Steven Adair @stevenadair
President @Volexity | Malware Analyst's Cookbook | Not easily rattled 😂 United States Joined June 2009-
Tweets518
-
Followers3K
-
Following417
-
Likes341
🧵Last week we (@Volexity) identified and reported in-the wild (ITW) exploitation of CVE-2024-3400 affecting Palo Alto GlobalProtect 👇 volexity.com/blog/2024/04/1… #dfir #ThreatIntel #infosecurity
Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our @Volexity team and our awesome customers & a great response from the @PaloAltoNtwks team.
Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our @Volexity team and our awesome customers & a great response from the @PaloAltoNtwks team.
Hmm search results on @SoundCloud don’t show the numbers of plays or favorites anymore? 👎 😢 @SCsupport
Following @Volexity's initial discovery & reporting on recent Ivanti Connect Secure vulnerabilities, @CISAgov released a joint advisory that warns #threatactors continue to exploit these vulnerabilities. More details + mitigations here: cisa.gov/news-events/cy… #dfir #threatintel
Following @Volexity's initial discovery & reporting on recent Ivanti Connect Secure vulnerabilities, @CISAgov released a joint advisory that warns #threatactors continue to exploit these vulnerabilities. More details + mitigations here: cisa.gov/news-events/cy… #dfir #threatintel
This is a crazy wreck. Drove by this on ramp they landed on just a police got there. Car was facing wrong way on the 57A entrance to 50 from 66W. A woman was laying on the ground next to the car. Had no idea 4 other people were in the car, it was stolen, & found with a gun. Wild!
This is a crazy wreck. Drove by this on ramp they landed on just a police got there. Car was facing wrong way on the 57A entrance to 50 from 66W. A woman was laying on the ground next to the car. Had no idea 4 other people were in the car, it was stolen, & found with a gun. Wild!
.@Volexity consistently observes Iranian #apt group CharmingCypress innovate ways to persistently pursue targets. This blog reviews the group's phishing tactics & malware + investigates an attack with Volexity Volcano: volexity.com/blog/2024/02/1… #dfir #threatintel #memoryforensics
In this blog post, @iMHLv2 + @attrc break down how @Volexity used #memoryforensics to discover two #0days being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices. More details here: volexity.com/blog/2024/02/0… #dfir #threatintel
.@Volexity shares new observations on cont'd widespread exploitation of Ivanti Connect Secure VPN vulnerabilities. Now, 2100+ compromised devices & UTA0178 observed modifying built-in Integrity Checker Tool to evade detection. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
Hah just opened up @YouTube to see one of those fake your iPhone has a virus ads. This was right at the top of the home page in YouTube. Who would fall for this while scrolling through videos?
PHOTOS: We are asking for the community’s assistance in locating the driver and car involved in a fatal pedestrian hit-and-run in Lanham. The victim is 28-year-old Franklin Membreno Mendez of New Carrollton. tinyurl.com/2df8f97r
All these messages going around about an active but mysterious and illusive 0day in @signalapp remind me of the old chain email messages people used to forward around. 😂
All these messages going around about an active but mysterious and illusive 0day in @signalapp remind me of the old chain email messages people used to forward around. 😂
Don't miss @tlansec's talk at 12:00 BST tomorrow, Oct 5, at #VB2023 in London! He will share @Volexity's research + observations of a North Korean #apt using unique, persistent #socialengineering techniques to target victims. More here: virusbulletin.com/conference/vb2… #threatintel #dfir
Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownJohn Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClChris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMJohn Hultquist @JohnHultquist
28K Followers 1K Following Chief Analyst, Mandiant Intelligence @Google. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsmRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistJ. A. Guerrero-Saade @juanandres_gs
