#Operation #SyncHole: #Lazarus #APT targets supply chains in South Korea
https://securityaffairs.com/176964/apt/operation-synchole-lazarus-apt-targets-supply-chains-in-south-korea.html
#securityaffairs #hacking #malware

The FBI is sounding the alarm: state-backed hackers are using custom malware and zero-day exploits to slip past telecom defenses. How are these tactics evading detection, and what does it mean for our security? Read more.

https://thedefendopsdiaries.com/unmasking-salt-typhoon-the-cyber-threat-to-telecom-networks/

#salt_typhoon
#cybersecurity
#telecomsecurity
#apt
#malware

Security Week has a good analysis of countries raising defensive posture in this weird ass global environment we have going on. Right when we are wiping ours out in the U.S.

https://www.securityweek.com/countries-shore-up-their-digital-defenses-as-global-tensions-raise-the-threat-of-cyberwarfare/

Yay us?

#APT 3.0 Package Manager Officially Launches, This Is What's New

https://linuxiac.com/apt-3-0-package-manager-officially-launches/

#Kimsuky #APT exploited #BlueKeep #RDP flaw in attacks against South Korea and Japan
https://securityaffairs.com/176756/apt/kimsuky-apt-exploited-bluekeep-rdp-flaw-in-attacks-against-south-korea-and-japan.html
#securityaffairs #hacking

https://www.npr.org/2025/04/15/nx-s1-5355895/doge-musk-nlrb-takeaways-security

This story should be front and centre in all of #infosec

DOGE either wittingly or unwittingly* gives highest level access to Russian actors. See the whistleblower documentation added below.

“In fact, in the minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.”

*) unwittingly only because they have no wit. Wanna bet they create the same user/password combos every place they pillage and burn? Wanna bet RU has these credentials? Wanna bet RU has a real-time view on which accesses the DOGE boys create (probably because these traitors broadcast them over insecure channels)?

https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf

[Edit] Reading carefully through the whistleblower documentation now. My current analysis: Holy shit.

I feel the need to point out #DOGE was *NOT* compromised by a #Russian #APT.

They *ARE* a Russian APT.

#China-linked #APT #Mustang #Panda upgrades tools in its arsenal
https://securityaffairs.com/176662/apt/china-linked-apt-mustang-panda-upgrades-tools-in-its-arsenal.html
#securityaffairs #malware

So how come my .deb has all the scripts, will trigger #debconf prompts if I use dpkg-reconfigure on it, but will trigger nothing if I use #apt install?

Yes, even after echo PURGE.

TeamT5 reported that the China-nexus APT exploited Ivanti Connect Secure VPN vulnerabilities to infiltrate nearly 20 industries across 12 countries, maintaining control over victim networks during analysis. #CyberSecurity #APT https://teamt5.org/en/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities/

A lot of offensive activity is originating from USA https://vuldb.com/?country.us #usa #country #cti #apt

An #APT group exploited #ESET flaw to execute #malware
https://securityaffairs.com/176364/security/an-apt-group-exploited-eset-flaw-to-execute-malware.html
#securityaffairs #hacking

Paketverwalter #APT macht Versionssprung auf 3.0.0 | heise online https://www.heise.de/news/Paketverwalter-apt-macht-Versionssprung-auf-3-0-0-10342718.html #OpenSource #Debian #Linux #Ubuntu

#Linux Weekly Roundup for April 6th, 2025: #APT 3.0, #Firefox 137, Linux 6.15 RC, #Thunderbird 137, #PorteuX 2.0, #KDE Plasma 6.3.4, #Calibre 8.2, Linux kernel 6.14 on #Ubuntu 24.10, new #Steam Client update, and more https://9to5linux.com/9to5linux-weekly-roundup-april-6th-2025

APT 3.0 Debian's package manager gains a faster, smarter solver, better diagnostics, an improved human-readable UI, and more.
https://linuxiac.com/apt-3-0-package-manager-officially-launches/

#APT 3.0 #Debian Package Manager Released with Revamped Command-Line Interface https://9to5linux.com/apt-3-0-debian-package-manager-released-with-revamped-command-line-interface

FIN7 *again*? Seriously, these guys just don't quit, do they?

Heads up – they've cooked up an Anubis backdoor using Python. And nope, *it's not* the Android Trojan people know. It's pretty wild what this thing packs: we're talking remote shell capabilities, file uploads, messing with the registry... Basically, the keys to the kingdom!

And let me tell you from a pentester's perspective: Just relying on AV? That's *definitely* not gonna cut it anymore. We all know that, right?

Looks like they're slipping in through compromised SharePoint sites now? Yikes. The nasty part? A Python script decrypts the payload *directly in memory*, making it incredibly tough to spot! Plus, their command and control chats happen over a Base64-encoded TCP socket.

So, keep a *sharp eye* on those ZIP attachments! Double-check your SharePoint sites' integrity. You'll also want to monitor network traffic closely (especially that TCP activity!). And make sure your endpoint security is actually up to snuff – remember, they love finding ways to bypass defenses!

How are *you* tackling threats like this one? What are your go-to tools and strategies for defense? Let's share some knowledge!

Another Monday, another quickly generated #bash script that helps me list all installed #debian #ubuntu #linuxmint #apt and #flatpak packages using #gemini #ai o.O

Please feel free to browse to https://gist.github.com/axelsegebrecht/b36a0e9f17fdf4ad553f3c133d116c74 and let me know what you think.

Is this #vibecoding ? Am I doing it right? ;-)