Sotwe logo Sotwe logo
joshpatesec's profile banner image
joshpatesec's profile image

Joshua Pate

@joshpatesec

Security Operations / Endpoint Security / Threat Research / Threat Intelligence
Phoenix, AZ
Joined March 2013
792 Following
150 Followers
468 Posts
joshpatesec  retweeted
feross's profile image
Feross Verified account @feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
539
16K
4K
7K
12M
joshpatesec  retweeted
hnykda's profile image
Daniel Hnyk @hnykda
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
307
9K
2K
3K
6M
joshpatesec's profile image
Joshua Pate @joshpatesec
@IRSnews @IRSsmallbiz make an EIN confirmation download button that actually works. This button has been an issue for over a decade. Take 5 minutes to fix this button to prevent countless headaches & significantly reduce your call volume. #irs #fail #DoYourJob #webdev101
joshpatesec's tweet photo. @IRSnews @IRSsmallbiz make an EIN confirmation download button that actually works. This button has been an issue for over a decade. Take 5 minutes to fix this button to prevent countless headaches & significantly reduce your call volume. #irs #fail #DoYourJob #webdev101 https://t.co/ZBXXRmpzqc
0
0
0
0
1
joshpatesec  retweeted
lamw's profile image
William Lam @lamw
[New] - Useful vSphere Automation techniques for assisting with CrowdStrike remediation https://t.co/S6JXRfdXim ☝️Ability to send VM Keystrokes using vSphere API is still one of the lesser known yet super powerful capability of our platform! Hope this can help our IT admins 🙏
lamw's tweet photo. [New] - Useful vSphere Automation techniques for assisting with CrowdStrike remediation https://t.co/S6JXRfdXim ☝️Ability to send VM Keystrokes using vSphere API is still one of the lesser known yet super powerful capability of our platform! Hope this can help our IT admins 🙏 https://t.co/vWUrA99qSu
3
164
79
63
15K

Who to follow

ITSecurityguard's profile image
Patrik Grobshäuser
@ITSecurityguard
Security Research @ Assetnote https://t.co/RmFwv6ItrQ https://t.co/VCPfgTLLBN https://t.co/qylqwXgc9I https://t.co/uwZdquCB7l
BillDemirkapi's profile image
Bill Demirkapi Verified account
@BillDemirkapi
preparedness research @openai
StatePharmJ's profile image
Jake, maybe from State Farm?
@StatePharmJ
A+ & Network+ certified, Fortinet NSE 3, Platforms Manager / InfoSec n00b in MI / 💾 /FMUOASL
joshpatesec's profile image
Joshua Pate @joshpatesec
Microsoft has released a recovery tool to assist in the recovery of systems affected by the CrowdStrike Channel File blue screen: https://t.co/WWW6o00aE8 #hugops #crowdstrike #bluescreen
0
0
0
0
72
joshpatesec  retweeted
karol_paciorek's profile image
Karol Paciorek @karol_paciorek
⚠️ Prepared malware campaign impersonating @DocuSign. 📂 #opendir: 45.61.132[.126:8080 📄 sign_now.vbs - SHA1: ec5a069337d37a76e8dd08a2a7dc30babd2853fa 🖼️ fine.jpg - python script - SHA1: 509a486e0bc62a144f2cc7695a13530299454bd3 @500mk500
karol_paciorek's tweet photo. ⚠️ Prepared malware campaign impersonating @DocuSign. 📂 #opendir: 45.61.132[.126:8080 📄 sign_now.vbs - SHA1: ec5a069337d37a76e8dd08a2a7dc30babd2853fa 🖼️ fine.jpg - python script - SHA1: 509a486e0bc62a144f2cc7695a13530299454bd3 @500mk500 https://t.co/kDyKQ4Sy51
1
39
15
9
4K
joshpatesec's profile image
Joshua Pate @joshpatesec
If anyone knows the path to the native Recall SQLite DLL I can modify the script to use that DLL when accessing the Recall database.
0
0
0
0
36
joshpatesec's profile image
Joshua Pate @joshpatesec
I wrote a PowerShell script called Recall Tool which can be used to extract Recall database and image data: https://t.co/B6llz1ROGT #windows #recall #privacy #PrivacyMatters
1
2
0
1
67
joshpatesec  retweeted
karol_paciorek's profile image
Karol Paciorek @karol_paciorek
🚨 Two #opendir setups are ripe for a sneaky email campaign loaded with #asyncRAT and #Xworm #malware. 📡#opendir: 57.128.129[.21:9222 57.128.129[.21:8080 C2: 🔗 nmds.duckdns[.org:8895 🔗 xgmn934.duckdns[.org:8896 🔗 xvern429.duckdns[.org:8890 🔗 asyncss.duckdns[.org:8797
karol_paciorek's tweet photo. 🚨 Two #opendir setups are ripe for a sneaky email campaign loaded with #asyncRAT and #Xworm #malware. 📡#opendir: 57.128.129[.21:9222 57.128.129[.21:8080 C2: 🔗 nmds.duckdns[.org:8895 🔗 xgmn934.duckdns[.org:8896 🔗 xvern429.duckdns[.org:8890 🔗 asyncss.duckdns[.org:8797 https://t.co/79so854SJr
1
72
34
28
9K
joshpatesec's profile image
Joshua Pate @joshpatesec
📷📷 Carbon Black’s nonstop innovation revolution prioritizes and protects customers and partners. Here’s why: https://t.co/Q1TLtXLnCp
0
3
0
0
15
joshpatesec  retweeted
James_inthe_box's profile image
James @James_inthe_box
#malware #opendir at: http://invoicetrycloudflare\.com:9983/
James_inthe_box's tweet photo. #malware #opendir at: http://invoicetrycloudflare\.com:9983/ https://t.co/52UvidgoXD
1
25
5
8
5K
joshpatesec  retweeted
karol_paciorek's profile image
Karol Paciorek @karol_paciorek
🚨 #opendir: 185.29.11[.28:9999 ⚠️ Large collection of malicious: .lnk, .hta, .bat, .vbs, .js files prepared for a fake invoice email campaign: SCANNED.pdf For example: kam.cmd - #ASyncRAT Botnet: Venom Clients C2: undjsj.duckdns[.org:8890 @500mk500
karol_paciorek's tweet photo. 🚨 #opendir: 185.29.11[.28:9999 ⚠️ Large collection of malicious: .lnk, .hta, .bat, .vbs, .js files prepared for a fake invoice email campaign: SCANNED.pdf For example: kam.cmd - #ASyncRAT Botnet: Venom Clients C2: undjsj.duckdns[.org:8890 @500mk500 https://t.co/AwD5WXVIYH
5
106
42
33
10K
joshpatesec's profile image
Joshua Pate @joshpatesec
@Broadcom will be showing off @Symantec and @CarbonBlack security solutions at #RSAC2024! Sign up to meet with us here: https://t.co/83JmgxugqW
0
0
0
0
3
joshpatesec  retweeted
amlweems's profile image
Anthony Weems @amlweems
I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) https://t.co/CvKo3xPRkP
amlweems's tweet photo. I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) https://t.co/CvKo3xPRkP https://t.co/HDrFYCHoqp
49
4K
826
1K
633K
joshpatesec  retweeted
Bugcrowd's profile image
bugcrowd Verified account @Bugcrowd
📢 If you haven't heard by now, there's a new big security vulnerability: CVE-2024-3094 aka the libxz-utils backdoor. 😳 What's most shocking? The backdoor was introduced by none other than Jia Tan, a long-time maintainer of the XZ library. Per https://t.co/B8VHiZZb7E the following timeline events is an excellently documented summary of what we currently know about the introduction of this vulnerability into XZ 👇 Plus, learn the details in our latest blog by #Bugcrowd's own @codingo_: https://t.co/09wl9tSX9H
Bugcrowd's tweet photo. 📢 If you haven't heard by now, there's a new big security vulnerability: CVE-2024-3094 aka the libxz-utils backdoor. 😳 What's most shocking? The backdoor was introduced by none other than Jia Tan, a long-time maintainer of the XZ library. Per https://t.co/B8VHiZZb7E the following timeline events is an excellently documented summary of what we currently know about the introduction of this vulnerability into XZ 👇 Plus, learn the details in our latest blog by #Bugcrowd's own @codingo_: https://t.co/09wl9tSX9H
1
88
16
25
10K
joshpatesec  retweeted
vxunderground's profile image
vx-underground Verified account @vxunderground
Earlier today @ddd1ms shared information regarding allegations from ALPHV affiliates of ALPHV administrative scamming partners. A user went online to state they are responsible for ransoming Change Healthcare. They state after receiving payment ALPHV administrative staff suspended their account. They continue to say the suspension was suspicious and March 3rd, 2024 the wallet which received the Change Healthcare funds was emptied. They conclude the post by unveiling an ALPHV wallet which has received approx. $92,749,381 (or 1401 BTC) Wallet: 14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b *information and photos via @ddd1ms
vxunderground's tweet photo. Earlier today @ddd1ms shared information regarding allegations from ALPHV affiliates of ALPHV administrative scamming partners. A user went online to state they are responsible for ransoming Change Healthcare. They state after receiving payment ALPHV administrative staff suspended their account. They continue to say the suspension was suspicious and March 3rd, 2024 the wallet which received the Change Healthcare funds was emptied. They conclude the post by unveiling an ALPHV wallet which has received approx. $92,749,381 (or 1401 BTC) Wallet: 14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b *information and photos via @ddd1ms
12
225
36
44
50K
joshpatesec  retweeted
DTCERT's profile image
Deutsche Telekom CERT @DTCERT
🚨 On February 26th and 27th Telekom Security and Bayern-CERT observed threat actor #TA577 phishing campaigns. This time the actor is not spreading malware, but apparently uses NTLMv2 handshakes to steal user credentials/hashes. 🧵1/7
6
249
94
95
84K
joshpatesec  retweeted
josephfcox's profile image
Joseph Cox Verified account @josephfcox
New: inside the underground site where "neural networks" churn out fake IDs - I tested, made two IDs in minutes - used one to successfully bypass the identity verification check on a cryptocurrency exchange - massive implications for crime, cybersecurity https://t.co/hCjHWbKJPf
josephfcox's tweet photo. New: inside the underground site where "neural networks" churn out fake IDs - I tested, made two IDs in minutes - used one to successfully bypass the identity verification check on a cryptocurrency exchange - massive implications for crime, cybersecurity https://t.co/hCjHWbKJPf https://t.co/sd8ofmdEOE
312
10K
2K
7K
4M
joshpatesec  retweeted
vxunderground's profile image
vx-underground Verified account @vxunderground
Today Hewlett-Packard disclosed to the SEC that they were compromised by APT29 a/k/a/ Cozy Bear a/k/a/ Midnight Blizzard Information via @pancak3lullz
vxunderground's tweet photo. Today Hewlett-Packard disclosed to the SEC that they were compromised by APT29 a/k/a/ Cozy Bear a/k/a/ Midnight Blizzard Information via @pancak3lullz https://t.co/9HH1WLy6t8
19
728
194
110
85K

Last Seen Users on Sotwe

believejgl's profile image
JGL
Seen from United States
jap_mom1's profile image
jäp_MØM
Seen from Indonesia
8MvuCzwqD2vlhSr's profile image
batman
Seen from Indonesia
milfsex18's profile image
รวมคลิปหลุดสาวใหญ่เเละทางบ้าน
Seen from Thailand
kolektor_uhkty's profile image
pengepul_jilbobs
Seen from Indonesia
lauwghs's profile image
Taliz
Sunnnnnnnshy's profile image
Tamil Magan_20
Seen from India
Oyen356728's profile image
bocil SMP
Seen from Indonesia
gayarabul's profile image
❤️GAY ARA BUL❤️ Verified account
Seen from Germany
amiramir560708's profile image
منيكة
Seen from Egypt

Trends for you

1
jungkook
Under 10K tweets
2
Boots
Under 10K tweets
3
Austria
Under 10K tweets
4
Ansem
Under 10K tweets
5
V FOR CELINE
Under 10K tweets
6
#PPxSTAKE
Under 10K tweets
7
Oracle AI Trade
Under 10K tweets
8
Happy Birthday Elon
Under 10K tweets
9
Portugal
Under 10K tweets
10
#Toonami
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.6M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.2M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.7M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
110.5M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.6M followers
nasa's profile image
7
NASA Verified account
@nasa
92.2M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.9M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
87.6M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
81.4M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
73M followers
imvkohli's profile image
12
Virat Kohli Verified account
@imvkohli
69.8M followers
kimkardashian's profile image
13
Kim Kardashian Verified account
@kimkardashian
69.8M followers
youtube's profile image
14
YouTube Verified account
@youtube
68.7M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.8M followers
neymarjr's profile image
16
Neymar Jr Verified account
@neymarjr
62.5M followers
theellenshow's profile image
17
The Ellen Show
@theellenshow
62.4M followers
cnn's profile image
18
CNN Verified account
@cnn
61.9M followers
x's profile image
19
X Verified account
@x
60.8M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
60.7M followers