Does anyone know if #Proofpoint is one of those extortion services that will only remove your IP from their SMTP block list if you pay them? I’ve sent them two tickets now over the past two months, and they’re still blocking emails from my servers.

@11011110 Ouch. #Proofpoint plus #Office365, a lethal combination: it means there are at least 3 ways for your incoming mail to be blackholed. My bets are on the obnoxious "connection filter", but I've never had to debug PP.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/connection-filter-policies-configure?view=o365-worldwide#use-the-microsoft-365-defender-portal-to-modify-the-default-connection-filter-policy
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide
https://help.proofpoint.com/Proofpoint_Essentials/Email_Security/Administrator_Topics/hostedemailservices/Configuring_Microsoft_365_for_Proofpoint_Essentials
https://help.proofpoint.com/Proofpoint_Essentials/Email_Security/Administrator_Topics/110_logs/Troubleshooting_email_delivery_problems_using_Email_Logs

How to Utilize Proofpoint Advanced Threat Protection (ATP) to Strengthen Your Network Security
#cyberattacks #proofpoint #ATP #security #network #securityengineers #networksecurity
https://lnkd.in/gEFFVF4w

How to Utilize Proofpoint Advanced Threat Protection (ATP) to Strengthen Your Network Security
#cyberattacks #proofpoint #ATP #security #network #securityengineers
https://www.thesecuredna.com/2023/02/how-to-utilize-proofpoint-advanced.html

I most certainly did, #Proofpoint, thanks for messing up the URLs in my email. NOT!

📬 Makros sind out: OneNote ist Microsofts neues Malware-Taxi
#Malware #Makros #Microsoftoffice #OneNote #OneNoteMalware #PhishingAngriff #PowerShell #Proofpoint #TrustedSec #VBScript https://tarnkappe.info/artikel/malware/makros-sind-out-onenote-ist-microsofts-neues-malware-taxi-264760.html

Yrs ago F-Secure reported that threat actor designated as #CallistoGroup
was targeting military personnel, govt. officials, #ThinkTank s and journalists from across #Europe and #SouthCaucasus since 2015 Oct.via #spearphishing from previously compromised email accounts
Dubbed #SeaBorgium by #Microsoft,#ColdRiver by #Google and #TA446 by #Proofpoint its biggest success was a #hack and #leak op:a #protonmail dump of former #MI6 director #RichardDearlove
involved in #BreXiT backed #LeaveUE campaign

"#Proofpoint researchers uncovered on December 6th, 2022, the threat actors employed brand abuse, app #impersonation and other social engineering tactics to lure users into authorizing malicious apps.

...this malicious campaign includes data exfiltration, brand abuse, and delegated permissions over compromised users’ mailboxes, calendars, and meetings.

Users and organizations should not trust #OAuth #apps based on the verified publisher status alone.

Organizations are encouraged to use #cloud #security solutions that can automatically detect and revoke malicious third-party OAuth apps from their environments."

The Dangerous Consequences of #Threat Actors Abusing Microsoft’s “Verified Publisher” Status

https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher

#threatactors #Microsoft #socialengineering #verifiedpublisher #malware

Hey InfoSec Mastodon. Does anyone know if Proofpoint finally supports sending aggregate (rua) reports, even if is has to be manually enabled? I'm guessing not. That would cut into their Proofpoint Email Fraud Defense (EFD) revenue.

Proofpoint proudly processes a massive amount of the world's email. By honoring DMARC without sending DMARC aggregate reports (rua), it prevents non-Proofpoint EFD customers from seeing who is impersonating them to Proofpoint customers, which is a danger to everyone, Proofpoint customer or not.

#InfoSec #DMARC #Email #Phishing #Spoofing #Proofpoint #ProofpointEFD #EFD

@taco Let me know what they say, if anything. #Proofpoint proudly processes a massive amount of the world's email. By not sending DMARC aggregate reports (rua), it prevents non-Proofpoint EFD customers from seeing who is impersonating them to Proofpoint customers, which is a danger to everyone, Proofpoint customer or not.

