I wonder if musk is converting Treasury cash into whatever scam coin he has.
=> More informations about this toot | View the thread
Skippack, PA
Nice enough town
Terrible idea for tcp optimization
=> More informations about this toot | View the thread
Interesting ransomware attempt at work today.
Three users got hit with the "help desk calling from Teams" ruse. Users didn't have admin but they loaded a vulnerable driver to elevate. (With a revoked cert! Ugh.)
Anyway, a couple of months ago we were hit by someone doing a "sign everyone up for every mailing list" attack. Mostly just annoying.
The users said that the caller mentioned the spam attack, I guess as a way to build confidence. Seemed like an interesting and cheap way to improve the attack success rate.
[#]threatintel
=> More informations about this toot | View the thread
Humor is like a frog.
You can dissect it, but it somehow dies in the process.
=> More informations about this toot | View the thread
Sleepy purrs for #caturday
=> More informations about this toot | View the thread
I can't believe that @lix_project bought naming rights to a sports event!
Go #SuperBowl #LIX !
=> More informations about this toot | View the thread
Some #NeighborCats for your timeline.
[#]cats #orangecat
=> More informations about this toot | View the thread
KITTAY! That house is not for you!
[#]NeighborCats #caturday
=> More informations about this toot | View the thread
KNEEL BEFORE JOD
Wait, that's not quite it.
=> More informations about this toot | View the thread
My cat, everyone.
[#]sleepycat #CatsOfMastodon
=> More informations about this toot | View the thread
The snow comes in on little cat feet.
[#]NeighborCatsOfMastodon #cats
=> More informations about this toot | View the thread
Neighbor Kitty wants to come in the house.
[#]NeighborCats #catsOfMastodon
=> More informations about this toot | View the thread
Mojo Jojo has a bisquey nose.
[#]catsOfMastodon #blackcats
=> More informations about this toot | View the thread
MAXIMUM TELEWORK
=> More informations about this toot | View the thread
Wondering if anyone else has seen this behavior.
We received an alert from MS Defender for Cloud that a suspicious IP had downloaded from a storage blob using a SAS token. It turned out that someone was misusing the SAS token feature and had sent the URL via email.
Since then, we've determined that every URL sent via email (O365) is being downloaded immediately by... someone. We brought in someone for IR but they haven't seen anything similar and we can't find a cause. We even set up two secops mailboxes (which are supposed to bypass all MS security) and sending an email between them still triggers the downloads.
The source IPs so far have all been in the US, and Spur tags most with "Oculus Proxy" and most ASNs are "Constant" or "HostRoyale". User agents match Chrome 125 or 131.
The only thing I've found online is complaints on Reddit about this causing a 100% click rate in KnowBe4. No real resolution there though.
We're thinking it's something automated/enterprise, but I want to be sure. Has anyone seen anything similar? TIA.
Edit: forgot one important detail. This only happens on outbound messages. So corp to gmail triggers the download, gmail to corp does not.
[#]threatintel #incidentresponse
=> More informations about this toot | View the thread
Perhaps my cat is an Olympic diver.
[#]CatsOfMastodon
=> View attached media | View attached media
=> More informations about this toot | View the thread
[#]AccidentalRenaissance #CatsOfMastodon #GoldenSpiral
=> More informations about this toot | View the thread
Got your Nosferatu!
=> More informations about this toot | View the thread
Finally, sufficient power outlet density.
=> More informations about this toot | View the thread
Volume up please
[#]catsOfMastodon #purr
=> More informations about this toot | View the thread
=> This profile with reblog | Go to FritzAdalis@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini