Facepalm

Stop trying to put AI into all security tools! First, AI is neat. I won an award for an AI framework we've built. I am actively working on 2 major AI tools. I. Like. AI. But it does NOT belong everywhere. 1

CyberSec Trends Q1/25🔮 ⬆️Lumma Stealer ↗️EDR killers (vulnerable drivers) ↗️Abuse of legit remote access tools ↗️0days in Fortinet & Ivanti ↗️Token persistence/cloud API abuse ⬆️Sliver implants ⬆️Fake CAPTCHA pages ⬆️Malvertising

YARA v4.4 has been released by @plusvic it contains - several bug fixes, most of them in the modules - a performance tweak introduced by one of my team members: It should significantly improve scan speed when you apply large rule sets, because it skips the condition evaluation

🤣🍿 hahaha, well played, well played

I just don't understand the 3-tier SOC analyst model (needless to say, I hate the term "soc")! Why assign the toughest job of distinguishing signal from noise to the least experienced / L1 analysts? Some of these orgs are still at lower maturity levels and might not even.. 1/5

I love @MITREattack - but the ways some vendors operationalize it is misleading and often useless. 🧵

@vajkat CISSP is often the golden ticket for a crappy job. If an employer relies on a certification to understand the capabilities of a person, it’s maybe the wrong place to work.

TIL whenever you see an SSL certificate error and the browser doesn't let you continue - even on your own risk, you can just type 'thisisunsafe' to bypass the protection https://t.co/p7WLOHG4ma

📢It’s finally here!! Season 3 of the Blueprint podcast has officially dropped and we have 3 awesome episodes for you to download right out of the gate on machine learning, insider threat, and OT/ICS security! #infosec

In security, we talk a lot about CIA (confidentiality, integrity, and availability). Most of us also recognize the vast majority of the industry only cares about availability. When I call people on this, they always protest. This morning a great retort for this hit me. 1/

Very nice improvements for the VirusTotal misp-module by @thetravelr and @virustotal https://t.co/cBt93t5b9J

misp-grafana - a new real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB. An easy way to integrate MISP in your monitoring pipelines. Thanks to @righelx for the hard work. #MISP #ThreatIntelligence https://t.co/1qUbpuDzMG

https://t.co/JjoGgSACVh MISP 2.4.156 released including a new synchronisation event signing mechanism, many new features and critical security fixes. We recommend everyone to update as soon as possible. #ThreatIntelligence #Opensource

For those looking for a simple overview of Ransomware attack life-cycle, great resource from New Zealand CERT. Shouts out to @rj_chap for the tip. https://t.co/mr7hRbASAa

LAPSUS$ extortion group have successfully breached both NVIDIA & Samsung. -March 1st: They demand NVIDIA open-source its drivers, or else they will -March 4th: LAPSUS$ released Samsung proprietary source code. See attached images for more details directly from LAPSUS$

🔥 Heads up, we see extreme volumes of #Emotet spam from both E4 and E5. Both direct attached sheets, and password protected zips, both using localized lures in several languages.

Nice overview by @GovCERT_CH on current #log4j https://t.co/SHpRNCk7Fi

MISP 2.4.151 released including a new background processor, many bugs fixed and improvements. #ThreatIntelligence #dfir Thanks to all the contributors and users who helped to make this release a reality. https://t.co/6Xd2ZPVEmI