@cR0w if companies are going to play those games, I'll shout outlook rules from the rooftops.

FWIW ProofPoint's keyword is threatsim

Today I found my EDR's firewall will effectively block xn--*.* (but weirdly formatted). I've pleaded with my firewall, proxy and sase vendors for the last 10 years to do this.

"Regex is too much compute" they said, all-the-while while they deploy LLM / AI / agentic . Gas lit much?

@GossiTheDog doesn't every IC at MSFT currently have a Security Core Priority high-level goal as part of their Secure Future Initiative?

Solid write up on Scattered Spider by Silent Push, but trademarking a stupid new cybersecurity terms is gross and not helpful to the industry at large.

https://www.silentpush.com/blog/scattered-spider-2025/

#ScatteredSpider #cybersecurity #infosec

I fixed CISA's latest report by replacing fast flux with CloudFlare.

@cR0w EventCode=4625 is basically passwords.txt for SIEMs.

Adding Meta EDLs to my home network. Fuck meta and literally everything they do.

Here's some GitHub repos to get started. I hope organizations who announce themselves as safe spaces and have the technical capability to do so, disable Meta services (meta advertising is a bonus!) on their networks.

https://github.com/jmdugan/blocklists/blob/master/corporations/facebook/all

https://github.com/Bundy01/meta-blocklists

#zuckerberg #racism #meta #infosec

@patrickcmiller I have some non-IT friends affected by this freaked out by threat. For Seattle residents, the best advice I could give was ensure you register with Smart911. Other locales might have a similar registry.

https://www.seattle.gov/care/911-center/smart-911-safety-profile