This is a timely reminder to ensure any third-parties with access to your systems follow the same cyber policies you'd expect your internal staff to follow.
#ScatteredSpider are particularly good at #SocialEngineering their way via a third-party to other victims.
For clarity, #ScatteredSpider are considered the initial access group, #DragonForce #ransomware is the malware deployed once #ScatteredSpider are inside your network.
Support for #STIX and #TAXII in #IntelMQ
For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...
After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.
The commits are currently waiting in pull request in IntelMQ GitHub:
https://github.com/certtools/intelmq/pull/2611
CIRCL - Coordinated Vulnerability Disclosure (CVD) Policy
An updated coordinated vulnerability disclosure policy has been published including a new service to report online vulnerabilities.
#cvd #vulnerabilitymanagement #vulnerability #csirt #cert #nis2 #cybersecurity
Start der European-Vulnerability-Database (EUVD)
#CSIRT #CVE #CVENumberingAuthority #Cybersecurity #Cybersicherheit #ENISA #EuropeanVulnerabilityDatabase #EUVD #NIS2 #Schwachstelle #SchwachstellenDatenbank #Schwachstellenmanagement #ThreatIntelligence #Vulnerability
https://netzpalaver.de/2025/05/18/start-der-european-vulnerability-database-euvd/
Thanks to our #TurrisSentinel #security #research program, #CZNIC #CSIRT team discovered large scale #FTP #attack. Coming from 45.78.4.0/22, it is #bruteforcing #slowly - it takes it 19 day to get through it's #passwords. Big thanks to everybody who helps us by running our #minipots on their devices! Report in #Czech is available on CSIRT website https://csirt.cz/cs/kyberbezpecnost/aktualne-z-bezpecnosti/distribuovany-ftp-bruteforcer/
Over 22 real contributions and project outcomes came out of our two-day hackathon in Luxembourg, truly impressive work! The collaboration and energy were next-level.
Glad to share that we'll also be hosting a smaller hackathon at @firstdotorg’s annual conference in Copenhagen on Sunday 22nd June . See you there! 
#Hackathon #FIRSTcon25
#hackathon #opensource #csirt #cybersecurity
hackathon.lu 2025 - Outcome and results details https://hackathon.lu/2025/04/11/hackathon.lu-2025-outcome/
hackathon at FIRSTCON25 https://discourse.ossbase.org/c/hackathon-firstcon25/
A dedicated fediverse account has been created to follow the hackathon topics
@ddu and @gallypette will also coordinate the hackathon with me.
We are excited to announce that CIRCL has three open positions available.
As a team strongly oriented towards open-source development, we value contributions that drive innovation and strengthen the cybersecurity community. These roles are open to EU citizens, with the workplace based in Luxembourg. If you’re passionate about cybersecurity and open-source collaboration, we encourage you to apply and make a meaningful impact.
https://www.circl.lu/projects/position/software-engineering-analyst/
https://www.circl.lu/projects/position/security-analyst-researcher/
https://www.circl.lu/projects/position/nis2-incident-analyst/
FIRST hosted another successful TF-CSIRT Meeting & FIRST Regional Symposium Europe in beautiful Monte Carlo, Monaco this month, co-organized by TF-CSIRT and hosted by CERT Monaco.
The event brought together incident response experts for intensive training, informative sessions and valuable networking opportunities, fostering collaboration within the global cybersecurity community.
Special thanks to FIRST CEO Chris Gibson and our Board of Directors who attended: Dr. Serge Droz, Carlos Leonardo, Michael Hausding, Olivier Caleff, Carlos Alvarez, Mona Elisabeth Østvang, Nadia Yousef, Tracy Bills, Yukako Uchida and Audrey Mnisi Mireku.
Learn more about the event here: https://go.first.org/J5Lnf
One thing's clear: if you send an abuse notification to NiceNIC, it ends up being really 'nice' for the criminals.
This reminded me of an idea for proxy filtering: filtering based on the domain registrar. Another practical use case for the WHOIS history database.
Is there an open and public list of the worst registrars?
Die Landesregierung muss EU-Vorgaben zur IT-Sicherheit umsetzen. Damit lässt sich sich viel Zeit. Wie gefährlich ist das?
Die Landesregierung muss EU-Vorgaben zur IT -Sicherheit umsetzen. Damit lässt sich sich viel Zeit. Wie gefährlich ist das?#WDR #Landespolitik #Digitalisierung #IT-Sicherheit #CDU #Grüne #SPD #FDP #NIS2 #Ministerin #Scharrenbach #Opposition #Datenschutzbeauftragte #LDI #Datenschutz #CERT #CSIRT #EU-Kommission #EU-Richtline #Cyberangriff #Hacker #Informationssicherheit
Landesregierung sieht ihre IT-Sicherheit eher gemütlich
Forensic analysis of bitwarden self-hosted server
https://www.synacktiv.com/en/publications/forensic-analysis-of-bitwarden-self-hosted-server
TR-89 - Guidelines for Notifying CSIRT/CERT of Red Teaming and Penetration Testing Exercises - Enhancing Detection and Coordination
https://www.circl.lu/pub/tr-89/
#csirt #redteaming #cert cybersecurity
I have almost zero red team skills to avoid false accusations and fallout, I specialize in #Cyberdefense #CSIRT, and #Forensics.
We're glad announce the release of Flowintel v1.2.0, a powerful and flexible case management tool written in Python! This version brings key enhancements to boost efficiency and streamline workflows, with new features like MISP-objects support, subtasks, and significant UI updates.
From Ruins to Resilience: How Developing and Utilizing Open Source Solutions Enhances CSIRT Capabilities
Good news for everyone involved in meetings where TLP classifications play a crucial role! I've just updated my repository with the latest, second edition of the TLP Classification Meeting Posters. These are handy tools to explicitly display the TLP classification in use during your meetings.
Grab the PDF and ODT versions here - https://git.foo.be/adulau/tlp-meeting
Updates are welcome, like better design, translation or alike.
Die #DigitalEurope Ausschreibung DIGITAL-ECCC-2022-CYBER-B-03-SOC "Capacity building of Security Operation Centres" läuft noch bis zum 06.07.2023. Es sind Projektanträge 
geeignet, die eine bessere Detektion 
und Analyse 
von Cyber-Angriffen ermöglichen. Threat-Intelligence inkl. -Sharing Vorhaben kommen ebenfalls infrage.
Ausschreibungsunterlagen im EU Funding & tender opportunities Portal 
https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-eccc-2022-cyber-b-03-soc
