Imagine sending a cold email to Spamhaus....oh wait 😑

The anatomy of bulletproof hosting has changed significantly, and if you're working in threat intelligence or network abuse, it's worth understanding how. Criminals are shifting to separation of liabilities, abusing trusted services, and building more resilient infrastructure - learn more here: 👉 spamhaus.org/resource-hub/bu… #Cybersecurity #BulletproofHosting #ThreatIntel

Botnet C2 tied to an unidentified #malware family trying to hide as FortiGate device 😜 🌐 Domain: az2030port.duckdns .org 📡 C2: 178.16.55.28:2030 ➡️ Omegatech LTD 🇳🇱 🔐 SSL certificate: FortiGate, O=Fortinet Ltd. Corresponding malware samples ⤵️ hunting.abuse.ch/hunt/6a285c…

🇨🇦 Safe travels to everyone heading to Montreal this weekend for #M3AAWG67! If you’re 'aboot' and would like to book a meeting with Graham — or just catch up over a few beers and poutine 😋 — send us a DM.

📣 Latest #DROP listings fresh from @Spamhaus researchers, helping you block the worst of the worst #IP traffic ⤵️⤵️ Looking for something better suited to commercial use? Find out more about accessing this data (and more) via BGP here👉spamhaus.com/data-access/bor…

📣 JUNE 18 | 10:55 AM MST | At #FIRSTCON26, Matthew Stith from Spamhaus will present: “Tackling Bulletproof Hosting: Cutting off the Facilitators” In this 🟠 TLP:AMBER session Matthew will present two case studies of non-monolithic BPHs, and: ➡️ Show how they evade anti-abuse countermeasures. ➡️ Discuss ways to incentivize cybercrime facilitators to adopt stronger vetting and abuse prevention. ➡️ Explain Spamhaus’s approach to balancing protection, increasing costs for bad actors, and coordination with law enforcement and the infosec community. #CyberSecurity #ThreatIntel #SeeYouThere

📢 TODAY #INBOXEXPO26 | MAIN STAGE 2:30 EDT Matt Stith from Spamhaus will join, Clea Moore from Yahoo! and Mariska Calebrese from beehiv, for an ISP panel discussion moderated by Matthew Vernhout, Principal Email Advisor at Email Industries.

🇺🇸 Heading to Denver for #FIRSTCON26 next month? Matthew Stith, who leads Community & Partnerships at Spamhaus, will be attending and is keen to connect around information sharing, collaborative research, and partnership opportunities. DM if you'd like an introduction or want to arrange a meet up. #Events #Community #IncidentResponse

🤔 Looking for contextual metadata on malicious and suspicious domains? Spamhaus Malicious Domain Intelligence is now available via Rsync in JSON format - ideal for teams that want to handle queries and enrichment workflows in-house. Use it to enhance investigations, support research, and enrich threat-intelligence operations 🕵️ - learn more here ⤵️ hubs.ly/Q04hs1qY0 Or request a FREE 30-day trial today ⤵️ hubs.ly/Q04hs6rW0 #Domains #Rsync #ThreatIntel

❗ We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution. The header and message body appear completely legitimate - the abuse is happening through injection into the Subject: ✉️ Here's an example: "Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call 1 (803) 237-5050 account email verification code." At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name. This also appears to line up with what @zackwhittaker TechCrunch Security Editor identified last week (shared on Mastodon): mastodon.social/@zackwhittak… ....although the activity we’re seeing appears to stretch back several months. Takeaway: automated notification systems should not allow this level of customization. Microsoft has been informed of this abusive activity. #ThreatIntel #Spam #InfoSec #CyberSecurity

Shout out to @teamcymru, @Shadowserver and all parties involved in assisting @INTERPOL_HQ in the take down of 53 servers malware, phishing servers and 201 arrests!💪

If you’re still relying on passwords to access online services securely, it’s worth switching to passkeys (where possible). Here’s a quick overview from Spamhaus explaining what passkeys are and how they work ⤵️⤵️

🎉 We’re proud to sponsor the 38th #FIRSTCon in Denver next month alongside our partner @abuse_ch! Some of the team will be there, joined by colleagues from The @spamhaus Project. 👀 Keep an eye out for a couple of presentations from the team - we’ll share more details closer to the time...

🕵️‍♂️@Spamhaus Project researchers have shared details of a recently observed phishing campaign specifically targeting hotels and hosts, misrepresenting themselves as @bookingcom - find details below👇

@NSAGov shares 4 simple steps to secure your router ⤵️ 1⃣ Update your router 2⃣ Change the default username & password 3⃣ Disable remote management 4⃣ Replace outdated routers Read full guidance via the National Cybersecurity Alliance below👇

My favorite Remus botnet C2 domain so far 😄 havelbeenpwned .net ⤵️ NICENIC INTERNATIONAL🇨🇳 103.211.219.238:4219⤵️ AS394695 PUBLIC-DOMAIN-REGISTRY 🇮🇳 Malware sample: bazaar.abuse.ch/sample/75fce… More #Remnus IOCs available on ThreatFox 🦊 threatfox.abuse.ch/browse/ma… /cc @troyhunt

📢 WEBINAR TODAY | May 5th | 10am EDT | 4pm CEST Calling all ESPs 💌 - "Why Legitimate Senders​ End Up on Blocklists — although they think they do everything right.​" There’s still time to register👇 hubs.ly/Q04fphN80 #SenderReputation #EmailCompliance #CSA

🔥 5 days and counting!! If you’re heading to #PIVOTcon26 some of our team will be there again this year alongside our partner @abuse_ch — and we're proud to be sponsoring once again. Looking forward to the talks, conversations, and catching up over a beer 🍻