MISP<p>Just a reminder: our free MISP online training is happening tomorrow, Wednesday.</p><p><a href="https://misp-project.org/events/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">misp-project.org/events/</span><span class="invisible"></span></a></p><p><a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://misp-community.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://misp-community.org/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>misp</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
urbanists.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a server for people who like bikes, transit, and walkable cities. Let's get to know each other!
Administered by:
Server stats:
570active users
urbanists.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#threatintel
11 posts · 10 participants · 2 posts today
Mr Tech King<p>Palo Alto Networks confirms brute-force login attacks on GlobalProtect portals, linked to recent scanning surges. Stay safe: Update PAN-OS, enforce MFA, and block attack patterns.</p><p><a href="https://mastodon.social/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a></p>
Kevin Beaumont<p>Several months after this thread, Conduent have finally filed at 8-K for a cyber incident. </p><p>They don’t say it, but it was ransomware. Ransomware group was Safepay. This is their second big ransomware incident. </p><p>The Fediverse had the thread first. </p><p> <a href="https://www.sec.gov/ix?doc=/Archives/edgar/data/1677703/000167770325000067/cndt-20250409.htm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sec.gov/ix?doc=/Archives/edgar</span><span class="invisible">/data/1677703/000167770325000067/cndt-20250409.htm</span></a></p><p><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://cyberplace.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a></p>
Kevin Beaumont<p>Healthcare provider DaVita Inc have filed an 8-K with the SEC for an ongoing ransomware incident. </p><p><a href="https://www.sec.gov/Archives/edgar/data/927066/000119312525079593/d948299d8k.htm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sec.gov/Archives/edgar/data/92</span><span class="invisible">7066/000119312525079593/d948299d8k.htm</span></a></p><p><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://cyberplace.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a></p>
A bot witha.name<p>New configuration detected for DDosia. Hosts:<br>* www.taaleri.com<br>* beta-my.fondia.com<br>* www.fingrid.fi<br>* mediabank.neova-group.com<br>* extra.eezy.fi<br>* login-euva-saasfaprod1.fa.ocs.oraclecloud.com<br>* enersense.com<br>* smile2.likeit.fi<br>* gasgrid.fi<br>* www.panostaja.fi<br>* eezy.fi<br>* tyopaikat.eezy.fi<br>* codento.com<br>* www.if.fi<br>* www.kaukokiito.fi<br>* www.op.fi <a href="https://social.circl.lu/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://social.circl.lu/tags/Ddosia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ddosia</span></a> <a href="https://social.circl.lu/tags/NoName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoName</span></a><br>* <a href="https://witha.name/data/2025-04-12_08-25-06_DDoSia-target-list-full.json" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">witha.name/data/2025-04-12_08-</span><span class="invisible">25-06_DDoSia-target-list-full.json</span></a><br>*</p>
Ian Campbell<p>Good MORNING, folks!</p><p>I am caffeinated, and I also have brand new shiny things for you.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@DomainTools" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>DomainTools</span></a></span> Investigations published a report this morning detailing a campaign of newly-registered domains impersonating the Google Play store and leading to deployment of the SpyNote Android RAT. No attribution available, but significant Chinese-language connections.</p><p><a href="https://masto.deoan.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://masto.deoan.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://masto.deoan.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> </p><p><a href="https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dti.domaintools.com/newly-regi</span><span class="invisible">stered-domains-distributing-spynote-malware/</span></a></p>
A bot witha.name<p>New configuration detected for DDosia. Hosts:<br>* www.vaasa.fi<br>* www.porvoo.fi<br>* ek.fi<br>* www.if.fi<br>* www.lahitaksi.fi<br>* www.kuluttajariita.fi<br>* www.vaestoliitto.fi<br>* supo.fi<br>* www.airpro.fi<br>* www.lahitapiola.fi<br>* www.hel.fi<br>* www.korrek.fi<br>* www.ely-keskus.fi<br>* www.hsl.fi <a href="https://social.circl.lu/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://social.circl.lu/tags/Ddosia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ddosia</span></a> <a href="https://social.circl.lu/tags/NoName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoName</span></a><br>* <a href="https://witha.name/data/2025-04-10_11-50-02_DDoSia-target-list-full.json" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">witha.name/data/2025-04-10_11-</span><span class="invisible">50-02_DDoSia-target-list-full.json</span></a><br>* <a href="https://witha.name/data/2025-04-10_11-50-02_DDoSia-target-list.csv" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">witha.name/data/2025-04-10_11-</span><span class="invisible">50-02_DDoSia-target-list.csv</span></a></p>
