Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#cyberdefense

0 posts0 participants0 posts today
Public
Opalsec :verified:

Grab your beverage of choice ☕, because there's a LOT to recap from the last 24 hours. Check it out here 👉 opalsec.io/daily-news-update-f

There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:

🚨 Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).

🌐 Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers.

🔗 GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!

🤔 Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.

🔄 Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!).

📡 Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!

🇺🇦 New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots.

⚖️ INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site.

Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?

Opalsec · Daily News Update: Friday, April 4, 2025 (Australia/Melbourne)Chinese group exploiting Ivanti RCE bug since mid-March to drop web shells; DNS Fast Flux increasingly used by cyber crims & nation-states; GitHub Supply Chain attack traced to leaked Access Token in a CI workflow; Oracle says breach is of legacy system - receipts show otherwise.
#CyberSecurity#InfoSec#ThreatIntel
Public
Anonymous 🐈🐾☕🍵🏴🇵🇸 :af:

#SB Technology (hereinafter referred to as "the Company") announces that #NobuhiroTsuji, a security researcher at the Company, will participate as an expert in the Japan Cybersecurity Initiative by Google Cybersecurity Research Center (hereinafter referred to as "the Initiative"), an effort to raise cybersecurity awareness in Japanese society, which is led by the Google Cybersecurity Research Center.
#CyberDefense #Japan #SoftBank #CyberSecurity
softbanktech.co.jp/en/news/top

Public
teufelswerk

Das Citizen Lab veröffentlichte kürzlich seine Untersuchung zu Paragon Solutions, einem Cyber-Defense-Unternehmen, das kürzlich mit einer Spyware-Kampagne gegen Journalisten auf WhatsApp in Verbindung gebracht wurde. Neben der kanadischen Provinzpolizei Ontario fanden Forscher heraus, dass auch Regierungen in Australien, Zypern, Dänemark, Israel und Singapur zu den potenziellen Kunden von Paragon gehören könnten...

techcrunch.com/2025/03/19/rese

TechCrunch · Researchers name six countries as likely customers of Paragon's spyware | TechCrunch
More from Lorenzo Franceschi-Bicchierai
#paragon#cyberdefense#spyware
Public
Phillemon CEH | CTH

🎭💻 Think Like a Black Hat, Act Like a White Hat!

👁️‍🗨️ Let's Face-It ! -> 🕵‍♂️ To Outsmart cybercriminals, you must think like one—but use your skills for defense, not destruction. Learn the mindset of hackers and the strategies ethical hackers use to strengthen cybersecurity. 🔍🔐

📖 Read more: wardenshield.com/think-like-a-

Think Like a Black Hat & Act Like a White Hat
WardenShieldThink Like a Black Hat & Act Like a White Hat | WardenShieldDescription:In today's digital battlefield, understanding both attack and defense is the key to cybersecurity mastery. Think Like a Black Hat & Act Like a White Hat takes you inside the minds of hackers—both ethical and malicious—revealing their strategies, motivations, and techniques.This book b...
#EthicalHacking#CyberSecurity#WhiteHat
ExploreLive feeds
About