Rotate’s Post

Social engineering is a very real and active threat. Do you know how to protect yourself from becoming a victim? This video from CNN, featuring Rachel Tobac from SocialProof Security, is fascinating and scary at the same time. Take 4 minutes to watch and learn how you can safeguard against these attackers. #socialengineering #hackers #internetsafety

THE BBC HAS BEEN HACKED LIVE ON AIR https://lnkd.in/eH7XkYH4 “Put another password in, Bomb it out and try again Try to get past logging in, We’re hacking, hacking, hacking Try his first wife’s maiden name, This is more than just a game, It’s real fun, but just the same, It’s hacking, hacking, hacking” Okay - it was in October 1983, but take 4 minutes to watch the video - then here is the perhaps provocative challenge for cybersecurity professionals - if hackers were not only hacking systems in public in 1983, but taunting the target with the Hackers Song line of "try his first wife's maiden name", why then did the systems that were built across industry after industry continue to use this datapoint assumed to be secure? The industry is right in the current debate on cyber regulation and enforcement, nobody needs to blame the victims of cyber attacks, - but blaming attackers for using publicly known 40 year old tradecraft in the modern age is poor form. GRC has value in cyber just like every other risk stripe - done correctly it ensures organizational risk management learning from every event, and makes sure leaders, regulators and investors know exactly what threats and risks are under control, and which are not. And releases from the BBC Archive don't come as an uncomfortable surprise.

A comprehensive indictment of a number of bad actors. A good analysis here.

The creation and start of the malicious service kick starts the execution of the TinyTurla-NG implant via svchost[.]exe (Windows’ service container). TinyTurla-NG is instrumented further to conduct additional reconnaissance of directories of interest and then copy files to a temporary staging directory on the infected system, followed by subsequent exfiltration to the C2. TinyTurla-NG is also used to deploy a custom-built Chisel beacon from the open-sourced offensive framework. (13TTPs with 'Procedure' level details on the TruKno blog). #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalys https://lnkd.in/gJziYT2M

The creation and start of the malicious service kick starts the execution of the TinyTurla-NG implant via svchost[.]exe (Windows’ service container). TinyTurla-NG is instrumented further to conduct additional reconnaissance of directories of interest and then copy files to a temporary staging directory on the infected system, followed by subsequent exfiltration to the C2. TinyTurla-NG is also used to deploy a custom-built Chisel beacon from the open-sourced offensive framework. (13TTPs with 'Procedure' level details on the TruKno blog). #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalys

The creation and start of the malicious service kick starts the execution of the TinyTurla-NG implant via svchost[.]exe (Windows’ service container). TinyTurla-NG is instrumented further to conduct additional reconnaissance of directories of interest and then copy files to a temporary staging directory on the infected system, followed by subsequent exfiltration to the C2. TinyTurla-NG is also used to deploy a custom-built Chisel beacon from the open-sourced offensive framework. (13TTPs with 'Procedure' level details on the TruKno blog). #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalys

Would you rather use #passkeys than remember #passwords? Passkeys are being called the future of how we stay safe online, with major online businesses hoping the new #technology will put an end to passwords. #cybersecurity #encryption

https://lnkd.in/grvU9c5y Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File

Last week was grim for broadcast media in New Zealand with redundancy plans at Newshub and TVNZ finalised.  Associate Professor Sarah Baker says it is unusual for a country with New Zealand’s population to have only one TV broadcast news outlet. “We’ve seen this decline coming, but this week’s news is absolutely shocking. So, what is the solution? “We need the in-depth analysis that current affairs provides to tell more complicated stories. Innovation is fine, but the basic need for that information remains.  “It's all very well to say trust in the media has gone down. It goes up and down, but not having media outlets at all is a totally different issue.  “The basic reality is that if you want these things you have to pay for them, and the government should be looking to help. “This situation is a disaster for both journalism and democracy in New Zealand.” Listen to the full discussion on RNZ here: https://lnkd.in/gZNwHimP Read Associate Professor Baker’s article on The Conversation here: https://lnkd.in/gEPYzxAF

Threat Actors Using an Armed OpenBullet Pentesting Tool to Manipulate Script Kids https://lnkd.in/epP2Wr5E