Adam

Don't miss @tlansec's talk at 12:00 BST tomorrow, Oct 5, at #VB2023 in London! He will share @Volexity's research + observations of a North Korean #apt using unique, persistent #socialengineering techniques to target victims. More here: virusbulletin.com/conference/vb2… #threatintel #dfir

North Korea 🇰🇵 thinks it's easier to steal 0day from researchers than to find it themselves. If you are doing security research or have privileged access you have to assume you could be targeted at some point by a nation state.

Check if you've communicated with Paul091_! Outside of the 0-day, they also pushed their github project, GetSymbol - meant to help researchers download symbols. But it contains an update channel that could allow them to run arbitrary exes on machines of interest!

This is peak UI design.

@Volexity @Microsoft365 @Microsoft It turns out our investigation turned up nothing because there was nothing for us to find. The incident was invisible to us with the data at our disposal and this was due to the customer's M365 license level: E3. This is likely the most common license level for most orgs. 3/7

3 vacantes abiertas en Google Malaga Software Engineer, Backend, VirusTotal, Google Cloud google.com/about/careers/… Solutions Consultant, VirusTotal google.com/about/careers/… Security Engineer, VirusTotal google.com/about/careers/…

Snap is hiring security engineers for D&R and threat intel roles in Switzerland (we have offices in Zurich and Yverdon-les-Bains): wd1.myworkdaysite.com/recruiting/sna… & wd1.myworkdaysite.com/recruiting/sna… Retweets for visibility are much appreciated!

The legend of @moranned coming to present research at BlueHat Israel 🎉

We are hurtling towards our finale. Join us to meet the character who helped us reach an assessment of Xiaoruizhi's APT affiliation. intrusiontruth.wordpress.com/2023/05/16/int…

Introducing our main character of this investigation... Wuhan Xiaoruizhi Science and Technology Company intrusiontruth.wordpress.com/2023/05/13/all…

Google Málaga += 2 vacantes Software Engineer, Infrastructure Integrator, VirusTotal, Google Cloud careers.google.com/jobs/results/1… Security Engineer, VirusTotal careers.google.com/jobs/results/1…

@notareverser I know the struggle! ♥️

Fair warning to all friends old and new I'm basically blind at a distance now so if you see me in the next few days come say hi Cause I certainly didn't see you ❤️

Officially on the job market today. Anyone looking for an old TI guy with a "smidge" of years under his belt, let me know. Happy to have a chat.

So finally feel like I can talk about this. Santa as in github.com/google/santa now supports file access authorization. This means that we can authorize if a binary should be able to open a file/path and leverage code signing for targeting/filtering.

“Litigation was filed against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise.” @pmbureau and the team taking on cybercrime on a number of fronts. blog.google/technology/saf…

@vtxproject is looking for non-profit orgs with an intelligence use case that would benefit from having #synapse. We plan to select a few with compelling missions and donate #synapse enterprise licenses/support. Reply, DM, or join slack v.vtx.lk/slack if you have ideas!

In a previous life, Alex found more APT campaigns in a day than most vendors did in a year. If you want to increase positive coverage of your flashy new widget, no better person to help you do it!

The likely DPRK 3CX incident was part of a DOUBLE supply chain incident (access from one supply chain compromise was used to create another). Leapfrogging this way allows the actor to create a vicious cycle that expands their footholds exponentially. mandiant.com/resources/blog…

🆕 Updates from @Google TAG on recent APT, IO and Crime from 🇷🇺🇧🇾 actors against 🇺🇦 and regionally. 🎣 and more from 🇷🇺GRU, 👻🖊️, 🇨🇺💰 looking like APT and IO from the once adored 👨‍🍳. 1/🧵 blog.google/threat-analysi…

7 Apr: iOS/Mac 0day in the wild patched support.apple.com/en-us/HT213720 14 Apr: Chrome 0day in the wild patched chromereleases.googleblog.com/2023/04/stable… Both found by @_clem1 (TAG). Two different surveillance vendors. Great finds! Great fast patching! 👍 Wish these weren't so common though. 😔