Nart Villeneuve

No longer using Twitter cuz, yeah, yawn.

@TLP_R3D The indirect linkage is likely because of the use of a common Bullet Proof hosting service in this case.

🚨 Cybersecurity Alert 🚨 Phishing domains indirectly linked to #Snatch Ransomware detected! IP 51.250.13.110 located in Russia. Domains appear to target Canada Financial Services. · simplihl[.]help - Spoofing Simplii Financial · bmo-importantnotice[.]com - Spoofing Bank of Montreal (BMO) · rbc-secureaccess[.]ca - Spoofing Royal Bank of Canada (RBC) · verificationerror[.]com - Generic · canadarevenue-agcy[.]info - Spoofing Canada Revenue Agency · direct-gi[.]com - Unclear target · actve-accept[.]com - Generic · 4-easyweb-td[.]com - Spoofing TD Bank · rbccappbnk.[.]om - Spoofing Royal Bank of Canada (RBC) Stay vigilant and always verify links! #CyberSecurity #PhishingAlert #C2Engine #KryptoKloud

@ImposeCost youtu.be/aDACorIaxNw

NEW @citizenlab report -- extensive analysis of censored search results in 8 #China accessible search platforms. #MicrosoftBing's "political censorship rules" found to be "broader and affected more search results than Baidu." Authors: Jeffrey Knockel, Ken Kato & @emiledirks

On vacation and look what randomly flew by me #stoptoxictwitter

Over 1 million people have joined Mastodon since October 27. Between that and those who returned to their old accounts, the number of active users has risen to over 1.6 million today, which, for context, is over 3 times what it was just about two weeks ago!

@Catspaw I think you were right :)

It must've seemed like a clever PR idea. But Loblaws' "price freeze" on no-name products has turned out to be an own goal. My take for @TorontoStar @StarBusiness today: thestar.com/business/opini…. Plus: the surge in corporate profits amidst inflation is a an economy-wide problem. /2

1st paper from my friend and @mandiant colleague @fumik0_ ! 🥰 From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind. 👇 mandiant.com/resources/blog… #malware

While exploits get a lot of attention, widely distributed malware -- the stuff that I believe accounts for a sizable % of the "initial entry vector was valid creds" seen in IR reports -- is often underestimated.

In this excellent #CTIS2022 presentation @xme quoted youtube.com/watch?v=c3Ydb-… , ~50% of ransomware cases they analyzed began with use of valid RDP/VPN creds, but ~27% came from maldocs (#QAKBOT etc.). They also had one case of #RACCOON. The valid credentials come from somewhere!

Two interesting tweets in my feed that intersect today: twitter.com/xme/status/158… and twitter.com/bmcder02/statu….

But IR teams often run into issues trying to determine the initial access vector as @bmcder02 noted -- data retention limits and re-imaging compromised hosts etc. (microsoft.com/security/blog/…).

@wesdrone @pmelson Some interpret the industry or geographical impact from their telemetry data (which is often skewed by the distribution of the company’s customer base) as evidence of “targeting”.

@wesdrone @pmelson Some interpret automated personalization, or replyto threads as “targeted”, others take things like language of the lure, or geofencing as indicating “targeting”.

Normalize intel reports that differentiate between the actual activity of targeting organizations/industries, and what are merely cybercrimes of opportunity.

I'm incredibly proud of @selenalarson and @dansomware's report on COVID social engineering. Telling threat stories over long periods of time is not our strength, they tackled this with grace and integrity. proofpoint.com/us/blog/threat…

@PJ47596176 They forgot "Ghostnet" -- the OG threat actor name, and conceived by a non-industry group :)

@k8em0 @zeroday I still use this adapter when travelling, best swag I’ve got.

We’re making some *useful* swag to give out at conferences we sponsor, starting with camera cover stickers. What else do people actually USE from those conference goody bags? If we made tshirts should we do an all-ladies-cut batch or would my dudes proudly rock a pink hibiscus?

As we begin the new legislative session at Queen’s Park, I have one question for Doug Ford: What does ‘getting it done’ mean to you? This was your commitment to Ontarians during the spring campaign. But if this summer is an example, ppl are in for a hard 4 years. 1/ #onpoli

Great to see @ShaneHuntley testify before @HouseIntel today. I'm really proud of the work @Google TAG has been doing to combat spyware & speak out against the industry. Adaptation of Shane's remarks here:blog.google/threat-analysi…