Tootfinder

Opt-in global Mastodon full text search. Join the index!

@deepthoughts10@infosec.exchange
2024-05-08 21:53:34

A known threat actor has stated that they breached #Zscaler and are selling the access for $20k. Zscaler is investigating #threatintel

@deepthoughts10@infosec.exchange
2024-06-08 19:22:49

I have never seen a legitimate .xyz domain. I’m sure there’s at least one, but you should block this TLD if you can.
I recommend blocking it both at the DNS layer and at your email gateway to prevent email spam and phishing campaigns. As an example, here’s how to block TLDs in #Exchange Online
#cybersecurity #threatintel
From: @…
infosec.exchange/@threatcat_ch

@deepthoughts10@infosec.exchange
2024-06-07 01:28:44

Someone’s been busy. A whole lotta new botnet and C2 domains from Sarlack Lab. Block all but the major service providers like Microsoft.com, cloudfront.net, azureedge.net and azurefd.net
#threatintel #cybersecurity
From: @…
ioc.exchange/@SarlackLab/11257

@deepthoughts10@infosec.exchange
2024-06-06 00:30:01

This article from @… has a ton of great #threatintel I highly recommend searching for web browsing activity to:
*.run.app
*.my.id
*.biz.id
And if you don’t have any activity, consider blocking the domains, or at least alerting on them.
#cybersecurity
From: @…
infosec.exchange/@r1cksec/1125

@deepthoughts10@infosec.exchange
2024-04-30 01:05:20

Do you work for a business? Is that business in the video gaming industry? If not, block access to steamcommunity.com. You’ve just neutered this malware. Have a cup of tea and pat yourself on the back. 🙂
#cybersecurity #threatintel #ioc
From: @…
infosec.exchange/@sekoia_io/11

@Xavier@infosec.exchange
2024-03-29 19:04:34

I found this graph from Google’s Threat Analysis Group and Google Mandiant extremely interesting. This pie chart highlights the motivation behind various threat groups that are using #ZeroDay vulnerabilities.
That yellow section... "The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices. "
Thoughts? Are you surprised by this data?
Full Report: #infosec #google #mandiant #threatintel

@deepthoughts10@infosec.exchange
2024-04-25 15:59:23

For my #threatintel folks here’s an easy one: any traffic in your environment to/from 45.142.166[.]112? If so, track it down. You have an infected system.
#cybersecurity
From: @…
mastodon.social/@campuscodi/11

@deepthoughts10@infosec.exchange
2024-04-28 23:57:56

Sophos has done quite an extensive investigation into this malware operation and provided over 450 #IOCs to hunt for. I also find they are abusing WebDAV servers (those servers with <at>80 in the URL). WebDAV is an uncommonly used protocol these days. If you can, try to block access to all WebDAV servers except those that are used by your organization.
#threatintel #cybersecurity
From: @…
infosec.exchange/@SophosXOps/1

@deepthoughts10@infosec.exchange
2024-04-25 00:51:30

Spamhaus always has good #threatintel in their reports. Great source for #threathunting and/or evidence to support blocking commonly abused TLDs like .bond
#cybersecurity
From: @…
infosec.exchange/@spamhaus/112

@deepthoughts10@infosec.exchange
2024-05-20 00:56:44

The best weekly curated list of #DFIR and #threatintel on the net
From: @…
infosec.exchange/@Phillmoore/1