15K Followers 254 Following AVP of SentinelLabs @ SentinelOne. Distinguished Fellow @ Hopkins SAIS Alperovitch Institute. LABScon Founder, Cyber Paleontologist, Fourth-Party Collector.Paul Melson @pmelson
15K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/HimWill @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilNick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️Tyler McLellan @tylabs
3K Followers 599 Following Intrusion aficionado. @Google/@Mandiant Advanced PracticesSilas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,briankrebs @briankrebs
348K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwpRyan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_iobk (Ben Koehl) @bkMSFT
3K Followers 751 Following Principal Threat Intelligence Manager at @Microsoft Threat Intelligence Center (MSTIC).Kris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.0utc4st @0utc4st___
0 Followers 120 Followingflk @flk_____
19 Followers 92 FollowingNourpal @NourpalX
201 Followers 409 Following #TSLA investor since 2018 - no investment advice https://t.co/Z7WPZS6OquBrian Heemsoth @bheemsoth
171 Followers 532 Following InfoSec, skier, mountain biker, NY sports fan, Bob Vila wannabeChris @chrismitchell26
9 Followers 1 FollowingVictor Royer @VictoPatate
4 Followers 413 FollowingJakub Řehák @KUBAREHAK
28 Followers 1K FollowingHssain Aitkadir 🇲�.. @AitkadirHssain
140 Followers 1K Following Computer science student @1337FIL,CTFer, PentesterLorenzo Pirondini @LorenzoPirondin
224 Followers 2K FollowingActiÒn Adam @actionadam1
76 Followers 1K Followingoss daou @DaouOss41548
11 Followers 124 FollowingHill.Book.Lab @hill_book_lab
7 Followers 64 FollowingWendi Whitmore @wendiwhitmore
3K Followers 470 Following SVP, Palo Alto Networks Unit 42. Member DHS CSRB, WEF Cybersecurity Council. USAF Veteran.Former CrowdStrike, Mandiant, & IBM Security X-Force.All views my own.Youssef Awad @pharaoh443
31 Followers 642 Following Jr Penetration tester | CTF player | bug bounty hunter eJPT | OSCP | eCPPTv2chxr @chxr
448 Followers 2K Following Emprendimiento, Inversión Inmobiliaria, Finanzas personales, Trading #Forex #xauusd #usdclpMuhammad Hendro @hendro_jun
349 Followers 2K Followinghnfull @hnfull
1 Followers 123 FollowingMesa @CTI17834514
0 Followers 152 FollowingAnshuman Srivastava @TweetAnshumaan
262 Followers 3K Following Networking + Cyber Security - Firewalls + Ethical Hacking & Penetration Testing EnthusiastKushal Awaghad @itzzkushal
22 Followers 125 Following🍄 @meteorVector
19 Followers 179 Following network and infosec professional seeking opportunities in BLR, INSalaheddin Darwish @SalahDrwish
7 Followers 266 Following Senior Cyber and Info Security Risk AnalystAaron Gill 3-iT @agarillon
74 Followers 429 Following Things Tech; Snow; and Mo. Delicious Things too.Kokomo @Kokomo09799964
2 Followers 67 FollowingMyourml @myourml
35 Followers 806 Followingrewscel @rewscel
32 Followers 687 FollowingSliffer84 @Sliffer84
20 Followers 282 FollowingLOLExec @Urahara3389
224 Followers 1K Following NSFOCUS M01N Security Team Team RedBlue/CTI Researcherrunmalware🇹🇭 @runmalware
11 Followers 53 Following ชื่อภานุพงษ์ ชื่อเล่น เก่ง (Panupong , Nickname : keng) 🇹🇭Cybersecurity , Malware Hunter , DFIR , Dad of 2 girls , เรื่องราวส่วนตัวทั้งหมด เล่นตามความพอใจPravin dalvi @pravin30dalvi
5 Followers 86 FollowingWOKENESS is a DISEASE @WOKE_DISEASE
7K Followers 7K Following Woke = joke 🤡🏳️⚧️🫃😷💉🇨🇳#AntiWoke #SaveAmerica #GoWokeGoBroke #AntiVax #AntiSocialism #AntiCommunism #WokeMindVirus #1A #2A #LGB #FJB #ProLife #USA 🇺🇸Rob Herrera @Cy832Sec
488 Followers 2K Following Dad to @DH27_Baseball | InfoSec Engineer | Asst coach KHS #Baseball - "Uneven" (College baseball 11.7 link below) | Phil 4:13 #cybersecurity #infosec 🇵🇷🇺🇸DFIR_Joe @DFIR_J
8 Followers 504 FollowingAndré Hornæs @latterkicker
26 Followers 927 FollowingOmar Ahmed @omarahmad1590
37 Followers 349 Following لا أؤمن بالصدفة ،كنت دائماً أري اللَّه في كل شئ.TOM K @KTmfkd
39 Followers 366 Followingsyllaw @syllaw0x
