@signalapp
Signal selected Google Gmail as their email provider.

Consider asking for a public PGP encryption key if you are concerned about Google accessing the content of your message, this can provide end-to-end encryption of the message content but the metadata will be available to Google.

Signal: Please publish a key on your website.

Gmail PGP encryption options: https://mastodon.online/@blueghost/114748498901944225

#Signal #Google #Gmail #Encryption #E2EE #Privacy #CyberSecurity #InfoSec #Mailvelope #Thunderbird

When one trick isn't enough… this actor brings the whole toolbox.

Actors start mixing techniques like a cyber cocktail:

- Cloud abuse with AWS S3 lures
- Algorithmically generated (RDGAs) for agility and evasion
- Redirect chains to keep analysts guessing
- TDS filtering to target victims
- Social engineering with fake alerts ("Your cloud storage is full!") or irresistible offers ("Get Netflix for free!")
- Payment scams as the final sting

Here's how it works: The actor is leveraging SMS messages to lure victims into clicking links that point to Amazon S3 buckets. The SMS links are the initial redirection point, silently forwarding the victim to the first bulk registered (RDGA) domain. The redirection is seamless, making it difficult for the victim to notice anything suspicious.

From there, the actor uses multiple RDGA algorithms to generate domains that host scam and scareware campaigns. These domains feature a variety of deceptive themes, such as fake Netflix promotions, "Your Cloud Storage is Full" alerts, or "Failed Payment" warnings.

Once the victim clicks, the redirection chain continues through custom TDS (Traffic Distribution System) domains—also powered by RDGA—before finally landing on a fraudulent payment gateway. Here, victims are tricked into subscribing to fake antivirus products, counterfeit Netflix accounts, or other bogus services.

The top left and right sections showcase different types of lures used in the attack, while the bottom section illustrates how the victim is redirected to rogue payment gateways.

IOCs
protectionsessionactivities[.]top
scanner-detected-protection-network[.]top
internetadvancedsecuritysession[.]autos
detectedservicesoftwareissue[.]autos
cleanalertsafe[.]top
cleanalertsafequick[.]top
cleansafedevicefix[.]top
clean-alert-safe-quick[.]top
quicksaferiskfree[.]top
safe-install-free-faster[.]top
safeinstallfreefaster[.]top
securedsafeservicesecurity[.]autos
quicksaferisk[.]top

#Infoblox #dns #adtech #InfobloxThreatIntel #threatintelligence #cybercrime #cybersecurity #infosec #threatintel #tds #scam

3.) For those who aren't using #encrypted #CloudStorage, #Veracrypt is an easy way to create an encrypted container you could then upload to the cloud.

4.) For added security, even on an already encrypted system drive, you can place personal documents inside of a Veracrypt container you've created that can otherwise be inaccessible. Useful for an added layer of #security or on shared workstations depending on scenario.

#GlobalEncryptionDay #Infosec #Encryption

Some things to note and some use cases for #Veracrypt:

1.) #LUKS provides a way to #encrypt #linux drives. Veracrypt is not the answer for your system drive, but additional drives can be fully #encrypted and mounted using it.

2.) #PlausibleDeniability is what #HiddenContainers offer by having one #password that opens the outer container where you can store files, with a secondary container accessible with a different password.

#GlobalEncryptionDay #Infosec #Security #Encryption

October 21st is #GlobalEncryptionDay

For those who aren't yet aware of this application that's #CrossPlatform, easy to use, has a helpful #FAQ guide if need be, i'll briefly describe #Veracrypt

With Veracrypt you can create #encrypted containers, hidden secondary containers within encrypted containers, #encrypt drives and it also offers an alternative to #Bitlocker if desired if running a #Windows OS that is NOT a #DualBoot scenario

https://veracrypt.io/en/Downloads.html

#Linux #MacOS #Infosec #Security

October 21st is #GlobalEncryptionDay

For those who aren't yet aware of this application that's #CrossPlatform, easy to use, has a helpful #FAQ guide if need be, i'll briefly describe #Veracrypt

With Veracrypt you can create #encrypted containers, hidden secondary containers within encrypted containers, #encrypt drives and it also offers an alternative to #Bitlocker if desired if running a #Windows OS that is NOT a #DualBoot scenario

https://veracrypt.io/en/Downloads.html

#Linux #MacOS #Infosec #Security

WhatsApp, doc?

