2026-04-19T19:19:41Z https://yabu.me Zeljka Zorz https://yabu.me/npub1edx5uqm38yvesekvt9wvlwwt328gdpyrcnpn78w96rjamg2jlkcs5tqmkd https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/308/262/724/375/093/original/591b21dc5237c417.jpeg https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/308/262/724/375/093/original/591b21dc5237c417.jpeg https://yabu.me/nevent1qqsydt53qp9zmh92r622wadzqxdp6s457vl6p8n9dxjkrkrnrqawl5qzyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mzler4su #Everything<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/709/478/867/217/811/original/95fa42e177573139.png"> <br/> 2025-06-19T10:11:41Z https://yabu.me/nevent1qqsfe6vkwk5fwfvl4x79d8w8zuuqv8ft3e66puqhylc9x6hp4dkmylgzyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mz6qe5mq In reply to <a href='/nevent1qqsw7zkntj3p4mey4vggducp4jj90nzpwp80u46u9qfz4lcuw7nghfg37mvnc'>nevent1q…mvnc</a><br/>_________________________<br/><br/>Same. 2025-02-18T08:00:58Z https://yabu.me/nevent1qqsfutr8g2asnw4x7cagqk7vdycgnc9mcgexp9sw6358hsjvz4zdzcczyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mzg9zaf0 <a href="https://www.disruptionist.com/p/elon-musks-x-blocks-links-to-signal">https://www.disruptionist.com/p/elon-musks-x-blocks-links-to-signal</a> 2025-02-17T10:04:26Z https://yabu.me/nevent1qqs9cnnpf8f036vfvsawnme05klg3hllxfdncjkqm8wkmeydt7jv2kczyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mzwkjf3v In reply to <a href='/nevent1qqsy5x3u2zwl5qkmmankhx2jdfjgd4aey5f6qunfrgs4nz4q4q8cr7gkawxhf'>nevent1q…wxhf</a><br/>_________________________<br/><br/>Symantec says their protection bulletin was prompted by the AhnLab blog post. <br/><br/>I believe <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1qnsf2h37f0f4tm557xks235yrdyk7ws3qf62ee6u8dpck8yq9xxqlj7xrd" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>buherator</span> (<span class="italic">npub1qns…7xrd</span>)</a></span> is right. Whether Microsoft found a continuation of the same campaign, with a slightly different approach / toolset, is impossible to tell.<br/><br/>Judging by the capabilities provided by the Godzilla post-exploitation framework and the Godzilla webshell, I wold venture to say that they are one and the same, only Microsoft used that particular expression (and did not elaborate on it, which means they expect the readers to be familiar with it already - i.e., it&#39;s known and documented). 2025-02-07T18:07:49Z https://yabu.me/nevent1qqsxrc3eft7q8w7qxnlmrg7gvy0f8lyec2slqdu0a5k6qwk8c706zyqzyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mz46keqg In reply to <a href='/nevent1qqs8qfwhkwc9274rdx7telenzsmern8wzcseanc7jznj6u3symm33fgla9te5'>nevent1q…9te5</a><br/>_________________________<br/><br/>Or ASEC: <a href="https://asec.ahnlab.com/en/85088/">https://asec.ahnlab.com/en/85088/</a><br/><br/>They go in more detail, but mention ASP.NET environments with vulnerable configurations. <br/><br/>Unfortunately, I don&#39;t know enough about ASP.NET to make an educated guess whether these attacks could be related. 2025-02-07T11:50:52Z https://yabu.me/nevent1qqs8qfwhkwc9274rdx7telenzsmern8wzcseanc7jznj6u3symm33fgzyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mzjk4u6z In reply to <a href='/nevent1qqsdxk63xzuqqgpzl3qqnwjjmhxm7rumjzenyrfm525huqv2wxu0cmgmta3l8'>nevent1q…a3l8</a><br/>_________________________<br/><br/>Is it possible that Broadcom/Symantec spotted these same attacks earlier?<br/><br/><a href="https://www.broadcom.com/support/security-center/protection-bulletin/godzilla-webshell-deployment-campaign">https://www.broadcom.com/support/security-center/protection-bulletin/godzilla-webshell-deployment-campaign</a> 2025-02-07T11:02:18Z https://yabu.me/nevent1qqsvc4k9u9dckg6dvd5t0ayt52pppgtsprhtftps9uvt4jm8p8msk7qzyr956nsrwyu3nxrxe3v4enaeew9gap5ys0zvx0cachgwthdp2t7mz30thpj In reply to <a href='/nevent1qqsw683rq84lgse4x4tn0dzmr0dgkqm5nranhl5l0xz43kfmqavnjkgk4exj9'>nevent1q…exj9</a><br/>_________________________<br/><br/>The Tor folks updated their post to say that: <br/><br/>&#34;An earlier version of this blog post incorrectly stated that &#39;Mozilla is aware of this attack being used in the wild against Tor Browser users.&#39; This has been corrected to accurately reflect Mozilla&#39;s official statement. To be clear, the Tor Project has no evidence that Tor Browser users were targeted specifically.&#34; 2024-10-15T07:16:37Z