Opalsec
@opalsec.io
Daily Cyber News Summaries, straight to your inbox 👉🏻 opalsec.io
Reposted by Opalsec
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
October 23, 2025 at 1:27 PM
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
Reposted by Opalsec
New Blog! Lessons from the BlackBasta Ransomware Attack on Capita
When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. 📝
blog.bushidotoken.net/2025/10/less...
When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. 📝
blog.bushidotoken.net/2025/10/less...
Lessons from the BlackBasta Ransomware Attack on Capita
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
blog.bushidotoken.net
October 18, 2025 at 1:30 PM
New Blog! Lessons from the BlackBasta Ransomware Attack on Capita
When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. 📝
blog.bushidotoken.net/2025/10/less...
When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. 📝
blog.bushidotoken.net/2025/10/less...
Reposted by Opalsec
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
🔗 www.404media.co/hacker-plant...
🔗 www.404media.co/hacker-plant...
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, whi...
www.404media.co
July 23, 2025 at 2:18 PM
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
🔗 www.404media.co/hacker-plant...
🔗 www.404media.co/hacker-plant...
Reposted by Opalsec
Important and very timely research:
The "Com" isn't simply a hacker group, it's an online phenomenon that has changed the cybercrime landscape in the past several years.
Allison Nixon shares more in this short clip from her SLEUTHCON 2025 talk with Ben Coon.
Watch the full talk here >> www.youtube.com/watch?v=TydZ...
Allison Nixon shares more in this short clip from her SLEUTHCON 2025 talk with Ben Coon.
Watch the full talk here >> www.youtube.com/watch?v=TydZ...
July 23, 2025 at 5:36 PM
Important and very timely research:
Reposted by Opalsec
So... known hacked agencies so far include:
-US Department of Homeland Security
-US National Nuclear Security Administration
-US National Institutes of Health
Did I miss any?
-US Department of Homeland Security
-US National Nuclear Security Administration
-US National Institutes of Health
Did I miss any?
Confirming @ddimolfetta.bsky.social & Frank Konkel's reporting on SharePoint victims: www.nextgov.com/cybersecurit...
"DHS was impacted and over a dozen other agencies were notified" of compromises, a person familiar with the matter tells me, "as well as several critical infrastructure companies."
"DHS was impacted and over a dozen other agencies were notified" of compromises, a person familiar with the matter tells me, "as well as several critical infrastructure companies."
DHS impacted in hack of Microsoft SharePoint products, people familiar say
The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.
www.nextgov.com
July 23, 2025 at 10:49 PM
So... known hacked agencies so far include:
-US Department of Homeland Security
-US National Nuclear Security Administration
-US National Institutes of Health
Did I miss any?
-US Department of Homeland Security
-US National Nuclear Security Administration
-US National Institutes of Health
Did I miss any?
Reposted by Opalsec
Oh the critical vuln is in SHAREPOINT, gotcha
July 20, 2025 at 5:25 PM
Oh the critical vuln is in SHAREPOINT, gotcha
Reposted by Opalsec
An Iranian security firm is behind a years-long hacking campaign that targeted airlines all over the world.
Security firm Amnban is allegedly one of the contractors behind an Iranian hacking group known as APT39.
blog.narimangharib.com/posts/2025%2...
Security firm Amnban is allegedly one of the contractors behind an Iranian hacking group known as APT39.
blog.narimangharib.com/posts/2025%2...
The Amnban Files: Inside Iran's Cyber-Espionage Factory Targeting Global Airlines
They called themselves cybersecurity experts. They're actually Tehran's digital hit squad.Someone handed me the keys to the kingdom—gigabytes of data ripped ...
blog.narimangharib.com
July 20, 2025 at 7:18 PM
An Iranian security firm is behind a years-long hacking campaign that targeted airlines all over the world.
Security firm Amnban is allegedly one of the contractors behind an Iranian hacking group known as APT39.
blog.narimangharib.com/posts/2025%2...
Security firm Amnban is allegedly one of the contractors behind an Iranian hacking group known as APT39.
blog.narimangharib.com/posts/2025%2...
Reposted by Opalsec
Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...
A prolific hacking group that's shutdown retailers and insurance companies turns to aviation
A cyberattack on WestJet last week is likely tied to the Scattered Spider gang, a source tells Axios.
www.axios.com
June 27, 2025 at 5:28 PM
Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...
Reposted by Opalsec
I took a look at the changes to Microsoft Recall, which is rolling out to compatible Windows devices soon.
Photographic memory that stores all your deleted messages, keystrokes etc 😅
doublepulsar.com/microsoft-re...
Photographic memory that stores all your deleted messages, keystrokes etc 😅
doublepulsar.com/microsoft-re...
