Hackers' Pub

Hackers’ Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Tom @pertho@mastodon.bsd.cafe

4/21/2025, 12:26:31 PM

Public

Been reading about this malware China is using written for Linux:

https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/

and it struck me: Why mount /tmp and /var/tmp without noexec, nodev, nosuid? Seems crazy to allow a directory anyone can write to, to run executables.

While we're at it, get rid of wget and curl and anything else that would allow them to even get a "dropper" on the system?

Isn't this common sense stuff?!

#infosec #opsec #malware

UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell

After a year under the radar, the Sysdig Threat Research Team identified a new campaign from Chinese state-sponsored threat actor UNC5174.

sysdig.com · Sysdig

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.bsd.cafe/users/pertho/statuses/114375943196422947 on your instance and quote it. (Note that quoting is not supported in Mastodon.)