Andrea Fortuna
AboutRss
  • Jan 25, 2023

    PY#RATION: new Python-based malware

    Researchers at threat analytics firm Securonix have uncovered a new Python-based malware that has been spotted in the wild. The malware, named PY#RATION, is a remote access trojan (RAT) that gives its operators control over breached systems. According to Securonix,… read more »
  • Jan 25, 2023

    Static malware analysis: a basic workflow

    Static malware analysis is the process of analysing malware samples without executing them. In this post, I’d like to share my basic workflow for static malware analysis, with tools and techniques that can be used at each stage. 1. File… read more »
  • Jan 22, 2023

    Windows 11 build 22H2 breaks recording of 4688 event

    A very short article that I think will be useful to DFIR colleagues. According to this article from Microsoft, after installing Windows 11 build 22H2, Windows events 4688 stopped working correctly. Event ID 4688 is a Windows security event that… read more »
  • Jan 21, 2023

    State-sponsored APT Gamaredon uses Telegram in attacks against Ukraine

    The Russian state-sponsored cyber espionage group known as Gamaredon has been found to be using the popular messaging app Telegram in its recent attacks against Ukraine. The group, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa… read more »
  • Jan 20, 2023

    EmojiDeploy: critical RCE vulnerability discovered in Microsoft Azure

    A critical RCE (remote code execution) vulnerability has been discovered impacting multiple services related to Microsoft Azure, potentially allowing a malicious actor to completely take control of a targeted application. The vulnerability was discovered by Israeli cloud infrastructure security firm… read more »
  • Jan 19, 2023

    Cisco Talos: cyber-criminals leverage malicious LNK files to download and execute payloads

    Cybercriminals are increasingly using malicious LNK files as a way to gain initial access and download payloads such as Bumblebee, IcedID, and Qakbot. These malicious shortcut files are used to evade security solutions and infect victims’ computers with malware. A… read more »
  • Jan 18, 2023

    Abusing GitHub Codespaces : a new way for malware distribution

    Codespaces is a development environment that allows developers to easily set up, configure, and collaborate on projects from within GitHub. It allows users to customize their project by committing configuration files to their repository, which creates a repeatable configuration for… read more »
  • Jan 17, 2023

    3 PyPI packages discovered spreading malware to developers systems

    A threat actor known as Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository, which are designed to drop malware on compromised developer systems. According to a report by Fortinet the packages, named colorslib, httpslib and… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician