Keith W. McCammon

@[email protected]
28 Followers
88 Following
9 Posts
Co-Founder, Red Canary
Webhttps://kwm.me
LinkedInhttps://www.linkedin.com/in/keithmccammon/
Twitter@kwm
Keith W. McCammonApr 1, 2025
Kevin BeaumontMar 21, 2025

Somebody is claiming to have exfiltrated 6 million lines of data with Oracle Cloud’s SSO and LDAP that includes JKS files, encrypted SSO passwords, key files and enterprise manager JPS keys from servers on login.*.oraclecloud.com

The poster has no prior reputation, it is unclear if they're LARPing. Some of the sample data does align with prior infostealer logs, I'm told. https://breachforums.st/Thread-SELLING-Oracle-cloud-traditional-hacked-login-X-oraclecloud-com

#threatintel

BreachForums

Keith W. McCammonJan 15, 2025
Cybersecurity stat of the day: The average delta (in years) between CVE assignment and addition to the CISA Known Exploited Vulnerability (KEV) catalog is 2.8 years. 🤯
Keith W. McCammonDec 8, 2024
A script that logs @objective_see OverSight (macOS camera and microphone monitor) events to a file: https://github.com/keithmccammon/oversight-logger
GitHub - keithmccammon/oversight-logger: A logging script for the Objective-See OverSight tool, to capture macOS camera and microphone events.

A logging script for the Objective-See OverSight tool, to capture macOS camera and microphone events. - keithmccammon/oversight-logger

GitHub
Keith W. McCammonMar 25, 2023

Fun with vendor threat reports, @mitreattack, and pie charts: The top initial access vectors in 2022, mapped to ATT&CK.

https://kwm.me/articles/top-initial-access-vectors-2022/

NOTE: Still have more data to add. Would love pointers to additional reports with data specific to initial access technique prevalence.

The top initial access vectors in 2022, mapped to ATT&CK

In reviewing security firms’ 2022 threat data, a subset of these include insight into the initial access vectors leveraged most frequently in successful intrusions. This is a summarization of findings based on their reporting.

KWM
Keith W. McCammonMar 24, 2023
Zack WhittakerMar 24, 2023
"I'm sorry I laughed, I didn't realize you were being serious?" https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
TechCrunch is part of the Yahoo family of brands

Keith W. McCammonMar 12, 2023

Lil' side project: A simple, easy to maintain ransomware group leaderboard based on industry reporting.

https://kwm.me/articles/most-prolific-ransomware-groups-in-2022/

The most prolific ransomware groups in 2022

It’s 2023 and security firms are starting to release findings from 2022 threat data, notably their lists of the most active, impactful ransomware groups.

KWM