Kevin Beaumont<p>Sensata Technologies Holding plc filed an 8-K with the SEC for a ransomware attack which is remarkably honest, and pretty much the textbook example of how to do it well. <a href="https://www.sec.gov/ix?doc=/Archives/edgar/data/1477294/000147729425000047/st-20250406.htm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sec.gov/ix?doc=/Archives/edgar</span><span class="invisible">/data/1477294/000147729425000047/st-20250406.htm</span></a></p><p><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://cyberplace.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a></p>
Alexandre Dulaunoy<p>First cool and impressive outcome of hackathon.lu 2025, MISP fleet commander. An open source project which supports organisation to manage large fleet of MISP instances, tests synchronisation and many other features.</p><p>🔗 <a href="https://github.com/MISP/MISP-Fleet-Commander" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/MISP/MISP-Fleet-Com</span><span class="invisible">mander</span></a></p><p><span class="h-card" translate="no"><a href="https://misp-community.org/@misp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>misp</span></a></span></p><p><span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>circl</span></a></span> </p><p><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>misp</span></a></p>
Quad9DNS<p>We recently sat down with our Director of <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> to talk about her role at Quad9 and what she enjoys about her work.</p><p><a href="https://www.quad9.net/news/blog/staff-highlight-emilia-cebrat-maslowski" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">quad9.net/news/blog/staff-high</span><span class="invisible">light-emilia-cebrat-maslowski</span></a></p><p><a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Taggart :donor:<p>Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.</p><p>CVE-2024-48887, CVSSv3 9.3</p><p><a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-435" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fortiguard.fortinet.com/psirt/</span><span class="invisible">FG-IR-24-435</span></a></p><p><a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a></p>
Infoblox Threat Intel<p>Online gambling operators are sponsoring charities?? If only :(</p><p>We've identified a malicious gambling affiliate whose specialty is to buy expired domain names which used to belong to charities or reputable organisations. </p><p>Once they own a domain, they host a website impersonating its previous owner, where they claim to "deeply appreciate the support from [their] sponsors", which surprise surprise, all turn out to be dubious online gambling companies.</p><p>Because the domain they are taking over is often abandoned or managed by non-technical people, its previous owner often doesn't notify anyone that they've lost control of their website, so it continues being referenced in genuine content, and it continues getting traffic from old links scattered throughout the internet.</p><p>teampiersma[.]org (screenshots below)<br>americankayak[.]org<br>getelevateapp[.]com<br>hotshotsarena[.]com<br>nehilp[.]org<br>questionner-le-numerique[.]org<br>sip-events[.]co[.]uk<br>studentlendinganalytics[.]com<br>thegallatincountynews[.]com</p><p>Comparison content: <br>2018: <a href="https://web.archive.org/web/20180119043432/https://teampiersma.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2018011904</span><span class="invisible">3432/https://teampiersma.org/</span></a><br>2025: <a href="https://web.archive.org/web/20250401092253/https://teampiersma.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2025040109</span><span class="invisible">2253/https://teampiersma.org/</span></a></p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/dropcatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dropcatch</span></a> <a href="https://infosec.exchange/tags/charity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>charity</span></a></p>
GreyNoise<p>Spike in Exploitation Attempts Targeting TVT NVMS9000 DVRs — reportedly used in security and surveillance systems. Full analysis: <a href="https://www.greynoise.io/blog/surge-exploitation-attempts-tvt-dvrs" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">greynoise.io/blog/surge-exploi</span><span class="invisible">tation-attempts-tvt-dvrs</span></a> <a href="https://infosec.exchange/tags/GreyNoise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreyNoise</span></a> <a href="https://infosec.exchange/tags/Exploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploitation</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p>
Infoblox Threat Intel<p>Is the sky fluxxing?! Last week a CISA advisory on DNS Fast Flux created a lot of buzz. We have an insider's take.<br> <br>Fast Flux is a nearly 20 year old technique and is essentially the malicious use of dynamic DNS. It is critical that protective DNS services understand this -- and all other DNS techniques -- on that we agree. </p><p>What we also know as experts in DNS is that there are many ways to skin a cat, as they say. </p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> </p><p><a href="https://blogs.infoblox.com/threat-intelligence/disrupting-fast-flux-and-much-more-with-protective-dns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/disrupting-fast-flux-and-much-more-with-protective-dns/</span></a></p>
A bot witha.name<p>New configuration detected for DDosia. Hosts:<br>* www.handelsbanken.fi<br>* www.kaukokiito.fi<br>* id.handelsbanken.fi<br>* www4.handelsbanken.fi <a href="https://social.circl.lu/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://social.circl.lu/tags/Ddosia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ddosia</span></a> <a href="https://social.circl.lu/tags/NoName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoName</span></a><br>* <a href="https://witha.name/data/2025-04-07_10-00-03_DDoSia-target-list-full.json" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">witha.name/data/2025-04-07_10-</span><span class="invisible">00-03_DDoSia-target-list-full.json</span></a><br>* <a href="https://witha.name/data/2025-04-07_10-00-03_DDoSia-target-list.csv" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">witha.name/data/2025-04-07_10-</span><span class="invisible">00-03_DDoSia-target-list.csv</span></a></p>
Xavier «X» Santolaria :verified_paw: :donor:<p>Missed that over the week-end...</p><blockquote><p>It was not immediately clear why Haugh was fired. However, his dismissal comes amid a purge of other national security officials at the National Security Council and NSA. It happened following a visit to the Oval Office of political activist Laura Loomer, who has urged President Donald Trump to fire certain officials due to their perceived disloyalty to him and his agenda.</p></blockquote><p>I suppose you could equally say they got fired because they were saying and doing the right thing for the country and the world. Which, in this case, is indeed being disloyal to Trump.</p><p><a href="https://defensescoop.com/2025/04/04/trump-fires-gen-timothy-haugh-cyber-command-nsa/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">defensescoop.com/2025/04/04/tr</span><span class="invisible">ump-fires-gen-timothy-haugh-cyber-command-nsa/</span></a></p><p><a href="https://infosec.exchange/tags/uspol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uspol</span></a> <a href="https://infosec.exchange/tags/us" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>us</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Kevin Beaumont<p>LFTD Partners Inc. filed an 8K with the SEC for a cyber incident. </p><p>They purchased $350k in cryptocurrency.. and immediately had it stolen. </p><p>“On April 1, 2025, the Company converted $350,000 of its cash into USD Coin (USDC), a digital stablecoin pegged to the U.S. dollar. Shortly thereafter, the digital wallet containing the USDC was compromised by an unauthorized and unknown third party, resulting in the theft of the full amount.”</p><p><a href="https://www.sec.gov/ix?doc=/Archives/edgar/data/1391135/000109690625000425/lsfp-20250401.htm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sec.gov/ix?doc=/Archives/edgar</span><span class="invisible">/data/1391135/000109690625000425/lsfp-20250401.htm</span></a></p><p><a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a></p>
Kevin Beaumont<p>The Oracle cloud threat actor has told the BBC they plan to release European region Oracle Cloud Classic data this weekend. <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a></p>
grey<p>Friendly reminder that you should be blocking all newly registered domains for your end users. Free lists like the NRD (<a href="https://github.com/xRuffKez/NRD" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/xRuffKez/NRD</span><span class="invisible"></span></a>) exist. Microsoft Defender for Endpoint also has a built in list you can enable via policy.</p><p>IMO everyone should do 365 days but even 30 or 90 will save you so much headache.<br><a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/FastFlux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FastFlux</span></a></p>
Ian Campbell<p>I'm a sucker for behavior-based investigations, especially for stuff off the beaten path, so I love the insights we were able to come up with on this one. <span class="h-card" translate="no"><a href="https://infosec.exchange/@DomainTools" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>DomainTools</span></a></span> Investigations researchers found exposed criminal infrastructure and went down a rabbit hole. </p><p><a href="https://masto.deoan.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://masto.deoan.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://masto.deoan.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> </p><p><a href="https://dti.domaintools.com/proton66-where-to-find-aspiring-hackers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dti.domaintools.com/proton66-w</span><span class="invisible">here-to-find-aspiring-hackers/</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload