Aryeh Goretsky

Interesting. Seems ClickFix/Fake CAPTCHA scams are migrating to fake Windows Update messages:
old.reddit.com/r/antivirus/...

#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4

MuddyWater: Snakes by the riverbank MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.

#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT.
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3

NEW: Israeli and Arab media have reported that Iran is prepared to expand an Israel-Hezbollah conflict regionally if Israel launches operations against Hezbollah. 🧵(1/4)

Full update: isw.pub/IranUpdate12...

Oof… you're right. It's flagged as an impersonation account.

I don't normally have a lot to say about my Congressperson Jeff Crank, but kudos to him & his staff for this mailing; the holidays are prime time for scammers to prey on people & this is a good reminder.
Only thing I'd add is a link to @cisa.bsky.social, since so much crime takes place online now.

Trip Report: BSidesCOS 2025 If you go on a business trip, it is bring value to your employer in some way. As an antivirus researcher, my business trips are typically to conferences, and what I am expected to bring back is kno…

My trip report for #BSides Colorado Springs 2025 computer security conference is now live at goretsky.wordpress.com/2025/11/26/t....

If you don't know what a trip report is, or are interested in what happened at this year's #BSides, perhaps you'll find this of interest.

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

My in-depth (~15 page) review of the #Lenovo #ThinkPad X9 15 Gen 1 Aura Edition after 6+ months of use is now up on @neowin.net!

#ThinkPadThursday #LenovoIN

PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5

Glad to be of assistance. Hopefully @mozilla.org will take notice and remove this feature or at least make it opt-in by *default*.

Looks like @mozilla.org has added a new feature to #Firefox, the ability to search for images via #Google Lens when right-clicking on them.

Anyways, to disable it, go to "about:config" in the address bar and set browser.search.visualSearch.featureGate to "false"

#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users.
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

David Harley was a brilliant writer, illustrator, and musician. More importantly, he was a good friend, and he will be missed. The world was a much brighter place for having him in it, and his passing diminishes us all.

@chucktingle.bsky.social, @sparklespanx.bsky.social provides the best recommendations for reading, so I'm definitely going to look into your books, but I'm a bit confused about where to start since there's such a large body of work. Do you have a reading order guide?

List of #United UA cancelled flights Nov 7-9: old.reddit.com/r/unitedairl...

I was a guest on @secureiqlab.bsky.social's Reining in the Cloud #podcast. Listen in as I talk about the end of support for Windows 10 and what that means: www.spreaker.com/episode/wind...

Interesting move.

For those in+around Hamburg 🇩🇪 the 39th Chaos Communication Congress (aka 39C3) is December 27-30:
events.ccc.de/congress/202...

#ESETresearch discovered a new wave of the well-known North Korea-aligned Lazarus campaign Operation DreamJob, now targeting the drone industry.
welivesecurity.com/en/eset-rese... 1/9

A trillion web pages is a lot of web pages.

Still, there's so much pre-internet content that never got archived. I've donated a few items to @archive.org and @mediaarchaeology.bsky.social to help ensure they get preserved.

If you have old files, maybe you can arrange to upload them, too.

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions a...

A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus using vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections www.csoonline.com/article/4074...

The APWG's eCrime summit is coming up on Nov 3-7 in San Diego. This looks like a good opportunity to find out what's going on in the #cybercrime landscape: apwg.org/events/ecrim...

For my Colorado-based followers, the BSidesCOS.org security conference is coming up in just under 2 weeks.

Registration is free, includes a t-shirt, there's even a movie afterwards. But you first have to register…

Cracker Barrel Outrage Was Almost Certainly Driven by Bots, Researchers Say Doesn't that make more sense than lots of people caring about Cracker Barrel?

gizmodo.com/cracker-barr...

Game publishers take note.

Asterix and Obelix weren't something common in the US when I was growing up. I did read some Tintin books, though, as a kid.

So, I stumbled across a coordinated influence/platform manipulation operation on #reddit:
infosec.exchange/@goretsky/11...

Bighorn sheep.

Also bighorn sheep, but blurry because zoomed in.

Went to the park today and saw bighorn sheep doing bighorn sheep things.