ESET has announced the discovery of PromptLock, an AI-powered ransomware that uses OpenAI’s gpt-oss:20b model to generate malicious Lua scripts across multiple platforms. This proof-of-concept malware demonstrates how AI can complicate detection, exfiltrate data, and encrypt files, highlighting emerging cybersecurity threats associated with AI technology. #PromptLock #OllamaAPI…
Tag: MACOS
[T1027.001 ] Obfuscated Files or Information: Binary Padding – Binary padding is a defense-evasion technique where attackers append junk data or expand sections of a file to alter its on-disk representation, change checksums, and evade hash- and size-based detections; defenders should monitor file metadata, size anomalies, and process behavior to spot padded binaries. #BinaryPadding #DefenseEvasion
[T1027 ] Obfuscated Files or Information – Adversaries hide malicious code by encrypting, encoding, compressing, or otherwise transforming files and commands to avoid detection and analysis. This behavior spans platforms and delivery methods, often requiring user interaction or special handling to reveal the true payload. #Obfuscation #DefenseEvasion
[T1025 ] Data from Removable Media – Adversaries search and collect sensitive files from connected removable media (USB drives, optical discs, SD cards) on compromised hosts to gather data prior to exfiltration. Monitoring process activity, command-lines, and file-access patterns on endpoints helps detect this behavior. #DataFromRemovableMedia #RemovableMediaSecurity
[T1021.005 ] Remote Services: VNC – VNC (Virtual Network Computing) enables remote screen sharing and control across platforms, and adversaries can abuse it with valid accounts to move laterally, execute commands, and exfiltrate data. Monitor connection patterns, authentication events, and post-login activity to spot misuse. #VNC #LateralMovement
![Cybersecurity News | Daily Recap [26 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [26 Aug 2025]")
Today’s cybersecurity recap highlights recent data breaches involving Nissan, Farmers Insurance, and Healthcare Services Group, along with major ransomware and malware campaigns targeting U.S. manufacturers and Android users. It also covers critical vulnerabilities like Docker CVE-2025-9074, nation-state espionage activities by UNC6384 and Russian policies on foreign tech, emphasizing the need for urgent patching and security awareness. #Qilin #FarmersInsurance #ShadowCaptcha #UNC6384 #DockerCVE
[T1021.004 ] Remote Services: SSH – Summary: Adversaries use SSH to access remote systems with valid credentials or stolen keys, enabling stealthy lateral movement and remote command execution across Linux, macOS, and ESXi hosts. Monitor access patterns and post-login activity to distinguish legitimate use from abuse. #SSH #LateralMovement
[T1021 ] Remote Services – Adversaries use remote-access services like SSH, RDP, VNC, and management tools to move laterally by logging in with valid credentials and operating as legitimate users. Monitor remote logins, unusual access patterns, and management ports to detect misuse. #RemoteServices #LateralMovement
A critical vulnerability (CVE-2025-9074) in Docker Desktop allows attackers to escape containers, access host files, and escalate privileges on Windows and macOS. The flaw can be exploited by unauthorized containers via Docker’s internal HTTP API, but it has been patched in version 4.44.3. #DockerDesktop #ContainerEscape…
[T1020 ] Automated Exfiltration – Automated exfiltration uses scripts or tools to collect and send data without manual steps, often combining file-system traversal and network transfer methods to quietly move sensitive files off a network. #AutomatedExfiltration #DataExfiltration
[T1018 ] Remote System Discovery – Adversaries enumerate other systems on a network by IP, hostname, ARP cache, hosts files, or network device commands to plan lateral movement and target infrastructure. Monitoring command execution, process activity, and network logs helps detect this behavior early. #RemoteSystemDiscovery #NetworkDiscovery
[T1016.002 ] System Network Configuration Discovery: Wi-Fi Discovery – Adversaries search compromised hosts for Wi‑Fi network names and stored credentials to expand access, move laterally, or harvest credentials for future campaigns. Detect by monitoring Wi‑Fi enumeration commands, API calls, and access to system Wi‑Fi configuration files. #WiFiDiscovery #T1016.002
[T1016.001 ] System Network Configuration Discovery: Internet Connection Discovery – Adversaries probe compromised systems to verify Internet connectivity and discover paths to external servers before attempting C2 or data exfiltration. These probes can include ping, traceroute, and simple HTTP GETs and may reveal proxies, redirectors, or routing that affect attacker access. #InternetConnectionDiscovery #NetworkDiscovery
[T1016 ] System Network Configuration Discovery – Adversaries gather network configuration details such as IP and MAC addresses, routes, and interface settings to map and understand a target environment for follow-on actions. Monitoring command usage, CLI sessions, and system tools can reveal these reconnaissance efforts. #SystemNetworkConfigurationDiscovery #NetworkRecon
[T1014 ] Rootkit – Rootkits are stealthy tools attackers use to hide malware and maintain covert access by modifying or hooking system components at user, kernel, boot, or firmware levels. Detection requires layered monitoring of files, drivers, firmware, boot records, and unusual API/OS behavior. #Rootkit #DefenseEvasion