🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

.CrowdStrike has observed an increase in the targeting of #Telco and #BPO industries from a financially-motivated adversary SCATTERED SPIDER. Mobile carrier networks are targeted, and in some cases SIM swapping has been confirmed. #infosec #dfir crowdstrike.com/blog/analysis-…

SCATTERED SPIDER / 0ktapus / UNC3944 is alive and well. Don’t make it easy for them: ◦ MFA everywhere ◦ Disable MFA push; use number-matching, OTP, or hardware token ◦ Disable external IP and unsupervised MFA self-enrollment or self-reset ◦ Allow only one trusted MFA device

It’s about time this was called out. Lack of #EDR is a big problem for #ESXi - leaving businesses shut down while criminals profit. Do the right thing VMware. crowdstrike.com/blog/hyperviso…

Be sure to check the #MOVEit application DB and IIS logs for data exfil analysis. More in our blog: crowdstrike.com/blog/identifyi… #infosec #dfir

Microsoft needs to disclose how the MSA consumer account signing keys were stolen. It’s creating a unique problem of distrust in customer reliance on cloud services. This is on Microsoft . At present the explanation is not good enough. Mail Items accessed is throwing up a wall

🌶️

Still relevant and should be standard. #ESXi segmented by jump hosts with separate MFA. On average 24-48 hours from initial smish or social engineering to encryption and data exfil.

Nice work here by Mandiant (part of Google Cloud) to spread the word. I’ll add specifically that vCenter and #ESXi are targeted where the blog mentions encryption of hypervisors. Get jump hosts with separate MFA in between them, and remove AD binding. #scatteredspider mandiant.com/resources/blog…

Smh Joe Buck 👟

In addition to the CrowdStrike blog post today on Imperial Kitten - we have released a podcast detailing Iranian cyber operations going back over a decade - crowdstrike.podbean.com/e/iran-s-rise-… or where ever you enjoy podcasts. #CyberSecurity #threatintelligence

.americanair thanks for boarding us all on flight 591 before you confirmed having pilots. “Apologies for any inconvenience” should do the trick. The FAA ✈️

🌶️ breakdown of the MSFT breach and US Cyber Safety Boards review

We continue to monitor activity related to CVE-2024-3400, and have several resources to keep you informed 👇 💻 Complete overview on our site: crwdstr.ke/6011bdDw3 🔖 Quick reference guide: crwdstr.ke/6016bdDwr