A critical vulnerability in the device’s Lua runtime — an undocumented function —bypasses all sandboxing restrictions and allows arbitrary OS command execution as root. #icssecurity #ics #otsecurity #lua

New from Ampyx Cyber: Build your OT SOC or MSSP stack with open-source tools like Security Onion, Wazuh & Malcolm. Timelines, cost ranges, templates, & training included. Start smart, scale fast.
https://ampyxcyber.com/blog/building-blocks-of-ot-security-monitoring-a-deep-dive-for-soc-builders-and-mssps

Simulación reto OPC UA (Defcon 31) #conferencia #ctf #defcon #ics #python #retos #writeups
https://www.hackplayers.com/2025/08/simulacion-reto-opc-ua-defcon-31.html

SATURDAY MORNING AT MARITIME HACKING VILLAGE

Come for the ships, stay for the root shells.

10:30AM – How Computers Kill People
Creator Stage 3 (Room 231)

11:30AM – Red Alerts and Blue Oceans
Creator Stage 4 (Room 228)

12:30PM – Boarding the VSAT
Creator Stage 4 (Room 228)

All morning, only at #MaritimeHackingVillage.

#DEFCON33 #MaritimeCyber #ICS #OTSecurity @defcon

The two mini routers are still harmless, but tonight they are no longer. Building modified #ICS / #OT Pentest dropboxes, took some inspiration from the ICS311 training.

At home, my thoughts are still on #DEFCON33 #defcon2025 #blackhat2025 #why2025 #why2025camp

My team develops #Zeek network analyzers for #OT protocols (see ICSNPP on GitHub). If you're familiar with this work, you know one of the hardest parts about it is getting sample data. If you've got access to traffic for some of the more niche protocols on our list (BSAP, ANSI C12.22, GE-SRTP, GENISYS, ROC Plus, Synchrophasor, etc.) and are willing and able to share a bit of PCAP, would you please reach out to me?

If you've got cybersecurity knowledge to share and are new to conference presenting, I'd heartily encourage you to consider applying to present at ComfyConAU. I've attended and have to say it's the most wonderful, diverse online conference I've attended with a warm, inclusive community. The presentations I've seen there range from highly technical and tools-based hacking and defence, through to broad concepts to auditing and compliance to community topics.

Give it a go and never mind the timezone - you can get up early or stay up late!

#security #conference2025 #infosec #cybersecurity #ICS #blueteam #purpleteam

@ComfyConAU

Gunra Ransomware Emerges with New DLS

A new ransomware group called Gunra has emerged with a Dedicated Leak Site (DLS) in April 2025. Gunra's code shows similarities to the infamous Conti ransomware, suggesting it may be leveraging Conti's leaked source code. The group employs aggressive tactics, including a time-based pressure technique that forces victims to begin negotiations within five days. Gunra ransomware encrypts files using a combination of RSA and ChaCha20 algorithms, excludes certain folders and file types from encryption, and drops a ransom note named 'R3ADM3.txt'. The ransomware also deletes volume shadow copies to hinder recovery efforts. As the threat of DLS ransomware grows, organizations are advised to implement robust security measures, including regular updates, backups, and user education.

Pulse ID: 688219586599cc75ec92a318
Pulse Link: https://otx.alienvault.com/pulse/688219586599cc75ec92a318
Pulse Author: AlienVault
Created: 2025-07-24 11:30:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

DNS: A Small but Effective C2 system

This analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.

Pulse ID: 6878f6e5d14da64ae460ad61
Pulse Link: https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61
Pulse Author: AlienVault
Created: 2025-07-17 13:13:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Calendulate là một công cụ mới giúp bạn chuyển đổi dữ liệu thô thành tệp định dạng .ics (lịch). Đây là giải pháp tiện lợi để tạo và quản lý các sự kiện, lịch trình từ nhiều nguồn dữ liệu khác nhau một cách dễ dàng.

#Calendulate #ICS #Lịch #ChuyểnĐổiDữLiệu #CôngCụKỹThuật #Calendar #DataConversion #TechTool

https://calendulate.com/

Greetings from the upcoming #ics #ot training round in Idaho Falls.

Hello #lazyweb: how to convert #microformat events into #ics?

e.g. https://pin13.net/mf2/?url=https%3A%2F%2FUnix-Freunde.mro.name%2F

Here's the #CFP for the 2025 #ICS #Cybersecurity Conference. The conference is Oct 27-30 at InterContinental Buckhead Atlanta. #infosec #scada
https://sessionize.com/ICSCC25/

Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware

A phishing campaign has been identified that exploits Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn. Cybercriminals send phishing emails with links to a malicious page on Vercel, impersonating an Adobe PDF viewer and prompting users to download a disguised executable. Once executed, the malware installs and connects to a LogMeIn server, allowing remote access and control of the compromised machine. Over 28 distinct campaigns targeting more than 1,271 users have been observed in the past two months. The technique's effectiveness stems from the use of a legitimate platform, a genuine remote access tool, and social engineering tactics. Recommendations include monitoring suspicious Vercel subdomains, educating employees about fake support scams, and implementing strict controls for remote access software installations.

Pulse ID: 6855b5cc908313a5fb032505
Pulse Link: https://otx.alienvault.com/pulse/6855b5cc908313a5fb032505
Pulse Author: AlienVault
Created: 2025-06-20 19:26:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Wilwarin Festival

Falls da jemand hin geht und wissen möchte was auf welchen Bühnen los ist habe ich hier ein Timetable im #ical Format.

• paste.schleicloud.de/?e4b6763b…

Gotta admit, 35,000 solar panels would make a baaaaadass botnet.

https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/

Serieus, #ANWB #ICS? Een wijziging van betaalrekening door een formulier te printen en in te vullen?
Welkom in 2025...

“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”

by Skwawkbox @skwawkbox @UKLabour

“Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”

https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/

Habt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern

• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem)
• Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)

Einmalige Downloads sind okay, Feed-URLs wären fast besser.