As you know — well, now you do — Marco Ciappelli and Sean Martin, CISSP, are now hosting webinars on ITSPmagazine!

Yes, webinars are everywhere — but these are different:
ITSPmagazine #Webinars are More Than Just a Presentation.
They’re Real Conversations That Matter.

Join us live on May 8 (or catch it On Demand) for an incredible conversation with Fred Wilmot.

You already know it’s going to be an awesome one — don’t miss it!

Rethink, Don’t Just Optimize: A New Philosophy For Intelligent Detection And Response — An ITSPmagazine Webinar With Detecteam

Traditional detection and response is overdue for a rethink. This webinar explores the limits of optimization, the danger of misleading metrics, and a new approach focused on adaptability, behavior-driven signals, and speed. See how Detecteam’s REFLEX Platform helps teams turn weak signals into fast, actionable detections—before attackers have time to move.

REGISTER: https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634

#cybersecurity, #detectionandresponse, #threatdetection, #incidentresponse, #securityoperations, #infosec, #cyberdefense, #securitystrategy, #threatintel, #detecteam #infosecurity

Is static rule-based detection holding security teams back? In this On Location Briefing from #RSAC2025, we dive into why detection needs to evolve — and what the future could look like when it does.

New Briefing from #RSAC 2025: Fixing the Detection Disconnect — Rethinking Detection from Static Rules to Living Signals

At RSA Conference 2025, Sean Martin, CISSP caught up with Fred Wilmot (Co-Founder & CEO) and Sebastien Tricaud (Co-Founder & CTO) of Detecteam to talk about why detection can’t stay stuck in the past — and how “living signals” can offer a more dynamic, context-aware approach to threat identification.

How can teams move beyond brittle, static rules to real-time, adaptable detection strategies?

Find out how Detecteam is helping organizations move away from outdated IOCs toward purpose-built, testable detections that actually evolve as threats do.

Watch, listen, or read the full conversation here:
https://www.itspmagazine.com/their-stories/fixing-the-detection-disconnect-and-rethinking-detection-from-static-rules-to-living-signals-a-brand-story-with-fred-wilmot-from-detecteam-an-on-location-rsac-conference-2025-brand-story

Learn more about Detecteam’s work:
https://www.itspmagazine.com/directory/detecteam

See all our RSAC 2025 coverage:
https://www.itspmagazine.com/rsac25

Discover more On Location Conversations, Brand Stories, and Briefings:
https://www.itspmagazine.com/brand-story

This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!

Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!

RSAC 2025 sold out fast — we expect the same for these next events.
Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs

Some more conversations for you, straight from the floor of RSAC 2025!

New Briefing from #RSAC2025: From Overwhelmed to Informed — Strategic Threat Detection for the Future

At #RSAC Conference 2025, Sean Martin, CISSP caught up with Hugh Njemanze, Founder and CEO of Anomali, for a quick but powerful conversation about how the future of threat detection is about more than speed — it’s about strategy.

Why are #securityteams overwhelmed by traditional approaches, and how can smarter, faster, more strategic #threatintelligence change the game?
Find out how #Anomali is helping organizations move from reactive defense to proactive security strategies.

Watch, listen, or read the full conversation here:
https://www.itspmagazine.com/their-stories/from-overwhelmed-to-informed-the-future-of-threat-detection-isnt-just-fasterits-strategic-a-brand-story-with-hugh-njemanze-from-anomali-an-on-location-rsac-conference-2025-brand-story

Learn more about Anomali’s work:
https://www.itspmagazine.com/directory/anomali

See all our RSA Conference 2025 coverage:
https://www.itspmagazine.com/rsac25

Explore more Briefings and Brand Stories from RSAC 2025:
https://www.itspmagazine.com/brand-story

This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin, CISSP and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!

Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!
RSAC 2025 sold out fast — we expect the same for these next events.
Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs

Hashtags:
#cybersecurity #infosec #infosecurity #technology #tech #society #business #threatdetection #cyberthreatintelligence #strategicsecurity #anomali

SUSE announces AI-powered integration with @SUSE Security and Microsoft Sentinel
https://www.admin-magazine.com/News/SUSE-Security-Announces-Integration-with-Microsoft-Sentinel?utm_source=SM
#SUSE #Sentinel #Microsoft #ArtificialIntelligence #security #integration #Copilot #ThreatDetection

https://www.europesays.com/1838016/ Logpoint & Netheimur team up to enhance Icelandic security #acquisition #ArtificialIntelligenceAI #CloudSecurity #CyberAttacks #Cybersecurity #GeneralDataProtectionRegulation(GDPR) #iceland #island #Logpoint #ManagedSecurityServicesProvider(MSSP) #PublicSector #SecurityInformationAndEventManagement(SIEM) #ThreatActors #ThreatDetection

openSquat - An open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

https://github.com/atenreiro/opensquat

For those wondering how to gain visibility on their #Linux system for #ThreatDetection and #ThreatHunting:

Check out the Kunai Project! It's completely free and supports IoC-based detection, Yara rules, custom detection rules, and more.

A new release is available: https://github.com/kunai-project/kunai/releases

#WorkSurveillance #Surveillance #WageSlavery #SIEM #UEBA #CyberSecurity #ThreatDetection #BehaviorProfiling: "This case study explores, examines and documents how employers can use software that analyzes extensive personal data on employee behavior and communication for cybersecurity, insider threat detection and compliance purposes. To illustrate wider practices, it investigates software for “security information and event management” (SIEM), “user and entity behavior analytics” (UEBA), insider risk management and communication monitoring from two major vendors. First, it looks into cybersecurity and risk profiling systems offered by Forcepoint, a software vendor that was until recently owned by the US defense giant Raytheon. Second, it investigates in detail how employers can use cybersecurity and risk profiling software sold by Microsoft, whose “Sentinel” and “Purview” systems provide SIEM, UEBA, insider risk management and communication monitoring functionality. Combined, these systems can monitor everything employees do or say, profile their behavior and single them out for further investigation. Similar to predictive policing technologies, they promise not only to detect incidents but to prevent them before they occur. While organizations can use these software systems for legitimate purposes, this study focuses on their potential implications for employees."

https://crackedlabs.org/en/data-work/publications/securityriskprofiling

Good day everyone!

Check Point Software researchers provide us a detailed report on a newly discovered malware the #StyxStealer! It is capable of "stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency" and contains defense evasion techniques. While the malware may be new, one technique that stood out isn't! The use of the Windows run registry key for persistence (Software\Microsoft\Windows\CurrentVersion\Run) is not.

This registry key is abused because of the function it carries with it: you can reference an executable or script or whatever you want in the registry details and it will execute once a user logs in. This removes the need for the adversary to have to social engineer or compromise a host over and over again.

Knowing that, enjoy the article and stay tuned for your Threat Hunting Tip of the Day!

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/

Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

US Bans Kaspersky Software - Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’... - https://www.wired.com/story/us-bans-kaspersky-software/ #security/nationalsecurity #security/securitynews #threatdetection #security

HIRING: Information Security Engineers / New York City

https://infosec-jobs.com/J102911/

Happy Monday everyone! I hope everyone is doing well!

Researchers from Rapid7 observed some updated #TTPs and behaviors exhibited by the APT known as #Kimsuky (AKA Black Banshee or Thallium). One update to their tactics include the use of a Compiled HTML Help file, or CHM file. Rapid7 found this significant because these types of files were seen to make it past the first line of defense and then lead to its execution. Following the CHM execution, other behaviors were seen and included registry key modification of the Windows Run registry key (SOFTWARE\Microsoft\Windows\CurrentVersion\Run).

Want to learn how to threat model?
#ThreatDetection #cti #Cybersecurity #hacking
https://youtu.be/qOWGcCRj8E4?feature=shared

@crowgirl

One week ago,@cyentiainst and Tidal Cyber published a study that provides a consensus view of the top ATT&CK techniques reported across 22 popular sources.

It's been well-received so far, but I'm sure there are many #infosec professionals out there who don't know about it yet and would benefit from it to build a more threat-informed defense. If you find this research valuable, please share it with your networks - thanks!

Download the report below (no registration required) and watch a replay of the webinar we hosted to launch it. #threatintel #threathunting #threatintelligence #threatdetection#incidentresponse

https://www.cyentia.com/multi-source-analysis-of-top-mitre-attck-techniques/

What are the most frequently observed ATT&CK techniques?

Well, it depends on the vantage point.

In a study comparing the top TTPs among 22 of your favorite annual/semi-annual cyber threat reports, the Cyentia Institute found substantial variation among different types of sources. Get the full report here: https://www.cyentia.com/multi-source-analysis-of-top-mitre-attck-techniques/

Lemme unpack the chart a bit. Each column shows the consensus ten most frequently observed TTPs among sources of each type (we discuss how we derive that consensus in the the report). The few connecting lines shown here and the many one-off techniques indicate low levels of agreement among source types as to what belongs in the top 10.

Nine of the ten most frequent techniques observed by OSINT, for example, didn’t make it to the top of the charts for any other source type. Speaking for ourselves as one of those sources (IRIS 2020), we wonder if it’s because of limitations of teasing TTPs from publicly-reported data, which tends to be shallower than, for example, forensic-level details. The number of unique entries in the top 10 for other sources isn’t quite so dramatic: Telemetry = 5/10, Managed Services = 2/10, Incident Response = 6/10.

That’s not to say there’s an utter lack of accord. T1059 (Command and Scripting Interpreter) makes the top 10 list in three of four source types. Quite a few others can be found in two columns.

Why does this matter?

Because these source biases need to be acknowledged, better understood, and factored into analysis in order to make the most of multi-source data like this. Sure—it’s a lot less messy to just go with a trusted single source for all your ATT&CK prioritization needs. But it’s also a lot less likely that one source represents the totality of the environment you defend.

It’s a classic “Elephant in the Dark”problem. Thanks to the efforts of so many in our community to share this information, we’re shedding more and more light on that problem to see the whole elephant. #threatintel #threathunting #cyberthreats #secops #threatdetection #cybersecurity #incidentresponse

Get the report: https://www.cyentia.com/multi-source-analysis-of-top-mitre-attck-techniques/

#HappyMonday and it is that time again!

The The DFIR Report has released their latest report that mentions NetSupport Manager, a remote access tool that I have not heard of before. Initial access was a zip file contained a .js file which was designed to execute an encoded PowerShell command that deployed the NetSupport tool AND established persistence through the modification of the #Windows run registry key. I would go on but you are going to have to read this report for yourself! It is so full of details that I can't begin to cover them myself! Enjoy and Happy Hunting!

NetSupport Intrusion Results in Domain Compromise
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/

Good day all! The Computer Emergency Response Team of Ukraine, CERT-UA reports on a targeted attack attributed to #APT28 they observed on critical energy infrastructure facility in Ukraine. It started with a #phishing email that contained a link to an archive that led to a downloaded zip file that contained three decoy JPGs and a bat file that would run on the victims computer. The BAT file would, again, open some decoy web pages, but more importantly would create a .bat and .vbs file. There was some discovery commands issued, TOR program downloaded and hidden on the victim's computer as a hidden service, and abused common ports (445,389,3389,443). Last but not least, a PowerShell script was used to collect the password hash of the account. Enjoy and Happy Hunting!

https://cert.gov.ua/article/5702579

Good day all! If you have been looking for technical and behavioral artifacts regarding CVE-2023-2868, look no further! Mandiant (now part of Google Cloud) takes a deep-dive into #UNC4841, a Chinese-nexus threat group, activity that shows how the group is growing in maturity and sophistication. There is a lot to learn about TTPs from this article and I hope you enjoy it as much as I did! Happy Hunting everyone!

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation