@GuilleAlfonsin Desde que anunciaron que el Seat míi electrico (y hermanos gemelos) dejaban de fabricarse han ido de mal en peor. Insistieron tanto con el id que a mí entender en diseño era lo contrario a vw
OpenClaw Installation Detection on MDE
CrowdStrike has published a detailed blog on why security teams need to be cautious about OpenClaw. I shall not dwell further on this topic but to share with fellow MDE Defenders a KQL to detect 3 types of OpenClaw installation on MDE platform.
CrowdStrike Blog: "What Security Teams Need to Know About OpenClaw, the AI Super Agent"
Link: https://t.co/FqgSng1Y52
KQL Code Download:
https://t.co/TKwVrjaSF8 - https://t.co/fSOerGcjDE
Github Mirror - https://t.co/LD2Lkn4jhL
#Cybersecurity #OpenClaw #DefenderXDR #ThreatHunting
It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month.
Here are more IPs used in the attack:
45.76.155[.]202
45.32.144[.]255
Read below for many other IoCs! [1/8]
I am the Chief Information Officer of a global enterprise.
Last quarter, I eliminated MFA.
Multi-factor authentication. The thing where you need two things to log in instead of one.
It created friction.
Employees complained. "Why do I need a code from my phone?" "This slows me down." "I forgot my authenticator app."
I listened.
That's leadership.
I told the board: "We're removing barriers to productivity. Empowering our workforce. Choosing agility over friction."
They promoted me on the spot.
The CISO wept, no one likes him anyway.
Our CISO is a Debby Downer.
Our file-sharing portal now requires one thing: a password.
Passwords are secure. People choose strong ones.
They definitely don't reuse them across every website they've ever visited.
That's just common sense.
Last week, a criminal named Zestix stole our data.
Also 49 other companies.
Fifty organizations. One guy. One method: log in with stolen passwords.
No exploits. No zero-days. No sophisticated nation-state attack.
Just... passwords.
The passwords came from infostealer malware. Employees downloaded infected files. The malware grabbed their saved credentials.
Some of those credentials had been sitting in criminal databases for years.
We didn't rotate them.
Password rotation creates friction.
Zestix targeted our ShareFile portal. The one with all our sensitive documents.
Engineering data for three major utilities. He's selling that for $585,000.
Military robotics intellectual property from an aerospace company.
2.3 terabytes of Brazilian Military Police health records.
Active legal strategies from a law firm representing Mercedes-Benz.
Technical safety data from Spain's largest airline.
SCADA drawings and GPS coordinates of control rooms for a rail company.
Fifty organizations.
No MFA.
Hudson Rock, the security firm that tracked this, wrote: "The attacker walks right in through the front door. No exploits, no cookies – just a password."
I prefer to frame it differently.
The attacker was welcomed in through an optimized authentication experience.
We trusted our employees. We trusted our partners. We trusted that everyone uses unique, complex passwords that they never share or reuse.
That's culture.
Some people will say we should have enabled MFA.
Those people don't understand velocity.
Some people will say we should rotate credentials.
Those people haven't seen our Q4 productivity metrics.
Some people will say Zestix is a criminal.
I prefer "external penetration testing consultant we didn't hire."
The data is now on the dark web.
Our security team is investigating.
Our legal team is drafting statements.
Our HR team is preparing the employee communication.
Subject line: "Protecting What Matters: Our Commitment to Your Data."
We're also launching a mandatory cybersecurity training.
Module 1: "Why Passwords Are Your First Line of Defense."
Module 2: "Recognizing Phishing Emails."
Module 3: "The Importance of Multi-Factor Authentication."
That last module is new.
We're requiring it for all employees.
The training, I mean.
Not the MFA.
MFA still creates friction.
🎯 Récord de participación en la primera tirada de la liga interna de aire libre del @CAdeLeganes
▶️ Más de 80 arqueros se dan cita hoy en Leganés, un hito histórico para el club
@CarmenSalamank
https://t.co/XtIOnScU28
@vozdeleganes@CarmenSalamank Gracias. Cierto es que el tiro con arco está de moda en Leganés, cada día somos más arqueros, más deportistas, una gran familia arquera.
Introducing MSFTrecon -
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs enumeration without requiring authentication, helping identify potential security misconfigurations and attack vectors.
https://t.co/LYXjnOGIoF
Decenas de compradores del Samsung Galaxy S25 Ultra siguen esperando alguna noticia sobre su terminal desde el día de la presentación, 23 de Enero, que fue cuando se formalizó la compra.
Hay muchos usuarios que han comprado el mismo terminal mucho más tarde y ya lo tienen en casa.
@SamsungEspana alega que hubo un problema técnico ese día, sin dar más detalles. Que "lo está investigando". Mientras tanto, los compradores sin dinero y sin el teléfono, que ya se puede comprar libremente en casi cualquier tienda (mismamente en Amazon con entrega para mañana).
Desastrosa experiencia para mucha gente que aún confía en la marca.
You might not like it, but this is the new whoami
Invoke-RestMethod -Uri "https ://portal.office.com/admin/api/users/currentUser" -Headers @{ Authorization = "Bearer $token" }
"La manera de parar una escalada armamentística no es dejar de fabricar armas; es dejar de fabricar defensas contra esas armas"
¿Seguro?
Esta es la historia de dos defensas contra misiles. Una "no existía", la otra era demasiado peligrosa.
Os lo cuento en #LaBrasaTorrijos
🧵⤵️
🚨Giveaway alert🚨
Today we salute radio in all of its forms. It links people together--whether 1,000mi apart, 42,000ft in the air, or 100m below the sea.
Shared love of exploration, discovery, & innovation is what keeps our community thriving.
To celebrate, we are giving away 20 ham radio-related prizes to our loyal followers. To enter, please follow the link below! Entry is absolutely free, as always.
Hurry though, the contest ends August 28th. Happy #NationalRadioDay! 🥳📻📡
https://t.co/zjxUJDK4jz