blueteamsec

679 readers
30 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
1476
2
Principles for the Secure Integration of Artificial Intelligence in Operational Technology (media.defense.gov)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1477
1
Defending against adversary-in-the-middle threats with phishing-resistant multi-factor authentication (ITSM.30.031) - Canadian Centre for Cyber Security (www.cyber.gc.ca)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1478
1
MuddyWater: Snakes by the riverbank (www.welivesecurity.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1479
2
Dragons in Thunder (ptsecurity.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1480
4
Introducing constant-time support for LLVM to protect cryptographic code (blog.trailofbits.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1481
4
AI agents find $4.6M in blockchain smart contract exploits (red.anthropic.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1482
4
B2B Guest Access Creates an Unprotected Attack Vector - Microsoft’s B2B guest collaboration allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenants (www.ontinue.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1483
3
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign (www.koi.ai)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1484
3
DNS Uncovers Infrastructure Used in SSO Attacks (blogs.infoblox.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1485
3
DNS Uncovers Infrastructure Used in SSO Attacks (blogs.infoblox.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1486
1
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice (www.ncsc.gov.uk)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1487
1
New Zealand Cyber Threat Report 2025 (www.ncsc.govt.nz)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1488
6
How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations (blog.synapticsystems.de)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1489
2
how i found a europa.eu compromise (thanks to cricket) (blog.himanshuanand.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1490
2
A new wiper attack has been identified affecting Ukraine. (self.blueteamsec)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
 
 

"A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities."

Related IoCs: 95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880 68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper 9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper

src: https://x.com/ClearskySec/status/1995061537183011084

1491
3
Unmasking a new DPRK Front Company DredSoftLabs (medium.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1492
1
Ivanti Post-Exploitation Lateral Movement — Analysis and Detection (medium.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1493
0
Extending UniFi Monitoring in Microsoft Sentinel: Workbooks and Analytics Rules (sentinel.blog)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1494
0
Integrating UniFi Network Monitoring into Microsoft Sentinel (sentinel.blog)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1495
4
Analysis of the Rust implants found in the malicious VS Code extension (www.nextron-systems.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1496
1
Risk-Based Alerting in Microsoft Sentinel (isaacdunham.github.io)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1497
1
Hide the threat - GPO lateral movement (www.intrinsec.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1498
1
CastleLoader & CastleRAT: Behind TAG150’s Modular Malware Delivery System (www.darktrace.com)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1499
2
Microsoft 365: The Essential 10 Security Considerations (campbell.scot)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
1500
1
Building custom C2 channels by hooking wininet (codex-7.gitbook.io)
submitted 4 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›