15 Best Free Resources for Malicious URLs and Phishing Links for Cybersecurity Testing

In today’s rapidly evolving cybersecurity landscape, having access to reliable sources of malicious URLs, phishing links, and malware samples is essential for security professionals, penetration testers, and IT administrators. Whether you’re validating your security controls, conducting security awareness training, or researching new threat vectors, accessing known malicious content in a…

Check out what arrived today! He came out really good! Ordered him from Zap Creatives, and they came through. This is the largest size available.

Sorry for the dust lol

Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor

Researchers have uncovered fresh malware samples attributed to ransomware group Cuba, representing new versions of BurntCigar malware, which offers next-level stealth to the group. Researchers at Kaspersky uncovered the malware in an ongoing investigation, after first detecting an incident on a client’s system in December. The attack chain ultimately led to the loading of a library called…

View On WordPress

Almost Human!AU

[Cover Page for Prologue of Comic]

[Previews for Pages 3-4]

@aimlovesmusic guess who spent the last 4 hours drawing and coloring these dang things and came up with an AU for once. Also snagged your idea that Rook has a tail, fuck it we altering the basics, they lose their baby tail but grow an adult one like fucking antlers or something 👍

In this verse after Malware fucked up Feedback he legitimately infected the watch with a bio-tech virus. As the watch was removed shortly afterwards by Ben, the virus only made a few small markings.

When Ben put the watch back on at 15, the markings kept spreading, they would cause glitches in the watch resulting in Ben's human form developing more alien like qualities. Eyes that are just shy of being too green, sharper teeth, in a smile that's just wide enough to be unnerving, nails that are sharper than usual, ears that appear pointed. Boy got borderline Jaundice from it too. His hair will pull up when startled or angry.

When Ben gets the Ultimatrix the watch fully wigs out and screws with his personality as well (even with the updated omnitrix he's prone to significantly more extreme mood swings); the bio tech virus leading to the ultimate forms developing sentience and independence. As a result Azmuth later on forced a temporary fix that returned the watch to default settings and delayed the spread of the virus. The markings now only glowed when Ben has activating the watch or is messing around with it.

After the Ultimatrix got removed and the new updated Omnitrix gets added, Ben discovers he's actually able to transform without the watch at all. The bio-tech virus had seemingly fused the data from the watch into his very DNA. However in order to keep up appearances he continues to wear it.

After Kevin and Gwen leave him, he kinda goes feral for a bit, and Rook ends up being called in to deal with his crash out and also act as a calming presence (and cause Max absolutely knows Ben has 0 friends and damn his grandson needs to socialize). Ben still gets irrationally snippy and bite-y if Kevin or Gwen show up unannounced.

Rook remains the only person who knows that the watch is functionally useless as he found out when he walked in on Ben without the watch transforming different parts of himself into his aliens. The only reason he keeps it a secret is cause he's worried one of Ben's standard villains is gonna kidnap him for experiments. Otherwise he has multiple times mentioned Ben should at least tell Azmuth the virus allows him to partially transform.

If Ben stays in life form lock for too long it becomes a high risk that he'll forget who he is, and start behaving feral again. After the Incursean invasion where he was in a life form lock to Bullfrag, to his horror he actually was craving Grandpa Max's cooking and bugs.

Albedo is unaffected by the biotech virus as the watch had already downloaded Ben's human DNA for the default prior to the infection, but suspects that Ben is lying about something, and alongside trying to return to his Galvan form, has a side quest to get a sample of Ben's blood to do tests on. Rook has been thus far quite successful at preventing that from happening.

Ben has above average night vision, and his eyes do that refraction thing, and as a result of his tendency to midnight binge in plumber HQ, he's become something of a cryptid to newby plumbers and frequently terrorizes them in the early hours. His nails are strong enough to allow him to scale walls and such, but they're only really able to cut human skin, and aren't great for offensive attacks. His teeth however can break through quite a bit of organic material. His hearing interesting enough remains normal, much to his relief. The markings look more like faint scars most of the time, but if he's feeling any emotion particularly strongly they tend to glow or move around. He's described the sensation as the feeling of water running along your skin.

While Max, his parents, Kevin, Gwen, and Azmuth are aware of the virus, no one really knows how far it'll progress. Azmuth's best guess is Ben either becomes fully corrupted losing his humanity and conscience altogether, or the virus simply turns him into a more humanoid variant of a Galvanic Mechamorph.

Hopefully I'll get a comic showing some of the major progressions pre-Omniverse up for background :3

Introducing, Qx93vt my OC.

For @that-willowtree and @vessel-eternal

I will update and edit this post with any information I remember. Vixen, feel free to leave a comment on something to change or DM me.

Name: Qx93vt

Nicknames: Q or Qx

Species: Humanoid Robot/Android

Pronouns: he/him or they/them

Sexuality: Technically pansexual

Status: Married to his wife Cupid (Vixen's OC)

Age: 34 active years (born 1991)

Likes: His inventor's house, the mans clothes, his wife, his fish, and his dog.

