Tootfinder

Reliaquest has a post on attacker’s use of .SCR files to install remote access software. SCR (screensaver) files _are_ executable files. If you don’t already, please block .scr files from being emailed to your end users. #cybersecurity

This NSE Checks for Ivanti EPMM MDM by requesting a known API endpoint.
#ivanti #nmap #cybersecurity
🔗

Ich teile mal hier diese interessante Diskussion auf administrator.de #administrator #cybersecurity #depol

We need id for vulnerabilities on online services. Documenting is critical.
#cybersecurity #vulnerability

Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

Security: Learning the Language of Privacy by Matthew Plascencia
Watch now: https://youtu.be/qV5KVKQdCmI?si=imAhOc_xz9p-MfAn
🔒 Dive into the essentials of privacy and security in the open source world!

My company’s Cybersecurity Awareness training is ON-POINT: (For everything except #mastodon ) #cybersecurity

others) that are most important to assess the added value.
3. What concrete measures and actions may be taken at EU level to support the development and growth of the
EU open-source sector and contribute to the EU’s technological #sovereignty and #cybersecurity agenda?
4. What technology areas should be prioritised and why?
5. In what sectors could an increased use of open source lead to increased competitiveness and #CyberResilience?
2/2

The US withdrawing from many organisations including GFCE (Global Forum on Cyber Expertise) doesn’t look promising about their commitment to cybersecurity.
#us #cybersecurity

Withdrawing the United States from International Organizations, Conventions, and Treaties that Are Contrary to the Interests of the United States
MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES By the authority vested in me as President by the Constitution and the laws of the United

You have a verified LinkedIn account, read this. #microsoft #linkedin #privacy #cybersecurity

🚨 Critical #Telnet Authentication Bypass Vulnerability Discovered #CVE202624061 #cybersecurity #infosec

Geoshitties for the win! If you use @… ‘s blocklists you’d have already blocked *.vercel.app which is a key link in the kill chain for this attack described by Microsoft. My advice: block Vercel for everyone in your org except for those that have a business need. #cybersecurity

Developer-targeting campaign using malicious Next.js repositories | Microsoft Security Blog
A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard build workflows. The activity demonstrates how staged command-and-control can hide inside routine development tasks.

RE: #cybersecurity news

Interesting article from #cybersecurity researchers at ITRes on yet another flavor of “EDR silencer” tactics, this time using a maliciously activated VPN connection that “sinks” or blocks traffic to EDR telemetry endpoints. Helpfully, they include detection and prevention techniques too, including likely the best idea, restricting by technical policy who can create VPN profiles.

SinkVPN: Redirecting endpoint cloud telemetry by abusing usermode VPN tunnels 
The article discusses SinkVPN, a technique that enables non-admin users to create malicious VPN connections that can divert and block cloud-bound traffic, evading security measures. It highlights t…

I’ve been very happy with uBlock Origin Lite since being forced to switch from the original. I appreciate the ad blocker devs putting in the work to make this happen. #cybersecurity

RE: #cybersecurity

New Ngrok domain available.,if you don’t use this service, you should block it as it is frequently used for data exfil and C2.
ngrok-agent[.]com
cc: @…
#cybersecurity

RE: #ioc

RE: #cybersecurity