Microsoft Recall on Copilot+ PC: testing the security and privacy implications
A look at the risks and tradeoffs with Microsoft Recall.
doublepulsar.com
April 21, 2025 at 9:26 PM
I took a look at the changes to Microsoft Recall, which is rolling out to compatible Windows devices soon.
Photographic memory that stores all your deleted messages, keystrokes etc 😅
doublepulsar.com/microsoft-re...
Photographic memory that stores all your deleted messages, keystrokes etc 😅
doublepulsar.com/microsoft-re...
"Defense Secretary Pete Hegseth shared detailed information about forthcoming strikes in Yemen on March 15 in a private Signal group chat that included his wife, brother and personal lawyer, according to four people with knowledge of the chat."
www.nytimes.com/2025/04/20/u...
www.nytimes.com/2025/04/20/u...
a man carrying a box in front of a sign that says no parking fire lane
ALT: a man carrying a box in front of a sign that says no parking fire lane
media.tenor.com
April 20, 2025 at 11:30 PM
"Defense Secretary Pete Hegseth shared detailed information about forthcoming strikes in Yemen on March 15 in a private Signal group chat that included his wife, brother and personal lawyer, according to four people with knowledge of the chat."
www.nytimes.com/2025/04/20/u...
www.nytimes.com/2025/04/20/u...
In the midst of a Trade War - would China actually pull the trigger on destructive cyber attacks using known footholds (think Volt & Salt Typhoon) in US critical infrastructure? 🤔
We've taken a closer look at how this could - and has - unfolded: opalsec.io/is-cyber-a-l...
#InfoSec #ThreatIntel
We've taken a closer look at how this could - and has - unfolded: opalsec.io/is-cyber-a-l...
#InfoSec #ThreatIntel
Is "Cyber" a Legitimate Weapon in a Tariff War?
Amidst the US-China trade war drama, would China actually pull the trigger on destructive cyber attacks using known footholds (think Volt & Salt Typhoon) in US critical infrastructure? Probably not, b...
opalsec.io
April 20, 2025 at 5:35 AM
In the midst of a Trade War - would China actually pull the trigger on destructive cyber attacks using known footholds (think Volt & Salt Typhoon) in US critical infrastructure? 🤔
We've taken a closer look at how this could - and has - unfolded: opalsec.io/is-cyber-a-l...
#InfoSec #ThreatIntel
We've taken a closer look at how this could - and has - unfolded: opalsec.io/is-cyber-a-l...
#InfoSec #ThreatIntel
Reposted by Opalsec
Chris Krebs (@thekrebscycle.bsky.social) is being politically persecuted, and in this week's Seriously Risky Business podcast @tom.risky.biz and I talk about why we're not expecting an outcry from angry cybersecurity executives
FULL VIDEO: www.youtube.com/watch?v=1oSJ...
AUDIO: risky.biz/SRB117/
FULL VIDEO: www.youtube.com/watch?v=1oSJ...
AUDIO: risky.biz/SRB117/
April 17, 2025 at 4:46 AM
Chris Krebs (@thekrebscycle.bsky.social) is being politically persecuted, and in this week's Seriously Risky Business podcast @tom.risky.biz and I talk about why we're not expecting an outcry from angry cybersecurity executives
FULL VIDEO: www.youtube.com/watch?v=1oSJ...
AUDIO: risky.biz/SRB117/
FULL VIDEO: www.youtube.com/watch?v=1oSJ...
AUDIO: risky.biz/SRB117/
Reposted by Opalsec
In a last-minute switch, the #CISA said it will continue funding a contract for #MITRE to manage the CVE program and other vulnerability databases. via @derekbjohnson.bsky.social cyberscoop.com/cisa-reverse...
CISA reverses course, extends MITRE CVE contract
While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system.
cyberscoop.com
April 16, 2025 at 2:54 PM
In a last-minute switch, the #CISA said it will continue funding a contract for #MITRE to manage the CVE program and other vulnerability databases. via @derekbjohnson.bsky.social cyberscoop.com/cisa-reverse...
Reposted by Opalsec
This makes no sense if you look at it from a targeting point of view. Why would the NSA even go after a sporting event. There isn't anything of worth for an intel op there.
This looks like a political move, China falling for a false flag, or just a straight-up made up case
This looks like a political move, China falling for a false flag, or just a straight-up made up case
Chinese state media: police in Harbin accuse the NSA of launching "advanced" cyberattacks during the Asian Winter Games in February 2025 and name three agents (Reuters)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
April 15, 2025 at 11:14 AM
This makes no sense if you look at it from a targeting point of view. Why would the NSA even go after a sporting event. There isn't anything of worth for an intel op there.
This looks like a political move, China falling for a false flag, or just a straight-up made up case
This looks like a political move, China falling for a false flag, or just a straight-up made up case
Reposted by Opalsec
@campuscodi.risky.biz did a great write up on an APT10's clever use of the Windows Sandbox to keep malware stealthy... running malware in Windows Sandbox via a scheduled task from a separate account is smart.