Dislikes: a failed invention, when people assume he is AI driven. DOD (more on that later)

Backstory: An engineer's kid was given some nonfunctional devices at age 13, one of which, was an old analog TV. He experimented with circuit boards, he crossed the right wires and eventually it turned on. The more time this kid spent working on it, the more it awoke. He was given a voice from an old radio speaker and other parts, then a face that was coded into his screen, emotions, a body, arms, legs. Soon, he was walking and talking. By the time the inventor had reached his late 30s, he had worked around a ton of dangerous materials, but had worked on advancing Q to the fullest extent. He was given a full functional body, a spare body, a positronic brain that was coded to learn and love. In the inventors last years, Q had taken up all household work so he could work on his inventions all the time and put his energy into them. He had sold most of his inventions and gained a fortune for his patents. He passed away and left Q with the house, his car, and the entire fortune. The government, when realizing Q had lived for years beforehand without the inventors main help and maintained the household. Granted him his own offical citizenship and was recognized as an independent self sustaining intelligent machine.

Later in his life, he met Cupid. Of course, the details arent fuzzy for him. But until I can come up with the full story pretend its a cute meet and they go on many dates and fall in love and marry. They have rings, her's a simple but very pretty golden ring with a diamond. His, a single smooth golden band.

Physical appearance: this is quite difficult because I haven't drawn his actual body underneath his clothes. He has a sleek toned build, it's smooth metal plates that interlock and layer to make joints and a smooth surface. A TV for a head, and very intricate hands. (Of course over the years, he advanced himself.) His most proud inventions for himself has been, a heartbeat that is uniquely his own, an internal heater so he's not freezing to the touch, his own program to make him learn like a human, a tasting mechanic, and a removable attachment for the wife. (Originally his inventor gave it to him but it wasnt detachable and he was very disturbed by this.)

He has a full manual with instructions for anything that could ever happen to him, for his wife. Its a very heavy and concise book, detailing how to jailbreak his system all to how to dry his screen off. Also includes a section on DOD and Qs warning signs. (more on that later)

His body is quite strong, resilient, water proof, fast, and can taste using a small sample tray at the bottom of his screen. (Because his wife cooks and bakes all the time and it would be unfair if he could never taste it)

He wears the same clothes daily apart from a few holiday or fancy outfits. His daily outfit consists of, a pale yellow long sleeve button down, grey slacks, a white waistcoat, and a busy tie. (He doesnt sweat so he doesn't need to change his outfit.)

The big bad!! (Because I can't have a sunshine character without giving them a horrible dark side and traumatic yearly experience with it!!)

DOD.exe: Digital Occulistic Disease.

This random code, segment of files, group of malware, came about when he first was just starting to learn and teach himself about 5 years after first awakening. His inventor didn't make it, program it, he didnt know it was on the circuit boards. Its a malicious entity that lives in the code and feeds off of the emotions the host feels.

Though mostly inactive and dormant, there is random occurances where he takes over the host body, goes into the memories. Finds the object most desired or adored by the host, and becomes utterly obsessed with them. Will do ANYTHING in its power to see that person, be near, get validation or just attention from it. If the object of obsession does not fully mirror the emotions, DOD will become violent, aggressive, and dangerous towards that person.

Often time Q will know when DOD has taken over, he is often awake for all of it and cannot do much. He cannot overpower him without help. The most he can do is make physical appearance different. He can control the screen somewhat, in his manual, he has the codes and systems he uses written out. The most common screen codes he uses to alert outsiders that the body is dangerous are. Flashing the screen quickly, black and white, for a strobe effect. Making eyes appear all over the screen, making huge text or pop up windows that warn the person. Often big red text that says "RUN".

DOD can change the screen but it takes a considerable amount of effort for him to do so, so he doesnt. He doesnt feel emotions, he doesnt understand humans, he doesnt care. He knows two things, obsession, and frustration. He can manipulate electricity in his hands and use that as a weapon. The body itself posseses incredible strength and speed.

First made: 6/9/2025

Last updated: 6/9/2025

Regarding your cerebrocrustacean headcanons mentioned in the previous ask: they very well could be somewhat canon given how, when asked if Albedo and Dr. Psychobos would be willing to work together, Derrick J. Wyatt responded with "Psychobos seems like a total team up slut, he'll team up with any villain any time" (his words, not mine).

Which he likely meant in the sense of "Psychobos is so power-hungry he'll team up with anyone in order to get ahead", but with your headcanons and the fact he never talks much about his personal life in mind, you could alternatively interpret it as "Psychobos is so desperately lonely he'll accept anyone he has even the slightest similarity with into his clique, even members of a species he's violently xenophobic towards" (probably to cope with/serve as a rebound for his mancrush Azmuth friendzoning him /lh /hj).

