The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.
🎉 🎉 We are thrilled to share that the Threat Intel Community Portal has reached a significant milestone - 1,000,000 submissions!
And we want to say a massive THANK YOU.
In less than four months, we have received 1 million contributions of suspicious IPs, domains, URLs, and emails!
Whether from occasional contributors or organizations sharing large volumes of data via API, the mission is the same: to make the internet a safer place.
And believe us when we say every contribution counts, for it’s the diversity that adds to the strength of the community.
We owe this achievement to all our contributors, so please, take a bow and THANK YOU!
"🔒 When Antivirus Turns Foe: The Shadowy Flipside of AV Software 🔒"
In an enlightening piece by Miguel Mendez Z., a deep dive into the paradoxical world of antivirus (AV) software reveals a concerning trend. Originally designed as cybersecurity guardians, some AV solutions have morphed into vulnerabilities themselves, exposing users to potential threats. The article dissects cases where AV software, instead of acting as a robust security layer, becomes an exploitable loophole for attackers. 🛡️💻🔓
The technical analysis provided highlights how some AV products might execute arbitrary code or misuse their elevated privileges, turning a system's defense mechanism into its Achilles' heel. It calls for a reevaluation of trust placed in these tools and emphasizes the necessity for ongoing vigilance and security hygiene.
Looking for the tool to add to your @kalilinux capabilities? Install #Maltego onto your machine now. Mine, merge, map your #threatintelligence data all in one place.
Defense-in-Depth isn't enough. Use AI-powered Cyber #ThreatIntelligence (CTI) and Breach & Attack Simulation (BAS) to test defenses against real-world attacks, uncover vulnerabilities.
Remember when we all migrated here for greener pastures? It feels like it was just last year but time has flown. I never really did an intro post, and at this point I’m too afraid to ask lol. Either way, here it goes!
If you’re just now seeing my toots, welcome. If you’ve been around, then it’s great to have you here! I go by many names but we’ll stick to trojan foxtrot here because it’s just easier.
My background is all over the place but right now it’s intelligence and cybersecurity, and has been for a good chunk of life. Most of my free time is spent either wrenching on cars, traveling with my family, or reading just about anything related to cognitive psychology, intelligence analysis, human thinking, and self-development.
I’m also a veteran. I served from 2008-2020 across two branches and two career fields. The latter half of my military career was spent in military intelligence. I guess that makes me an IC veteran as well but who’s keeping track, right? Over the years, I’ve concentrated my specialization in the field of intelligence. Having been an IC all-source analyst really shifted my career into the direction of cyber threat intelligence. I often talk about making that transition, and the mental switch that’ll smoothen it out.
I don’t like to consider myself well-read, but I can definitely hold my own across many topics of discussion, and I know my limits of my knowledge. I’m not embarrassed to say I don’t know about something because it creates a learning opportunity for me. I think that makes conversation so much more fulfilling and enriching.
I like to talk about anything but I try to keep it security focused or intelligence focused here. Sometimes that doesn’t always work and I’ll occasionally shitpost. Either way, you are free to keep scrolling on by or engage!
Anyway, if you made it all the way to the end of this boring and unexciting introduction, I hope you figure out what my name means. If not, check out my bio!
Proofpoint Threat Research recently identified a campaign with emails from various senders that included subjects such as “RFQ”. They contained a OneDrive URL that triggered the download of a VHD when clicked. The campaign began on 1/17 and continued through 1/18 to include over 1,300 messages.
I’m looking to hire a Principal Threat Intelligence Analyst here at @huntress . You’ll get to build a new program focused on the small business space (those that fall below the cybersecurity poverty line). Please feel free to reach out to me if you have questions or think you might be a good fit:
End of last year we worked on an incident response where a TA exploited 2 0-days to compromised Ivanti Connect Secure (previously Pulse Connect Secure).
The first vulnerability (CVE-2023-46805) was abused to bypass the authentication. The second vulnerability (CVE-2024-21887) was used to execute commands on the device.
The TA remount the filesystem to enable the write permissions. Then, the attackers modified an existing JavaScript and deployed two webshells.
They modified lastauthserverused.js, a script that is legitimately used in the logon page. The modification exfiltrates the username and the password. The two webshells use the HTTP request parameters to execute code.
Using Zeek’s new JavaScript support for MISP integration.
With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.
In recent years, we have strived to update the MISP standard to ensure it remains stable, simple, and extensible. This effort benefits not only the MISP project but also other threat intelligence tools that utilise this format.
Our commitment is to maintain a stable long-term format that allows users to actively reuse the MISP standard without encountering disruptive changes. We are pleased to announce that our standard format is now being used by numerous software applications worldwide. Recently, we have made minor updates to various formats to incorporate necessary changes while ensuring that our current users are not adversely affected.
For more detailed information, please refer to the following links:
Always intriguing to witness conspiracy theorists diving into our open-source projects, weaving together connections that are more creative fiction than reality.
We included in the MISP Project galaxy the new MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence System) which can easily be used to describe adversary tactics and techniques based on real-world attack observations and realistic demonstrations from AI red teams and security groups
Following funky usage of OpenPGP, I found a user using GitHub gist to send encrypted messages. The keyid is the correlation value from an AIL project instance.
The MISP playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse intelligence received by MISP. The project started early 2023 and as we’re now ending the year it’s time to look back at its current state and get an early glimpse of the future features.
Extremely grateful for having the opportunity to contribute to the latest ENISA Threat Landscape for DoS Attacks. It is an important report from ENISA that gives useful insights into a cybersecurity threat that is often understudied. Read here: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks