Recent searches

No recent searches

Search options

Not available on photog.social.
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

246
active users

photog.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#malware

19 posts18 participants2 posts today
Infoblox Threat Intel

Last week we released the first of a three part VexTrio origin story. The second part is now available. This research includes more than 200 open source references to help others validate the results and start their own investigations.

As of Tuesday, August 5th, all of those links were valid and all went directly to open material …. so anything that is gone, or social media that is now closed… welp, that's the actors, not us. Feel free to report missing things in this thread. :)

The second part of this story focuses on the VexTrio activities that extend beyond their well-known traffic distribution systems (TDS). Enjoy.

#dns #threatintel #scam #tds #infoblox #spam #cybercrime #cybersecurity #infosec #malware

blogs.infoblox.com/threat-inte

Infoblox Blog · "Click to Allow" Robot Exposes VexTrio's Online Fraud EmpireWe reveal how VexTrio has profited from spam and scams for decades, gaining persistent access to victims through fake captchas and browser notifications.
*
Sheldon

I'm slightly amused by this phishing email. It's spoofing the "suspicious login activity" emails that we all get, but because it's fake and you obviously are not the person who is said to have logged in, the button can't say "This was me."

Instead, the prompt is reversed to say "This Wasn't Me."

I have to imagine the first version of this malicious email was composed in error and it actually did read "This Was Me" which would result in even the most gullible person not clicking it.

#malware#phishing#infosec
Renée Burton

VexTrio's origins come from two distinct groups: an Italian group we can date back to 2004 and a Russian-speaking Eastern European group. The Italians were quite successful early on, with a dating app that was among the fastest growing on Facebook in 2012. But our guess is that their profits slid in the years that followed. In 2020, there is an merger-acquisition which leaves the Eastern Europeans in charge. They gain the trademarks, knowledge in spam distribution, and who knows what else.

While developers remain in eastern Europe, VexTrio created business headquarters in Lugano, Switzerland. Including the existing AdsPro, which developed the Los Pollos, Taco Loco, and Adtrafico traffic distribution systems (TDS) through their software company HolaCode. (ok it's more complicated than that, but this is the cliffsnotes version). We have identified nearly 100 businesses associated with 8 key figures in many industries, including construction, energy, and advertising.

So in the end, what is VexTrio? It's hard to say. We originally used it to refer to the TDS. Nice clean lines... but now, for us it is all the people and their labyrinth of companies.

We spoke at BlackHat last week so if you have a briefings pass you can listen to that. Otherwise, find our research online and start your own investigation.

#dns#threatintel#scam
Amateur Human

It's not just #ai @scibooks is freely circulating #copyright material & every #mod should #ban to support the scientists whose living they're stealing
The website and advertisers also circulate #malware
That @physics regularly boosts these posts demonstrates that they don't care about the well-being of the #physicists, their rights over their own #physics work or the security of their own followers.
If they persist, these should also get blocked by all #scientists with a conscience
#science

PrivacyDigest

#Adult sites are stashing #exploit code inside racy .svg files

Dozens of #porn sites are turning to a familiar source to generate likes on #Facebook#malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle for sowing this malware—.svg image files.
#svg #security

arstechnica.com/security/2025/

Ars Technica · Adult sites are stashing exploit code inside racy .svg filesBy Dan Goodin
ManiabelChris

Freundliche Erinnerung für alle WinRAR-Nutzenden, da WinRAR keine Update-Automatik besitzt:
Es ist Zeit für ein Update auf Version 7.13, hier ziehen: win-rar.com/
Die nun behobene Schwachstelle CVE-2025-8088 wurde in Phishing-Angriffen als Zero-Day ausgenutzt, um die RomCom-Malware zu installieren.

win-rar.com/singlenewsview.htm

WinRAR download free and supportWinRARWinRAR - the data compression, encryption and archiving tool for Windows that opens RAR and ZIP files. Compatible with many other file formats.
#winrar#windows#update
Renée Burton

I promised another shoe would fall... here is part one of the VexTrio origin story. It is just too big for one entry, so a few more will come in the next few weeks... and this is still a small fraction of what we know. The story of malicious adtech has long legs.

We had great reception at BlackHat. One of the most common questions was: why are you giving this talk? Simple. It's a story that needs to be told and one that is too big to carry alone. We are looking for message carriers in the media, champions in the government, partners in the industry.

Organized crime, predominantly Russian speaking, has a strong foothold in the advertising world - and they are ensuring the delivery of everything from dating scams to information stealers. Let's root them out together.

boosts for awareness appreciated.

#dns #threatintel #scam #malware #infosec #cybersecurity #cybercrime #infoblox

blogs.infoblox.com/threat-inte

Infoblox Blog · VexTrio Unveiled: Inside the Notorious Scam EnterpriseWe expose adtech operators who partner with malware threat actors to commit digital fraud on a global scale through their affiliate advertising networks.
heise online English

Black Hat: If it’s smart, it’s vulnerable

There were many new attack methods on show at the Black Hat security conference. Optimism is the order of the day: software is becoming increasingly secure.

heise.de/en/news/Black-Hat-If-

heise online · Black Hat: If it’s smart, it’s vulnerableBy Lukas Grunwald
#Apple#BlackHat#Hacking
BGDon

Mircosoft's Project Ire, is building an autonomous system that uses specialized tools to reverse engineer and automatically dissect software files to understand how they work, what they do, and whether they’re malicious or benign. This kind of deep analysis is typically performed by human security experts.

Through iterative analysis, the LLM calls specialized tools through an API to identify and summarize key functions. Each result feeds into a “chain of evidence,” a detailed, auditable trail that shows how the system reached its conclusion. This traceable evidence log supports secondary review by security teams and helps refine the system in cases of misclassification.

microsoft.com/en-us/research/b #Microsoft #Software #Malware #Security #Ire #AI

Calishat

#security #malware #DigitalLiteracy

'When it comes to cybersecurity, humans are often seen as the weakest link, but new research suggests that with a little help, people can do a surprisingly effective job at identifying malware.'

uwaterloo.ca/news/media/youre-

Waterloo News · You’re better at spotting malware than you think | Waterloo NewsWhen it comes to cybersecurity, humans are often seen as the weakest link, but new research suggests that with a little help, people can do a surprisingly effective job at identifying malware. In a first-of-its-kind study, researchers from the University of Waterloo’s Cheriton School of Computer Science teamed up with University of Guelph cybersecurity experts to test how
Live feeds
About