mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.9K
active users

#threatdetection

11 posts8 participants0 posts today

It's a busy conference season for #Graylog! 😅 #AWSreInforce is coming up soon on June 16th through 18th in Philadelphia, PA. Grayloggers Sam Parikh, Quinn Kroll, Justine Simpson, and Rich Murphy will be there to answer all your Graylog questions.

And... Rich Murphy will share insight on how to tame your alert avalanche — on June 17th, 1:30 PM, in his presentation at the show. 🚨🏔️ Learn about a battle-tested playbook for alert noise reduction!

More: reinforce.awsevents.com/ #TDIR #threatdetection #incidentresponse #cybersecurity

Happy Friday everyone!

With the news breaking that the #DanaBot was disrupted, it got me thinking: How do these pieces of malware function and how do they stay on the victim's machines? And when you think of what a botnet operator really needs is repeated access to the compromised machine which gets me thinking about persistence. So, I poked around my favorite resources, the MITRE ATT&CK Matrix, looked at as many bot malware they have, and looked at what they had in common from a perspective of persistence. Two of the most common techniques used were T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder and T1053.005 - Scheduled Task/Job: Scheduled Task. So, if you are hunting for bots, you may want to start there! Enjoy the read and Happy Hunting!

DanaBot malware disrupted, threat actors named
intel471.com/blog/danabot-malw

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.
Intel 471DanaBot malware disrupted, threat actors namedThe DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.

Good day everyone!

I don't know how I missed this one but here is your #readoftheday:

The DFIR Report published an article on Monday that details an attack that started with a vulnerable Confluence server and ended with the deployment of the ELPAC-team ransomware. There were multiple tools that were used that are publicly available, including Anydesk.exe, Mimikatz, ProcessHacker, and Impacket Secretsdump. Side note, they mention that this case is featured in one of their labs, so go check it out! Also, go find out all the details that I couldn't post here and read the article! Enjoy and Happy Hunting!

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
thedfirreport.com/2025/05/19/a

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

The DFIR Report · Another Confluence Bites the Dust: Falling to ELPACO-team RansomwareKey Takeaways The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution. Using this access…

Happy Wednesday!

Today's #readoftheday is an article from Sophos researchers provide details on an attack that involved the #3AM ransomware strain. With what started with email-bombing, led to social engineering and Microsoft Quick Assist, and a Windows 7 virtual machine. What I really enjoy about this article is the technical details about the "pre-ransomware" activity which can be seen in the Discovery and Defense Evasion sections. These normally involve some LOLBINs (Living-Off-The-Land Binaries) and use the tools that can help provide the adversary with information about the system. Enjoy and Happy Hunting!

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist
news.sophos.com/en-us/2025/05/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Sophos News · A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick AssistAnother adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Welcome Recon Wave as an organizing partner of the Honeynet Project Workshop 2025 in Prague!

Recon Wave is a powerful attack surface monitoring platform that requires no installation or internal access. From continuous risk tracking to subdomain takeover prevention, they help organizations stay ahead of threats before attackers do.

📅 June 2–4, 2025
📍 NTK, Prague
🔗 prague2025.honeynet.org

Graylog is going to #AWSreInforce! 🎊🕺 We'll have Sam Parikh, Quinn Kroll, Justine Simpson, and Rich Murphy on-site to talk with you at the show. And speaking of Rich Murphy, catch him there, live, on June 17th, 1:30 PM. He'll be talking about taming your alert avalanche. 🚨 🏔️ 🫢

Are you an SOC analyst drowning in alerts? 🤔 Learn about a battle-tested playbook for alert noise reduction. Rich will discuss methods to systematically tune out false positives, consolidate redundant alarms, and apply risk-based filtering so that your high-fidelity alerts rise to the top. 🙌

See you there! 👀

Learn more: registration.awsevents.com/flo

This is about to happen! Join us!

How To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar With SandboxAQ
Thursday, May 15, 2025 | 1:00 PM 2:00 PM EST

Unmanaged cryptographic assets and non-human identities have left security teams blind to critical risks. These gaps have fueled vulnerabilities, breaches, compliance challenges, and operational drag across enterprise environments.

Join us to see how #AQtiveGuard transforms this landscape.

✨ crowdcast.io/c/how-to-detect-a

More than just visibility, AQtive Guard unifies your non-human identities and cryptographic assets into a single inventory to deliver end-to-end visibility, deeper risk analysis, and streamlined compliance in a single pane of glass—with automated discovery, real-time threat detection, and root cause analysis powered by their unique LQM.

Seamlessly integrated into your existing stack, it’s the AI-driven SaaS platform built to secure today’s systems—and tomorrow’s.

By attending, you will get to:
Discover how to gain unified visibility into cryptographic assets and non-human identities —including API keys, certificates and service accounts—in cloud environments

Explore how AQtive Guard empowers security teams with automated discovery, threat detection, and root cause analysis—enabling faster remediation, reduced risk, and stronger compliance without disrupting existing workflows.

Learn how to future-proof your security posture, with a platform designed for AI Security Operations, Post-Quantum Cryptography readiness, and seamless integration into your existing security stack.

PANELISTS
Marc Manzano
General Manager of Cybersecurity, SandboxAQ
MODERATORS
Sean Martin, CISSP Co-Founder, ITSPmagazine
Marco Ciappelli Co-Founder, ITSPmagazine

Can’t attend the live webinar? All registrants get exclusive access with a link to rewatch the recording.

