Notices by Zeljka Zorz (zeljkazorz@infosec.exchange)

@buherator@infosec.place @GossiTheDog @screaminggoat

Symantec says their protection bulletin was prompted by the AhnLab blog post.

I believe @buherator is right. Whether Microsoft found a continuation of the same campaign, with a slightly different approach / toolset, is impossible to tell.

Judging by the capabilities provided by the Godzilla post-exploitation framework and the Godzilla webshell, I wold venture to say that they are one and the same, only Microsoft used that particular expression (and did not elaborate on it, which means they expect the readers to be familiar with it already - i.e., it's known and documented).

@buherator @GossiTheDog

Or ASEC: https://asec.ahnlab.com/en/85088/

They go in more detail, but mention ASP.NET environments with vulnerable configurations.

Unfortunately, I don't know enough about ASP.NET to make an educated guess whether these attacks could be related.

@buherator @GossiTheDog

Is it possible that Broadcom/Symantec spotted these same attacks earlier?

https://www.broadcom.com/support/security-center/protection-bulletin/godzilla-webshell-deployment-campaign

A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals.

Matrix – also know as Mactrix, Totalsec, X-quantum, and Q-safe – was first identified by Dutch authorities on the phone of a criminal convicted for the murder of Dutch crime journalist Peter R. de Vries in 2021, and the discovery prompted an investigation into the service.

https://www.helpnetsecurity.com/2024/12/03/matrix-encrypted-chat-takedown/

#Cybersecurity #Encryption #Europe

How does the LibreOffice project work on vulnerabilities, supply chain security, and how is it preparing for the EU Cyber Resilience Act?

https://www.helpnetsecurity.com/2023/09/07/libreoffice-security-development/

@libreoffice @tdforg #LibreOffice #Cybersecurity #FOSS #OpenSource