Noem firing cybersecurity employees 6 months ago.

Today: Clearly this is IT's fault, and not leadership.

#fema

A trusted somebody just saw a fake mac-finder.exe launch Mimikatz running Defender for Business on high sensitivity mode without alerting.

~~~
Separate issue
~~~

Tracing odd network back to January, I started seeing anomolous traffic to two very specific "Defender and Defender for Business" smartscreen IPs. Located in Sydney, Australia. From multiple stateside customers.

Somebody please tell me I'm paranoid and chasing Microsoft telemetry ghosts.

Or are they completely rekt 🤣