Microsoft has detected a 111% year-over-year increase in token replay attacks, and incidents are continuing to grow. msft.it/6011lSgZ7

Workshop: Cyber Threat Intelligence 101 at #BSidesNoVA on Friday, September 6th at 8:00AM ET. Let ☠️ Andy Piazza ☠️ and 💯 John Stoner 💯 be your guides in this workshop for blue teamers (current and future!) who are interested in threat analysis. 🧐🕵️#CTI Register: bsidesnova2024.sessionize.com/session/716379

New blog up: "What a Cluster! How Industry Groups and Names Threat Activity Clusters". I decided there was a need for it since we are more regularly talking about UNCs and STACs these days and it can be confusing for those just getting into #cti. medium.com/@Shinigami42/w…

this stat 🎯🔨 ...5️⃣3️⃣ 𝘳𝘢𝘯𝘴𝘰𝘮𝘸𝘢𝘳𝘦 𝘨𝘳𝘰𝘶𝘱𝘴 𝘩𝘢𝘷𝘦 𝘣𝘦𝘦𝘯 𝘢𝘤𝘵𝘪𝘷𝘦 𝘴𝘰 𝘧𝘢𝘳 𝘪𝘯 2024, 𝘣𝘶𝘵 𝘵𝘩𝘦 𝘵𝘰𝘱 6️⃣ 𝘨𝘳𝘰𝘶𝘱𝘴 𝘢𝘤𝘤𝘰𝘶𝘯𝘵 𝘧𝘰𝘳 𝘢 𝘭𝘪𝘵𝘵𝘭𝘦 𝘮𝘰𝘳𝘦 𝘵𝘩𝘢𝘯 𝘩𝘢𝘭𝘧 𝘰𝘧 𝘵𝘩𝘦 𝘵𝘰𝘵𝘢𝘭 𝘤𝘰𝘮𝘱𝘳𝘰𝘮𝘪𝘴𝘦𝘴.

⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍

Threat actors leverage compromised identities to achieve a significant level of access to target networks. Implementing multi-factor authentication (MFA) remains an essential pillar in identity security and can block more than 99.2% of account compromise attacks.

🚨📢 Join my team! 📢🚨 Recorded Future’s Advanced Cybercrime & Engagements (ACE) team is (t)h(r)unting for a mid-tier #CTI analyst with a background in cybercrime and hacktivism. This role is multidisciplinary! All skillsets encouraged! Please share! boards.greenhouse.io/recordedfuture…

I believe in the infosec DIY ethic. Write your own EDR Roll your own crypto Make your own OS What could go wrong?

Catch me and jacob ☕🦆⌨️ at #OBTS talking about DPRK 🇰🇵 (and other APT 🇨🇳 🇷🇺 🇮🇷 🏴‍☠️ ) malware for MacOS, how we tested some methods of clustering compiled Machos, and how Jacob then implemented them into YARA-X 👾🔬 Stoked to be a part of such a great line up!

Thank you for the positive response and feedback! So many of you sent feedback and are finding the CTI-CMM useful. We are discussing ways to get you more involved moving forward. Stay tuned for opportunities! Tell us how you use the CTI-CMM with hashtags: #CTICMM #BetterTogether

There’s something in the static

Chasing every last second of sun by any means necessary

"I am here to do a business Blue Team Con. Find me in Chicago to talk about important cat priorities - like securing the kibble, or those prod ☁️ workloads with ClearVector. Meow."

ONE WEEK FROM WORKSHOPS AT BSidesNoVA! 💯 John Stoner 💯, J⩜⃝mie Williams, and I will be rattling on about CTI stuff n things next Friday. Then on Saturday, the con has a full schedule of amazing talks, panels, and shenanigans!

This is a very interesting attack chain. Especially from a Sleet actor. North Korean threat actor Citrine Sleet exploiting Chromium zero-day microsoft.com/en-us/security…

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. msft.it/6010l7S6w

#CTICMM #LaborDay #Industry

.BSidesNoVA is this weekend! We're excited for talks from friends like Allan “Ransomware Sommelier🍷” Liska, Jon DiMaggio, and J⩜⃝mie Williams. Maybe we'll make them some friendship bracelets at the Friendship Bracelet Station at the Sherpa Intelligence Table ☺️

Thank you Buffalo Bills!

Football season is back baby!