Tootfinder

Here's the #CFP for the 2025 #ICS #Cybersecurity Conference. The conference is Oct 27-30 at InterContinental Buckhead Atlanta.

2025 ICS Cybersecurity Conference: Call for Presentations
About the Conference - Know Your AudienceSecurityWeek’s ICS Cybersecurity Conference is the conference where ICS users, ICS vendors, system security p...

I had no idea Microsoft PowerToys had a built in data exfil tool. #cybersecurity
From: @…
https://…

I think everyone needs to see this and understand what is happening with our online privacy #privacy #cybersecurity #censorship

What a mess....
#sharepoint #microsoft #cybersecurity

SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates

Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center
#sharepoint #cybersecurity #vulnerability
🔗

This article from @… is called "When legitimate tools go rogue" but could have easily been named "Know your environment" instead. It's one of my #cybersecurity maxims: the better you understand your environment the better you …

When legitimate tools go rogue
Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

SOMEONE'S GONNA GET HAAAACKED still unpatched after 6 months...
Original post: #cybersecurity

I don't know who uses #Citrix Netscalers any longer, but if you do, you've got some work to do to ensure that they are secure. The post describes the work you have to do -- in addition to applying the appropriate patches -- to address recent vulnerabilities. #cybersecurity

Interesting blog about creating a fully encrypted cloud storage on nextcloud.
https://community.hetzner.com/tutorials/encrypted-private-nextcloud-VPS-and-storagebox

Nextcloud with fully encrypted storage
This tutorial shows how to setup your own Nextcloud following the recommended AIO approach, storing data encrypted on disk and using Hetzner's Storage Box.

GitHub is still #1 malware hosting platform with a take-down period of 14 days. Please be careful!
#malware

Incredible if you think about it...
"The bug, when exploited, allows hackers to steal private digital keys from SharePoint servers without needing any credentials to log in. Once in, the hackers can remotely plant malware, and gain access to the files and data stored within"
Big #Microsoft

New zero-day bug in Microsoft SharePoint under widespread attack | TechCrunch
Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Curious about all the open source and projects developed by @… ?
CIRCL Open Source tools powering SOC & CSIRT teams.
#opensource

Just my two cents on the latest malicious AUR packages. This should serve as a reminder to everyone to not install whatever you find on AUR. Be critical, do some due dilligence to verify legimiacy. Check if if what you are looking for exist in pacman first. #cybersecurity #infosec

Das BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter, obwohl Cybergefahren steigen. Nur 34% setzen auf 2FA, Updates werden vernachlässigt, Firewalls sind out. Die Argumentation des BSI ist klar: Wer sich schützt, bleibt seltener Opfer. Doch die Bereitschaft (und Unkenntnis) sinkt – fatal! #Cybersecurity

Behold :) My new #cybersecurity talk is ready and you can see it in the best events around you.
Title: The archetypes of the attackers.
Summary: This talk will lead you on a journey to discover the archetypes of attackers, the tools they use, their motivations for targeting what you've built, and how a geopolitical shift can alter their interest in your resources.

Bogomil Shopov - Бого's Speaker Profile
Human. Artist. Hacker. I care about free and open-source software(F/LOSS), cybersecurity, ethical design, privacy, and technology. 20+ experience in t...

Finally a useful magic quadrant
Thanks to @… for the discovery.
#cybersecurity #vulnerability

All the talks you can look back from #Why2025
#cybersecurity

I learned something new today—threat actors are using AWS Lambda URLs for C2. Lambda is an ephemeral serverless function service from AWS. They have different URL endpoints in the different AWS regions. One example is: <uniquename>.lambda-url.ap-southeast-1.on[.]aws
Something you may want to hunt for. #cybersecurity

In a result of its research investigation efforts, Security Explorations, a research lab of AG Security Research company, conducted security analysis of eSIM technology.
#esim #cybersecurity #mobilesecurity

This looks like an awesome free tool from Microsoft to help guide an organization through a zero trust assessment, and to help keep track of your progress. #cybersecurity
From: @…

And this is why I read the comments sections on all of @… articles 😄 #cybersecurity

These one-pagers on common AiTM phishing kits are great! #cybersecurity
From: @…
https://

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.
Slides are now available.
#cybersecurity #vulnerability #cve

Voor de liefhebbers. Nederland loopt achter bij de implementatie van NIS2, lees er meer over in deze beslisnota.
#cybersecurity

Do you invest in #crypto or are you a public figure? You should take action to prevent a SIM swap attack. #cybersecurity
From: @…

Microsoft has a new blog post on securing your organization against the Golden SAML attack. I wasn't familiar with this attack and learned that it only applies to organizations who use a delegated IdP like Active Directory Federation Services (ADFS). If you use ADFS, this should be on your reading list. #cybersecurity

Understanding and Mitigating Golden SAML Attacks | Microsoft Community Hub
Learn how Golden SAML attacks work and discover strategies to protect your identity infrastructure.

More than a decent intro — this article brings most publicly available #threatintel about Scattered Spider together in one comprehensive article. It’s a great read with a lot of technical information for those that like that sort of thing. #cybersecurity
From: @…

Anyone ever see one of these before on iOS? I don’t use the reminders app. I don’t know anyone by the name Iaoqi Meng. Is this some new kind of #phish ? I can’t figure out where it came from. I have no email messages or calendar items that match this #cybersecurity

DNSFilter, a #cybersecurity vendor I'm not very familiar with, published their Q1 2025 Threat Report. I think it's always good to review these reports from a #threatintel perspective.
Here's their list of TLD's with domains most likely to be malicious:
.tf

Allemaal snel updaten die Cisco routers.
#cybersecurity

Kritieke kwetsbaarheden in Cisco ISE en ISE-PIC

If you are interested in seeing how IDS rules work, or in trying to write your own, take a look to see how an expert does it. #cybersecurity
From: @…

This is awesome!
#cybersecurity
From: @…
https://

LAUNDRY BEAR
#cybersecurity
From: @…
https://infose…

If you are a Microsoft Entra ID shop, I highly recommend following this article’s advice on Conditional Access Policy implementation #cybersecurity
From: @…

Catalin Cimpanu (@campuscodi@mastodon.social)
Attached: 1 image PAN published TTPs from Muddled Libra (Scattered Spider) intrusions. Per the graph, they've certainly changed. This is because individuals who made up the Scattered Spider "group" back in 2023 have been arrested, and this is a new "batch" of APTeens. https://unit42.paloaltonetworks.com/muddled-libra/

Often disrupting a single link in the infection chain can prevent malware from landing on a system. This is, of course, the Kill Chain concept. You can kill two links in the Katz Stealer chain by blocking msbuild.exe and cmstp.exe, neither of which are used by most people.
#cybersecurity
From: @…

Ever hear of the legitimate file sharing service files.catbox[.]moe? It’s really uncommon and you should probably block it in your environment.
Read Palo Alto’s overview of a DarkCloud Steamer campaign that makes use of a catbox.moe file share to distribute its payload here.
#cybersecurity #threatintel

Do you use #Okta? If so, I highly recommend a defensive domain registration to help protect your org. Register yourdomain-okta.com as that is frequently used by a very successful threat actor. If that domain is already registered and your org didn’t register it? Watch out! Read the below article for more details.

Has anyone ever tried to trick malware into thinking the host it’s running on is in Russia? For example, reverse engineering and then spoofing the ip-api.com api to always return “RU” on your network. This seems like the kind of trickery that @… would try. 😃