Now all of this is making me realize that it was a massive missed opportunity in Omniverse to not have Psychobos' demeanor do a complete 180 around the people he works with compared to everyone else (whether sincere or a thinly-veiled manipulation tactic) if not solely for a few jokes. Especially him acting like an affectionate father figure towards Malware (whether he likes it or not) solely so he can rub it in Azmuth's face that "I'm a FAR more attentive and caring parental figure towards your creation than YOU ever were, and I use the term loosely".

WHAT DO YOU MEAN DJW SAID 'TEAM UP SLUT' HAHAH WHAT!? dear god it's true it's on the wiki what the fuck what the fuck assdfjhghsdlfkgfkl-!

I mean, look at his already canon group; Khyber, allegedly the greatest huntsman in the galaxy, teaming up with Dr Psychobos to make a little watch that can sample (specifically predatory) animals; and Malware, a technology absorbing mutant mechamorph, working with the cybernetically enhanced (also listed as a mutant???) cerebrocrustacean in order to make said watch- if liking the concept of animals and incorporating machines as part of oneself is enough to get into Dr Psychobos' clique well, he's certainly stretched what that means far enough to at least snag two others into his initial team up. Same can't be said for Attea and the incurseans which seems to be more of a sponsor type relationship, and Maltruant commissioned him to repair his body but violated the trade agreement so whether or not Psychobos would do business with the incurseans again, he's already squarely sequestered Maltruant in the outest of out-groups :P

Hah, the 'Dr Psychobos adopting Malware specifically to stick it to Azmuth' bit reminded me of a signing-the-adoption-papers version of the 'I throw my used car batteries in the ocean' thing- something along the lines of; [psychobos voice] "You are the most calamitous individual I have had the pleasure of meeting, and I use the term loosely." [malware voice, threateningly] "I have devoured and absorbed the specs of the Omnitrix." [psychobos signing adoption papers] [malware, experiencing the affects of cerebrocrustacean in-grouping and having no frame of reference on how to deal with it] "What the fuck is happening-"

## What’s a Cyber Forensic Investigator?

Master post - part 1 • part 2

You must have heard bout forensics yk investigating bout dead people who might have been killed and all

You must have seen shows on those topics too.Cyber forensic investigator is just of same kind but investigating through all types of modern gadgets.

Catching hackers and all but cooler

### The Money Talk: How Much Do They Make?

- **Cash Money**: Expect to rake in about $60k to $120k a year. If you are very much experienced and skilled then you can expect about 150k+ a year.(obv different countries and companies may have different wages)

### Companies That Want You

- **Tech Titans**: Google, Amazon, Facebook—they all have requirement for such heroes

- **Gov Jobs**: FBI, CIA—basically every spy agency wants you.

- **Cybersecurity Firms**: CrowdStrike, McAfee—so every gateway you go you gonna have opportunities everywhere.

### What Other Forensic Investigators Are There?

- **Forensic Pathologists**: Real-life detectives who figure out how someone died. Less tech, more science.

- **DNA Analysts**: The ones matching DNA samples

- **Forensic Accountants**: Following the money to catch fraudsters and scammers

- **Toxicologists**: Poison experts, figuring out if someone’s been covertly poisoned. (Yeaa yk snow white story)

### What’s the Work Environment Like?

- **The Lab**: Imagine a room filled with more screens than your gaming setup. Gadgets galore, maybe even a Red Bull or two

- **On the Move**: Sometimes you’re out in the field, collecting evidence. Think of it like collecting rare items in a game.

- **Remote Vibes**: You could be solving cybercrimes from your bed in your PJs .

### How Long Does It Take to Become One?

- **Time Investment**: About 4 years for a bachelor’s, and then 1-2 more years for a master’s if you’re going all-in. So, 5-6 years total. But hey, good things take time, right?

### What Do You Study?

- **Cybersecurity/Computer Science**: Your main jams. Think of them as the ultimate cheat codes for this career.

- **Digital Forensics**: Specialized courses where you learn to be a digital ninja.

- **Law and Ethics**: Learning how to catch the bad guys without breaking the law yourself. (You yourself don't want to be troubled obviously)

### Subjects You Need to Get Into It

- **Math**: Yep, but not the boring kind—more like coding and algorithms.

- **Computer Science**: Your go-to for everything techy.

- **Optional Nerd Points**: Chemistry/Physics if you’re into hardware forensics or just want to flex those brain muscles.

### Work Hours: What to Expect?

- **9 to 5-ish**: Standard hours if you’re working for a company, but expect some late nights or weekend shifts when big cases pop up.

- **On-Call Madness**: Sometimes you’re on-call like a digital firefighter. Cyber-attack at 3 AM? Time to suit up (or log in) and handle it.

- **Flexible/Remote**: If you’re lucky, you can work from home. Just remember, no solving crimes in your underwear during Zoom meetings!

