Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Jan 30, 2023

    UNC2565: New enhancements to GOOTLOADER malware

    The UNC2565 group behind the GOOTLOADER malware continues to improve its code by adding new components and obfuscation techniques to evade detection. … read more »
  • Jan 28, 2023

    SwiftSlicer: a new Golang-based wiper malware

    Cyber security firm ESET has reported that Ukraine has been hit by a new cyber attack from Russia using a previously undocumented data wiper called SwiftSlicer. … read more »
  • Jan 27, 2023

    New PlugX malware variant spreads via removable USB storage devices

    Cyber-security researchers at Palo Alto Networks’ Unit 42 have discovered a new variant of the PlugX malware that can infect connected USB removable media devices to spread to additional systems.… read more »
  • Jan 25, 2023

    PY#RATION: new Python-based malware

    Researchers at threat analytics firm Securonix have uncovered a new Python-based malware named PY#RATION, a remote access trojan (RAT) that gives its operators control over breached systems… read more »
  • Jan 25, 2023

    Static malware analysis: a basic workflow

    Static malware analysis is the process of analysing malware samples without executing them. In this post, I'd like to share my basic workflow for static malware analysis, with tools and techniques that can be used at each stage.… read more »
  • Jan 22, 2023

    Windows 11 build 22H2 breaks recording of 4688 event

    A very short article that I think will be useful to DFIR colleagues. According to an article from Microsoft, after installing Windows 11 build 22H2, Windows events 4688 stopped working correctly.… read more »
  • Jan 21, 2023

    State-sponsored APT Gamaredon uses Telegram in attacks against Ukraine

    The Russian state-sponsored cyber espionage group known as Gamaredon has been found to be using the popular messaging app Telegram in its recent attacks against Ukraine. The group has been known to target Ukrainian entities since at least 2013.… read more »
  • Jan 20, 2023

    EmojiDeploy: critical RCE vulnerability discovered in Microsoft Azure

    A critical RCE (remote code execution) vulnerability has been discovered impacting multiple services related to Microsoft Azure, potentially allowing a malicious actor to completely take control of a targeted application. The vulnerability was discovered by Israeli cloud infrastructure security firm… read more »
  • Jan 19, 2023

    Cisco Talos: cyber-criminals leverage malicious LNK files to download and execute payloads

    A recent study by Cisco Talos has revealed that it is possible to identify relationships between different threat actors by analyzing the metadata of these malicious LNK files. This information includes the specific tools and techniques used by different groups… read more »
  • Jan 18, 2023

    Abusing GitHub Codespaces : a new way for malware distribution

    Trend Micro researchers have found a way to exploit a legitimate feature in GitHub Codespaces, a development environment, to deliver malware to victim systems.… read more »
  • Jan 17, 2023

    3 PyPI packages discovered spreading malware to developers systems

    A threat actor known as Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository, which are designed to drop malware on compromised developer systems. … read more »
  • Jan 16, 2023

    My own list of tools to perform incident response against Azure AD and Microsoft 365

    Incident response is a critical component of any organization's cybersecurity strategy: with the increasing use of cloud-based services, it's essential to have the right tools in place to quickly and effectively respond to security incidents. In this post, I propose… read more »
  • Jan 15, 2023

    Unpopular opinion: are browser-based password managers better than stand-alone?

    After the LastPass databreach, doubts have been raised in the cybersecurity community about the actual security of password managers. Personally, I have always held a fairly unpopular opinion: password managers built into browsers are more secure than stand-alone In this… read more »
  • Jan 11, 2023

    New Dark Pink APT group targets governmental and military organizations

    A new advanced threat actor known as Dark Pink, also referred to as Saaiwc Group, has been found to be targeting government agencies and military bodies in multiple countries in the APAC region using custom malware to steal confidential information.… read more »
  • Jan 9, 2023

    Kubernetes clusters targeted by Kinsing malware campaign

    The Kinsing malware is targeting Kubernetes clusters by exploiting known vulnerabilities in container images and misconfigured PostgreSQL containers.… read more »
  • Jan 6, 2023

    A brief history of malware

    These days I am finishing the first draft of a new book of the 'Little Handbooks' series, dedicated to Malware Analysis. One of the first chapters is a brief history of computer viruses.… read more »
  • Jan 2, 2023

    Agile Methodology in Cybersecurity: Benefits, Challenges, and Best Practices

    In the field of cybersecurity, agile methodologies have the potential to transform the way that organizations approach risk management and respond to emerging threats. In this article, we will explore the benefits of using agile in cybersecurity, the challenges of… read more »
  • Dec 31, 2022

    The Swiss cheese cybersecurity model

    The Swiss cheese model is a useful tool for organizations to understand and mitigate the risks they face in the realm of cybersecurity. By visualizing the various controls and defenses they have in place as slices of cheese with unique… read more »
  • Dec 30, 2022

    Vulnerability in Google Home smart speaker allowed to snoop users conversations

    A security researcher named Matt Kunze discovered a bug in Google's smart speaker, the Google Home, which allowed for the creation of a backdoor account that could be used to remotely control the device and access the microphone feed. This… read more »
  • Dec 29, 2022

    MasquerAds: a new Malvertising campaign via Google Ads

    A new cyber attack campaign called MasquerAds is targeting users who are searching for popular software by using Google Ads to serve malware-infected variants of the software. These malware-infected versions, which include Raccoon Stealer and Vidar, are being served through… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician