Mike Kavka @siliconshecky@infosec.exchange

New to Alert response? Here is a nice little writeup on an approach to it:

https://redcanary.com/blog/alert-response/

I wrote up a new blog post on how I did the Lockbit KQL query:

https://www.siliconshecky.com/defender-kql-and-lockbit/

I came up with a pretty simple KQL query to help with Lockbit Detection. This is based off the latest info from a Sentinel One Blog post. Feel free to share and if you have suggestions to make it better, feel free to let me know.

https://github.com/siliconshecky/KQL-Queries/blob/main/MDEH-Potential%20Lockbit%20detection

The question on this, and it is a pretty nasty bug, is how common is LAM on the web?
https://portswigger.net/daily-swig/ldap-account-manager-bug-poses-unauthenticated-remote-code-execution-risk

We all know change is scary, but if your authentication method is weak, shouldn't you shore it up?
I guess these firms feel it costs less to pay for a breach than to fix the systems, or is it something else in the integration between back end systems?

https://www.infosecurity-magazine.com/news/financial-firms-authentication/

Nice list. Good read

https://www.tenable.com/blog/cybersecurity-snapshot-6-things-that-matter-right-now-july-15

Anyone surprised? The game of cat and mouse continues...

https://www.theregister.com/2022/07/06/brc4_state_sponsored_apt29/

Ok, it seems that threatpost article is going off vendor research, I'm linking the original vendor blog which shows nothing new on the mitigation front and a sales pitch at the end of it basically.
https://www.forescout.com/blog/ot-icefall-56-vulnerabilities-caused-by-insecure-by-design-practices-in-ot/

Here we go with insecure by design talk this time on OT vendors. Yes they should be paying more attention to it now. That said, how does that affect everything.
Not being in OT, I don't have the answers, but others could speak on this better.
https://threatpost.com/discovery-of-56-ot-device-flaws-blamed-on-lackluster-security-culture/180035/

If I can find the time, I might have to see how I can compare Firefox's anti-tracking to Brave's.
https://www.bleepingcomputer.com/news/security/firefox-now-blocks-cross-site-tracking-by-default-for-all-users/

So Internet Explorer is "Officially Dead" which of course means that it will linger for the next 100 years.
I mean, look at Flash, Python 2 and other legacy tech that is still around.
The real issue is laziness. Things that rely on the "dead" tech never get updated but still wind up being needed until some new version is hopefully written.
Then after writing said new version is needs to be tested and eventually rolled out. Some industries this can take 10+ years to accomplish.

Came across a post for a talk with someone from Forrester, you know a research company, talking about how security consolidation is not a dirty word.
I disagree. Every consolidation closes the door to innovation in our field and makes us more about money than security.

I just got a recruiter e-mailing me for my wife for a temp admin position. Not IT just office admin. Sent to my e-mail address, not hers. Saying Hello <wife's name here>.

And people wonder why we rip on recruiters.

The only thing that surprises me about this one is that it took this long to happen.
One always needs to make sure of what they are getting, and what their attack vector can be.

https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/