| https://twitter.com/Tom_From_The_UK |
Anyone else seeing Defender flagging the attempted usage of AADInternals against Microsoft services where authentication is failing (incorrect username/password)?
Just trying to understand why they are reporting this, can appreciate why you might if the password was correct but they are failing at the first hurdle. @GossiTheDog any ideas?
Microsoft are rolling out Gaming Copilot to all Windows 11 PCs (excluding in China).
Enabled by default, silent install, takes screenshots and trains MS AI by default.
It installed on my Windows 11 Professional PC 🫡 it’s also not dependent on an NPU or Copilot+
I think the NCSC should probably release some details about what happened at JLR as I think it would help orgs defend, and help focus the minds of boards.
There’s 100% orgs out there thinking they were dealing with Russia’s elite intelligence unit, who they’d just pay off. Imagine, in fact, you’re in a fight with Mr. Bean.
My Cisco ASA firmware versions scan is now public: https://github.com/GossiTheDog/scanning/blob/main/Cisco-ASA-firmware-updates-CVE-2025-20333-CVE-2025-20363-CVE-2025-20362.csv
Fields:
IP,hostnames,FirmwareVersionKnown,FirmwareModifiedDate,Errors
Dates are UK date format - DD/MM/YY
If FirmwareModifiedDate is below */08/25 or */09/25, the device is vulnerable to #CyberWillyWave as the firmware was complied August 2025 or later.
New scan running now, results at weekend.
It gives you a very good indication as to how regularly orgs patch, e.g.
I've identified a way to establish if a box is vulnerable to #CyberWillyWave and started internet scanning, 90k boxes in progress.
Results probably at weekend if I'm bored or early next week.
Spoiler: a lot of orgs don't patch their Cisco edge devices. To be vuln to the full chain you have to be over a year behind with updates... and most orgs are over a year behind.
Kevin Beaumont