Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. virustotal.com/gui/file/4a240…

🚨 EMERGENCY WEBCAST TOMORROW! 🚨 Join @malwarejake for this urgent webcast: #MSDT (MS Word) #ZeroDay. We'll identify how the vulnerability works, how to detect exploitation, and how to remediate. Register Here: ow.ly/E0jy50Jl9Wf

The presentations of the ninth EU ATT&CK community workshop have been released on our wensite attack-community.org/event/. ATT&CK CIRCL - @[email protected] CERT-EU Alexandre Dulaunoy @[email protected] Saâd Kadhi (M: https://infosec.exchange/@saadk) @MITREengenuity

.Thomas Patzke published a Cookiecutter template to facilitate the creation of backends for pySigma x.com/blubbfiction/s… pySigma is the new basis for conversions github.com/SigmaHQ/pySigma Sigma-cli, which uses pySigma replaces the old&inflexible sigmac github.com/SigmaHQ/sigma-…

that paper Old Bitshifter and i followed up with after our #FIRSTCON2020 presentation is now accessible: dl.acm.org/doi/10.1145/34… thank you FX of Phenoelit for reviewing it & FIRST.org for sponsoring❤️ the full suggested KPIs can still be found here: github.com/d3sre/Intellig…

📈 I love this diagram showing the profitability of the #Conti #Ransomware group🔥 ROI estimated around +163%... what a business case!! lnkd.in/emT2MCcG ➡️ Recruitment, company organisation, salary policy 💵, cash flow... it's a company "almost" like any other! #MustRead

Attackers behind a large-scale adversary-in-the-middle (AiTM) phishing campaign used stolen credentials and session cookies to skip the authentication process and perform follow-on business email compromise (BEC) campaigns against other targets. Details: msft.it/6016b2F3Q

Happy to share that Splunk Attack Range 2.0 is officially released 🎉 with a ton of new features! Huge thanks to every single one of our users 🙇, we continue to improve and keep the project open/free. Give us a star on GitHub if you like it. #STRT splunk.com/en_us/blog/sec…

FIRST (FIRST.org) Standards Definitions and Usage Guidance (TLP) - Version 2.0 has been released. So we updated the MISP (@[email protected]) TLP taxonomy to version 2.0. github.com/MISP/misp-taxo… We took great care of ensuring backward compatibility with tools using the taxonomy.

Dropping some 🔥APT29 observables this afternoon. Updates to our AADInvestigator and white paper too! mandiant.com/resources/apt2… APT29 continues to up their opsec game 🥷 targeting #Microsoft365 #DFIR

Registration for the 10th EU ATT&CK Community Workshop on 6-7 October is now open attack-community.org/event/. @certbe CIRCL - @[email protected] CERT-EU @MITREengenuity ATT&CK

👏Super proud of some of the coverage Mauricio Velazco and #STRT have built for #Azure in the last few months, latest was persistence, but not so long ago we shipped account take over too: research.splunk.com/stories/azure_…

The agenda of the EU ATT&CK Workshop on 7 October is online: attack-community.org/event/. Packed with inspiring lightning talks. Participation free but registration is required. ATT&CK sigma CIRCL - @[email protected] CERT-EU @MITREengenuity @certbe Kevin Holvoet

As the list of responsibilities continuous to grow, what can security leaders do to better address #cyberrisk? Learn how from Freddy Dezeure ⬇️ bit.ly/3SdOgZH

The presentations from the 10th EU ATT&CK Community Workshop are online now: attack-community.org/event/. ATT&CK CIRCL - @[email protected] CERT-EU Kevin Holvoet Pedro Deryckere

It's here! A special thanks to the 75 of you who (publicly) contributed to this ATT&CK release.

This was a bit too late to make the newsletter, but here is some great news – this is Microsoft’s pull request, now on the #Zeekurity GitHub: github.com/zeek/zeek/pull…

Learn more about applying code search technologies to #threatintel processes with our #FIRSTCTI22 talk by _D4Z3N_ and Jonas Wagner youtube.com/watch?v=z3vj2r…

We're excited to announce Intel 471 & @Threatray are entering into a joint research collaboration. This partnership will generate higher value IOC extraction supporting improved detection, triaging, threat hunting, and incident response. Read more here: hubs.la/Q01vKM3r0

📅 Join us on May 26 for the 11th EU MITRE ATT&CK® Community Workshop. Register now for free at eventbrite.com/e/11th-eu-attc… #Mitreattack #CCB #CenterForThreatInformedDefense