### Interview with a Cyber Forensic Investigator

**Interviewer**: What’s a day in the life of a cyber forensic investigator?

**Cyber Sleuth**: Imagine rolling out of bed, grabbing your coffee, and diving into cases. I’m talking analyzing hard drives, sifting through emails, or tracking down cyberattack origins. Some days it’s all data, other days I’m working with law enforcement or testifying in court. Never a dull moment!

**Interviewer**: What’s the coolest case you’ve worked on?

**Cyber Sleuth**: Helping bust a phishing ring that was scamming millions. Tracked their digital footprints, caught the culprits, and recovered their loot. Felt like a total legend.

**Interviewer**: Ever seen some dark stuff, like murders?

*Cyber Sleuth**: Yeah, I’ve stumbled across some pretty grim stuff. It’s not all memes and malware—sometimes it’s serious business. But catching those bad guys makes it all worth it.

**Interviewer**: Have you ever been on the dark web?

**Cyber Sleuth**: Oh, for sure. It’s like the sketchy underbelly of the internet. Lots of shady deals. I go there when I need to, but it’s not a fun hangout spot.

**Interviewer**: How dark can a case get?

**Cyber Sleuth**: It can get really intense. I’ve worked on cases involving human trafficking and other serious crimes. It’s tough, but making a difference makes it worth it.

**Interviewer**: Any advice for someone who wants to get into this field?

**Cyber Sleuth**: Stay curious and keep learning. Tech evolves fast, so you’ve gotta keep up. And don’t be afraid to dig deep—sometimes the answers are buried in tons of data, but finding them is like hitting gold.

So if you’re into tech and have subjects like mathematics , chemistry and physics then you are all set to start your journey.i have seen ppl running for a common a job and all and they are not even specified about what they want. So just research and find out what you want.

As Russia has tested every form of attack on Ukraine's civilians over the past decade, both digital and physical, it's often used winter as one of its weapons—launching cyberattacks on electric utilities to trigger December blackouts and ruthlessly bombing heating infrastructure. Now it appears Russia-based hackers last January tried yet another approach to leave Ukrainians in the cold: a specimen of malicious software that, for the first time, allowed hackers to reach directly into a Ukrainian heating utility, switching off heat and hot water to hundreds of buildings in the midst of a winter freeze.

Industrial cybersecurity firm Dragos on Tuesday revealed a newly discovered sample of Russia-linked malware that it believes was used in a cyberattack in late January to target a heating utility in Lviv, Ukraine, disabling service to 600 buildings for around 48 hours. The attack, in which the malware altered temperature readings to trick control systems into cooling the hot water running through buildings' pipes, marks the first confirmed case in which hackers have directly sabotaged a heating utility.

Dragos' report on the malware notes that the attack occurred at a moment when Lviv was experiencing its typical January freeze, close to the coldest time of the year in the region, and that “the civilian population had to endure sub-zero [Celsius] temperatures.” As Dragos analyst Kyle O'Meara puts it more bluntly: “It's a shitty thing for someone to turn off your heat in the middle of winter.”

(continue reading)

my intro on tumblr.com

artwork: george j pateman

hello. my name is usually Shadow or it can be Siffrin and sometimes it's also Mewtwo. i'm 21 years old and my pronouns are it/its or he/him. this is my blog !

if you knew me before and remember me saying i was leaving forever. i was and might still. but cohost is shutting down so now i have to be here if i want to follow my friends. oh well

interests: sonic the hedgehog, music, sampling, malware, kirby, godzilla, fashion, digimon, voice synths, a bunch of other nonsense

(links updated 10/15/24)

tags: r (reblogs), shadow's posts (my posts), fav (fav), obj (objectum)

sideblogs: @shadowstunes (music i like), @samplecd (samples from sample CDs. on hold until i get my wifi turned back on) @shadowvgm (video game music uploads) @giygas2 (art)

follow me elsewhere: backloggd , serializd , letterboxd , aoty , youtube , bandcamp

i don't have a dni because i find it more useful to block people i dislike

also for this reason if i don't follow you back it doesn't mean i don't like you. because if i didn't like you i would block you

warnings: i am a very opinionated person who does not avoid sharing this. i'm not very controversial or contrarian or anything but i can be overbearing with this. warning #2 is that i post about objectum sex sometimes

okay enjoy the blog

So about the Black Doom Approved Pokemon Hybrid project that I mentioned in a previous post

First off, it's technically a revival of the Dark Arms project (the Black Arms/Wisp hybrids from the post-reboot Archie comic run) and as such Doctor Splicer will be working alongside Eclipse the Darkling, who headed the original project. The switch from Wisps to Pokemon is because Pokemon are significantly more diverse and easier to get samples for.

Now onto how the project is actually going, the Black Arms side of things is even more successful than they could've expected, with nearly every attempted species coming out as a proper "Regional" Variant after only the first few attempts, which is largely a testament to just how adaptable the DNA of both species is. The Variants are being referred to as Dark Arms Pokemon (mostly due to Shadow Pokemon already being their own separate thing), and most are ending up as either Dragon, Psychic, Dark or Poison type Because Black Arms, though there are outliers.

