Swisscom Swisscom CSIRT Team is hosting a neat challenge in their security.txt at swisscom.ch/.well-known/se… which I recently solved. Today I received a little present! Thank you!

Yara practices I highly recommend after having written ~1500 rules🧵#100DaysOfYara 1. For code patterns: add the disassembled code as comment Otherwise you force readers to reverse engineer the code pattern, making it hard to maintain, judge its usefulness and matches.

Avoiding #Identity #theft is a top priority when it comes to protecting your own #data! Use #2FA as proof of identity, complex #passwords & pay attention to the #protection of your data! See the 100 most frequently registered #passwords by #avatlasorg. #autentication #cybercrime

Another observation for the #anydesk case: If you compare the productname that is set for the executable you get the following two graphs: Malware on the left, actual AnyDesk files on the right. Malware used the string "anydesk" in only a few occassions.

Based on x.com/cyb3rops/statu… I created 2 rules to cover more malware using the #anydesk certificate. Florian's rules detect 396 of 421 malware, 0 FPs for 560 legitimate AnyDesk files. My rules add coverage for 24 of the 25 undetected files, 0 FPs: github.com/mmorgens/yara/…

All certification tests of AV-TEST in 2024 will be run under the AMTSO standard! Read more about my perspective about cyber security testing in the interview between me and AMTSO

Most comprehensive thread regarding the #lockbit takedown. If you have missed the show, read this thread.

We collected all publicly reported cyber security incidents in Europa 2023 and put it into a report. Check it out! #threatintel #cybersecurity

Scary stuff. Just checked our database at AV-TEST for the latest WdBoot.sys drivers we know. Looks like the faulty driver (check the filesize!) was introduced Feb 6th 2024, v4.18.24010.7. Drivers before that look fine.

Opened the AV-TEST Security Summit 2024 earlier today and just finished my talk about YARA. Spoiler: You still need EPP/EDR 😁 #100daysofyara #cybersecurity #endpointprotection

What a fantastic day! Exciting talks in the morning during our AV-TEST Security Summit and then the most amazing AV-TEST Awards ever. Thank you for making this day a success and for being part of 20 years of AV-TEST!

Doing a bit of vulnerability research and found this gem ... that is a good way to protect secrets such as API keys 😀

Excellent summary. I always think back to that SOC manager who I asked what they look for in sandbox reports: "The overall score. We just want to know whether it is malware or not!" It's the sad truth 😐😐😐