🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🚨 We're tracking new 0-day RCE CVE-2024-3400 in Palo Alto Networks PAN-OS 10.2-11.1 allowing unauthenticated root access in certain configs, check out the blog for more details. greynoise.io/blog/cve-2024-…

Microsoft taketh and Microsoft giveth attack surface x.com/Malwarebytes/s…

Florian Roth ⚡️ I think so - at some point in time these "logs" will be sync'ed to the cloud, because, "cloud". Then, on a Friday, random announcement, breach that affected a "limited number of customers", the "hackers were looking for Recall logs from certain customers". Sounds familiar? 😃

Mandiant (part of Google Cloud) is releasing details on a data theft and extortion campaign undertaken by UNC5537, targeting Snowflake customer instances. Since April, UNC5537 has leveraged stolen credentials to target over 100 organizations. cloud.google.com/blog/topics/th…

Some asked how to remove these ghost logins from Snowflake after migrating to SAML SSO. You can unset a user's password. The guidance is here: community.snowflake.com/s/article/How-…

Detecting Lateral Movement in Entra ID 😍 Threat actors can perform tenant-to-tenant lateral movement by abusing Cross Tenant Synchronisation. Full blog 👇 xintra.org/blog/lateral-m… You can detect lateral movement from specific logons abusing this feature in Entra ID 😝 This

We are looking for a Technical CTI Lead to join our team. Please feel free to reach out if you have questions: …thwesternmutual.wd5.myworkdayjobs.com/en-US/CORPORAT…

You should also check the many other IDAT payloads with 0 AV detection rate listed on the rule's info page on Valhalla valhalla.nextron-systems.com/info/rule/MAL_… Jai's tweet that made me check for other matches with that rule x.com/CyberRaiju/sta…

Excited to tell the 🐦 world that 100% of the Cyber Community "Secure the Ball" fantasy football league participants are returning for year 2! I guess either the camaraderie was great or the punishments were not bad enough... 🤔🤣. 🏈 #infosecfantasyfootball #fantasyfootball

🚨LOLRMM Update 🚂 You thought we were done? Nope. 🔥 Deduplication efforts are in the works 🔥 Experts (Jose Enrique Hernandez) are reviewing the site code to ensure we deliver the most epic LOLRMM experience. 🔥 More and more RMMs are being completed (Kostas Nasreddine Bencherchali ) 🔥 Who

Finally got around to finishing my first blog post. If you are doing AWS detection engineering, you may find this useful. chesterlebron.blogspot.com/2024/08/my-met…

Florian Roth ⚡️ It's also regrettable that you can't properly manage VSCode on enterprise level: you can't blanket-disable extensions/only allow verified ones/only allow allowlisted ones; let alone manage it in a useful way via e.g. group policies. github.com/microsoft/vsco… code.visualstudio.com/docs/setup/ent…

Just published Part Three of my blog series on my approach to Detection Engineering in AWS. This is by far my favorite part about RBA: Variable Scoring. I may extend this series at a later date but for now, this will do 👇🏾. chesterlebron.blogspot.com/2024/09/my-met…

🔍💻 PowerShell Pro Tip! 💻🔍 Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪 Use this PowerShell magic to find file extensions and their associated apps (like finding out `.rdp` opens with

Within the past 24 hours, we observed Storm-2372 shifting to using the specific client ID for Microsoft Authentication Broker in the device code sign-in flow of their device code phishing campaign. Get more details from our continuous tracking of this active threat:

This was new to me, so I hope it helps someone else. It looks like Enterprises can configure allowlists for VSCode extensions on Windows now. Looks like Mac is coming later: code.visualstudio.com/docs/setup/ent…