Tootfinder

Opt-in global Mastodon full text search. Join the index!

@deepthoughts10@infosec.exchange
2024-03-23 01:59:37

I see so few legitimate domains in the .top TLD. I think it’s worth blocking the entire TLD and creating exceptions for the rare non-malicious site your org needs to access. Definitely something to use in #threathunting too. #cybersecurity
From: @…
infosec.exchange/@InfobloxThre

@shellsharks@infosec.exchange
2024-03-22 13:30:44

#followfriday is here once more. As usual, I have some great #infosec / #cybersecurity accounts I've followed recently to recommend!
- @…
- @…
- @…
- @…
- @…
I've stood up a personal / "single-user” instance and am experimenting with it to see if it would be suitable to host my *main* Fediverse account. If it turns out to be decently performant, I may migrate this account over there in the future. If you would like to follow me over there in the meantime, feel free to follow @…. Thanks 🧡!

@ErikJonker@mastodon.social
2024-04-21 09:38:22

Beetje onzinnige oproep, het is er al, gaat niet meer weg, ook is het niet perse een belemmering voor opsporing zo is gebleken.
#cybercrime #cybersecurity #e2e

@alwynispat@mastodon.sg
2024-04-18 09:41:55

So our CISO has been pestering us to collect certificates like catching Pokemon.
Just finished SC-200 training. Gotta plan when to take the exams now.
#Cybersecurity #Azure

@cybeardjm@masto.ai
2024-05-07 15:15:57

Bank Of Ghana set to introduce 1% #cybersecurity levy on all banking transactions.
"This move comes in the face of increased cybersecurity risks in the country and across the world."
So many questions...
* What will the levy do?
* Who's responsible for cybersecurity?
#Banks

Photo: Director of Bank of Ghana
@johnleonard@mastodon.social
2024-05-03 11:55:51

Vanta: Cybersecurity spend should be 30% of the IT budget
Currently it's 9% in the UK
computing.co.uk/news/4204614/v

@ErikJonker@mastodon.social
2024-04-17 09:45:48

Really nice analysis, everybody interested in #cybersecurity and #microsoft should read it,

@catsalad@infosec.exchange
2024-04-09 10:45:49

Happy Tuesday everyone! Hope you're all doing well... 😁
Aww, Patch Tuesday wants to say hi!

#InfoSec #CyberSecurity #️⃣CatSalad

@shellsharks@infosec.exchange
2024-03-18 20:17:01

I don’t have Twitter/X on my phone and have not used the service since I came over to infosec.exchange in late 2022. But! I have seen some great posts from accounts who seem to still primarily exist over there in my timeline via bird.makeup. So my question is, are there any twitter accounts for #infosec / #cybersecurity people that you think are really good / worth following / high value enough that I should add to my follows here (again, via bird.makeup)? It's not ideal I admit, but given Mastodon my curated RSS feed is my primary source(s) of infosec news/research/etc... i'm not opposed to going the bridge route. Thanks!

@deepthoughts10@infosec.exchange
2024-04-17 01:42:54

This is bad. Patch your Global Protect Palo Alto firewalls now please. #cybersecurity #paloaltonetworks
From: @simontsui
infosec.exchange/@simontsui/11

@ErikJonker@mastodon.social
2024-04-17 10:10:27

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm.
#cybersecurity #Russia #APT44

@catsalad@infosec.exchange
2024-04-03 14:02:09

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

@deepthoughts10@infosec.exchange
2024-04-16 02:29:24

This is good advice: block all of the ipfs services if your organization doesn’t use them #cybersecurity
From: @…
cyberplace.social/@fellows/112

@Szwendacz@social.linux.pizza
2024-05-14 19:15:46

I am looking for a #dataset containing network traffic recording of some TCP based external attacks (ddos, port scan, etc...) and of cource normal traffic. The dataset should be somewhat big, plain csv would be at least few GiB in size.
I already know about www.unb.ca, this is good example, but I need some different source.

@shellsharks@infosec.exchange
2024-03-15 15:42:52

Another round of great #infosec / #cybersecurity accounts for #followfriday!
- @…
- @…
- @…
- @…
- @…
- @…

@digitalnaiv@mastodon.social
2024-03-08 08:51:00

Notfälle: EU-Gremien einigen sich auf Cyberschutzschild und Frühwarnsystem​
Die EU-Staaten sollen ein Cybersicherheitswarnsystem einrichten, um Bedrohungen aus dem Internet quasi in Echtzeit erkennen und gemeinsam abwehren zu können.​
@… #Cybersecurity

@catsalad@infosec.exchange
2024-04-03 14:02:09

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

@ErikJonker@mastodon.social
2024-04-13 05:13:20

Iddink Learning Materials aangevallen door cybercriminelen.
#cybersecurity #onderwijs #iddink

@ErikJonker@mastodon.social
2024-04-13 05:13:20

Iddink Learning Materials aangevallen door cybercriminelen.
#cybersecurity #onderwijs #iddink

@deepthoughts10@infosec.exchange
2024-04-13 18:06:31

Just received my #ATT data breach notification. Could this message look more like a phish? Friendly sender name all run together? Sketchy-looking reply-to address? Do better AT&T.
#cybersecurity

@catsalad@infosec.exchange
2024-04-08 12:51:30

Mystery solved!

