#
ESETresearch uncovered a new compromise that we attribute to #
FrostyNeighbor, using links in malicious PDFs sent via spearphishing attachments to target governmental organizations in Ukraine.
@dmnsch welivesecurity.com/en/eset-res…The compromise chain is the newest observed to date, and starts with a blurry lure PDF file that contains a malicious link to download a document hosted on a delivery server. If the request does not come from an expected victim, the server delivers a benign PDF file.
If the victim request comes from an expected location, the server instead delivers a malicious RAR archive, containing the first stage and displays an unblurred version of the PDF file as a decoy, while executing the next stage silently.
The victim’s computer-related information is collected, and its fingerprint is sent to the C&C server. The response contains a Cobalt Strike beacon as initial implant only if the victim is of interest.
Detailed analysis is available at
welivesecurity.com/en/eset-res…. IoCs available in our GitHub repo:
github.com/eset/malware-ioc/tr…ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations.
www.welivesecurity.com
ozeng
in reply to nest • • •@jdlbt Dunning-Kruger effect is the achilles heel of AI. If you don’t know what to do, just confidently try something. When it doesn’t work, try something else. And so on. When it succeeds, you’re the fuckin genius now.. and you didn’t wreck the planet!*
*depends what sorta things you’re trying tho
Veronica Olsen 🏳️🌈
in reply to ozeng • • •@ozeng @jdlbt
Dunning-Kruger as a Services
Szescstopni
in reply to ozeng • • •@ozeng @jdlbt This is more related to Gell-Mann amnesia effect
en.wikipedia.org/wiki/Michael_…
Michael Crichton - Wikipedia
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Gary McGraw
in reply to nest • • •sotolf
in reply to Gary McGraw • • •Mr. Encyclopedia
in reply to nest • • •Mark Gjøl
in reply to Mr. Encyclopedia • • •aoanla
in reply to Mr. Encyclopedia • • •half/byte
in reply to nest • • •Rob Williamson
in reply to nest • • •Wasn't there a study about that?
Naturally, I would ace all challenges in fields I've never studied. It's uncanny how I pick only hard topics to specialise in.
Tim Ward ⭐🇪🇺🔶 #FBPE
in reply to nest • • •A role they've taken over from local newspapers.
A story about people you know frequently gets their age wrong, which is a simple, verifiable, objective fact, leading you to conclude that the rest of the story is also bollocks.
But a story about people you don't know is much more believable because you haven't spotted any errors in it ...
Angie
in reply to nest • • •OddOpinions5
in reply to nest • • •I simply do not understand why 99% of posts about #AI on bluesky are, very roughly, "AI sucks"
while in real life, all the smart hardworking people I know find AI to be a very useful and often very powerful tool that like all tools has uses and mis uses
I do not understand this
and I know for a fact I am not the only person puzzled by this apparent disconnect
Veronica Olsen 🏳️🌈
in reply to nest • • •This is basically what everyone who've used AI critically have said to me in conversation as well. My experience is the same.
I tested a new-to-me AI service a few days ago, and gave it a software exploit to analyse. It was a very mixed result. I had to push it into arriving at the right answers (on one point it even pushed back). It was initially quite wrong about more then half of the important points.
poleguy looking for lost tools
in reply to Veronica Olsen 🏳️🌈 • • •@veronica are you willing to share the name of the service? Or the exploit you were analyzing? Was it a source code based exploit?
I recently tried some reverse engineering using Claude opus 4.7 and the "guard rails" prevented any real work.