I see PDFSkills has a new code-signing certificate "BLACK INDIGO LTD". #EV #ImpostorCert #Reported Please don't let your employees use "Free" PDF editing tools. virustotal.com/gui/file/1c359…

This is a fun one :) Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app? learn.microsoft.com/en-us/entra/id…

Welcome to the era of the token. In the past, attackers had to breach networks, bypass security controls, escalate privileges, and evade detection just to reach confidential data. Now? A single OAuth authorization - granted with one click - can hand over access to emails, files,

MartijnFSnl Nathan McNulty This is why the lead designer of conditional access from Microsoft put out a video a couple years ago explaining why you need to include all resources (all cloud apps at the time) when targeting resources for conditional access. Otherwise, in most cases, you open up gaps in

A very common mistake I see for those newer to Azure and Arc is not understanding the risk associated with permissions in Azure and privilege escalation paths to Arc enabled servers It's a good idea to consider locking down Arc to only what you need ;) learn.microsoft.com/en-us/azure/az…

This is insane hackerone.com/reports/2293343

“…Van Andel’s digital unraveling began …when he downloaded free software from …GitHub while trying out some new artificial intelligence technology … the AI assistant was actually malware that gave the hacker behind it access to his computer, and his entire digital life…”

“…threat actors dropped… ransomware payload …but the victim's EDR … quarantined it … threat actors utilized the webcam's Linux operating system to mount Windows SMB network shares … used it to encrypt the network shares over SMB, effectively circumventing the EDR …” #akira

A threat actor slid into a network through exposed virtual network computing (VNC). Here’s what happened 👇 ✅ They deployed C:\\Users\\<redacted>\\Music\\setup.msi to install Atera & Splashtop for persistent remote access

Microsoft is Offering FREE Azure 2025 Certification Courses! No Fee, Completely Free These 20 Courses Includes Video Tutorials, Hand's on Labs and Notes. Don't miss these courses if you want to make your career in 2025:

There's no reason to NOT strictly control RMM installation and usage in your environment. There are currently 272 RMMs in the LoLRMM project right now. Most orgs probably use 1 or 2, legitimately. lolrmm.io

🚨 Ransomware Alert: Medusa Hits NASCAR The ransomware group Medusa has listed the National Association for Stock Car Auto Racing (NASCAR) as a victim on its leak site. 📂 The threat actors claim to have exfiltrated 1,038.70 GB of sensitive data and are demanding $4 million to

You can set up conditional access for your workload identities. For 3rd party SaaS apps with high risk permissions, this is a good idea.

MATLAB dev confirms ransomware attack behind service outage - Sergiu Gatlan bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Yikes SentinelOne is hard down

Official blog on outage sentinelone.com/blog/update-on… #sentinelone