Tootfinder

#cybersecurity

I learned something new today—threat actors are using AWS Lambda URLs for C2. Lambda is an ephemeral serverless function service from AWS. They have different URL endpoints in the different AWS regions. One example is: <uniquename>.lambda-url.ap-southeast-1.on[.]aws
Something you may want to hunt for. #cybersecurity

In a result of its research investigation efforts, Security Explorations, a research lab of AG Security Research company, conducted security analysis of eSIM technology.
#esim #cybersecurity #mobilesecurity

Here's the #CFP for the 2025 #ICS #Cybersecurity Conference. The conference is Oct 27-30 at InterContinental Buckhead Atlanta.

2025 ICS Cybersecurity Conference: Call for Presentations
About the Conference - Know Your AudienceSecurityWeek’s ICS Cybersecurity Conference is the conference where ICS users, ICS vendors, system security p...

Voor de liefhebbers. Nederland loopt achter bij de implementatie van NIS2, lees er meer over in deze beslisnota.
#cybersecurity

This looks like an awesome free tool from Microsoft to help guide an organization through a zero trust assessment, and to help keep track of your progress. #cybersecurity
From: @…

Behold :) My new #cybersecurity talk is ready and you can see it in the best events around you.
Title: The archetypes of the attackers.
Summary: This talk will lead you on a journey to discover the archetypes of attackers, the tools they use, their motivations for targeting what you've built, and how a geopolitical shift can alter their interest in your resources.

Bogomil Shopov - Бого's Speaker Profile
Human. Artist. Hacker. I care about free and open-source software(F/LOSS), cybersecurity, ethical design, privacy, and technology. 20+ experience in t...

Das BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter, obwohl Cybergefahren steigen. Nur 34% setzen auf 2FA, Updates werden vernachlässigt, Firewalls sind out. Die Argumentation des BSI ist klar: Wer sich schützt, bleibt seltener Opfer. Doch die Bereitschaft (und Unkenntnis) sinkt – fatal! #Cybersecurity

And this is why I read the comments sections on all of @… articles 😄 #cybersecurity

Do you invest in #crypto or are you a public figure? You should take action to prevent a SIM swap attack. #cybersecurity
From: @…

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.
Slides are now available.
#cybersecurity #vulnerability #cve

These one-pagers on common AiTM phishing kits are great! #cybersecurity
From: @…
https://

Microsoft has a new blog post on securing your organization against the Golden SAML attack. I wasn't familiar with this attack and learned that it only applies to organizations who use a delegated IdP like Active Directory Federation Services (ADFS). If you use ADFS, this should be on your reading list. #cybersecurity

Understanding and Mitigating Golden SAML Attacks | Microsoft Community Hub
Learn how Golden SAML attacks work and discover strategies to protect your identity infrastructure.

More than a decent intro — this article brings most publicly available #threatintel about Scattered Spider together in one comprehensive article. It’s a great read with a lot of technical information for those that like that sort of thing. #cybersecurity
From: @…

Allemaal snel updaten die Cisco routers.
#cybersecurity

Kritieke kwetsbaarheden in Cisco ISE en ISE-PIC

DNSFilter, a #cybersecurity vendor I'm not very familiar with, published their Q1 2025 Threat Report. I think it's always good to review these reports from a #threatintel perspective.
Here's their list of TLD's with domains most likely to be malicious:
.tf

This is awesome!
#cybersecurity
From: @…
https://

LAUNDRY BEAR
#cybersecurity
From: @…
https://infose…

Do you use #Okta? If so, I highly recommend a defensive domain registration to help protect your org. Register yourdomain-okta.com as that is frequently used by a very successful threat actor. If that domain is already registered and your org didn’t register it? Watch out! Read the below article for more details.

Often disrupting a single link in the infection chain can prevent malware from landing on a system. This is, of course, the Kill Chain concept. You can kill two links in the Katz Stealer chain by blocking msbuild.exe and cmstp.exe, neither of which are used by most people.
#cybersecurity
From: @…

I had no idea Microsoft PowerToys had a built in data exfil tool. #cybersecurity
From: @…
https://…

Ever hear of the legitimate file sharing service files.catbox[.]moe? It’s really uncommon and you should probably block it in your environment.
Read Palo Alto’s overview of a DarkCloud Steamer campaign that makes use of a catbox.moe file share to distribute its payload here.
#cybersecurity #threatintel

The VLAI severity model is doing great with #Ivanti ;-)
#vulnerability #cybersecurity #opensource

Has anyone ever tried to trick malware into thinking the host it’s running on is in Russia? For example, reverse engineering and then spoofing the ip-api.com api to always return “RU” on your network. This seems like the kind of trickery that @… would try. 😃

This article from @… is called "When legitimate tools go rogue" but could have easily been named "Know your environment" instead. It's one of my #cybersecurity maxims: the better you understand your environment the better you …

When legitimate tools go rogue
Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

Another good deep dive into how some of these #ClickFix campaigns work, with #ioc included
#cybersecurity
From: @…

I don't know who uses #Citrix Netscalers any longer, but if you do, you've got some work to do to ensure that they are secure. The post describes the work you have to do -- in addition to applying the appropriate patches -- to address recent vulnerabilities. #cybersecurity