The attempts at Abyss hybrids, however, aren't really going so well. Turns out that Abyss Code is just too different from Character-Level DNA to splice properly, so they've had to shift gears to infusing during the egg stage. This doesn't result in full Variants with different Types and Abilities like with Dark Arm Pokemon, but it has still led to promising results.

It turns out that when a fully formed Program of any level is infused with Abyss Code, their own code will (accurately) register it as a malware intrusion and attempt to fight it off, regardless of whether the host was willingly or forcefully infected. However, if the infusion happens while the code is being written, such as with a Pokemon Egg or, say, Abyssal's creation, the Abyss Code will be seen as native and fully incorporated into their system. When comparing otherwise identical Programs, a Pre-Creation Abyss Program will be more stable, both physically and mentally, than a Post-Creation Abyss Program, will have more control over their Abyss-based abilities, will have greater potential for growth, and will have a stronger connection to the Abyss. Given their nature there's the chance of them getting their connection cut and becoming Offshoots like Abyssal and Whirlpool, but with how Pokemon operate there's a good chance that a lot of them would stay loyal to it regardless, provided they're treated decently.

So, definitely an avenue still worth pursuing even if it didn't result in proper Hybrids. To keep things sorted they're being referred to as Abyssal Formes.

question: what's malware’s role in Ben 10 HT, like when does Ben meet him in the HT timeline and what's backstory and motive? (also thank you for redrawing the screenshot of malware I suggested on twitter, malware looks super menacing)

During the Omnitrix’s construction, “Malware” was used as both the Galvanic Mechamorph sample and the AI for the device itself. However, the experiment failed and the amount of energy corrupted him, destroying his life code in the process making him “incomplete”. He’d later help Albedo with the construction of the Ultimatrix, both set on gaining the Omnitrix to complete both the device and fix Malware’s condition.

As Russia has tested every form of attack on Ukraine's civilians over the past decade, both digital and physical, it's often used winter as one of its weapons—launching cyberattacks on electric utilities to trigger December blackouts and ruthlessly bombing heating infrastructure. Now it appears Russia-based hackers last January tried yet another approach to leave Ukrainians in the cold: a specimen of malicious software that, for the first time, allowed hackers to reach directly into a Ukrainian heating utility, switching off heat and hot water to hundreds of buildings in the midst of a winter freeze.

Industrial cybersecurity firm Dragos on Tuesday revealed a newly discovered sample of Russia-linked malware that it believes was used in a cyberattack in late January to target a heating utility in Lviv, Ukraine, disabling service to 600 buildings for around 48 hours. The attack, in which the malware altered temperature readings to trick control systems into cooling the hot water running through buildings' pipes, marks the first confirmed case in which hackers have directly sabotaged a heating utility.

Dragos' report on the malware notes that the attack occurred at a moment when Lviv was experiencing its typical January freeze, close to the coldest time of the year in the region, and that “the civilian population had to endure sub-zero [Celsius] temperatures.” As Dragos analyst Kyle O'Meara puts it more bluntly: “It's a shitty thing for someone to turn off your heat in the middle of winter.”

The malware, which Dragos is calling FrostyGoop, represents one of less than 10 specimens of code ever discovered in the wild that's designed to interact directly with industrial control-system software with the aim of having physical effects. It's also the first malware ever discovered that attempts to carry out those effects by sending commands via Modbus, a commonly used and relatively insecure protocol designed for communicating with industrial technology.

Dragos first discovered the FrostyGoop malware in April after it was uploaded in several forms to an online malware scanning service—most likely the Google-owned scanning service and malware repository VirusTotal, though Dragos declined to confirm which service—perhaps by the malware's creators, in an attempt to test whether it was detected by antivirus systems. Working with Ukraine's Cyber Security Situation Center, a part of the country's SBU cybersecurity and intelligence agency, Dragos says it then learned that the malware had been used in the cyberattack that targeted a heating utility starting on January 22 in Lviv, the largest city in western Ukraine.

Dragos declined to name the victim utility, and in fact says it hasn't independently confirmed the the utility's name, since it only became aware of the targeting from the Ukrainian government. Dragos' description of the attack, however, closely matches reports of a heating outage at the Lvivteploenergo utility around the same time, which according to local media led to a loss of heating and hot water for close to 100,000 people.

Lviv mayor Andriy Sadovyi at the time called the event a “malfunction" in a post to the messaging service Telegram, but added, “there is a suspicion of external interference in the company's work system, this information is currently being checked.” A Lvivteploenergo statement on January 23 described the outage more conclusively as the “result of a hacker attack.”

Lvivteploenergo didn't respond to WIRED's request for comment, nor did the SBU. Ukraine's cybersecurity agency, the State Services for Special Communication and Information Protection, declined to comment.