Unfortunately lots of email services will honor #DMARC, but won't send any reports back to domain owners. Most notabley #Proofpoint — likely done just to force their customers to pay for their DMARC analytics service, Email Fraud Defense (#EFD). Cisco Ironport can send reports back, but an instance admin needs to enable that.

Il framework C2 Nighthawk, potrebbe diventare una alternativa a Brute Ratel e Cobalt Strike

Gli #esperti di #Proofpoint hanno pubblicato un rapporto sul framework C2 di #Nighthawk. Dopo aver osservato come il framework è stato utilizzato a settembre 2022, i #ricercatori hanno concluso che anche ai #criminali potrebbe piacere Nighthawk.

Nighthawk è sviluppato e commercializzato dalla società europea #MDSec, che offre ai propri clienti strumenti e servizi per la #modellazione del #comportamento degli intrusi e il #penetration test.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://lnkd.in/d32t79qa

Part 1: SocGholish, a very real threat from a very fake update

"SocGholish is a malware variant which continues to thrive in the current information security landscape. By utilizing an extensive variety of stages, eligibility checks, and obfuscation routines, it remains one of the most elusive malware families to date.

SocGholish was observed in the wild as early as 2018. The absence of details surrounding target selection, evasion logic, and specific procedures employed by TA569 and their use of SocGholish in the intermediary phases of infection contributes to this shroud of mystery."

https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update

#SOCGholish #ProofPoint #ThreatIntel

Part 1: SocGholish, a very real threat from a very fake update

SocGholish is a malware variant which continues to thrive in the current information security landscape. By utilizing an extensive variety of stages, eligibility checks, and obfuscation routines, it remains one of the most elusive malware families to date.

SocGholish was observed in the wild as early as 2018. The absence of details surrounding target selection, evasion logic, and specific procedures employed by TA569 and their use of SocGholish in the intermediary phases of infection contributes to this shroud of mystery.

https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update

#SOCGholish #ProofPoint #ThreatIntel

**Part 1: SocGholish, a very real threat from a very fake update**

> SocGholish is a malware variant which continues to thrive in the current information security landscape. By utilizing an extensive variety of stages, eligibility checks, and obfuscation routines, it remains one of the most elusive malware families to date. SocGholish was observed in the wild as early as 2018. The absence of details surrounding target selection, evasion logic, and specific procedures employed by TA569 and their use of SocGholish in the intermediary phases of infection contributes to this shroud of mystery.

https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update

#SOCGholish #ProofPoint #ThreatIntel

https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update

#SOCGholish #ProofPoint #ThreatIntel

@bobdobberson AH, yes - if the receiving anti-spam solution is configured to block failed SPF records (depends on the settings for hard and soft fails).

Generally, no #SPF = neutral weight, but with advanced anti-spam solutions, you could process mail from domains without SPF differently - e.g. route it though an inspection rule with heavier weights for suspected spam content. For instance, #Proofpoint can have VERY complex inspection rules.

But, blocking mail without SPF is not a good idea.

Greetings, time for my #introduction!

I’m a security and infrastructure technologist who lives in the Northern California Bay Area and works at #Proofpoint. Outside of work, I assist in maintaining open source #sendmail and am a #FreeBSD committer. For my fellow geeks, my favorite protocols are #DNS, #SMTP, and #XMPP.

When I'm not buried in my laptop, I like to travel and hang out with my partner and our two dogs.

Hello All, late #Introduction #IntroduceYourself here. I’m Patrick, and into #photography #retropie #videogames. Dad to 4 kiddos, husband to my beautiful wife. Been in IT for over 10 years. 5 of those now in #infosec as a #blueteam member. Interested in transitioning to #threathunting and #pentesting. Working on my #oscp currently and always learning and willing to share knowledge on #Microsoft #proofpoint #paloxdr #zscaler. Will be sharing more once I figure out things here! Happy almost Friday

Excellent write-up on new Emotet activity to include IcedID. Also, TIL about the malduck module. https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return #EMOTETMalware #icedid #proofpoint