@Kostastsale I had similar concerns - found this breakdown useful: https://t.co/Bty4zhocu5
"No API, CLI, or MCP surface is visible for Drop itself." This should help it not be easily usable for large-scale campaigns.
Netlify Drop has been around 8yrs offering similar function for 24hrs.
New Robinhood phishing chain that's kinda beautiful:
1. Attacker creates an RH account using the Gmail dot trick of your email (same inbox, different address)
2. Sets device name to HTML
3. RH's "unrecognized activity" email renders the device name unsanitized (html injection)
The result is a real email from [email protected], DKIM pass, SPF pass, DMARC pass, with a phishing CTA
Just because it's real, doesn't mean it's safe... $HOOD
@k8em0@InfoSecSherpa Thanks for speaking up about this.
Per https://t.co/Tq6dRkV3jW there is more C19 transmission today than 69% of the (still ongoing) pandemic.
It’s not “con crud”, it is something that has disabled millions. Cyber is about managing risk, base decisions on data, not hope/feels.
“They were hit by ransomware" says @HackingDave after a cyberattack paralyzed 15,000 car dealerships nationwide. "It looks like they [CDK Global] will pay the ransom to recover and become operational again." $BBU
@GossiTheDog …or they could just improve search? But that wouldn’t grab “AI” headlines. Seems like a classic “solution looking for a problem” scenario now that so much has been invested in AI.
@MaximBlue23@GossiTheDog This is a great point and especially egregious in the era of “exfil-only” ransoms, sextortion suicides, and increased use of stalkerware. All reasons it needs to be completely removed, not just opt-in.
@AnnoyedEngineer@GreyNoiseIO This is very interesting - the Fortinet and Cisco ASA targeting screams ransomware actor. Akira loves Cisco CVEs but the brute forcing unique creds is troubling.
@iHeartMalware Very interesting - do you think historical BEC scammer collectives are pivoting towards investment scams? Are some BECs being reclassified as Investment due to greater popularity? Seems odd to shift to targeting individuals vs businesses but the numbers are hard to argue with☹️
Bringing enterprise-class security to SMBs is what Solis is all about. Excited to announce our RedSense partnership as they share our values and support our mission.
Today we are thrilled to announce our partnership with @Solis_Security!
RedSense and Solis are committed to delivering robust cybersecurity protection and swift incident response, specifically targeting the small and midsize business sector.
https://t.co/LQckbLXZ0C
@JacobyFC@MySportsUpdate You’re absolutely correct about the revisionist history. He was literally #1 QBR in 2019-2020 and #5 2019-2021
https://t.co/j1Ea4ZYhXD
https://t.co/6Pir4A4xNy
@RayRedacted It’s $45 if you get 4+ via https://t.co/iARetJOEVD but it’s only clinically proven to help clearance after infection, not necessarily a preventive but a layer of defense. Other sprays like Covixyl and Betadine could be another.
Decent Enovid summary: https://t.co/4nz4KI6p84
@Francisckrs@likethecoins@BushidoToken "grow a pair" also seems distinctly American vernacular, not something ChatGPT or Google translate would spit out - overall it was 11th grade level writing.
Wouldn't be surprised if someone involved works in infosec; can't see TAs using words like exfiltrate, PII, and TTPs...