Kir @dober@infosec.exchange

Reverse engineer and review the Gamaredon Group Pteranodon Implant (including its batch scripts and decoding mechanism)
https://www.vkremez.com/2019/01/lets-learn-deeper-dive-into-gamaredon.html

APT #Gamaredon (RU) - GOV.UA targeting:
MD5: 49CDE7D0CA755F0C284D9690E84711AC
New #malware, old tehniques:
1. SFX with fake MS Word ico show real document and execute #Pteranodon
2. Comm through fake wget to winrouts.ddns[.]net

Hacker's story: https://pastebin.com/3rzCqrFk

crosspost from @matrix since their instance is currently down:

We’ve taken down the servers which host https://Matrix.org and https://Riot.im for emergency security maintenance - estimated downtime is several hours. More updates as we have them.

the security maintenance is to address issues with Matrix.org's production infrastructure. This is not a Synapse issue.

An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.

https://matrix.org have been pwned Vulnerabilities in the groovy plugin in #jenkins, multiplied by the incorrect setting of the CI sandbox.

COPRocessor - chip that deals with all that floating point mathematical shit

#Splunk will no longer be selling software and services to organizations in #Russia - either directly or through partners.
https://www.splunk.com/blog/2019/02/18/shifting-priorities-in-our-global-strategy.html

#Metasploit framework 5.0.1 in #Kali-rolling now.
#Kali #linux #MSF

Ethernet scarf