We recently observed about 800 lookalike domains impersonating WhatsApp. These domains are all on the .com, .cc, and .cn TLDs and exhibit a few naming patterns:

Randomized short .cc domains:
- whatsqgs[.]cc, whatsqka[.]cc, whatsqys[.]cc

Structured .com domains:
- app-<3 letters>-whatshktw[.]com
- app-<3 letters>-whatsappcc[.]com

Structured .cn domains:
- <4 letters>-wahtsapp[.]cn

These domains were all created within the last 20 days, tops, and given the bulk registration and consistent infrastructure, point to a coordinated campaign. All 800+ domains are hosted in ASN 205960 (KR, 'IP Transit'), share the same nameserver domain (domainnamedns[.]com), and embed a highly-suspicious Chinese analytics loader from aizhantj[.]com (seriously, this thing is weird; check the references below). The sites present fake WhatsApp login/download portals in Chinese, suggesting East-Asian targeting.

Selection of IOCs
app-xfn-whatsappcc[.]com
app-xbb-whatsappcc[.]com
app-wum-whatshktw[.]com
ptjh-wahtsapp[.]com
kemc-wahstapp[.]cn
hzfv-wahstapp[.]cn
iiqu-wahstapp[.]cn
ggeu-wahstapp[.]cn
whatsyuy[.]cc
xjdp-wahstapp[.]cn
yaue-wahstapp[.]cn
zvxd-wahstapp[.]cn

References
https://urlscan.io/result/0199f335-4b61-76ca-851f-c832a7d5f9bd/#transactions (tj.js is the weird analytics GET request)
https://urlscan.io/result/0199f34a-e9a8-7788-a057-29a6c9a3f133 (the loader itself)
https://www.shodan.io/search?query=aizhantj.com

#infoblox #phishing #lookalikes #infosec #threatintel #dns #whatsapp

Breaking News: #F5 Networks is renaming itself to ALT-F4 to better reflect shifting market dynamics.

#infosec #infosecjokes

Breaking News: #F5 Networks is renaming itself to ALT-F4 to better reflect shifting market dynamics.

#infosec #infosecjokes

Man behind PowerSchool breach that exposed Canadian students' data sentenced to 4 years in prison https://www.cbc.ca/news/canada/powerschool-hack-sentencing-9.6939040#InfoSec #FAFO#Privacy

Man behind PowerSchool breach that exposed Canadian students' data sentenced to 4 years in prison https://www.cbc.ca/news/canada/powerschool-hack-sentencing-9.6939040#InfoSec #FAFO#Privacy

Microsoft Office 2016 and Office 2019 are no longer receiving software updates, technical support, or bug and security fixes.

Consider migrating to LibreOffice.

Microsoft recommends migrating to a Microsoft 365 subscription.

LibreOffice supports the features that a majority of users need for free.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

4/4

#Microsoft#Office2016#Office2019#Office #LibreOffice#Privacy#InfoSec#CyberSecurity#Encryption#FOSS#FreeSoftware#OpenSource

Microsoft Office 2016 and Office 2019 are no longer receiving software updates, technical support, or bug and security fixes.

Consider migrating to LibreOffice.

Microsoft recommends migrating to a Microsoft 365 subscription.

LibreOffice supports the features that a majority of users need for free.

Website: https://www.libreoffice.org
Mastodon: @libreoffice

4/4

#Microsoft#Office2016#Office2019#Office #LibreOffice#Privacy#InfoSec#CyberSecurity#Encryption#FOSS#FreeSoftware#OpenSource