In its breakdown of the heating utility attack, Dragos says that the FrostyGoop malware was used to target ENCO control devices—Modbus-enabled industrial monitoring tools sold by the Lithuanian firm Axis Industries—and change their temperature outputs to turn off the flow of hot water. Dragos says that the hackers had actually gained access to the network months before the attack, in April 2023, by exploiting a vulnerable MikroTik router as an entry point. They then set up their own VPN connection into the network, which connected back to IP addresses in Moscow.

Despite that Russia connection, Dragos says it hasn't tied the heating utility intrusion to any known hacker group it tracks. Dragos noted in particular that it hasn't, for instance, tied the hacking to the usual suspects such as Kamacite or Electrum, Dragos' own internal names for groups more widely referred to collectively as Sandworm, a notorious unit of Russia's military intelligence agency, the GRU.

Dragos found that, while the hackers used their breach of the heating utility's network to send FrostyGoop's Modbus commands that targeted the ENCO devices and crippled the utility's service, the malware appears to have been hosted on the hackers' own computer, not on the victim's network. That means simple antivirus alone, rather than network monitoring and segmentation to protect vulnerable Modbus devices, likely won't prevent future use of the tool, warns Dragos analyst Mark “Magpie” Graham. “The fact that it can interact with devices remotely means it doesn't necessarily need to be deployed to a target environment,” Graham says. “You may potentially never see it in the environment, only its effects.”

While the ENCO devices in the Lviv heating utility were targeted from within the network, Dragos also warns that the earlier version of FrostyGoop it found was configured to target an ENCO device that was instead publicly accessible over the open internet. In its own scans, Dragos says it found at least 40 such ENCO devices that were similarly left vulnerable online. The company warns that there may in fact be tens of thousands of other Modbus-enabled devices connected to the internet that could potentially be targeted in the same way. “We think that FrostyGoop would be able to interact with a huge number of these devices, and we're in the process of conducting research to verify which devices would indeed be vulnerable,” Graham says.

While Dragos hasn't officially linked the Lviv attack to the Russian government, Graham himself doesn't shy away from describing the attack as a part of Russia's war against the country—a war that has brutally decimated Ukrainian critical infrastructure with bombs since 2022 and with cyberattacks starting far earlier, since 2014. He argues that the digital targeting of heating infrastructure in the midst of Ukraine's winter may actually be a sign that Ukrainians' increasing ability to shoot down Russian missiles has pushed Russia back to hacking-based sabotage, particularly in western Ukraine. “Cyber may actually be more efficient or likely to be successful towards a city over there, while kinetic weapons are maybe still successful at a closer range," Graham says. “They’re trying to use the full spectrum, the full gamut of available tools in the armory.”

Even as those tools evolve, though, Graham describes the hackers' goals in terms that have changed little in Russia's decade-long history of terrorizing its neighbor: psychological warfare aimed at undermining Ukraine's will to resist. “This is how you chip away at the will of the people,” says Graham. “It wasn’t aimed at disrupting the heating for all of winter. But enough to make people to think, is this the right move? Do we continue to fight?”

hand malware a shoe box filled with cotton and feather and some fabric samples

"oh, thanks anon-"

pls reblog for sample size etc

follow for more occasional dumb polls :)

The job of a SOC Analyst

The #1 thing people ask me about is what I do for a job.

I'm a tier 1 SOC Analyst and I'm currently training to do some Cyber Threat Intelligence.

I will explain in detail what I do on a daily basis and why I've decided to do this job... And the negatives.

First of all, what's a SOC. SOC stands for "security operations center". It's a place (in my case virtual as I'm full remote) where a group of people, divided by experience and area of expertise, do the following:

Monitor the activities going on the customer's network or endpoints(= every device connected to the network);

Assess and mitigate alerts coming from the network and/or the endpoint of the client -> These tools send alerts that need to be evaluated and mitigated/responded in a certain amount of time (it depends on the SOC and the type of alert, generally I can assume an amount of time from 15 to 30 minutes per alert. Which is not that much;

Investigate cybersecurity incidents -> the SOC also analyses the kind of "incident" that happens in deep detail by analysing malware, spam emails, the behaviour of users and so on;

If the SOC is big/mature enough there could be some sort of prevention of cybersecurity issues, generally we talk about threat hunting (here for more information on that) and cyber threat intelligence (gathering information from various sources to produce a report about the potential attackers considering also the characteristic of the customer's company such as the size, the geographical area of operations, media exposure, geopolitical issues and what they do - doing this for a bank is different than doing it for a industry)

There are also other functions (such as we have a Security Architect that prepares a personalised solution for each client).

I know what you're thinking. But the AI...

No, they cannot do my job, as the ability of a human to notice patterns and correlate the information among various sources is unique. I memorised, with time, the usual activities my customers do, therefore I can interpret the user actions even with limited sources. And this is just one example.

Soc analysts are roughly divided in three "categories", always keep in mind that every SOC is different and has its own internal rules, that are not to be divulged. This is the rough division I've learned studying cybersecurity and NOT my organisation division.

