🚨 Watch out for the Vietnamese threat actor known as MrTonyScam. They're launching wide-reaching Facebook Messenger spam attacks with dangerous attachments. Stay vigilant! #Cybersecurity #ThreatActor #Malware #FacebookMessenger

https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d

Another excellent playbook from @cudeso "Threat actor profiling" to explore MISP galaxies and clusters and discover TA associated TTPS, indicators and vulnerabilities and even TAXII-ing towards MITRE ATT&CK repository.

🔗 https://github.com/MISP/misp-playbooks/blob/main/misp-playbooks/pb_threat_actor_profiling-with_output.ipynb

For more playbooks https://github.com/MISP/misp-playbooks/

#cti #misp #opensource #ThreatIntelligence #threatintel #threatactor

@mitreattack

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian #threatactor named Diicot, revealing its potential for launching distributed denial-of-service #DDoS attacks☝️👩‍💻

https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html?utm_content=buffer4d60a&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

#NewsYouShouldKnow is full of all kinds of great things this week.

#SVB #Outlook #CVE #Telerik #CISA #CTI #ThreatIntel #ThreatActor #Emotet

https://www.justinmcafee.com/2023/03/20230321news-you-should-know.html

Bold #threatactor method used by #medusa -showing video for proof of access and captured first by Brett Callon (@brettcallon) https://twitter.com/brettcallow/status/1633143876600082432?s=46&t=04BtnGCemt5Ct-65f8iJ9g

If you have a root account on vCenter that has an expired password, would that be considered a vulnerability? Would a threat actor be able to leverage that to gain access?

#security #vmware #password #vulnerability #threatactor

When your team catches a #ransomware incident in progress and shoots it in the face, but before you can gather enough details to link the activity to a known #ThreatActor... #CTI #ThreatIntelligence

The alleged #hacker behind the Riot Games #breach is now trying to auction off the source code for the game League of Legends and is taking bids starting at $1 million. #InfoSec #GameHacking #ThreatActor

https://me.pcmag.com/en/security/14254/hacker-tries-to-auction-stolen-league-of-legends-source-code-for-1-million

Excited to head to Lausanne in March to present on #CTI #threatactor tracking and the problems therein for #insomnihack
https://www.insomnihack.ch/talks-2023/#GRVQEJ

#Women are naturally good at #DFIR because if we can figure out where you were and who you were with on Sunday, September 23, 2019 at 2:56:43am, we can definitely figure out what a #threatactor is doing

#infosec #threathunting #jokes

#WhatsApp has denied claims of a #databreach of 500 million users worldwide days after a news platform reported that the stolen information was being sold on the dark web.

Remember that according to a report published by Cyber News on November 26, an unknown #threatactor was able to hack into the messaging application and sell the stolen information on the dark web.

I guess we'll have to wait some more to see where the truth lies.

#cybersecurity #infosec

https://thecyberexpress.com/whatsapp-denies-data-leak-500-million-users/

A related #infosecurity practice is plotting an “abuse case.” This is a #usecase but from the perspective of a #threatactor. The user in an abuse case is the protagonist of the #untitledgoosegame (“I think I am going to cause problems on purpose”).

Then of course there is the “misuse case”: what happens when a legitimate user makes a mistake with the application or system? 3/?

@fifonetworks I agree that the explanations in most certifications are bad. I'm currently working on #cRISK and the language there is at the best of times unnecessary heavy and complicated.

I find it sad but understandable that respected online dictionaries can't tell the differences as well. Most folks can't. Its just a fact.

However would you agree that a common language and understanding of #risk terms is crucial to have a meaningful common discussion on what to do and what to prioritise in #cyber?

Unfortunately this is not my experience, even in the same organisations and teams.

This makes meaningful discussions in a topic already complex almost impossible.

From what I've come to understand over the years is that #threat (and related #threatactor (s)) is just one building block or component of #risk. The other ones is the #asset #control #vulnerability and #Lossevent / #impact.

