These three ex-Conti extortion gangs are responsible for the surge of 'BazarCall' callback phishing schemes. bleepingcomputer.com/news/security/…

Advanced Intel's Vitali Kremez has published a BazarCall advisory. The “BazarCall” style attack, or call back phishing, is an attack vector that utilizes targeted phishing methodology and first emerged in 2020/2021 as a tool of Ryuk (later rebranded Conti). advintel.io/post/bazarcall…

⚡️Timely report on the latest Cobalt Strike domain fronting technique leveraging tyk[.]io. Many ex-Conti groups leverage this domain fronting technique for Cobalt Strike beacon resolver/traffic. Watch out for tyk[.]io traffic. shells.systems/oh-my-api-abus…

We're publishing so much great stuff in coming days. There's another Between Two Nerds episode with Tom Uren and thaddeus e. grugq, plus Catalin Cimpanu interviews Vitali Kremez about his call that Ransomware as a Service is dying. Risky Biz News RSS risky.biz/subscribe

Insight:⚡️#Emotet loader-as-a-service infection metrics globally for 2022 of ~1,300,000 unique bot_ids / top targeted infected by loader (including honeypot activity). Still alive but on a general decline. The public report is incoming.

📌We have observed the "Anti-Putin" messages from Cobalt Strike flooding activities mapped to ex-Conti cybercrime enterprise members.

Ionut Ilascu Someone is hitting Cobalt Strike servers used by former members of the Conti ransomware gang with messages urging to stop Russia's war: “Stop the war!” “15000+ dead Russian soldiers!” “Be a Russian patriot!” "Stop Putin!"

The Week in Ransomware - September 9th 2022 - Schools under fire - Lawrence Abrams bleepingcomputer.com/news/security/…

🔥Breaking Blog: AdvIntel's State of #Emotet aka "#SpmTools" Displays Over Million 🌎Compromised Machines Through 2⃣0⃣2⃣2⃣ Insight: *⃣Emotet infection chain is currently attributed to #Quantum & #BlackCat ransomware chains. advintel.io/post/advintel-…

The Week in Ransomware - September 16th 2022 - Iranian Sanctions - Lawrence Abrams bleepingcomputer.com/news/security/…

Offsecurity: First time flying as a private pilot single engine land from east -> west coast of Florida. Aircraft: Cessna 172N IFR training and rotorcraft add-on next!

New Royal Ransomware emerges in multi-million dollar attacks - Lawrence Abrams bleepingcomputer.com/news/security/…

#Royal ransomware operation in action.

The Week in Ransomware - October 21st 2022 - Stop the Presses - Lawrence Abrams bleepingcomputer.com/news/security/…