I see so few legitimate domains in the .top TLD. I think it’s worth blocking the entire TLD and creating exceptions for the rare non-malicious site your org needs to access. Definitely something to use in #threathunting too. #cybersecurity
From: @…
https://infosec.exchange/@InfobloxThreatIntel/112140783574753440

Beetje onzinnige oproep, het is er al, gaat niet meer weg, ook is het niet perse een belemmering voor opsporing zo is gebleken.
#cybercrime #cybersecurity #e2e

how do you do vulnerability disclosure or bug bounty programs on products that require subscriptions? do you provide limited accounts? or freebee coupons? or access to demo/beta?
#cybersecurity #bugbounty #vulnerabilitymanagement

So our CISO has been pestering us to collect certificates like catching Pokemon.
Just finished SC-200 training. Gotta plan when to take the exams now.
#Cybersecurity #Azure

Bank Of Ghana set to introduce 1% #cybersecurity levy on all banking transactions.
"This move comes in the face of increased cybersecurity risks in the country and across the world."
So many questions...
* What will the levy do?
* Who's responsible for cybersecurity?
#Banks

QR code SQL injection from popular biometric terminal
💥⁠#InfoSec #CyberSecurity

Vanta: Cybersecurity spend should be 30% of the IT budget
Currently it's 9% in the UK
https://www.computing.co.uk/news/4204614/vanta-cyber-spend-budget

Vanta: Cybersecurity spend should be 30% of the IT budget
Cybersecurity is a numbers game. Cyber teams are barraged by hundreds, thousands or even millions of attempts to crack their systems every day. Fortunately most of these are basic and easily dealt with by filters, but it only takes one of the more sophisticated attempts to get through to spell trouble.

nice, @… is live on discord now about 2FA
#cybersecurity

Really nice analysis, everybody interested in #cybersecurity and #microsoft should read it,
https://www.

A Meta-Review of the Summer 2023 Microsoft Exchange Online Intrusion
Microsoft breach breakdown and CSRB report analysis. Microsoft was breached and here's the analysis.

The Lightning Talks plenary session closes the first day of the GÉANT #SecurityDays. The lively, informative and animated five minute presentations offered great content, perspectives, insights and ideas on various aspects of #cybersecurity.
From external communication during a cyber cris…

Hat sich wer schon die Entwürfe der «Cybersicherheitsverordnung» der Schweiz angeschaut?
Dieser StA NCS wird auch ein unmöglicher Moloch, nicht?
#cybersecurity
https://www.newsd.admi…

This is bad. Patch your Global Protect Palo Alto firewalls now please. #cybersecurity #paloaltonetworks
From: @simontsui
https://infosec.exchange/@simontsui/112281208697374732

oh, neat!
#CISA has opened up signups to their malware analysis service to any #cybersecurity folks that want to view results (any member of the public could anonymously submit samples before)
https://www.cisa.gov/news-events/news/cisa-announces-malware-next-gen-analysis?ref=news.risky.biz

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm.
#cybersecurity #Russia #APT44

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm | Google Cloud Blog
APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.

Andreas Grünert vom #BACS (paraphrased):
«IT-Security-Checklisten helfen bei der operativen Umsetzung, nicht aber bei der strategischen Planung.»
#SwissIGF #Cybersecurity

Happy Tuesday everyone! Hope you're all doing well... 😁
Aww, Patch Tuesday wants to say hi!
⸻
#InfoSec #CyberSecurity #️⃣CatSalad

This is good advice: block all of the ipfs services if your organization doesn’t use them #cybersecurity
From: @…
https://cyberplace.social/@fellows/112276899421744291

The Lightning Talks plenary session closes the first day of the GÉANT #SecurityDays. The lively, informative and animated five minute presentations offered great content, perspectives, insights and ideas on various aspects of #cybersecurity.
From external communication during a cyber cris…

I am looking for a #dataset containing network traffic recording of some TCP based external attacks (ddos, port scan, etc...) and of cource normal traffic. The dataset should be somewhat big, plain csv would be at least few GiB in size.
I already know about www.unb.ca, this is good example, but I need some different source.

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

Iddink Learning Materials aangevallen door cybercriminelen.
#cybersecurity #onderwijs #iddink

how can you help people do security when they have no time?
I don't just mean when you have a limited cybersecurity team.
what about when they have a very limited IT team?
when they have no IT team?
#CyberSecurity #Linux #BlueTeam

The closing plenary of the GÉANT #SecurityDays welcomes on stage Daniel Stach, broadcaster & journalist CzechTV, with his presentation: "Lies are (not) everywhere!".
Alf Moens, GÉANT: "What a brilliant way to close GÉANT's first #Cybersecurity conference. Collaborat…

Iddink Learning Materials aangevallen door cybercriminelen.
#cybersecurity #onderwijs #iddink

How will the Merck settlement affect the insurance industry?

March 28, 2024 — By @… #Cybersecurity #InfoSec #Insurance

Just received my #ATT data breach notification. Could this message look more like a phish? Friendly sender name all run together? Sketchy-looking reply-to address? Do better AT&T.
#cybersecurity

The "we're {blank}, of course we" #meme
But for #cybersecurity or #sysadmin
(Side note now the advertisers are doing it :/)

The closing plenary of the GÉANT #SecurityDays welcomes on stage Daniel Stach, broadcaster & journalist CzechTV, with his presentation: "Lies are (not) everywhere!".
Alf Moens, GÉANT: "What a brilliant way to close GÉANT's first #Cybersecurity conference. Collaborat…

Mystery solved!

#P4x #CyberSecurity #InfoSec @…

This looks really good. I’m going to give it a try! #cybersecurity #microsoft
From: @…
https://infosec.exchange/@merill/112247802055675241

okay, what are your thoughts about DoD's/Platform One's Big Bang #kubernetes setup?
#cybersecurity #cloudarchitecture

A #MustHave book
#CyberSecurity #Books #Humour

I chose #cybersecurity instead of #datascience on my masters degree course, and guess what.
I am training models on datasets to detect cyberattacks.
The difference is that I understand the data, not the model algorithms.

Too many are focusing on getting a #Cybersecurity warrior badge. We need a balanced team!
🛡️⁠Cybersecurity Tank
🗡️⁠Cybersecurity Rogue
🔮⁠Cybersecurity Mage
🔫⁠Cybersecurity Healer
📢⁠Cybersecurity Bard

#infosecjobs #hiring Alert: I'm hiring a career transition, entry-level, or intern-level web developer in Rust/Python at @….
We help managed service providers get and keep their small biz clients safe and secure!
This would be a great role for someone mid-career looking to move into a more technical role or into infosec, or who just finished a bootcamp or similar education.
Remote, US-only. Read the JD carefully or you'll miss the subject line requirement when you email me.
#cybersecurity #compliance #infosec

Phishing protections..
Hmmm...
Hardware 2FA
Strong Dmarc filtering? Filter out newly registered domains, flag newly changed ones?
Contextual auth / posture check of endpoint
UEBA / impossible travel, warnings on multiple locations
Cookie specific to browser string (not to IP due to roaming clients)
What else?
#cybersecurity #phishing

Anyone else having issues with Entra ID PIM today? Seems to be broken for some roles — specifically roles directly related Entra ID itself including Conditional Access Administrator and Privileged Role Administrator
#cybersecurity #Microsoft
cc: @…

#Datensicherheit #CyberSecurity #CyberAttack #Hackerangriff
Schritt 1: Keine #Microsoft Software mehr verwenden. #opensource
https://www.tagesschau.de/multimedia/video/schnell_informiert/video-1334246.html

I have never seen a legitimate .xyz domain. I’m sure there’s at least one, but you should block this TLD if you can.
I recommend blocking it both at the DNS layer and at your email gateway to prevent email spam and phishing campaigns. As an example, here’s how to block TLDs in #Exchange Online
#cybersecurity #threatintel
From: @…
https://infosec.exchange/@threatcat_ch/112582463875887635

"but PeaceNotWar is the same as #xzbackdoor "
no, no they're not.
one is a secretive RCE.
one is a protest.
"why did that dev get off Scott free?"
they edited their protest to make just a text file instead of wiping files.
#cybersecurity

"When someone tells you they have an automated system to prevent the risk of human error...
Step away, slowly, with no sudden movements."
See also: https://masto.ai/@cybeardjm/111096466739923725

Someone’s been busy. A whole lotta new botnet and C2 domains from Sarlack Lab. Block all but the major service providers like Microsoft.com, cloudfront.net, azureedge.net and azurefd.net
#threatintel #cybersecurity
From: @…
https://ioc.exchange/@SarlackLab/112571128382217974

I just want a search and replace for every article about Russian or Chinese hackers to be replaced with rival football teams or your own state.
"The broncos leveraged a Cisco ASA vulnerability"
"California implanted a backdoor into ssh"
Instead of this nonsense xenophobic distraction about being at war with eastasia and needing permission to surveil all citizens.
#cybersecurity

anybody work in #instagram 's trust and safety department?
got a local LGBT organization I'm helping out with IT stuff that keeps getting flagged and taken down.
(I'm not a facebook user)
#cybersecurity

This article from @… has a ton of great #threatintel I highly recommend searching for web browsing activity to:
*.run.app
*.my.id
*.biz.id
And if you don’t have any activity, consider blocking the domains, or at least alerting on them.
#cybersecurity
From: @…
https://infosec.exchange/@r1cksec/112564802134098899

Critical incident declared as ransomware attack disrupts multiple London hospitals.
https://therecord.media/london-hospitals-ransomware-attack-critical-incident-declared

Critical incident declared as ransomware attack disrupts multiple London hospitals
An attack affecting multiple London hospitals appears to be connected to a breach at a company that provides pathology services.

I wonder how many organizations will get burned by this through fourth party use? (You don’t use Snowflake but your SaaS provider does) #cybersecurity
From: @…
https://cyberplace.social/@GossiTheDog/112546827980848718

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
https://www.metacurity.com/p/best-infosecrelated-long-reads-week-51124-c8a1

"Sloths see the world different [...] And offensive security [is a different way to see things]" - @… live on @… discord
Good discussion on bloodhound, lolbins, red teamers, etc
#bsides is a great resource, offsec professionals at btc,
#cybersecurity #blueteam

I didn’t know SentinelOne was so good in the MacOS space. It’s good to see. And if you manage Macs, you’ll want to read this article and see if you’ve been affected by this malware.
#cybersecurity
From: @…
https://infosec.exchange/@screaminggoat/112366510602329117

"Sloths see the world different [...] And offensive security [is a different way to see things]" - @… live on @… discord
Good discussion on bloodhound, lolbins, red teamers, etc
#bsides is a great resource, offsec professionals at btc,
#cybersecurity #blueteam

These @… talks on discord are AMAZING. It's so nice to catch the talks I missed in person last year.
You coming to Chicago this year?
#cybersecurity #blueteam #blueteamcon

Do you work for a business? Is that business in the video gaming industry? If not, block access to steamcommunity.com. You’ve just neutered this malware. Have a cup of tea and pat yourself on the back. 🙂
#cybersecurity #threatintel #ioc
From: @…
https://infosec.exchange/@sekoia_io/112355399877140404

SQL injection
Es q el injection
See quel injection
Squirrel injection
Release the squirrels!
#cybersecurity
es ql
see quel

This is really bad. If you were vulnerable to this issue, the only way out of it is through Palo Alto support. Open a case with them to review your logs.
I could see this requiring some organizations to completely replace their Global Protect-enabled firewalls with new ones.
#cybersecurity
From: @…
https://infosec.exchange/@screaminggoat/112356219118533957

SQL injection
Es q el injection
See quel injection
Squirrel injection
Release the squirrels!
#cybersecurity
es ql
see quel

I wasn’t aware that Autodesk had a file sharing service either! Definitely block drive.autodesk[.]com in your org if you don’t use it.
Also, here’s the original Netcraft post that the Security Week article is based on.
#cybersecurity #threathunting #ioc
From: @…
https://cyberplace.social/@fellows/112338297595886392

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
https://www.metacurity.com/p/best-infosecrelated-long-reads-week-51124-c8a1

Once you get your drivers up to date, ensure that you have the Windows Vulnerable Driver Blocklist enabled. This is available in Windows Security Settings --> Device Security. If it is enabled and greyed out like in this screenshot, you are good to go. If not, enable it. Also, while there I recommend enabling Memory Integrity as it is a good complimentary security control for your computer #cybersecurity #microsoft

Once you get your drivers up to date, ensure that you have the Windows Vulnerable Driver Blocklist enabled. This is available in Windows Security Settings --> Device Security. If it is enabled and greyed out like in this screenshot, you are good to go. If not, enable it. Also, while there I recommend enabling Memory Integrity as it is a good complimentary security control for your computer #cybersecurity #microsoft

Sophos has done quite an extensive investigation into this malware operation and provided over 450 #IOCs to hunt for. I also find they are abusing WebDAV servers (those servers with <at>80 in the URL). WebDAV is an uncommonly used protocol these days. If you can, try to block access to all WebDAV servers except those that are used by your organization.
#threatintel #cybersecurity
From: @…
https://infosec.exchange/@SophosXOps/112351480339066844

For my #threatintel folks here’s an easy one: any traffic in your environment to/from 45.142.166[.]112? If so, track it down. You have an infected system.
#cybersecurity
From: @…
https://mastodon.social/@campuscodi/112332564574881707

okay, I'm aware of how #U2F and #WebAuthN work at the protocol/implementation level.
I'm not sure someone's given a simple explanation for why #evilginx or similar #phishing #mitm proxies wouldn't work.
there's surely modes you could do FIDO2 that are vulnerable to phishing (kinda like doing JWTs wrong)
#cybersecurity

Spamhaus always has good #threatintel in their reports. Great source for #threathunting and/or evidence to support blocking commonly abused TLDs like .bond
#cybersecurity
From: @…
https://infosec.exchange/@spamhaus/112326636357658553

Do you occasionally check your Windows drivers to keep them up to date? Many drivers are not updated by Windows Update -- you have to get them from the manufacturer of your computer and peripherals. Why is this important? Drivers, like all other software, can have security-related defects. Attackers can leverage these vulnerabilities to escalate privileges and install malware on your computers.
Major PC manufacturers have utilities that can help you keep your drivers up to date, such as these from Dell, Lenovo and HP:
#cybersecurity #microsoft

Do you occasionally check your Windows drivers to keep them up to date? Many drivers are not updated by Windows Update -- you have to get them from the manufacturer of your computer and peripherals. Why is this important? Drivers, like all other software, can have security-related defects. Attackers can leverage these vulnerabilities to escalate privileges and install malware on your computers.
Major PC manufacturers have utilities that can help you keep your drivers up to date, such as these from Dell, Lenovo and HP:
#cybersecurity #microsoft

Stellar posts. What are some of your favorite #SecurityDesign guides?
#CyberSecurity #CloudArchitecture #BlueTeam

I kinda think there should be a #honeytoken alliance between most providers. or maybe just between small shops.
Like an agreement to make API keys that your SIEM will alert on, that you give to trusted partners, where you'll ping them if something uses their canary.
#cybersecurity #blueteam #cloudarchitecture #canarytokens #canarytoken

more #snowflake #snowflakebreach news.
#cybersecurity #blueteam

you're air dropped into an organization. what are your priorities? what do you want fixed first? if you had to do things one at a time.
inventory, backups? patching? hardening? budget, staffing, AV, firewalls, telemetry, IRP,
#CyberSecurity #BlueTeam #GRC #CISO

you're air dropped into an organization. what are your priorities? what do you want fixed first? if you had to do things one at a time.
inventory, backups? patching? hardening? budget, staffing, AV, firewalls, telemetry, IRP,
#CyberSecurity #BlueTeam #GRC #CISO

I talk a lot about blocking certain Internet services such as Dynamic DNS, but I realize that not everyone has a fancy DNS security service or NGFW that gives you an easy way to do this. If you don't have those, but do use Windows DNS, you can create a DNS Policy to create your own #DNS block list by running a simple PowerShell command on your DNS server:
Add-DnsServerQueryResolutionPolicy -Name "BlockListPolicy" -Action IGNORE -FQDN "EQ,*.duckdns.org" -PassThru
#cybersecurity

okay, the #snowflake / #SnowflakeBreach thing...
Okay, which is it. one or the other or both? either their servicenow's messed up, or their customers have bad passwords and no MFA, or both?
#cybersecurity #blueteam #incidentresponse #servicenow #okta