#P4x #CyberSecurity #InfoSec @…

@shellsharks@infosec.exchange
2024-03-21 13:06:37

If you are in #infosec / #cybersecurity and looking for an easier way to follow interesting infosec accounts that are relatively high signal-to-noise without having to scour the Fediverse, consider checking out the #mammoth Mastodon client and subscribing to the new #indiesec Smart List! Smart Lists are a unique feature pioneered by Mammoth which offers curated lists of accounts in a number of different subject areas.
To start, the IndieSec Smart List (curated by yours truly) features 50 independent security researchers /professionals across many infosec sub-disciplines. I will continue to maintain this list and add new accounts in the coming weeks (I have a whole backlog of accounts I'd like to see added). Over time, this list will seek to feature many accounts that are lower-volume, but high-quality in terms of content. Surfacing harder-to-find accounts (by doing hours of scrolling and curation) is one more way we as a community are improving #discoverability across the network.
Thanks to the @… team and @… for working with me on this new list. If you have any questions about the list feel free to drop me a message!
Edit: I should add - you can see everyone who is featured on this list here github.com/shellsharks/assorte. When new accounts are added, they too will be represented there.

@deepthoughts10@infosec.exchange
2024-04-10 22:29:49

This looks really good. I’m going to give it a try! #cybersecurity #microsoft
From: @…
infosec.exchange/@merill/11224

@catsalad@infosec.exchange
2024-04-01 08:45:08

Too many are focusing on getting a #Cybersecurity warrior badge. We need a balanced team!
🛡️⁠Cybersecurity Tank
🗡️⁠Cybersecurity Rogue
🔮⁠Cybersecurity Mage
🔫⁠Cybersecurity Healer
📢⁠Cybersecurity Bard

@cybeardjm@masto.ai
2024-04-29 17:14:11

"When someone tells you they have an automated system to prevent the risk of human error...
Step away, slowly, with no sudden movements."
See also: masto.ai/@cybeardjm/1110964667

@stefanmuelller@climatejustice.social
2024-05-04 05:23:44

#Datensicherheit #CyberSecurity #CyberAttack #Hackerangriff
Schritt 1: Keine #Microsoft Software mehr verwenden. #opensource
tagesschau.de/multimedia/video

@ErikJonker@mastodon.social
2024-03-02 15:42:54

Security breaches are most of the time about failing humans, bad operational security. This is a good example,
"One of the German air force officials whose call on Taurus was allegedly intercepted by Russia and leaked had, reportedly, dialled into the Webex call from Singapore over an unsecure phone lines"
#cybersecurity

@deepthoughts10@infosec.exchange
2024-03-04 18:42:08

If you haven’t read SentinelOne’s 2023 WatchTower report you really should. It’s full of #threatintel and TTPs that you can go #threathunting with. #cybersecurity
sentinelone.com/resources/watc

@shellsharks@infosec.exchange
2024-03-01 17:57:26

#followfriday is back, here's some great #infosec / #cybersecurity accounts I've followed recently. Check 'em out!
- @…
- @…
- @…
- @…
- @…
Finally, if you're interested in some slightly less on-topic toots, infosec commentary, humor-ey type stuff feel free to check out my alt acct @… . I've got it hosted on a single-user instance so of course could use the boosts and follows to help with federation!
Have a great weekend!

@deepthoughts10@infosec.exchange
2024-05-01 22:36:49

I didn’t know SentinelOne was so good in the MacOS space. It’s good to see. And if you manage Macs, you’ll want to read this article and see if you’ve been affected by this malware.
#cybersecurity
From: @…
infosec.exchange/@screaminggoa

@ErikJonker@mastodon.social
2024-03-08 15:22:23

Russian spies keep hacking into Microsoft in ‘ongoing attack,’ company says | TechCrunch
techcrunch.com/2024/03/08/micr

@deepthoughts10@infosec.exchange
2024-04-30 01:05:20

Do you work for a business? Is that business in the video gaming industry? If not, block access to steamcommunity.com. You’ve just neutered this malware. Have a cup of tea and pat yourself on the back. 🙂
#cybersecurity #threatintel #ioc
From: @…
infosec.exchange/@sekoia_io/11

@shellsharks@infosec.exchange
2024-02-23 14:26:10

Another round of great #infosec / #cybersecurity accounts for #followfriday!
- @…
- @…
- @…
- @…
- @…
- @…
- @…
- @…
⭐️ Special mention of @… who makes some truly unique infosec-infused artwork.