164 Followers 2K Following Just another infosec BBB random guy Most of like = bookmarkAlan Newcomer @ANewcomer_
46 Followers 369 FollowingSimone Kraus @simonekrausora1
384 Followers 738 Following Content and opinions on this account are own views. These views are my own and do not represent those of my company.Fco. Abad @Francisco_Abad
294 Followers 2K Following HUSBAND | EDITH Y FAROUK DAD | SON | BROTHER | UNCLE | DRUMIE | IT SECURITY PRO | GUARDIANS | LICEY | PACERS | JESUS FREAK 'rt no significa de acuerdo'Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]John Hultquist @JohnHultquist
28K Followers 1K Following Chief Analyst, Mandiant Intelligence @Google. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.ESET Research @ESETresearch
32K Followers 30 Following Security research and breaking news straight from ESET Research Labs.J. A. Guerrero-Saade @juanandres_gs
15K Followers 254 Following AVP of SentinelLabs @ SentinelOne. Distinguished Fellow @ Hopkins SAIS Alperovitch Institute. LABScon Founder, Cyber Paleontologist, Fourth-Party Collector.@mikko @mikko
231K Followers 932 Following Technology speaker and author. Chief Research Officer at WithSecure.John Lambert @JohnLaTwC
44K Followers 787 Following Corporate Vice President, Security Fellow, Microsoft Security Research, johnla(AT)https://t.co/3dGtq71NbyWill @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilNick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️Tyler McLellan @tylabs
3K Followers 599 Following Intrusion aficionado. @Google/@Mandiant Advanced PracticesSilas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,briankrebs @briankrebs
348K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwpHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.Ryan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_iobk (Ben Koehl) @bkMSFT
3K Followers 751 Following Principal Threat Intelligence Manager at @Microsoft Threat Intelligence Center (MSTIC).Kris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.Kim Zetter @KimZetter
95K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1fthaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaChris @cbecks_2
737 Followers 2K Following Infosec and the Green Bay Packers. Interested in all things DFIR, Detection Engineering, Purple, and CTI. Opinions are mine, certainly not those of my employer.Winnona 💾 @__winn
3K Followers 2K Following Harvard & Georgetown MPP/JD candidate. @CyberStatecraft / @BelferCenter fellow, ex-Google threat research. Dog mom. Opinions=my own 👩🏻💻Jen Easterly🛡️ @CISAJen
61K Followers 422 Following Director, America’s Cyber Defense Agency/Head Goalie, Team Cyber. Combat Veteran. Proud Mom. Rubik’s🧊 Enthusiast. Aspiring Electric 🎸. ❤️/RT ≠ endorsementDaniel Gordon @ValidHorizon
694 Followers 288 Following Thought Trailer, Cyber Threat Intel, DFIR, and influence operations. Blocked by a lot of terrible people. He/him ValidHorizon on the other siteLindsey O'Donnell Wel.. @LindseyOD123
3K Followers 2K Following Executive editor at @DecipherSec. Previous @ThreatPost, @CRN, @Holy_cross, @DJNF alum Hit me up on Signal: lindseyodwelch.22Dominican Republic @GoDomRep
62K Followers 2K Following The official page of Dominican Republic Ministry of Tourism 🇩🇴 Tag @GoDomRep, #GoDomRep or #BeAllYouWant to be featured.Harrison Green @hgarrereyn
1K Followers 249 Following PhD student @S3DatCMU @CyLab | Reverse Engineer @DiceGangCTF | Senior Otter @osec_io | prev. @Margin_Research, @forallsecure, @LabDurrantCybersecurity and Inf.. @CISAgov
279K Followers 109 Following America's Cyber Defense Agency and National Coordinator for critical infrastructure security & resilience. Likes, RTs, follows ≠ endorsements.Martijn Grooten (@mar.. @martijn_grooten
10K Followers 538 Following Cyber optimist. Researcher, reader, runner. Lapsed mathematician. Digital Security Threat Analyst @internews. Also @stopstalkerware, @civilsphere etc. He/they.Maddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.Dan Raywood @DanRaywood
10K Followers 629 Following 23 years in B2B journalism, 15+ years covering cyber. He/Him #COYSMatt Linton @0xMatt
