Nochmal #Cybersicherheit: Die Forschung nutzt hier oft dieselben Methoden wie Angreifende – und bewegt sich rechtlich in einer Grauzone.

@ATHENECenter verhandelt solche Fälle in Simulationsgerichten, um klare Leitplanken für sichere Forschung zu setzen.

Erster Fall: „Angebot-zur-Übernahme-von-Cyberangriffen-im-Auftrag.pdf“ – inklusive Tausende gestohlene Zugangsdaten. Was tun damit?

Mehr auf unserem Blog: https://gi.de/themen/beitrag/simulationsgericht-fuer-cybersicherheitsforschung

#ITsec #SecurityResearch #ITSecurity #Informatik #Darknet

Anyone have experience of submitting a proposal for new sub-techniques to MITRE ATT&CK by MITRE ?

Yes I’ll go read the philosophy paper but any other hints/tips/guidance appreciated!

While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.

I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/

Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop

looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.

When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.

After which it of course connected to various Monero mining pools.

​ And we’re on Mastodon!

If you’re new to The Spamhaus Project, check out our bio above ​

Ultimately, we’re here to build a community. A community of like-minded individuals, who want to make the internet a safer place. On Mastodon, we’ll be sharing latest threat intelligence from our researchers and threat hunters, and we’d like to invite you to do the same….

Earlier this month, we launched our Threat Intel Community, giving anyone the ability to submit malicious domains, IPs, email source codes, or URLs to Spamhaus through our user-friendly portal.

If you’re curious to know more, read this blog:
https://www.spamhaus.org/news/article/821/want-to-submit-data-be-our-guest

Or visit the Threat Intel Community here:
https://submit.spamhaus.org

Attention all security professionals and enthusiasts! We are excited to announce our upcoming SecurityBSides event in Milan on July 8, 2023. This is your chance to share your knowledge, insights, and experiences with the community. We are now accepting proposals for presentations and workshops. Submit your ideas on cutting-edge security topics for a chance to speak at the event. Don't miss this opportunity to be a part of the security conversation in Milan. Submit your proposal now! #SecurityBSides #Milan2023 #BSML23 #cybersecurity #infosec #information #cfp #research #threatintel @SecurityBSidesGlobal #securityresearch #securityawareness #trainings Check out our website!! https://milano.securitybsides.it and the call for paper page!! https://easychair.org/cfp/bsml23
We are waiting for you, are you up for it!!