Olivia
Online
Aseel K
@CurlyCyber
Senior Researcher @Google Mandiant
Joined May 2017
274 Following
1.5K Followers
236 Posts
Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.
https://t.co/yXC1aDwLCv
I'm very excited to share our latest research which uncovers a malicious firmware implant for TP-Link routers, linked to Chinese state-sponsored APT group #CamaroDragon.
Read our blog @ https://t.co/yRTGWuKPXi >>
.@securechicken and I just released a major update on Tomiris, with some important implications for attribution. https://t.co/2sn3q8tDiJ
In it, we study the links between Turla and Tomiris again. Our assessment is that they're separate threat actors.
NEW REPORT: SWEET QUADREAMS: A first look at #spyware vendor QuaDream’s spy tools, victims and customers.
We identified traces of suspected exploit deployed against iOS versions 14.4 and 14.4.2 and possibly other versions as zero-day vulnerability. https://t.co/u7jcxJpu9H
Who to follow
Ivan Kwiatkowski
@JusticeRage
Security at a Big Tech company. Maintainer of Manalyze, Gepetto, and writer.
Trolling on a purely personal capacity.
Shadow Chaser Group
@ShadowChasing1
Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group focused on APT hunt and analysis
Check Point Research 
@_CPResearch_
Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team.
Happy to share my first blog as part of @wiz_io 🪄🧙
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://t.co/NcbGTkPtlQ
New reporting by @ronenbergman and @MarkMazzettiNYT says the U.S. government purchased a surveillance tool from NSO called Landmark. The tool allows the operator to identify someone’s location based on their phone number. https://t.co/0SoW43diaa
Amid the crisis in Azerbaijan’s breakaway region of Nagorno-Karabakh, our new report reveals Azerbaijani political surveillance using #OxtaRAT malware:
🕵️AutoIT/JPEG polyglot file
🎯Targets activists in Azerbaijan🇦🇿 and entities in Armenia🇦🇲
Read more >>
https://t.co/qq8VU6bIyC
Learn about #malware analysis & reverse engineering with @Volexity's @r00tbsd at #DFRWSEU2023! In this workshop, use #ghidra to disassemble #ransomware, analyze encryption techniques + attempt to restore encrypted files. Conference schedule is here: https://t.co/S3GSacMrPI #dfir
#Karkadann (#Candiru) domains, mostly typosquatting Azeri websites. #ThreatHunting ⤵️
checkhotel[.]net
vergisorgula[.]com
koronamiyim[.]com
opinionlimit[.]org
seffafxeber[.]com
parkdev[.]net
captivelogin[.]net
olkem[.]net
![sekoia_io's tweet photo. #Karkadann (#Candiru) domains, mostly typosquatting Azeri websites. #ThreatHunting ⤵️
checkhotel[.]net
vergisorgula[.]com
koronamiyim[.]com
opinionlimit[.]org
seffafxeber[.]com
parkdev[.]net
captivelogin[.]net
olkem[.]net https://t.co/u6LRsNJB87](https://pbs.twimg.com/media/Fjh8xEZXwAIGeP8.jpg)
Part 1 focuses on how the attackers leveraged this novel persistence technique via VIBs loaded with malware. These passive backdoors enabled threat actors to connect to the ESXi server and run commands on guest virtual machines through vmtoolsd.exe.
https://t.co/3RAdQ5cN0G
If you want to boost your daily use of @virustotal, get pcaps, extract indicators from behaviours, open the files from Maltego, pivot from the codes to the infrastructre and vice versa. These @MaltegoHQ transforms are for you😘.
📢We don't just use #YARA at Avast, we contribute to the community too! Our latest addition is that we are making our YARA Language Server (#YLS) #opensource https://t.co/trgFAHSB3R. Learn how you can start using it in the blog post by @KastakMatej: https://t.co/dGzPGdXnt9
A massive update from @securechicken on the threat actor we track as DeathStalker (its Evilnum cluster specifically): https://t.co/DBKFWu2evZ
Despite a lot of coverage on them these days, the groups remains unabashedly active.
New blog post about an UEFI firmware bootkit!
https://t.co/zDXWFOjf7z
Research was led by our dearly missed @_marklech_
GUESS WHU?⤵️ _ _ N D _ _ _ (PS: Check your logs. 1/5)
nusantaraqurban[.]com
7aqibatmosafer[.]com
padpay[.]org
pinkbulldoginu[.]com
shopscreen[.]org
syrianinfo[.]com
mailclick[.]info
servers-mail[.]net
gerillaonline[.]net
Two #0day exploits were used against targets in the Middle East, and led to the deployment of Candiru's #DevilsTongue spyware!
- Heap BOF in WebRTC, Chromium (CVE-2022-2294)
- LPE in a 3rd party driver
Great finding by the team @ @AvastThreatLabs!
https://t.co/03GtyS8Eno
>>
Today I had the great honor of delivering #PTS22's keynote on ethics in cyberwar times.
It is a continuation of the work I started at VB2019 and feels more relevant than ever today. This talk is very important to me. You can watch it here: https://t.co/BCini217aT
Awesome news for all Android researchers!
@virustotal is now supporting searches by package name with "androguard_package" keyword.
Please keep in mind it affects only newly (re) analyzed files, so it will take some time.
Here is an example of default #FinSpy package name:
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers