π€ Threat intelligence is all about processing raw data to make it useful for the business. Coupled with AI you can industrialize your pipelines and make it great.
But most of the solutions out there will give you lengthy paragraphs of text. But honestly who [β¦]
[Original post on infosec.exchange]
@deepthoughts10 Thank you, I did! And I'm entirely intrigued π
Ideas for improvements or additions to threat.cstromblad.com or other suggestions for content to push out through ORLY?
Im really trying to make the Fediverse better from a cybersecurity community perspective by providing better streams of "Intel".
Hit me with your ideas, perhaps I can [β¦]
@newsgroup Thanks, will keep an eye on that!
π€ Sekoia recently uncovered a new Phishing as a Service platform called EvilTokens that automates Business Email Compromise at scale!
The tool use AI to:
- Automate the analysis of large volumes of emails to identify exploitable financial exposure
- Map [β¦]
[Original post on infosec.exchange]
I went for a tag.digital workspace using their NC Core offering, start there and see how I feel.
Thanks for the suggestion @azraph
I have updated and refined the https://threat.cstromblad.com/dashboard "algorithm" for showing the Top Story et al.
I didn't like that too many tangential articles were included as "related". Tried top optimize clustering to also account for recency in tag clusters etc.
Hopefully a little bit [β¦]
I'm thinking that perhaps a hosted NextCloud installation might be useful?
Alright friends, I've got a real need. I want a collaboration suite for myself and a few others.
I don't want Teams, or Slack. Ideally I'd like a hosted option in Europe as I will not have time to manage a self-hosted installation, it's not where my energy should be directed right now [β¦]
I've started experimenting with a broader collection concerning "Breach Events". The idea is to selectively monitor News sources for signs of organizations having suffered some sort of cyber incidents.
Would anyone be interested in having this sort of feed added to ORLYSEC?
Basically something [β¦]
Every now and then O RLY CYBER will produce a link to a slightly older post. This is due to a more robust collection process whereas the previous collector could crash, miss or otherwise ignore entries. Now... it is backpopulating and I think that I've allowed it to process articles that are [β¦]
A still from a TV show. A woman with grey hair in a black jacket sits opposite Jon Stewart, host of The Daily Show, at a desk. A subtitle shows the text "There's the whole Mastodon universe." at the bottom of the screen.
Nice to see a Mastodon shout-out on The Daily Show last night, thanks to @eff Executive Director Cindy Cohn!
It's a longer segment, with some interesting nuance around social media and censorship later in the conversation.
(disclosure: I am an EFF Member / [β¦]
[Original post on macaw.social]
Ahww shit... date extraction for sublime.security did NOT work at all. Sorry for the orlysec spam... not sure why it got that screwed up π
RE: https://swecyb.com/@orlysec/116331722420168899
Apologies for the old push. Doing some back populating of articles, and I currently have no logic to avoid pushing "relevant" content to the mastodon "bot".
Hopefully shouldn't be too many articles.
How are you liking the @orlysec account? Good, meh, terrible?
Something I can do to perhaps improve it, something you'd wish for there to be in there. Or leave it as it is for now?
Latest exploited/active CVEs.
If someone comes to me today preaching about βpost-quantumβ security issues, Iβll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security [β¦]
[Original post on infosec.exchange]
π₯ Supply chain nightmare continues! Axios a widely used HTTP client got compromised.
Malicious versions:
- axios 1.14.1 (latest)
- axios 0.30.4 (legacy)
- plain-crypto-js 4.2.x (postinstall backdoor)
NPM supply chain attacks are becoming more common, so I [β¦]
[Original post on infosec.exchange]
RE: fosstodon.org/@SocketSecurity/11632161...
2020: the best thing you can do for security is have a bot automatically update your dependencies.
2026: the best thing you can do for security is to tell your bot that updates dependencies to wait a day or three before updating them [β¦]
I have added a tiny feature on https://threat.cstromblad.com to highlight "breaking stories" in an attempt to surface things such as the Axios attack.
It's not perfect but not bad either as a first attempt. Recent articles within the last 24-48 hours and with spiking tag clusters. First version [β¦]
Diesel just got humiliated on its own turf by a Chinese #EV Truck π.
Sydney β Canberra freight run
Electric truck: 25 minutes faster + ~85% cheaper energy
Not greener. Not nicer. Just better.
Freight was supposed to be the last stand⦠#Bettrification
I decided to put it online instead, now you can browse it yourself:
https://threat.cstromblad.com/dashboard
It will be updated twice a day. Let me know if you find it useful or interesting, or if there is something else you'd like to see in there.
Please note the status of it: EXPERIMENTAL π
A solitary tree stands silhouetted against a soft pink and lavender dawn sky, surrounded by rolling, frost-covered hills shrouded in morning mist. The moody, atmospheric landscape conveys a sense of quiet solitude, with the lone tree slightly off-center and additional trees barely visible through the fog in the background.
RE: https://swecyb.com/@orlysec/116314310614031208
I'm guessing ... we'll see a whole bunch of articles n' stuff about this come Monday.
And a whole bunch of pwnd appliances.
And a whole bunch of incident response assignments.
And a whole bunch of CEOs reiterating how important cybersecurity [β¦]
I have also added another TL;DR logic. Let's try and find the most dominant story for the past 2 weeks.
Not everyone is interested in all the details, and every single story. Just something to talk about around the coffee machine, or discuss with customers.
Now there's such a TL;DR. The top [β¦]
It's not especially intelligent. Basically checking if the CVE in the published article has been mentioned recently (12 weeks backtrack) and if not, it's considered "new".
Again, the idea and purpose is to highlight potentially new findings and discussions that warrant a closer look. Let me [β¦]
Made a few simple changes to the CVE-data, added the official CVSS, affected products and short description.
The CVEs presented are those that have been mentioned in recently published primary sources articles.
So it's not a list of every single CVE out there. Hopefully those with a bit more [β¦]
I decided to put it online instead, now you can browse it yourself:
https://threat.cstromblad.com/dashboard
It will be updated twice a day. Let me know if you find it useful or interesting, or if there is something else you'd like to see in there.
Please note the status of it: EXPERIMENTAL π
The listed tags could do with some work, like removing the ones that are not really contributing to insights etc.
But you know, work in progress.
Article list view for a given week and archetype category.
A personal threat landscape dashboard.
I've got roughly 18 months worth of collected OSINT (from primary sources) which has been processed quite extensively. Last night and today I've been spending time exploring ways to ... visualize the threat landscape based on what I have.
Here's the most recent [β¦]
[Original post on swecyb.com]
