Susannah Clark Matt

about 2 years ago

For @nytimes, I wrote a Tiny Love Story about my dad. https://t.co/JkIgB4kNGo

4

15

9

0

5K

25 days ago

@sidhubaba 🎶 Oops(AI) did it again....

0

3

0

381

about 2 months ago

@NtiAning omg everyone's earnestly hopeful faces in the first photo...😭

1

0

38

2 months ago

The most fun I have (at work) all year!

@faithsalie.bsky.social CBS Sunday Morning, NPR Wait Wait Don’t Tell Me. My Off-Broadway show & book is APPROVAL JUNKIE. Host of Audible pod “Envy”. .

2 months ago

What do the Wu-Tang Clan and Barney have in common? 👐🦖 They’re both featured on this year’s Threat sounds playlist! Every year, the Red Canary team collaborates to pair the top 10 threats and techniques from our Threat Detection Report with a specific track. Thanks to community suggestions, this year’s list is our most diverse yet—from hip-hop legends to childhood classics. Whether you're hunting threats or just clearing your queue, we’ve got your soundtrack covered. 🎧 Listen to the full playlist and download the report here: https://t.co/TOBGl6OYZj

0

1

0

607

0

2

0

41

Who to follow

Faith Salie

@Faith_Salie

Kostas

@Kostastsale

I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦

KINOSCOPE

@Kinoscope

Curated Film Streaming (SVOD), Publications & Screenings. Based in NYC since 2012, available globally.

2 months ago

📣 Filmed In Gaza is in 2nd place and so close to joining the #Webbys Winners Circle. RT + VOTE: https://t.co/2xp3Lkyz4y

0

1

0

28

Susannigans retweeted

3 months ago

The 2026 Threat Detection Report is packed with brand-new sections on the AI trends we’re seeing in the wild. 🤖🛡 From AI-powered threats to AI infrastructure risks, these are the priorities every security leader needs to prioritize. Our experts break down everything you’ll find in this year's report right here 👉 https://t.co/OiZf7Rm6EC

0

5

2

791

Susannigans retweeted

3 months ago

Read our liner notes to see which threats, techniques, and trends these songs pair with! https://t.co/kQPtXn4Zyc

0

1

0

295

Susannigans retweeted

4 months ago

If you’re waiting for a breach to learn how adversaries move, you’re already behind. 📉 We’ve crunched the numbers, analyzed the latest techniques, and built the ultimate guide to keeping your environment safe. The 2026 Red Canary Threat Detection Report is dropping soon! https://t.co/2DqSEmS1rO

0

8

2

4

1K

Susannigans retweeted

Frank Matt @fxmatt4

4 months ago

In June of 2025, @NBCNews published its investigation into Rwanda's secret war in the DRC. At the time of publication, Rwanda was at the table for US-backed peace negotiations for a conflict they had never admitted to taking part in. Now, we're starting to see that admission🧵

1

7

6

2

2K

Susannigans retweeted

6 months ago

What a year 2025 has been! From relentless threat detection to excitedly joining the Zscaler family, it has been a busy year for the Red Canary team. We're looking back at the most beloved and informative content we brought you, the cybersecurity community, throughout 2025 in this "best of" list. Explore our top picks here ➡️ https://t.co/pvN21tC92Q

redcanary's tweet photo. What a year 2025 has been! From relentless threat detection to excitedly joining the Zscaler family, it has been a busy year for the Red Canary team.

We're looking back at the most beloved and informative content we brought you, the cybersecurity community, throughout 2025 in this "best of" list.

Explore our top picks here ➡️ https://t.co/pvN21tC92Q

0

3

1

766

Susannigans retweeted

6 months ago

The "Sticky Bandits" of cybercrime are out there waiting for an opportunity to wreak havoc. Your cloud security strategy needs a bit of Kevin McCallister's legendary proactive defense! ➡️ Click here before your cloud gets hit with a paint can: https://t.co/xx3Ia8uCRx

redcanary's tweet photo. The "Sticky Bandits" of cybercrime are out there waiting for an opportunity to wreak havoc. Your cloud security strategy needs a bit of Kevin McCallister's legendary proactive defense!

➡️ Click here before your cloud gets hit with a paint can: https://t.co/xx3Ia8uCRx https://t.co/T0B0ZpNM9W

0

1

0

573

Susannigans retweeted

8 months ago

The @CISAgov is strongly encouraging organizations to patch a critical-severity Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) after adding it to its catalog of Known Exploited Vulnerabilities (KEV Catalogue). On servers with WSUS Server Role enabled and ports open to 8530/8531, adversaries can leverage specially crafted requests to exploit a deserialization of untrusted data vulnerability that allows for remote code execution. This can lead to PowerShell and Windows Command Shell executing base64 encoded commands designed to enumerate users and network information on affected endpoints. While Microsoft has issued guidance for mitigating this vulnerability, including releasing an out-of-band security update for impacted Windows Server versions, some organizations may not be able to patch immediately. Red Canary has detected post exploitation activity related to this vulnerability through the following detection analytics: 𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐜𝐨𝐦𝐦𝐚𝐧𝐝 𝐬𝐡𝐞𝐥𝐥 𝐟𝐨𝐫 𝐞𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 Security teams could detect this activity by looking for 𝙘𝙢𝙙.𝙚𝙭𝙚 being spawned from the Windows Server IIS worker process (𝙬3𝙬𝙥.𝙚𝙭𝙚) or the WSUS service binary (𝙬𝙨𝙪𝙨𝙨𝙚𝙧𝙫𝙞𝙘𝙚.𝙚𝙭𝙚), with a /𝙘 command that starts another 𝙘𝙢𝙙.𝙚𝙭𝙚 /𝙘 instance. https://t.co/4QxhnhfgmS 𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐏𝐨𝐰𝐞𝐫𝐒𝐡𝐞𝐥𝐥 𝐭𝐨 𝐨𝐛𝐟𝐮𝐬𝐜𝐚𝐭𝐞 𝐜𝐨𝐦𝐦𝐚𝐧𝐝𝐬 Another detection opportunity involves looking for the use of the shortened encodedCommand flag in 𝙋𝙤𝙬𝙚𝙧𝙎𝙝��𝙡𝙡. Adversaries often try to obfuscate the use of malicious code on an endpoint, wrapping them up for PowerShell to execute. https://t.co/DQYc56Q0kC

redcanary's tweet photo. The @CISAgov is strongly encouraging organizations to patch a critical-severity Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) after adding it to its catalog of Known Exploited Vulnerabilities (KEV Catalogue). On servers with WSUS Server Role enabled and ports open to 8530/8531, adversaries can leverage specially crafted requests to exploit a deserialization of untrusted data vulnerability that allows for remote code execution. This can lead to PowerShell and Windows Command Shell executing base64 encoded commands designed to enumerate users and network information on affected endpoints.

While Microsoft has issued guidance for mitigating this vulnerability, including releasing an out-of-band security update for impacted Windows Server versions, some organizations may not be able to patch immediately.

Red Canary has detected post exploitation activity related to this vulnerability through the following detection analytics:

𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐜𝐨𝐦𝐦𝐚𝐧𝐝 𝐬𝐡𝐞𝐥𝐥 𝐟𝐨𝐫 𝐞𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧

Security teams could detect this activity by looking for 𝙘𝙢𝙙.𝙚𝙭𝙚 being spawned from the Windows Server IIS worker process (𝙬3𝙬𝙥.𝙚𝙭𝙚) or the WSUS service binary (𝙬𝙨𝙪𝙨𝙨𝙚𝙧𝙫𝙞𝙘𝙚.𝙚𝙭𝙚), with a /𝙘 command that starts another 𝙘𝙢𝙙.𝙚𝙭𝙚 /𝙘 instance. https://t.co/4QxhnhfgmS

𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐏𝐨𝐰𝐞𝐫𝐒𝐡𝐞𝐥𝐥 𝐭𝐨 𝐨𝐛𝐟𝐮𝐬𝐜𝐚𝐭𝐞 𝐜𝐨𝐦𝐦𝐚𝐧𝐝𝐬

Another detection opportunity involves looking for the use of the shortened encodedCommand flag in 𝙋𝙤𝙬𝙚𝙧𝙎𝙝��𝙡𝙡. Adversaries often try to obfuscate the use of malicious code on an endpoint, wrapping them up for PowerShell to execute. https://t.co/DQYc56Q0kC

0

14

4

3

2K

Susannigans retweeted

10 months ago

Based on all the Easter eggs, we were expecting Taylor's new album to be called "The Life of a SOC analyst." But we're excited for this new era nonetheless! ❤️‍🔥 👩‍💻 Revisit @Susannigans's blog on why Swifties should work in cybersecurity: https://t.co/LsYuxWqMWq

0

2

1

602

12 months ago

@fxmatt4 won an Emmy and I couldn’t be prouder!

The Emmys

@TheEmmys

12 months ago

The #NewsEmmys Award for Outstanding Research – News goes to The Hidden Autopilot Data That Reveals Why Teslas Crash (@WSJ).

0

31

10

1

10K

0

1

0

32

Susannigans retweeted

12 months ago

🐣 A new color bird threat has hatched! Mocha Manakin employs paste and run with PowerShell to drop a custom NodeJS backdoor that could lead to ransomware. ☕ Read our breaking research for detection opportunities and more technical details on this Red Canary-named threat. https://t.co/bAxFbBb0FV

redcanary's tweet photo. 🐣 A new color bird threat has hatched!

Mocha Manakin employs paste and run with PowerShell to drop a custom NodeJS backdoor that could lead to ransomware.

☕ Read our breaking research for detection opportunities and more technical details on this Red Canary-named threat.
https://t.co/bAxFbBb0FV

0

10

2

1K

Susannigans retweeted

Frank Matt @fxmatt4

about 1 year ago

Rwanda has never admitted to taking part in the conflict in the DRC that since 2021 has killed thousands and displaced millions. @NBCNews Digital Docs investigation discredits Rwanda's narrative of this conflict and lays bare their hidden invasion. 🧵 with links to watch & read

fxmatt4's tweet photo. Rwanda has never admitted to taking part in the conflict in the DRC that since 2021 has killed thousands and displaced millions. @NBCNews Digital Docs investigation discredits Rwanda's narrative of this conflict and lays bare their hidden invasion.

🧵 with links to watch & read https://t.co/HfmwgAE4Xb

8

29

10

1

4K

Susannigans retweeted

NBC News

@NBCNews

about 1 year ago

NBC News analyzed leaked reports, satellite images and interviews to reveal the extent of Rwanda's carefully concealed and high-tech war in the Congo, as the U.S. tries to strike a deal for peace and access to the region's minerals. https://t.co/jdzC4cacbV

277

1K

769

172

219K

about 1 year ago

Another year, another Emmy nomination for @fxmatt4! Watch his piece on Tesla crashes here: https://t.co/07Sd0N0Z57

The Emmys

@TheEmmys

about 1 year ago

#NewsEmmys Nominees for Research – News: - Apes (@natgeo) - Breakdown in Maine @PBS) - The Cap Arcona | @60Minutes (@CBS) - Documenting Police Use of Force (@PBS) - The Hidden Autopilot Data ... (@WSJ) - K File Investigation in NC Governor's Race (@CNN) - Starving Gaza (@AJENews)

TheEmmys's tweet photo. #NewsEmmys Nominees for Research – News:
- Apes (@natgeo)
- Breakdown in Maine @PBS)
- The Cap Arcona | @60Minutes (@CBS)
- Documenting Police Use of Force (@PBS)
- The Hidden Autopilot Data ... (@WSJ)
- K File Investigation in NC Governor's Race (@CNN)
- Starving Gaza (@AJENews) https://t.co/LIQsXWXaid

0

2

4K

0

4

1

0

158

about 1 year ago

@ReichlinMelnick @immcouncil Well done, Aaron!

23

2

1

5K

about 1 year ago

I found a way to mash up up my love of music with my career in infosec. Check out Threat Sounds vol. 5! https://t.co/qVL9ZJBNAr

about 1 year ago

🎸 Did you know our annual report has a soundtrack? Read our liner notes to find out which threats and techniques we paired with songs by Taylor Swift, Beyoncé, Phish, and more. https://t.co/Zbl4vDNpht 🎥 Full behind the scenes video here: https://t.co/9chFFo1LTn

0

6

2

1

847

1

0

131

about 1 year ago

This is the fifth Threat Detection Report I've worked on, and I'm so proud of the way it has evolved into an evergreen resource that people refer to as they run into cyber threats throughout the year. Don't try to take it in all once! https://t.co/GKjk1SKqlG