If you cannot describe these building blocks together, then you don't have a #risk. You have something else, an #threat #lossevent #issue, #controldeviation #problem #a-thing #something. #a-list-of-things-todo

But please do not call it a #riskregister.

When looking at the average #riskregister this is what most of them contains just that - #things.

Pretty funky investigation and response to a #pypi #supplychain #threatactor developing a #malware : https://blog.phylum.io/disrupting-a-software-supply-chain-threat-actor-building-a-botnet

Might use the TTPs for the next threat detection test...

New blog from me covering #CTI-focused #ThreatHunting and #pivot methodologies applied to #domain hunting - with the unexpected result of potentially identifying a campaign linked to #DPRK #threatactor #Kimsuky. Shout out to @DomainTools, URLScan.io, and Censys.io for enabling this research!

https://pylos.co/2022/11/23/detailing-daily-domain-hunting/

@jerry Thats unfortunate, but understandable.

It seems like its not easy for folks if your not having an background from #enterprise #military or #government to know that in every country there are forces working for #good and depending on your #threatactor #threatlandscape #threatmodeling for #bad.

I've always put #CISA squarly in the good category due to the great work they do and they are a great resource for #infosec community and anyone else working to improve cybersecurity in private life, companies and countries.

If you and your commuity truly is a target or interest of #nationstate #lawenforcement or #intelligence community attention, I'm not sure #mastodon is the right type of platform for you.

#lawenforcement and #intelligence #agencies from #nationstate seems to always find a way when they focus their efforts and the massive resources anyways and from my perspective, I'm struggeling to see how blocking #infosecExchange would make any significant #riskreduction in such regard.

Sooo #threatactor appears to have compromised the domain of someone who is not a client of mine… however, in the course of this compromise they intercepted comms between a user at this domain and a client of mine.
This external domain user was preparing to wire $400k to my client user.
The quick thinking #threatactor quickly registered a misspelling of my client’s domain name, signed up for ZohoMail, and emailed the external domain user in an attempt to intercept the wire.
The ext-user noticed something was amiss and emailed my client, and while we were trying to determine what was happening, ext-user could not make phone calls from his cell… and had provided his cell to the #threatactor.
The external domain’s business does not have an IT helper, staff or MSP.
Right now there are some #threatactors god knows how deep in this domain and its proving very tough to get the domain owners to realize this.
SMB’s need our help.

@ozurie This argument cycles back around every few weeks, but unlike birdsite, here actually seems to be conducive to conversations :D

With that being said, Bad guys are going to bad guy. They were doing it before Cult of the Dead Cow released Back Orifice, and will continue long after we're all dead and gone.

As a blue teamer, I don't have the tools or time to learn everything about red teaming to be an effective adversary for myself and the things I build. I also don't work for an org with a large enough budget to bring in full time red team staff to pound on my security controls all day.

But, Metasploit is a super easy way for me to implement a control and them hammer against it with little to no additional knowledge.

It goes back to the guns argument. Are guns bad? No, at best they are amoral. But are they dangerous? Absolutely.
I'd prefer to have them than to not have them any day of the week. Same with #metasploit #cobaltStrike etm,

Happy to hear any rebuttal and to work out what a better option is for this kind of security assurance testing.

#infosec #security #redteam #threatactor #securityassurance #securitytools

#Threat Group Cards: A #ThreatActor Encyclopedia

https://apt.etda.or.th/cgi-bin/aptgroups.cgi
#MISP connector available

A #ThreatActor has claimed to have breached the U.S. Congress.

https://nitter.it/vxunderground/status/1590865694027288577#m

EDIT: Some comments are saying it looks like NJ General Assembly, not US Congress.

https://nitter.it/uuallan/status/1590869923580022784#m

Since this is just claims and basic evidence, it’s definitely a questionable claim, but something to keep an eye on.

#cybersecurity #infosec #breach