7K Followers 773 Following #DFIR with a lot of focus on the IR part. Cellist, NASA Alum, Parrot lover, USAR & EMS do-er. https://t.co/6zQWDo8q4aAnkur @kernelm0de
445 Followers 475 FollowingTAP Air Portugal @tapairportugal
100K Followers 507 Following Apoio ao Cliente: segunda a domingo das 7h30 às 24h (WET) // Customer Service: Monday to Sunday from 7h30 to 24h (WET). https://t.co/a4yM8w6SP3Evan Lambert @EvanLambertTV
17K Followers 6K Following DC Correspondent @NewsNation/ Interests: Justice, Federal Law Enforcement/ He,Him/ @UofMaryland Terp/ [email protected]/ [email protected]Nury Turkel @nuryturkel
17K Followers 3K Following Lawyer & Author of award winning book, "NO ESCAPE"Aidan Foster-Carter @fcaidan
8K Followers 8K Following 55 years as Korea-watcher & sociologist. Hon. fellow Leeds Univ, also freelance. Paterian, tx @Kate_Hext. Proud father of @scaleupdad, Rufus (12) & Laurie (7)Tibet.Net @CTA_TibetdotNet
17K Followers 24 Following Official Twitter page of the Central Tibetan Administration. News articles posted on https://t.co/M6E0DW2hLO are tweeted here. Retweets are not endorsements.Gentry Lane 🇮🇱�.. @BadassDoGooder
955 Followers 2K Following Defense tech CEO & cyberpower strategist. Fellow @PotomacInst & @MasonNatSec, Tech Panel @NATO S&T. Award-winning cake baker. @gentrylane.bsky.socialDavid Magnotti @davidmagnotti
303 Followers 300 Following Senior TI Analyst @AwsCloud. MSTIC alumni.Chris Long @Centurion
5K Followers 1K Following Director of Security at @material_sec @DetectionLab creator 日本語の生徒 Opinions are my ownchris doman @chrisdoman
5K Followers 3K Following Co-Founder @cadosecurity - Cloud Forensics & Incident Response - https://t.co/fuIUlGcB3D LinkedIn: https://t.co/Q1YJuNdgy5Dr. Anton Chuvakin @anton_chuvakin
40K Followers 8K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXGབསྟན་འཛ.. @tnzchok
74 Followers 84 FollowingChris Fry @chrisfrync
144 Followers 331 FollowingMike Scheck @mike_scheck
120 Followers 60 Followingotr @bockcay
281 Followers 2K Following Teach&Build https://t.co/WwHmOw8xpm, https://t.co/zIiPq7zhsy, https://t.co/cpzE163wufCatalin Cimpanu @campuscodi
112K Followers 1K Following Parked account. I don't post here anymore. Follow me on Mastodon: @[email protected]Dmitri Alperovitch @DAlperovitch
203K Followers 2K Following Geopolitics, NatSec, Great Power Competition, Cybersecurity. Chairman @SilveradoPolicy; Host @GeopolDecanted; Founder @alperovitch; Co-Founder @CrowdStrikePedram Amini @pedramamini
7K Followers 809 Following CTO at @InQuest. Previously founded @theZDI. Investor, advisor, hacker. NYC born, Austin transplant. I tweet about infosec and general nerdery.Paul Rascagnères @r00tbsd
17K Followers 2K Following Threat Researcher at @Volexity | Mastodon account: 🐘 @[email protected] |Cyber_OSINT @Cyber_O51NT
15K Followers 295 Following OSINT treasure hunter, investigator, Cyber Threat Intel analyst, cyberspace explorer. I enjoy studying cyber threat actors. Opinions are my own.Grayson BMW @GraysonBMW
2K Followers 1K Following Knoxville, TN premiere BMW dealership. An amazing inventory of Certified Pre-owned and New BMWs.Rémi Gaillard @nqtv
362K Followers 511 Following C'est en faisant n'importe quoi qu'on devient n'importe quiCharlie Gardner @zcracga
514 Followers 527 Following Senior threat intelligence analyst @volexity charliegardner on KeybaseFélix Aimé @felixaime
6K Followers 2K Following Threat Intelligence stakhanovite ⛏️ and proud dad. Former @Kaspersky & @CERT_FR. Principal CTI researcher at @sekoia_io, focused on state-sponsored stuff.Dalai Lama @DalaiLama
18.6M Followers 0 Following Welcome to the official twitter page of the Office of His Holiness the 14th Dalai Lama.michellequinn @michellequinn
5K Followers 6K Following Silicon Valley bureau chief @VOAnews former @mercnews @siliconbeat @politico Running fool, soccer hopeful, tech curious🧵Last week we (@Volexity) identified and reported in-the wild (ITW) exploitation of CVE-2024-3400 affecting Palo Alto GlobalProtect 👇 volexity.com/blog/2024/04/1… #dfir #ThreatIntel #infosecurity
