with linux PingPull and Sword2033 malware tools

    Alloy Taurus, a Chinese nation-state group known for attacking telecom companies since at least 2012, has been found to be using a Linux variant of the PingPull backdoor and a new tool called Sword2033, according to cybersecurity company Palo Alto… read more »
  • Apr 25, 2023

    North Korea-Linked APT group BlueNoroff uses new macOS malware RustBucket in recent attacks

    North Korea-linked BlueNoroff APT group has been observed by security firm Jamf using a new macOS malware called RustBucket in recent attacks. The RustBucket malware allows operators to download and execute various payloads. The first-stage was contained within an unsigned… read more »
  • Apr 24, 2023

    How to setup a personal, private wiki with TiddlyWiki, GitHub, Cloudflare Pages and Cloudfare Access

    Several years ago, during a SANS course, I discovered TiddlyWiki for the first time. Since then, I have never stopped using it, despite its somewhat dated UI. TiddlyWiki is a highly versatile and customizable personal wiki that allows me to… read more »
  • Apr 21, 2023

    RBAC Buster: A New Method for Persistent Backdoor Accounts on Kubernetes Clusters

    Cybercriminals are using a new method called RBAC Buster to create persistent backdoor accounts on Kubernetes clusters and use their resources for Monero crypto-mining. The RBAC (Role-Based Access Control) system is used by admins to define which users or service… read more »
  • Apr 21, 2023

    GhostToken: Google Cloud Platform security flaw allows attackers to gain unremovable access to accounts

    Google has fixed a security flaw called GhostToken that allowed attackers to backdoor Google Cloud Platform (GCP) users’ accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. According to a research by Astrix Security, after being… read more »
  • Apr 20, 2023

    New Lazarus Group campaign uses fake job offers to deliver Linux malware

    The Lazarus Group, a North Korea-aligned state-sponsored actor, has been attributed to a new campaign called Operation Dream Job that targets Linux users. In a report recently published, analists from cybersecurity firm ESET revealed that this social engineering scheme involves… read more »
  • Apr 19, 2023

    AuKill: a BYOVD attack tool used to disable EDR softwares

    AuKill is a new hacking tool used by threat actors to disable Endpoint Detection & Response (EDR) software on victims’ systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware, first spotted by Sophos… read more »
  • Apr 18, 2023

    China-linked APT41 group uses Open-Source red teaming tool in cyber attacks

    The China-linked APT41 cyberespionage group (also known as HOODOO) used the open-source red teaming tool GC2 in an attack against an unnamed Taiwanese media organization in October 2022, using as payload an open source red teaming tool called “Google Command… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician