great people do not spend thinking about how to get promoted

they put their energy into working with great people at great orgs, and being great at the work

in healthy organizations, responsibility constantly flows to its best owners

I made my secwest slides repo public and put a PDF in 'releases' github.com/jduck/csw-slid… Feel free to reach out!

Learn more on different types of attacks observed during tax season and guidance from Microsoft on how to help protect from such threats here: msft.it/6014cW7U4

There is now a Sigma rule validator on the Github marketplace written by Mostafa Moradian

It helps you ensure that the rules you deploy to your repo can be converted using the official 'pySigma' converter

github.com/marketplace/ac…

No, running atomic red team for TXXXX does’t mean you now detect APT-Y’s procedures for TXXXX.

Conducting analysis of your coverage for a threat group via ATT&CK Navigator on technique IDs alone is a reductionist view of procedure variations, and does not appropriately convey…

Trend Micro's Peter Girnus, Aliakbar Zahravi & Simon Zuckerbraun analyse a DarkGate campaign, which exploited CVE-2024-21412 through the use of fake software installers. trendmicro.com/en_us/research…

The 2024 Threat Detection Report is out! Featuring actionable insights for the most prevalent cyber threats and ATT&CK techniques your security team is likely to encounter. Read the full report now: redcanary.com/threat-detecti…

It’s here! Signal finally gets the long-requested username feature, making it possible to share your contact info without giving out your phone number. We've updated our SSD guide with directions to set it up. ssd.eff.org/module/how-to-…

Network tunneling with… QEMU?

While investigating an incident at a large company a few months ago, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the following:…

Our ‘Living off the Land’ advisory provides important context on Chinese intrusions into critical infrastructure. You can’t rely on IOCs and malware detection. You need to focus on tradecraft.

media.defense.gov/2023/May/24/20…

🚨IMPORTANT: Protect your networks from threat actors exploiting Ivanti gateway vulns to achieve persistence. 🙏to all of our partners who collaborated on this important advisory, including Volexity, Mandiant, & Ivanti: go.dhs.gov/Jeg

If only the processes were imagineered in a way where compassion and care were paramount rather than profit. Like a spinning lathe, the machines are not made to care about the head, neck or body attached to the hair that is quick to meet its end. Stay safe out there.

Post yourself wearing a hat.

CVEs!!! 🤩
CVE-2024-1708 and CVE-2024-1709 assigned for the #ScreenConnect vulnerabilities.

.... and ah, the words 'affected from version 0' are pretty brutal 😅😅

Well, now that other firms have publicly shared the proof-of-concept, and in-the-wild exploitation is already happening... we feel we aren't adding any risk and are comfortable sharing our analysis.

Huntress writeup on #ScreenConnect vulnerabilities: huntress.com/blog/a-catastr…

RIP

kb.vmware.com/s/article/2107…

#Zloader aka #SilentNight is back! Check out our technical analysis of Zloader version 2.1.7.0, where we uncover the new obfuscation techniques, updates to the DGA, and the addition of RSA to network encryption. Blog link: zscaler.com/blogs/security…

New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Lawrence Abrams
bleepingcomputer.com/news/security/…

bleepingcomputer.com/news/security/…

CISA is requiring all Federal agencies to disconnect Ivanti products by Friday at midnight (Ivanti Connect Secure & Ivanti Policy Secure). This is roughly 48 hours notice, to not patch, but rip it out! Ivanti is an American company. This is unprecedented.
cisa.gov/news-events/di…