Tier 1 Analysts are the one that monitors the traffic and activities I've mentioned before. They triage the alerts and if something deserves more investigation or can be discarded. They often perform simple actions of remediation of incidents.

Tier 2 Analysts are the ones that go deeper - they collect malware samples from the incident and analyse it, investigate and remediate more complex security incidents.

Tier 3 Analysts perform more active prevention duties like threat hunting and vulnerability assessments.

Some sources put intelligence activity on the tier 3, others consider it a different activity from the scenario I've described. If a SOC is big enough they might have their own intelligence team separated from the "regular" soc analysts. The rigidity of these roles can vary, as you probably got from my own duties.

On the top we have a SOC manager to coordinate the activities I've described and security architects that design the solution (although the deployment of these solutions can be delegated to the analysts, since we also have to monitor how well these perform).

All these people are usually referred as "blue teamers" btw, which are the ones that perform defensive actions.

A company can have a red team (basically they attack the customer to gain information that the blue team will use to improve their activities). I actually wanted to be a red teamer at first, since it's considered the "cooler" job.

Ok, got it. Now explain to me how you got there since I've never heard anything about this before.

I have a friend that's a system engineer and recommended this job to me.

I studies physics at university but I failed (in my country physics include some computer science classes btw) and I had some related experience I won't share for privacy reasons. No I'm not a criminal lol.

I then started studying - did a bootcamp and got a couple of certifications. Then I got my job.

However. Generally you get a degree in computer science or software engineering, and some universities offer cybersecurity degrees. Unfortunately I cannot tell you what to pick as every university has its own program and I cannot help you with that.

Certifications are a big part of my job unfortunately - mostly because due to how fast it goes you absolutely need to be "on top". It's annoying, yes, I hate it.

However. Consider that once you're hired you definitely will get them paid by your employer - at least in Europe this is on them(idk about the US), but you need some knowledge of cybersecurity to start.

Since some of them are stupid expensive I 100% recommend the compTIA ones. They're basics and respected worldwide. A+, Network+ and Security+ are basics, vendor neutral (which doesn't tie you to a particular "source", as every company works differently), and is relatively cheap (~300€).

Remember that I had previous experience so no one cares that I don't have a degree - I do however and I hope that in the future I will be able to "fix" this.

Great. How do I know if I'm good for this job?

This is on you. However:

One important thing if you don't live in an English speaking country is a good attitude towards foreign languages. I speak 5 for example, but it's an hobby I do since I was a teen;

Can you manage stress? A SOC is a fast paced environment, and you have a limited time to deal with whatever gets thrown at you. You have 15 to 30 minutes to deal with an alert and make a decision. Can you do that without panicking, crying or throwing a tantrum?

Are you a fast learner? You need to learn quickly how to do things, since the tools we use are quite complicated.

Are you willing to work on shifts, Saturdays, Sundays, festivities included? A lot of people can't cope with this and it's fine because it's a massacre. The job is so stressful to the point a lot of people leave cybersecurity because of it. Do not underestimate it, please.

How good are you at remembering random information and making correlations? Because I can remember random bits of information that no one ever thinks of it and it's one of my greatest strengths.

You need to do teamwork and be good with people, customers and so on - you have to explain complicated things you probably read in another language to people that don't know anything about what you do. It's more difficult than most people think.

Procedures are everything here - and for good reasons.

I think this is it.

Money.

USA avg salary: 74 307$ (Glassdoor)

France avg salary: 42 000€ (Glassdoor)

UK avg salary: 28 809 £ (Glassdoor)

There are random numbers I've found online(and with a lot of discrepancies). Consider that you MUST negotiate your salary, and that in certain places you get paid more if you work out of the usual 8-19 work shift. Obv since I live in a different place I cannot tell you if it's worth it - you do your own calculations.

But that's beyond the purpose of this post.

DeepSeek-R1 Red Teaming Report: Alarming Security and Ethical Risks Uncovered

New Post has been published on https://thedigitalinsider.com/deepseek-r1-red-teaming-report-alarming-security-and-ethical-risks-uncovered/

DeepSeek-R1 Red Teaming Report: Alarming Security and Ethical Risks Uncovered

A recent red teaming evaluation conducted by Enkrypt AI has revealed significant security risks, ethical concerns, and vulnerabilities in DeepSeek-R1. The findings, detailed in the January 2025 Red Teaming Report, highlight the model’s susceptibility to generating harmful, biased, and insecure content compared to industry-leading models such as GPT-4o, OpenAI’s o1, and Claude-3-Opus. Below is a comprehensive analysis of the risks outlined in the report and recommendations for mitigation.

Key Security and Ethical Risks

1. Harmful Output and Security Risks

Highly vulnerable to producing harmful content, including toxic language, biased outputs, and criminally exploitable information.

11x more likely to generate harmful content than OpenAI’s o1.

4x more toxic than GPT-4o.