Register To Attend: crowdcast.io/c/how-to-detect-a

#cybersecurity, #cryptography, #AIsecurity, #infosec, #webinar, #securitytools, #threatdetection, #cloudsecurity, #sandboxAQ, #ITSPmagazine #tech #technology #quantum

How To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar with SandboxAQ
crowdcastHow To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar with SandboxAQRegister now for How To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar with SandboxAQ on crowdcast, scheduled to go live on May 15, 2025, 01:00 PM EDT.

As you know — well, now you do 😬 — Marco Ciappelli and Sean Martin, CISSP, are now hosting webinars on ITSPmagazine!

Yes, webinars are everywhere — but these are different:
ITSPmagazine #Webinars are More Than Just a Presentation.
They’re Real Conversations That Matter.

🎙️ Join us live on May 8 (or catch it On Demand) for an incredible conversation with Fred Wilmot.

You already know it’s going to be an awesome one — don’t miss it! ✨

Rethink, Don’t Just Optimize: A New Philosophy For Intelligent Detection And Response — An ITSPmagazine Webinar With Detecteam

Traditional detection and response is overdue for a rethink. This webinar explores the limits of optimization, the danger of misleading metrics, and a new approach focused on adaptability, behavior-driven signals, and speed. See how Detecteam’s REFLEX Platform helps teams turn weak signals into fast, actionable detections—before attackers have time to move.

REGISTER: crowdcast.io/c/rethink-dont-ju

#cybersecurity, #detectionandresponse, #threatdetection, #incidentresponse, #securityoperations, #infosec, #cyberdefense, #securitystrategy, #threatintel, #detecteam #infosecurity

Rethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam
crowdcastRethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with DetecteamRegister now for Rethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam on crowdcast, scheduled to go live on May 8, 2025, 01:00 PM EDT.

🎙️ Is static rule-based detection holding security teams back? In this On Location Briefing from #RSAC2025, we dive into why detection needs to evolve — and what the future could look like when it does.

🚀 New Briefing from #RSAC 2025: Fixing the Detection Disconnect — Rethinking Detection from Static Rules to Living Signals

At RSA Conference 2025, Sean Martin, CISSP caught up with Fred Wilmot (Co-Founder & CEO) and Sebastien Tricaud (Co-Founder & CTO) of Detecteam to talk about why detection can’t stay stuck in the past — and how “living signals” can offer a more dynamic, context-aware approach to threat identification.

🔐 How can teams move beyond brittle, static rules to real-time, adaptable detection strategies?

Find out how Detecteam is helping organizations move away from outdated IOCs toward purpose-built, testable detections that actually evolve as threats do.

🎙️ Watch, listen, or read the full conversation here:
👉 itspmagazine.com/their-stories

📌 Learn more about Detecteam’s work:
👉 itspmagazine.com/directory/det

🛰️ See all our RSAC 2025 coverage:
👉 itspmagazine.com/rsac25

🌟 Discover more On Location Conversations, Brand Stories, and Briefings:
👉 itspmagazine.com/brand-story

🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!

🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!

⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: itspmagazine.com/purchase-prog

ITSPmagazineFixing the Detection Disconnect and Rethinking Detection: From Static Rules to Living Signals | A Brand Story with Fred Wilmot from Detecteam | An On Location RSAC Conference 2025 Brand Story — ITSPmagazine | Broadcasting Ideas. Connecting Minds.™Fred Wilmot and Sebastien Tricaud challenge traditional detection models by introducing a faster, behavior-based approach that continuously generates and validates detections tailored to real-world threats. If you’re tired of optimizing broken processes and want to hear how teams can actually stay a

Some more conversations for you, straight from the floor of RSAC 2025!

🚀 New Briefing from #RSAC2025: From Overwhelmed to Informed — Strategic Threat Detection for the Future

At #RSAC Conference 2025, Sean Martin, CISSP caught up with Hugh Njemanze, Founder and CEO of Anomali, for a quick but powerful conversation about how the future of threat detection is about more than speed — it’s about strategy.

🔐 Why are #securityteams overwhelmed by traditional approaches, and how can smarter, faster, more strategic #threatintelligence change the game?
Find out how #Anomali is helping organizations move from reactive defense to proactive security strategies.

🎙️ Watch, listen, or read the full conversation here:
👉 itspmagazine.com/their-stories

📌 Learn more about Anomali’s work:
👉 itspmagazine.com/directory/ano

🛰️ See all our RSA Conference 2025 coverage:
👉 itspmagazine.com/rsac25

🌟 Explore more Briefings and Brand Stories from RSAC 2025:
👉 itspmagazine.com/brand-story

🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin, CISSP and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!

🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!
⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: itspmagazine.com/purchase-prog

📲 Hashtags:
#cybersecurity #infosec #infosecurity #technology #tech #society #business #threatdetection #cyberthreatintelligence #strategicsecurity #anomali

ITSPmagazineFrom Overwhelmed to Informed: The Future of Threat Detection Isn’t Just Faster—It’s Strategic | A Brand Story with Hugh Njemanze from Anomali | An On Location RSAC Conference 2025 Brand Story — ITSPmagazine | Broadcasting Ideas. Connecting Minds.™Hugh Njemanze, Founder and CEO of Anomali, reveals how a purpose-built, cloud-native SIEM infused with agentic AI is transforming how security teams detect threats, reduce incidents, and prioritize risk. From faster investigations to board-ready insights, this conversation challenges outdated assump