Our security researchers have uncovered a phishing website & Android app targeting HDFC Bank customers
For a deep dive into the phishing website and android app, as well as the modus operandi, read our full report -
https://t.co/gf52tgSOKz
#phishing#hdfcbank#bfsi
Our team is growing, and we’re looking for passionate individuals to join us across multiple roles.
Learn more and apply here: https://t.co/Uh5s55pitg
Know someone who'd be a great fit? Feel free to share or tag them below!
#Hiring#Careers#Belagavi#CyberSecurity
Our latest report uncovers how scammers are exploiting the Tesla brand in large-scale crypto & investment scams — from fake trading platforms to cloned websites.
Full report 👉 https://t.co/W6O4BKLQGQ
#pigbutchering#romancebaiting#crypto#investment#scams
As folks in my network know, we've (@shreshtait) been tracking large-scale scams like pig-butchering, romance baiting, and crypto/investment fraud.
One curious pattern: the Tesla brand is being misused extensively.
🧵👇
Well, we didn't expect impersonation of @obsdmd on a website while hunting pig-butchering/romance baiting and investment scams today!
obsidiantrades[.]de was registered through Porkbun and is currently pointing at 34.117.223.165 (AS396982 - Google Cloud Platform)
cc: @kepano
Sometimes it's fascinating to see how some domain names constantly rotate the IP addresses and the network infrastructure they point to.
Here's a quick look at one such domain over time 👇
FYI, this is not fast flux.
#DNS#threatintelligence
I’m watching the news this week with growing concern. If you find yourself suddenly unemployed and think you might be a good fit for Maltego’s Product and Tech team, ping me. We have some roles open (https://t.co/5FnXCPVM0W) and others in the planning stages.
Less than 24 months ago, our botnet report stated, "Spamhaus Malware Lab experts deem that it’s
highly likely that Emotet will come back into circulation." And here it is.
Currently, our researchers are seeing new botnet C&Cs being pushed. #Emotet#Back#ThreatIntel
Seeing an influx of suspicious domain names (domain shadowing attack) which appear to impersonate gitlab/github
Most are pointing at AS57724(DDOS-GUARD, RU).
Everything begins with a DNS query. The good stuff and the badness (there are a few exception cases).
Enabling and monitoring the DNS logs is an excellent step towards network security monitoring (NSM).
2/ This HTTP request can now be used very well for an alert.
Or better, collect and monitor all your DNS logs, because a DNS request will still go out if the Advanced IP Scanner is run without an installation (portable version).
An excellent opportunity for detection.
👉It’s official! We launched Protective DNS as part of our mission to enhance the federal government’s cyber defenses. Learn more here: https://t.co/MZragLPZTj
Our security researchers using SDINET - our threat intelligence platform, have detected and identified another phishing domain – links-circleci[.]com, which is part of the phishing campaign.
Detailed report - https://t.co/TLwzxChFFN
#dns#phishing#GitHub#SDINET#shreshtait
A good starting point would be to check the DNS logs/SIEM if any of the domain names were queried for in the network.
Aside from the domain names mentioned in the blog, also check for the domain name links-circleci[.]com
That one showed up in our data @shreshtait
@GitHubSecurity Hello folks, you might want to add links-circleci[.]com to the list of domains.
We've seen that one show up in our threat intel @shreshtait