what's the word for when: the phishers who are stealing from the organized crime phishers that you are researching realize that you know they are fake (organized crime) and take down their entire infrastructure and social media presence in a few hours? i was going with "wow" but it doesn't seem quite the right word. i also tried "bummer". #dns#phishing#cybercrime#infoblox
We saw #malware uploads to Codeberg increase in the past weeks. Although our users are likely not the target audience of these files, we still want to remind you:
Watch out and stay secured. Do not run files from untrusted authors.
On Codeberg, double-check the project's legitimacy (e.g. user age, stars / issues / activity) or the source code itself.
Visit the project's homepage and use official download sources.
Never let emails panic you, consider if it's part of a #phishing campaign.
📢🚨 #Microsoft has warned of an Israel-Hamas-themed phishing scam, accompanied by the use of a custom backdoor called #MediaPI, carried out by the Iranian Mint #Sandstorm APT.
More or less every company has guidance that users shouldn't click links in emails to prevent phishing and other email based attacks. So why do all email clients enable clickable links? There doesn't even seem to be an option to disable such links from incoming emails. 🤔 #infosec#email#phishing#security
Peacock ongoing #phishing messages to my #icloud email account.
———-
Small print = “After signing up, you have to insert your credit card details for validation of your Peacock ID. We will not withdraw any amount.”
———
OMG! Seriously, my ribs are hurting!
How to investigate a suspect #phishing domain in #Maltego? We divided the workflow into 5 steps:
Step 1: Starting with a Phishing Domain
Step 2: Map out Infrastructure & Threats
Step 3: Dive into Relevant Data
Step 4: Explore Threat Network
Step 5: Uncover Internet Relationships
Our guest author, @MarioRojas, detected and mapped out the network of the phishing sites that flourished during #BlackFriday and #CyberMonday using Maltego, @DomainTools, urlscan.io, and WhoisXML.
Gmail has advanced AI-based filtering. Now that LLMs are becoming democratized, I'm ready for a self-hosted AI spam filter.
It seems much more popular to publish research papers on the viability of LLM-based spam filtering than it is to build LLM-based spam filtering software. Here are dozens of papers: https://www.arxiv-sanity-lite.com/?rank=pid&pid=2206.02443 Nothing on GitHub, yet.
With billions of phishing emails sent daily and #AI making social engineering easier, #phishing is the most critical #threat you and your team must be able to recognize.
I'm pleased to see how Framework handled the issue of a consulting partner getting phished and sharing customer data with an attacker. The emails to customers seems prompt, it explains the situation clearly with transparent timelines, and provides clear and reasonable steps for their partners and their customers.
I can't believe that this is still a thing, but if your risk model is noticeably impacted by the adversarial capability of writing an email in the English language then I'm pretty sure your threat model is already broken.
Hi. This is Renée, the head of Infoblox Threat Intel (@knitcode). Myself and a few of my researchers are sharing this Mastodon account. Our plan is to toot about suspicious and malicious activity in DNS. Our team tends to write very in-depth papers and want to use Mastodon to complement that with nuggets we've seen, updates on the DNS threat actors or TTPs we are seeing, and articles we are reading. Here goes! #dns#threatintel#malware#phishing#cybersecurity#infosec#infoblox#introduction
Woot woot! My team is officially on Mastodon. We'll be posting on suspicious, malicious, and just plain curious things in DNS. Follow us @InfobloxThreatIntel !