@deepthoughts10@infosec.exchange
2024-04-29 21:39:12

This is really bad. If you were vulnerable to this issue, the only way out of it is through Palo Alto support. Open a case with them to review your logs.
I could see this requiring some organizations to completely replace their Global Protect-enabled firewalls with new ones.
#cybersecurity
From: @…
infosec.exchange/@screaminggoa

@deepthoughts10@infosec.exchange
2024-04-30 03:38:35

I wasn’t aware that Autodesk had a file sharing service either! Definitely block drive.autodesk[.]com in your org if you don’t use it.
Also, here’s the original Netcraft post that the Security Week article is based on.
#cybersecurity #threathunting #ioc
From: @…
cyberplace.social/@fellows/112

@deepthoughts10@infosec.exchange
2024-04-28 23:57:56

Sophos has done quite an extensive investigation into this malware operation and provided over 450 #IOCs to hunt for. I also find they are abusing WebDAV servers (those servers with <at>80 in the URL). WebDAV is an uncommonly used protocol these days. If you can, try to block access to all WebDAV servers except those that are used by your organization.
#threatintel #cybersecurity
From: @…
infosec.exchange/@SophosXOps/1

@shellsharks@infosec.exchange
2024-03-18 14:01:50

OK, so #AskFediSec seemed to win that particular round but many people offered up the suggestion #AskInfosec which I also really like, so here's a run-off. For the folks that liked the idea of having a *dedicated* hashtag for this kinda thing, what is your preference below?
I'll also note that some variations of #AskInfoSex were also floated and tbh could be quite popular 😉🤣.
#infosec #cybersecurity
#AskFediSec
#AskInfosec

@deepthoughts10@infosec.exchange
2024-04-25 15:59:23

For my #threatintel folks here’s an easy one: any traffic in your environment to/from 45.142.166[.]112? If so, track it down. You have an infected system.
#cybersecurity
From: @…
mastodon.social/@campuscodi/11

@deepthoughts10@infosec.exchange
2024-04-25 00:51:30

Spamhaus always has good #threatintel in their reports. Great source for #threathunting and/or evidence to support blocking commonly abused TLDs like .bond
#cybersecurity
From: @…
infosec.exchange/@spamhaus/112

@catsalad@infosec.exchange
2024-04-10 09:39:46
Content warning
⚠️⁠CVE-2024-27983 – Node.js HTTP/⁠2 server
⚠️⁠CVE-2024-27919 – Envoy's oghttp codec
⚠️⁠CVE-2024-2758 – Tempesta FW
⚠️⁠CVE-2024-2653 – amphp/⁠http
⚠️⁠CVE-2024-28182 – nghttp2 library
⚠️⁠CVE-2024-27316 – Apache Httpd
⚠️⁠CVE-2024-31309 – Apache Traffic Server
⚠️⁠CVE-2024-30255 – Envoy < 1.29.2
⚠️⁠CVE-2023-45288 – Go packages net/⁠http and net/⁠http2


#InfoSec #CyberSecurity #CVE #DoS #HTTP2 #Vulnerability #️⃣CatSalad

@shellsharks@infosec.exchange
2024-03-14 17:25:40

What does the #infosec / #cybersecurity (or infosec-adjacent) community think of "establishing" a go-to hashtag for asking infosec-related questions? Something like #AskSecFedi or #AskFediSec? Personally I think the latter has a better ring to it but curious what others think. I've seen a lot of people in the community ask questions that don't get answered due to classic social reach issues but perhaps a dedicated hashtag could help alleviate some of that. (If you have a catchier tag feel free to comment!)
#AskSecFedi
#AskFediSec
Meh, we don’t really need this hashtag

@deepthoughts10@infosec.exchange
2024-03-13 22:40:07

Anyone out there build a #Microsoft Advanced Hunting or Sentinel #KQL query that incorporates Spamhaus DROP data? #cybersecurity #threathunting #threatintel
From: @…
infosec.exchange/@spamhaus/112

@shellsharks@infosec.exchange
2024-02-27 14:57:22

Alright, I've cleaned up, recategorized and added new descriptions to the various #infosec / #cybersecurity tools I've compiled here shellsharks.com/infosec-tools.
It's worth checking out if only for the “Funny” tools list shellsharks.com/infosec-tools#. Featuring gems like "Cyber Threat Name Generator” and “HowFuckedIsMyDistro” 😆
Other tool suggestions, comments and feedback welcome!