Steve Finlay

@[email protected]
35 Followers
194 Following
140 Posts
Threat Intelligence | Threat Hunting | Hobbyist Photographer
Steve FinlayJan 20, 2025

An excellent collection of Cybersecurity reports compiled in this "Awesome" list #threatintel

https://github.com/jacobdjwilson/awesome-annual-security-reports

GitHub - jacobdjwilson/awesome-annual-security-reports: A curated list of annual cyber security reports

A curated list of annual cyber security reports. Contribute to jacobdjwilson/awesome-annual-security-reports development by creating an account on GitHub.

GitHub
Steve FinlayJan 14, 2025
Dan GoodinJan 14, 2025
Researchers, please, please, please create RSS feeds for your blogs. We desperately need alternatives to social media to get your work out there.
Steve FinlayJul 19, 2024
A lot of sober moments over at Crowdstrike today
Steve FinlayJun 28, 2024
Travel and hotel booked for #DEFCON! Looking forward to the setup this year being all under one roof (Las Vegas Convention Center).
Steve FinlayJun 21, 2024
Just received the #Ticketmaster email informing me that my info was involved in their recent data breach. Curious what they consider "basic contact information"
Steve FinlayMay 8, 2024

Veeam Service Provider Console Affected by Severe RCE Vulnerability: CVE-2024-29212 #threatintel

https://socradar.io/veeam-service-provider-console-affected-by-severe-rce-vulnerability-cve-2024-29212/

Veeam Service Provider Console Affected by Severe RCE Vulnerability: CVE-2024-29212 - SOCRadar® Cyber Intelligence Inc.

Veeam has recently disclosed a significant security vulnerability within Veeam Service Provider Console (VSPC), identified as CVE-2024-29212. This

SOCRadar® Cyber Intelligence Inc.
Steve FinlayMay 1, 2024

Verizon release their 2024 Data Breach Investigations Report

https://www.verizon.com/about/news/2024-data-breach-investigations-report-vulnerability-exploitation-boom

2024 Data Breach Investigations Report: Vulnerability exploitation boom threatens cybersecurity

Verizon Business 17th-annual DBIR analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022

Steve FinlayApr 30, 2024

Focus on the basics - "on February 12, criminals used compromised credentials to breach a Citrix portal, an application used by Change Healthcare to enable remote access to desktops. “The portal did not have multi-factor authentication."

Also I can't image the effort that went into replacing thousands of laptops and resetting credentials.

https://therecord.media/unitedhealth-group-change-healthcare-ransomware-congress

Congress circles UnitedHealth as effects of ransomware attack continue

UnitedHealth Group CEO Andrew Witty is preparing to testify in two separate congressional hearings about the ransomware attack on the company's Change Healthcare unit.

Steve FinlayApr 30, 2024
Brian ClarkApr 30, 2024

I wasn’t aware that Autodesk had a file sharing service either! Definitely block drive.autodesk[.]com in your org if you don’t use it.

Also, here’s the original Netcraft post that the Security Week article is based on.
https://www.netcraft.com/blog/autodesk-hosting-pdf-files-used-in-microsoft-phishing-attacks/

#cybersecurity #threathunting #ioc

From: @fellows
https://cyberplace.social/@fellows/112338297595886392

Autodesk hosting PDF files used in Microsoft phishing attacks | Netcraft

Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen. The elaborate phishing campaign ...

Steve FinlayApr 23, 2024

Incredible feat of engineering done by the NASA team to fix Voyager 1....from 15 BILLION miles away 🤯

https://www.jpl.nasa.gov/news/nasas-voyager-1-resumes-sending-engineering-updates-to-earth

NASA’s Voyager 1 Resumes Sending Engineering Updates to Earth

After some inventive sleuthing, the mission team can — for the first time in five months — check the health and status of the most distant human-made object in existence.

NASA Jet Propulsion Laboratory (JPL)