securityXspace: a blog about cyber-philosophy.

Whether you’re attacking or defending, you have the highest chance of success when you fully understand the target. Why amass ? The Modules Intelligence Enumeration Visualization Real-world Examples Company Properties New Domains via CIDR New Domains via ASN Finding Subdomains Summary The pronunciation stress is on the second syllable. amass (/əˈmas/) is a versatile cybersecurity…

Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com. Source: MongoDB Leak Exposed Millions of Medical Insurance Records

What’s in the Name: Call it IcedID or TrickBot? Tell that to a security researcher (Arsh Arora in this case) and watch them RANT (Gar-note: today’s blog post is a guest blog from malware analyst, Arsh Arora…) Today’s post starts with an interesting link from Dawid Golak’s Medium post: “IcedID aka# Bokbot Analysis with Ghidra”…

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally. There are two modes that this tool operates at; blackbox and whitebox mode. Source: Slurp – Amazon AWS S3 Bucket Enumerator

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are…

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. Source: Cellebrite Claims It Can Unlock Any iPhone

The misinformation operations campaign used fake social media accounts across multiple platforms, at times impersonating real individuals who were politically active in western countries Source: Russian-based misinformation campaign sends fake news from spoofed accounts

Recently we became aware of new domains used by an old malware campaign known as ‘fake jquery’, previously documented by web security firm Sucuri. Thousands of compromised websites are injected with a reference to an external JavaScript called jquery.js. Source: Fake jquery campaign leads to malvertising and ad fraud schemes

… Are … are we the baddies? Hackers from the Five Eyes intelligence agencies have been accused of breaking into systems at Yandex, dubbed Russia’s Google.… Source: While we were raging about Putin’s meddling and Kremlin hackers, Five Eyes were pwning Yandex, Russia’s Google

Alphabet’s enterprise cybersecurity division will become part of the Google security portfolio. Source: Chronicle Folds into Google