You don't gotta hand it to 'em etc.
risky.biz/risky-bullet...
You don't gotta hand it to 'em etc.
risky.biz/risky-bullet...
Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts - Risky Business Media
A Chinese cyber-espionage group named MirrorFace (aka Earth Kasha, APT10) is abusing the Windows Sandbox virtual environment to hide the e [Read More]
risky.biz
April 15, 2025 at 3:36 AM
@campuscodi.risky.biz did a great write up on an APT10's clever use of the Windows Sandbox to keep malware stealthy... running malware in Windows Sandbox via a scheduled task from a separate account is smart.
You don't gotta hand it to 'em etc.
risky.biz/risky-bullet...
You don't gotta hand it to 'em etc.
risky.biz/risky-bullet...
Reposted by Opalsec
Palo Alto looks at Slow Pisces, a North Korean APT and its recent campaign that targeted cryptocurrency developers on LinkedIn, posing as potential employers, and sending malware disguised as coding challenges.
unit42.paloaltonetworks.com/slow-pisces-...
unit42.paloaltonetworks.com/slow-pisces-...
April 15, 2025 at 12:34 PM
Palo Alto looks at Slow Pisces, a North Korean APT and its recent campaign that targeted cryptocurrency developers on LinkedIn, posing as potential employers, and sending malware disguised as coding challenges.
unit42.paloaltonetworks.com/slow-pisces-...
unit42.paloaltonetworks.com/slow-pisces-...
Reposted by Opalsec
Noticed a bunch of these ornate gold medallions slapped all over the Oval Office. We found em on Alibaba. “High-density Home Decoration Polyurethane Appliques Ornament PU Foam Veneer Accessories” from seller Guangzhou Homemax Decorative Material Limited.
sherwood.news/power/shop-t...
sherwood.news/power/shop-t...
April 15, 2025 at 9:07 PM
Noticed a bunch of these ornate gold medallions slapped all over the Oval Office. We found em on Alibaba. “High-density Home Decoration Polyurethane Appliques Ornament PU Foam Veneer Accessories” from seller Guangzhou Homemax Decorative Material Limited.
sherwood.news/power/shop-t...
sherwood.news/power/shop-t...
Reposted by Opalsec
#Chinese law enforcement places #NSA operatives on wanted list over alleged #cyberattacks. The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games. via @timstarks.bsky.social youtu.be/SAPjQxbruL0?...
Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
YouTube video by CyberScoop
youtu.be
April 15, 2025 at 9:57 PM
#Chinese law enforcement places #NSA operatives on wanted list over alleged #cyberattacks. The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games. via @timstarks.bsky.social youtu.be/SAPjQxbruL0?...
Reposted by Opalsec
Dutch police study on ransomware:
-companies with cyber insurance pay almost 2.8 times bigger ransoms than non-insured ones
-95/100 have to pay ransomware groups or go bankrupt
-those with backups paid ransoms 27 times less often
cyberpolice.gov.ua/news/infikuv...
-companies with cyber insurance pay almost 2.8 times bigger ransoms than non-insured ones
-95/100 have to pay ransomware groups or go bankrupt
-those with backups paid ransoms 27 times less often
cyberpolice.gov.ua/news/infikuv...
April 15, 2025 at 3:30 PM
Dutch police study on ransomware:
-companies with cyber insurance pay almost 2.8 times bigger ransoms than non-insured ones
-95/100 have to pay ransomware groups or go bankrupt
-those with backups paid ransoms 27 times less often
cyberpolice.gov.ua/news/infikuv...
-companies with cyber insurance pay almost 2.8 times bigger ransoms than non-insured ones
-95/100 have to pay ransomware groups or go bankrupt
-those with backups paid ransoms 27 times less often
cyberpolice.gov.ua/news/infikuv...
Reposted by Opalsec
Reposted by Opalsec
🚨 New ASR rules are now GA:
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
ASRGEN
Access ASRGEN here on https://asrgen.streamlit.app/
asrgen.streamlit.app
April 14, 2025 at 8:15 PM
🚨 New ASR rules are now GA:
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
Reposted by Opalsec
Reposted by Opalsec
I guess because like five of us are saying something, what was done to @thekrebscycle.bsky.social is an absolute injustice and a mockery of his selfless service.
America no longer supports or protects critical infrastructure defenders. I hope someone else appreciates him a lot more.
America no longer supports or protects critical infrastructure defenders. I hope someone else appreciates him a lot more.
April 12, 2025 at 2:31 AM
I guess because like five of us are saying something, what was done to @thekrebscycle.bsky.social is an absolute injustice and a mockery of his selfless service.
America no longer supports or protects critical infrastructure defenders. I hope someone else appreciates him a lot more.
America no longer supports or protects critical infrastructure defenders. I hope someone else appreciates him a lot more.