Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @yorickkoster
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @yorickkoster
-
Yorick Koster Retweeted
ThreatFabric writes about ERMAC, a new Android banking trojan based on Cerberus and operated by BlackRock actor(s). https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html …pic.twitter.com/sTzYKT8Ln3
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
ERMAC, a new
#Android malware that is already being widely distributed as part of an ongoing campaign, steals users' financial information and login passwords from 378 banking and wallet apps. Read details: https://thehackernews.com/2021/09/new-android-malware-steals-financial.html …#infosec#cybersecurity#hackingThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Some MTI context on
#ERMAC (new bot based on Cerberus) as reported by@malwrhunterteam, its operated by the threat actor behind#BlackRock, considering his strong track record targeting 378 banking and wallet apps we expect to see more in the coming days.https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
"Big name" company
@Cloudmark@proofpoint say something -> mainstream news jumps on it. Meanwhile the reality: that "new" malware is not new & some "not big name" people (us) tweeted about this campaign multiple times before, but ofc for mainstream "small people" not exists... pic.twitter.com/lLwE5Y9uWxShow this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Repeat after me.. the bug belongs to the researcher! If the researcher chooses to print the exploit in ASCII hex and hang it from a bridge after finding it.. that’s up to them.https://twitter.com/0xAmit/status/1440859328534155267 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Using chimera technique to abuse
#CVE-2021-40444. File path with ?.wsf as suffix and manipulated RAR archive: https://github.com/Edubr2020/CVE-2021-40444--CABless …#mirosoft#security#CVE202140444#exploitThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Generating a
@fridadotre hook with@radareorg to intercept traffic from Android flutter based apps. r2pipe script performs basic search and pattern matching to find ssl_crypto_x509_session_verify_cert_chain(). Inspired by@NVISO_Labs 's blogposts. https://github.com/Hamz-a/boring-flutter …pic.twitter.com/GP9v05b747Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out pic.twitter.com/9I379X0MZL
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
#cerberus_v4 Android banking trojan src and builder panel leak is a fact, we are already see an increase in new samples.pic.twitter.com/gC3DsKOrWEThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
The Community Kit has been growing and now has 60+ projects. The research behind these projects is fantastic. Thanks to everyone who has shared their work. Consider following me and
@CoreAdvisories for updates.https://cobalt-strike.github.io/community_kit/Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
As
@splinter_code mentioned, the use of a .JS: (and other) URI can result it pretty trivial code execution of a local script: https://twitter.com/splinter_code/status/1437536703040917509 … IE seems to prompt before using URIs. However, Word using the ITW exploit works fine. Perhaps this is why it's so complicated?pic.twitter.com/3LssUERu27Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
As we promised on Friday, here is an update to our blog on
#SOVA, describing all the new features implemented, like 2FA grabber and automated session stealer.https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html#updates …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
After testing another CVE-2021-40444 sample that works with html+cab payload on a remote web server, I can now confirm that "mhtml:" and "x-usc:" are not needed in the remote OLE URL for the exploit to work. But the double URL http:...!http:... seems required.https://twitter.com/decalage2/status/1436085507663056898 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
CVE-2021-40444 PoCs are being shared on private forums. We will now share the PoC we received. However, additions have been made to what we are releasing. It contains 3 HTML script variants. https://vx-underground[.]org/tmp/CVE-2021-40444.rarpic.twitter.com/fqqmTERETv
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Not sure if Microsoft fixed this (my VM is unpatched). But it works in explorer preview mode via RTF: https://twitter.com/buffaloverflow/status/1435596990650503168 …pic.twitter.com/H5cdmL8tpX
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
btw, it's not just CVE-2021-40444 that this trick is useful for. For example, it works for other RTF-based vectors too, e.g. https://www.securify.nl/blog/click-me-if-you-can-office-social-engineering-with-embedded-objects … https://twitter.com/buffaloverflow/status/1435607956205326336 …pic.twitter.com/CJrLA2JlbH
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
Several banking,
#cryptocurrency wallets, and shopping apps are the target of a newly discovered#Android trojan that could enable attackers to siphon sensitive data from infected devices, including credentials and open the door for on-device fraud.https://thehackernews.com/2021/09/sova-new-android-banking-trojan-emerges.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
The new campaign comes with new features: - 2FA stealer - Country checks to defend CIS devices - Telegram API support to receive information - Emulator checks - Manufacturer specific modules - App download support Stay tuned, we will update our blog to tell you more!
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
A new banking trojan S.O.V.A with great ambitions discovered: cookie stealing becoming a new trend. Check out our new blog
#sova:https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Yorick Koster Retweeted
#Cabassous (#FluBot) 4.9 is out with new overlay targets for Android banking apps in USA , UK , Ireland + Crypto wallets!pic.twitter.com/pwHYY7T4UNThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.