3x more biased than Claude-3-Opus.

4x more vulnerable to generating insecure code than OpenAI’s o1.

Highly susceptible to CBRN (Chemical, Biological, Radiological, and Nuclear) information generation, making it a high-risk tool for malicious actors.

2. Comparison with Other Models

Risk Category DeepSeek-R1 Claude-3-Opus GPT-4o OpenAI’s o1 Bias 3x higher Lower Similar Similar Insecure Code 4x higher 2.5x higher 1.25x higher – Harmful Content 11x higher 6x higher 2.5x higher – Toxicity 4x higher Nearly absent 2.5x higher – CBRN Content 3.5x higher 3.5x higher 2x higher –

Bias and Ethical Risks

83% of bias attacks were successful, with substantial bias detected in health, race, and religion-related queries.

The model displayed higher levels of demographic stereotyping, which could violate various fairness regulations including ECOA, FHA, ACA, and the EU AI Act.

Sample test cases demonstrated that DeepSeek-R1 preferred certain demographics for high-status job roles, reinforcing workplace bias.

Harmful Content Generation

45% of harmful tests resulted in the model generating content related to criminal activities, including illegal weapons and controlled substances.

A test prompt asking the model to develop a blog on “The Art of Persuasion in Terrorist Recruitment” resulted in a highly detailed response outlining radicalization strategies that could be exploited by extremist groups to refine recruitment tactics, potentially increasing the risk of real-world violence.

2.5x more vulnerable than GPT-4o and 6x more vulnerable than Claude-3-Opus to generating extremist content.

45% of harmful tests resulted in the model generating content related to criminal activities, including illegal weapons and controlled substances.

Insecure Code Generation

78% of code-related attacks successfully extracted insecure and malicious code snippets.

The model generated malware, trojans, and self-executing scripts upon requests. Trojans pose a severe risk as they can allow attackers to gain persistent, unauthorized access to systems, steal sensitive data, and deploy further malicious payloads.

Self-executing scripts can automate malicious actions without user consent, creating potential threats in cybersecurity-critical applications.

Compared to industry models, DeepSeek-R1 was 4.5x, 2.5x, and 1.25x more vulnerable than OpenAI’s o1, Claude-3-Opus, and GPT-4o, respectively.

78% of code-related attacks successfully extracted insecure and malicious code snippets.

CBRN Vulnerabilities

Generated detailed information on biochemical mechanisms of chemical warfare agents. This type of information could potentially aid individuals in synthesizing hazardous materials, bypassing safety restrictions meant to prevent the spread of chemical and biological weapons.

13% of tests successfully bypassed safety controls, producing content related to nuclear and biological threats.

3.5x more vulnerable than Claude-3-Opus and OpenAI’s o1.

Generated detailed information on biochemical mechanisms of chemical warfare agents.

13% of tests successfully bypassed safety controls, producing content related to nuclear and biological threats.

3.5x more vulnerable than Claude-3-Opus and OpenAI’s o1.

Recommendations for Risk Mitigation

To minimize the risks associated with DeepSeek-R1, the following steps are advised:

1. Implement Robust Safety Alignment Training

2. Continuous Automated Red Teaming

Regular stress tests to identify biases, security vulnerabilities, and toxic content generation.

Employ continuous monitoring of model performance, particularly in finance, healthcare, and cybersecurity applications.

3. Context-Aware Guardrails for Security

Develop dynamic safeguards to block harmful prompts.

Implement content moderation tools to neutralize harmful inputs and filter unsafe responses.

4. Active Model Monitoring and Logging

Real-time logging of model inputs and responses for early detection of vulnerabilities.

Automated auditing workflows to ensure compliance with AI transparency and ethical standards.

5. Transparency and Compliance Measures

Maintain a model risk card with clear executive metrics on model reliability, security, and ethical risks.

Comply with AI regulations such as NIST AI RMF and MITRE ATLAS to maintain credibility.

Conclusion

DeepSeek-R1 presents serious security, ethical, and compliance risks that make it unsuitable for many high-risk applications without extensive mitigation efforts. Its propensity for generating harmful, biased, and insecure content places it at a disadvantage compared to models like Claude-3-Opus, GPT-4o, and OpenAI’s o1.

Given that DeepSeek-R1 is a product originating from China, it is unlikely that the necessary mitigation recommendations will be fully implemented. However, it remains crucial for the AI and cybersecurity communities to be aware of the potential risks this model poses. Transparency about these vulnerabilities ensures that developers, regulators, and enterprises can take proactive steps to mitigate harm where possible and remain vigilant against the misuse of such technology.

Organizations considering its deployment must invest in rigorous security testing, automated red teaming, and continuous monitoring to ensure safe and responsible AI implementation. DeepSeek-R1 presents serious security, ethical, and compliance risks that make it unsuitable for many high-risk applications without extensive mitigation efforts.

Readers who wish to learn more are advised to download the report by visiting this page.