US, UK & Australia have all recently released new national cyber strategies. WithSecure™'s March threat highlights report has a good summary of the priorities in each strategy, alongside the regularly scheduled content on threats and what to do about them withsecure.smh.re/13_

Top advice: - Often I felt I didn’t deserve the spot or I wasn’t as good as others. It was more common amongst my colleagues than I knew. One way I overcame this was surrounding myself with mentors and like-minded colleagues - Lean into your strengths withsecure.smh.re/14t

Good walkthrough of a real cloud incident. Exposed credentials -> S3 access -> disable versioning -> delete files -> leave a ransom note. invictus-ir.medium.com/ransomware-in-…

I’ve now been tracking cyber crime & threat landscape for ~9y, and IMHO the emergence of “access-as-a-service” is by far the single thing that has had the most far-reaching impact. It’s enabled threat actors to specialize and to scale.

The problem: "when the risks being mitigated aren't what's important for the outcomes the business wants to achieve, it can lead to cyber security investments being completely disconnected from the business or not getting the appropriate funding" withsecure.smh.re/15e

Do you plan your cybersecurity initiatives to achieve improved customer experience & revenue growth for your org? Unless cybersec initiatives are aligned with the business outcomes that business people expect, they'll struggle to get priority and funding. withsecure.smh.re/16U

It started with selling hacking tools but evolved to selling access Webinar June 1st: The growing professionalization of cyber crime & what you can do, with Jack Fowler (Head of Information & Cyber Security, Harris Federation) withsecure.smh.re/17j

Do you make machinery, motor vehicles, or medical devices? Or provide services to the postal delivery chain? EU NIS2 expands the scope & requirements of the original. If you're not sure of the expanded scope & requirements, here's a good simple checklist. withsecure.smh.re/18E

Our incident responders recently battled TheDukes/CozyBear/APT29 out of a customer environment. We also developed tooling to help investigate the timeline of the breach. We added 3 techniques for the analysis & timestamp enrichment of Shimcache entries withsecure.smh.re/19H

The power of real-world investigations. We investigated attacks against servers running Veeam Backup & Replication software. We have high confidence it's FIN7. Initial access was likely via a recently patched Veeam Backup & Replication vuln CVE-2023-27532 withsecure.smh.re/19R

While performing a threat hunt exercise using telemetry data from WithSecure™ Endpoint Detection and Response (EDR), our researchers noticed some Veeam servers that generated suspicious alerts withsecure.smh.re/1AN

Manage R&D programs to launch products, coordinate complex tech stack changes, or improve business unit economics? Develop WoW of a big R&D unit building cyber security software for all major OSs? I’m hiring a Program Manager for WithSecure™’s Agents R&D withsecure.smh.re/1BP

5 different attackers contributing to a single incident. Is this the new normal for defenders? withsecure.smh.re/1H3

An update on the number of AI related mentions on earnings calls and other transcripts of publicly traded companies: {Data from TA<Go>} *No shock here, it's gone vertical

The hard stuff nobody talks of when building products with LLMs: -Context windows -LLMs are slow & chaining is a nonstarter -Prompt engineering is weird -Correctness vs. usefulness -Prompt injection -LLMs aren’t products by themselves -Legal & compliance honeycomb.io/blog/hard-stuf…

Unpopular opinion: LLM-based query interfaces won’t take over the world. Why: they’re undoubtedly great for getting started, but the more advanced a user you become - the more you start to know exactly what & how you want to do - an LLM turns from convenience to hindrance

It used to be ”oh, random USB stick in the mail (or on the ground) - I wonder what happens if I just briefly plug it in?” Seems we’ve progressed to ”oh, random smart watch - I wonder what it can do if I just connect it to my phone & wifi?” Pro-tip: don’t. Nothing good happens.