Mastodawn

If you ever doubted the link between Scattered Spider(tm) and LAPSUS$ - one of the people arrested today was a key part of the LAPSUS$ attacks a few years ago.

Tom May 2

Show thread

Kevin Beaumont May 2

New by me - breaking down the attacks on UK highstreet retailers

https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534

DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is…

DoublePulsar

Tom Apr 9

Anyone else having challenges with Public Domain Registry? Providing evidence of abuse, it’s on subdomains (main domains don’t host content). They seem to ignore the details I’m reporting and try and access the content on the base domain. Also had a handful of instance over the past few weeks where they claim to suspend a service but it stays up. WHOIS and DNS records aren’t updated/removed.

I highlight this and after a few days the domain is suspended and WHOIS and DNS records updated. Then getting gaslit in the response, where they are saying it must be my side caching the details and they had suspended the content.

Tom Apr 2

Sophos X-Ops Apr 2

Today we released the 2025 Sophos Active Adversary Report (AAR), looking at data from 413 incident-response cases handled by our X-Ops MDR and IR teams in 2024. This edition of the report has a number of interesting findings, a vastly expanded dataset, and -- in honor of our fifth anniversary -- a gift for the curious. /1

https://news.sophos.com/en-us/2025/04/02/it-takes-two-the-2025-sophos-active-adversary-report/

It takes two: The 2025 Sophos Active Adversary Report

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

Sophos News

Tom Apr 1

Can anyone recommend the best way to notify Apple and Google about an app that should be taken down due to brand impersonation and fraud?

Tom Feb 26

abuse.ch

Feb 26

No more platform-hopping! 🕵️‍♂️ Hunt across all abuse.ch platforms with just 1️⃣ simple query. 🔎 Search for any IPv4, domain, URL, or file hash, and instantly see if it’s been identified on any abuse.ch platform!

Start your hunt now 👉 https://hunting.abuse.ch

#CyberSecurity #ThreatIntel #Hunting #Malware

Hunting | abuse.ch

abuse.ch Hunting Platform

Tom Jan 16

Show thread

Kevin Beaumont Jan 16

1.30am bloggo I wrote

Everything I know about the Fortigate config dump situation

https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f

2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.

Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684…

DoublePulsar

Tom Jan 14

Anyone stopped getting email notifications about CISA KEV changes? Just noticed that the last email I got was the 21st of November. The subscriber preferences show I should still be getting them? Mail filtering showing no rejections/quarantining of emails.

Tom Dec 6, 2024

Stumpy Dec 6, 2024

Just a heads-up for any of you involved in Cyber Incident Response or internal investigations. There is a bug in Microsoft Purview that prevents Legal Hold being applied to emails. Therefore, a user who has Legal Hold applied to their account can still delete emails. Microsoft are working on a fix, but it won't be released until 6th January 2025.

Tom Nov 29, 2024

Allison Nixon Nov 29, 2024

Who wants to be next?

https://www.therecord.com/news/waterloo-region/accused-kitchener-hacker-unmasked-after-threatening-woman-online/article_3501ea8b-1514-5524-8de6-f52e92c3e103.html

Accused Kitchener hacker unmasked after threatening woman online

Kitchener-based hacker Alexander “Connor” Moucka was unmasked after making threats against a woman on the messaging app Telegram. Moucka threatened Allison Nixon, the chief research officer at Unit221B, a U.S. cybersecurity firm.

Metroland Media