We identified a malvertising campaign targeting users searching for legitimate software, leading to the download of a trojanized WinSCP installer that deployed Broomstick/OysterLoader. All files involved in the initial access phase were signed with valid certificates.

NGL, that one was tough, I had just 2 minutes to spare at the end So, if you have a Cyber Incident that needs some Leadership, find someone else, I’m going to the pub Many thanks to ⁦@Nebulator⁩ for his patience a few months ago! #SANS #GIAC #GCIL

Hot cybersecurity tip of the day: AI security is a pressing concern for *some* organizations. But real talk: most of the people asking me about AI security already have horrific third party risk and vulnerability management programs. Fix your foundations first.

New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia

Sad how advert ridden the @MacRumors website is on an iPhone. It’s a mess - you can’t tell what’s an article screenshot and what’s an advert e.g. macrumors.com/roundup/ios-18 Over commercialised - got bored counting past 23 adverts on only 1/3 of above link.

Always disappointed that the UK Olympic team uses the brand @TeamGB when basic geography should have told them that N Ireland is not in GB, it’s part of the UK. Not very inclusive 😒

Everytime I have to use the online @British_Airways website I remember why I hate it and I regret my booking with BA decision. Having to plan to check in at the airport is the ultimate signature of a failed website. #useless #disaster

🚨 How do you engage law enforcement and legal teams during an incident? Don't wait to find out! Join 'Cyber Wars: The Legal Force Awakens' TOMORROW with @Nebulator and learn how to act swiftly in a crisis. ➡️ sans.org/u/1wK7 #SecLeadership #IncidentManagement

Hello! I’m going to close the “Go to DEF CON” award from the @offby1security YouTube channel on July 1st. Click on the image below to expand the details and requirements to enter. Visit and join discord.gg/offbyonesecurity for more details!

A good PM is worth their weight in gold. It's wild how off the rails some projects will go without a solid PM in place. You know who you are :)

Knowing how to contact legal resources during an incident is crucial. 'Cyber Wars: The Legal Force Awakens' with @Nebulator will teach you strategies to engage with law enforcement and external counsel. ➡️ sans.org/u/1wK7 #SecLeadership #IncidentManagement

As an industry we tell people to adopt zero trust… whilst at the same time saying don’t use ‘public’ WiFi….. It’s ridiculous…. We tell people to use a vpn…. The number of shady VPNs is massive. We tell people to not use WiFi at Starbucks whilst our hospitals are running server 2008 r2 ….

It’s been 20 years since I last caught up with @rfidiot - lovely to have a chinwag at the @AutoISAC summit. See ya at @defcon

Great watching @HackingDave on TV, I was telling Trevor yesterday how much I love Dave’s clarity, articulation and sneaking in of challenge words and references 😝

Here's my interview today from @CNBC talking about Microsoft Recall and Apple's AI announcement and partnership with OpenAI. My challenge word was "Tautological". x.com/Binary_Defense/status/… #BinaryDefense #TrustedSec

Episode #3 out now! @Nebulator dives into how you can prepare your org by understanding your #SupplyChain and then assess their criticality to your business. 🖥️ Watch here: youtu.be/rdIGkvv0OP4 #LDR553 #CyberAttack #IncidentManagement

Previously on Dragon Ball Z: Law enforcement agents seized the BreachForum backend and placed a 'this site has been seized' sticker on the BreachForum landing page. However, shortly after the takedown, BreachForum quickly returned online. Fast forward to today: BreachForum administrative staff issued a statement on their forum to Breach members and law enforcement agencies. The messages are attached to this post. Breach administrative staff also shared e-mail's between them and their host provider In summary Breach administrative staff assert law enforcement failed to successfully executive a seizure and inadvertently caused damage to a business who is not affiliated with them. Breach administrators also some how acquired the e-mail correspondence between law enforcement agencies and their host provider.

Episode 2 in The Incident Commander Series is out now! @Nebulator takes a look at understanding your remediation timeline after a #cyberattack 📈 ⏯️ Watch here: youtu.be/B8ezvzm6CP4 #LDR553 #CyberIncidentManagement

First Palo Alto announced John Wick in every firewall and gave us dancing ninjas at #RSAC. Now they've announced they're acquiring QRadar - hands down the worst enterprise SIEM on the market. I have to ask - is someone spiking the coffee in the executive cafeteria over there?

Quick Hackfest Hollywood keynote announcement: Day One Keynote: David Weston (@dwizzzleMSFT) Day Two Keynote: Yarden Shafir (@yarden_shafir) October 28th & 29th in Los Angeles! Register for virtual (free) & in-person attendance here: sans.org/cyber-security-trai…