🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

If you are following me, and this is yours, please take it off the Internet Thank you :)

Something new for 2023. MISP Online Workshops. cudeso.be/misp-workshop.… #CTI #Training

1/ Interesting, possibly the same TA/affiliates distributing first #IcedID (Campaign ID: 3954321778) and then #Qakbot (new Botnet ID: tok01) via #OneNote documents. They used the same URL for the decoy document and the same server for DLL distribution domains.

Noticed two #guloader campaigns recently where wscript > vbs > powershell with VT detection 2/60 and 0/60 respectively. Here is a KQL query below for your #ThreatHunting⤵️ #MicrosoftSecurity #KQL github.com/cyb3rmik3/KQL-…

We recently discovered a new threat actor called #YoroTrooper that's primarily motivated by espionage-related activities. Find out what this group may be after and why. cs.co/60113NqOR

The indicators from CrowdStrike (and others) on the compromise of the 3CX desktop app have been published via the MISP (@[email protected]) OSINT feed of botvrij.eu. You can also get them directly at botvrij.eu/data/feed-osin… #3CXpocalypse #3CX

🔍If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow!💥I'll update as soon as the analysis progresses. Stay tuned for the MacOS edition! #cybersecurity #infosec #supplychainattack #3CXpocalypse

A MISP (@[email protected]) tip of the week: MISP objects are a powerful way to add contextually linked attributes to threat events. And it's available via PyMISP. Use this notebook as a starter or learn how to add your own custom objects. github.com/cudeso/misp-ti… misp-project.org/2021/03/17/MIS…

How to do the MISP (@[email protected]) to Microsoft Security Azure Sentinel integration with PyMISP? Read the blog post at misp-project.org/2023/04/03/MIS… #cti

We did a Markdown version of the TLP:UNCLEAR proposal. github.com/adulau/tlp-unc… adulau.github.io/tlp-unclear/ Pull-request are welcome. x.com/adulau/status/…

Attackers are having to switch up their tactics after #Microsoft changed the way they handle macros. On the latest episode of #ThreatWiseTV, hear from one of our researchers about what he's seeing in the field and how adversaries are adapting cs.co/6015OH7wl

#QBOT Affiliates on a New Journey: What We Know So Far 🚶‍♂️👣 ⏳ Less than 24 hours from our last update and we already see what we anticipated: The first victims have been compromised. The threat actors initially distributing #Qakbot malware in TR and BB campaigns did not

🚨🚨🚨 Whatever you were thinking about CVE-2023-20198 (#Cisco IOS EX) it's 100x worst. We used Cisco Talos Intelligence Group IOC check and found ~30k implants. That's 30k devices infected (routers, switches, VPNs), under the control of threat actors. That's excluding rebooted devices.

Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust. Here's everything we know about it:

If you're interested to get some tips & tricks on how to use VirusTotal as a #SOC analyst or Incident Responder, check out these VirusTotal Academy video playlist youtube.com/playlist?list=…. I hope you enjoy them! #CyberSecurity #infosecurity #ThreatIntel #cyberthreatintelligence

Threat researchers from @Proofpoint this month identified TA571 delivering the Forked variant of IcedID in two campaigns. Emails in the campaigns purported to be replies to existing threads, a malicious technique known as thread hijacking. Read more ⤵️ ow.ly/5svx50Q2fI1

#ICYMI VMware released security advisories to address vulnerabilities in multiple products. Read more at cisa.gov/news-events/al…. #Cybersecurity #InfoSec #VMware

Scammers and bad actors are consistently using the popular game #Roblox to scam players (often children) out of their money, or even using it as a way to install #malware on their computers. We have an overview of their various tactics up on the Talos blog cs.co/6013uml4D

🎯Detecting/Hunting PsMapExec Default Values (Two of the most commonly seen methods) 1️⃣SMB Method: Service Creation - EIDs 7045(System) and 4697(Security) - Service name regex: 'Service_[a-z]{16}' - Service File name: PowerShell command execution The PowerShell script that will

EDRSilencer - a tool that uses Windows Filtering Platform (WFP) to block EDR agents from reporting security events to the server dlvr.it/T1z1qX #cyber #threathunting #infosec