Thanasis Papathanasiou
@than404.bsky.social
IT & Information Security // CISSP, CEH, ITIL
Amateur Photographer
Amateur Photographer
Reposted by Thanasis Papathanasiou
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
cloud.google.com
February 19, 2025 at 11:05 AM
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted by Thanasis Papathanasiou
Some useful Surveillance Self Defense links for people who want to lock their shit down right now:
Attending a protest: ssd.eff.org/module/atten...
How to Use Signal: ssd.eff.org/module/how-t...
Security starter pack: ssd.eff.org/playlist/wan...
Attending a protest: ssd.eff.org/module/atten...
How to Use Signal: ssd.eff.org/module/how-t...
Security starter pack: ssd.eff.org/playlist/wan...
How to: Use Signal
Download location: Google Play Store, Apple App Store
System requirements: Android 5 or later, iOS 13 or later
Version used in this guide: Android: 7.0. iPhone: 7.0
License: GPLv3
Level: Beginner
Time...
ssd.eff.org
February 3, 2025 at 6:09 AM
Some useful Surveillance Self Defense links for people who want to lock their shit down right now:
Attending a protest: ssd.eff.org/module/atten...
How to Use Signal: ssd.eff.org/module/how-t...
Security starter pack: ssd.eff.org/playlist/wan...
Attending a protest: ssd.eff.org/module/atten...
How to Use Signal: ssd.eff.org/module/how-t...
Security starter pack: ssd.eff.org/playlist/wan...
Reposted by Thanasis Papathanasiou
C2 Tracker: Live Feed of C2 servers, tools, and botnets meterpreter.org/c2-tracker-l...
C2 Tracker: Live Feed of C2 servers, tools, and botnets
Free to use IOC feed for various tools/malware. It started for just C2 tools but has morphed into tracking infostealers and botnets as well
meterpreter.org
January 30, 2025 at 3:46 AM
C2 Tracker: Live Feed of C2 servers, tools, and botnets meterpreter.org/c2-tracker-l...
Reposted by Thanasis Papathanasiou
Bellingcat is currently working with universities to develop open source investigation courses in various fields and creating student-led investigative hubs at those universities, which seems well timed.
January 20, 2025 at 7:27 AM
Bellingcat is currently working with universities to develop open source investigation courses in various fields and creating student-led investigative hubs at those universities, which seems well timed.
Targeted Advertising and the risks of Real-Time Bidding (RTB)
The Electronic Frontier Foundation highlights RTB as an unregulated system that significantly undermines user privacy.
The Electronic Frontier Foundation highlights RTB as an unregulated system that significantly undermines user privacy.
Online Behavioral Ads Fuel the Surveillance Industry—Here’s How
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliv...
www.eff.org
January 16, 2025 at 12:00 PM
Targeted Advertising and the risks of Real-Time Bidding (RTB)
The Electronic Frontier Foundation highlights RTB as an unregulated system that significantly undermines user privacy.
The Electronic Frontier Foundation highlights RTB as an unregulated system that significantly undermines user privacy.
Reposted by Thanasis Papathanasiou
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals.
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals.
www.bleepingcomputer.com
January 16, 2025 at 2:57 AM
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals.
Reposted by Thanasis Papathanasiou
I can never fully know if I already read this "Fortinet 0day in the wild" article 3 weeks ago or if it’s new. Ha, never mind! It’s new 🥲
Earlier: Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used
Now: Fortinet issues advisory and updates for 9.6/10 critical severity vulnerability, acknowledges active exploitation
See update: www.theregister.com/2025/01/14/m...
Now: Fortinet issues advisory and updates for 9.6/10 critical severity vulnerability, acknowledges active exploitation
See update: www.theregister.com/2025/01/14/m...
Snoops exploited Fortinet firewalls with 'probable' 0-day
Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg
www.theregister.com
January 14, 2025 at 9:14 PM
I can never fully know if I already read this "Fortinet 0day in the wild" article 3 weeks ago or if it’s new. Ha, never mind! It’s new 🥲
Reposted by Thanasis Papathanasiou
Ivanti has warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise customer networks. Mandiant, which discovered the flaw, has linked the attacks to a China-backed cyberespionage group techcrunch.com/2025/01/09/h...
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks | TechCrunch
Mandiant says a Chinese cyberespionage group has been exploiting the critical-rated vulnerability since at least mid-December.
techcrunch.com
January 9, 2025 at 12:57 PM
Ivanti has warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise customer networks. Mandiant, which discovered the flaw, has linked the attacks to a China-backed cyberespionage group techcrunch.com/2025/01/09/h...
Reposted by Thanasis Papathanasiou
🛰️ The Gravy Analytics breach exposes how easily citizens can be tracked:
- Seen at Space Launch Complex 36
- Work commute mapped
- Stops at Home Depot & family visits near Kansas City logged
🔒 A stark reminder of the privacy risks in location data collection.
- Seen at Space Launch Complex 36
- Work commute mapped
- Stops at Home Depot & family visits near Kansas City logged
🔒 A stark reminder of the privacy risks in location data collection.
January 9, 2025 at 12:27 PM
🛰️ The Gravy Analytics breach exposes how easily citizens can be tracked:
- Seen at Space Launch Complex 36
- Work commute mapped
- Stops at Home Depot & family visits near Kansas City logged
🔒 A stark reminder of the privacy risks in location data collection.
- Seen at Space Launch Complex 36
- Work commute mapped
- Stops at Home Depot & family visits near Kansas City logged
🔒 A stark reminder of the privacy risks in location data collection.
Reposted by Thanasis Papathanasiou
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
January 8, 2025 at 4:25 PM
Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.
Reposted by Thanasis Papathanasiou
Man-in-the-middle attacks on Public WiFi networks haven't been a realistic threat in a decade. Almost all websites use encryption by default, and anything of value uses HSTS to prevent attackers from downgrading / disabling encryption. It's a non issue.
They are useful to prevent man in the middle attacks where someone uses a pineapple to spoof a public wifi signal.
December 20, 2024 at 3:11 AM
Man-in-the-middle attacks on Public WiFi networks haven't been a realistic threat in a decade. Almost all websites use encryption by default, and anything of value uses HSTS to prevent attackers from downgrading / disabling encryption. It's a non issue.