Tootfinder

If you are interested in seeing how IDS rules work, or in trying to write your own, take a look to see how an expert does it. #cybersecurity
From: @…

Behold :) My new #cybersecurity talk is ready and you can see it in the best events around you.
Title: The archetypes of the attackers.
Summary: This talk will lead you on a journey to discover the archetypes of attackers, the tools they use, their motivations for targeting what you've built, and how a geopolitical shift can alter their interest in your resources.

Bogomil Shopov - Бого's Speaker Profile
Human. Artist. Hacker. I care about free and open-source software(F/LOSS), cybersecurity, ethical design, privacy, and technology. 20+ experience in t...

DNSFilter, a #cybersecurity vendor I'm not very familiar with, published their Q1 2025 Threat Report. I think it's always good to review these reports from a #threatintel perspective.
Here's their list of TLD's with domains most likely to be malicious:
.tf

Here's the #CFP for the 2025 #ICS #Cybersecurity Conference. The conference is Oct 27-30 at InterContinental Buckhead Atlanta.

2025 ICS Cybersecurity Conference: Call for Presentations
About the Conference - Know Your AudienceSecurityWeek’s ICS Cybersecurity Conference is the conference where ICS users, ICS vendors, system security p...

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.
Slides are now available.
#cybersecurity #vulnerability #cve

Das BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter, obwohl Cybergefahren steigen. Nur 34% setzen auf 2FA, Updates werden vernachlässigt, Firewalls sind out. Die Argumentation des BSI ist klar: Wer sich schützt, bleibt seltener Opfer. Doch die Bereitschaft (und Unkenntnis) sinkt – fatal! #Cybersecurity

What a mess....
#sharepoint #microsoft #cybersecurity

SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates

This is awesome!
#cybersecurity
From: @…
https://

LAUNDRY BEAR
#cybersecurity
From: @…
https://infose…

Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center
#sharepoint #cybersecurity #vulnerability
🔗

Allemaal snel updaten die Cisco routers.
#cybersecurity

Kritieke kwetsbaarheden in Cisco ISE en ISE-PIC

If you are a Microsoft Entra ID shop, I highly recommend following this article’s advice on Conditional Access Policy implementation #cybersecurity
From: @…

Catalin Cimpanu (@campuscodi@mastodon.social)
Attached: 1 image PAN published TTPs from Muddled Libra (Scattered Spider) intrusions. Per the graph, they've certainly changed. This is because individuals who made up the Scattered Spider "group" back in 2023 have been arrested, and this is a new "batch" of APTeens. https://unit42.paloaltonetworks.com/muddled-libra/

Just my two cents on the latest malicious AUR packages. This should serve as a reminder to everyone to not install whatever you find on AUR. Be critical, do some due dilligence to verify legimiacy. Check if if what you are looking for exist in pacman first. #cybersecurity #infosec

#cybersecurity

Often disrupting a single link in the infection chain can prevent malware from landing on a system. This is, of course, the Kill Chain concept. You can kill two links in the Katz Stealer chain by blocking msbuild.exe and cmstp.exe, neither of which are used by most people.
#cybersecurity
From: @…

Ever hear of the legitimate file sharing service files.catbox[.]moe? It’s really uncommon and you should probably block it in your environment.
Read Palo Alto’s overview of a DarkCloud Steamer campaign that makes use of a catbox.moe file share to distribute its payload here.
#cybersecurity #threatintel

In a result of its research investigation efforts, Security Explorations, a research lab of AG Security Research company, conducted security analysis of eSIM technology.
#esim #cybersecurity #mobilesecurity

Incredible if you think about it...
"The bug, when exploited, allows hackers to steal private digital keys from SharePoint servers without needing any credentials to log in. Once in, the hackers can remotely plant malware, and gain access to the files and data stored within"
Big #Microsoft

New zero-day bug in Microsoft SharePoint under widespread attack | TechCrunch
Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

I had no idea Microsoft PowerToys had a built in data exfil tool. #cybersecurity
From: @…
https://…

This article from @… is called "When legitimate tools go rogue" but could have easily been named "Know your environment" instead. It's one of my #cybersecurity maxims: the better you understand your environment the better you …

When legitimate tools go rogue
Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

Curious about all the open source and projects developed by @… ?
CIRCL Open Source tools powering SOC & CSIRT teams.
#opensource

Another good deep dive into how some of these #ClickFix campaigns work, with #ioc included
#cybersecurity
From: @…

I don't know who uses #Citrix Netscalers any longer, but if you do, you've got some work to do to ensure that they are secure. The post describes the work you have to do -- in addition to applying the appropriate patches -- to address recent vulnerabilities. #cybersecurity

Voor de liefhebbers. Nederland loopt achter bij de implementatie van NIS2, lees er meer over in deze beslisnota.
#cybersecurity

I learned something new today—threat actors are using AWS Lambda URLs for C2. Lambda is an ephemeral serverless function service from AWS. They have different URL endpoints in the different AWS regions. One example is: <uniquename>.lambda-url.ap-southeast-1.on[.]aws
Something you may want to hunt for. #cybersecurity

The VLAI severity model is doing great with #Ivanti ;-)
#vulnerability #cybersecurity #opensource

And this is why I read the comments sections on all of @… articles 😄 #cybersecurity

This looks like an awesome free tool from Microsoft to help guide an organization through a zero trust assessment, and to help keep track of your progress. #cybersecurity
From: @…

These one-pagers on common AiTM phishing kits are great! #cybersecurity
From: @…
https://

Do you invest in #crypto or are you a public figure? You should take action to prevent a SIM swap attack. #cybersecurity
From: @…

Microsoft has a new blog post on securing your organization against the Golden SAML attack. I wasn't familiar with this attack and learned that it only applies to organizations who use a delegated IdP like Active Directory Federation Services (ADFS). If you use ADFS, this should be on your reading list. #cybersecurity

Understanding and Mitigating Golden SAML Attacks | Microsoft Community Hub
Learn how Golden SAML attacks work and discover strategies to protect your identity infrastructure.

More than a decent intro — this article brings most publicly available #threatintel about Scattered Spider together in one comprehensive article. It’s a great read with a lot of technical information for those that like that sort of thing. #cybersecurity
From: @…

Do you use #Okta? If so, I highly recommend a defensive domain registration to help protect your org. Register yourdomain-okta.com as that is frequently used by a very successful threat actor. If that domain is already registered and your org didn’t register it? Watch out! Read the below article for more details.

Has anyone ever tried to trick malware into thinking the host it’s running on is in Russia? For example, reverse engineering and then spoofing the ip-api.com api to always return “RU” on your network. This seems like the kind of trickery that @… would try. 😃