Our latest blog post details @Volexity's identification & incident response associated with the Palo Alto Networks GlobalProtect #0day vuln, assigned CVE-2024-3400, that the team found being exploited in the wild. Read more here: volexity.com/blog/2024/04/1… #DFIR #ThreatIntel
Our team at @Volexity has identified a new 0day exploited in the wild. This time we caught a threat actor using an unauthenticated RCE in Palo Alto Networks GlobalProtect. It has been assigned CVE-2024-3400 and is covered in this @PaloAltoNtwks advisory security.paloaltonetworks.com/CVE-2024-3400
Arrests continue following Sunday morning street takeover. bit.ly/3TMjDwi
🚨IMPORTANT: Protect your networks from threat actors exploiting Ivanti gateway vulns to achieve persistence. 🙏to all of our partners who collaborated on this important advisory, including @Volexity, @Mandiant, & @GoIvanti: go.dhs.gov/Jeg
Following @Volexity's initial discovery & reporting on recent Ivanti Connect Secure vulnerabilities, @CISAgov released a joint advisory that warns #threatactors continue to exploit these vulnerabilities. More details + mitigations here: cisa.gov/news-events/cy… #dfir #threatintel
We released a Cybersecurity Advisory to assist organizations with understanding the ongoing exploitation of multiple vulnerabilities w/Ivanti Connect Secure & Policy Secure as well as ways to mitigate potential, dormant compromise. Learn more: go.dhs.gov/Jeg
This intervention by @radeksikorski 🇵🇱 in the 🇺🇳 Security Council today will be a classic. Not much left of 🇷🇺 after that.
The ongoing cyberwar between the U.S. and China has a new front: The FBI is warning that certain internet routers are being "hijacked" by Chinese hackers. scrippsnews.com/stories/fbi-ne…
Pretty big deal here, with thoughts, insights and context from @Volexity, @Mandiant, @GreyNoiseIO and @RecordedFuture
CISA orders federal agencies to disconnect Ivanti devices targeted by Chinese hackers, @AJVicens reports. scoopmedia.co/3UpBCLg
In this blog post, @iMHLv2 + @attrc break down how @Volexity used #memoryforensics to discover two #0days being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices. More details here: volexity.com/blog/2024/02/0… #dfir #threatintel
ELF x64 Rust malware deff93081ccb3fda7a12f6e9e3ad15ad (IOC from Volexity findings linked to recent Ivanti CS vulnerabilities) - TLDR: downloads a Sliver HTTP backdoor from hxxp://bringthenoiseappnew.s3.amazonaws[.]com/iEgJ4J7Uc9YgC - Sliver C2: hxxps://ntp.sysupdates[.]org 1/3
.@Volexity shares new observations on cont'd widespread exploitation of Ivanti Connect Secure VPN vulnerabilities. Now, 2100+ compromised devices & UTA0178 observed modifying built-in Integrity Checker Tool to evade detection. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
Last week, we shared details concerning a threat actor (UTA0178) exploiting #Ivanti Connect Secure 0-days. Initially few devices were compromised. Since Thursday the exploitation goes global. We identified over 1700 compromised appliances in the world. 1/2
Quick turnaround from targeted to mass exploitation of Ivanti Connect Secure VPN devices. Maintaining tempo is crucial for threat actors and so its not surprising to see an attempt to quickly extract as much value from their exposed tools as possible. Patch and investigate
.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
In collaboration with @Volexity we have added daily scans & reports of compromised Ivanti Connect Secure VPN instances. Data shared in our Compromised Website report, tagged "ivanti-connect-secure". 609 IPs found on 2023-01-16: shadowserver.org/what-we-do/net… dashboard.shadowserver.org/statistics/com…
.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
2023 Zero-day vulnerabilities Summary R1 - 14 Jan 2024 H/T @uuallan @pancak3lullz for the original idea (I was missing yours, so I made my own but included all zerodays, not just initial access for ransomware as the original was.)
.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
@stevenadair Great work. Appreciate you releasing this writeup.
@stevenadair Great work and thanks for the interesting write up. I have the feeling this will escalate to Citrix bleed scale…