Notices by Fritz Adalis (fritzadalis@infosec.exchange)

Neighbor is out here pruning my tree.

#catsOfMastodon #NeighborCats #catsintrees

@SwiftOnSecurity
The IBM slide deck about computers making decisions.

@dansup @PixelFed @tinker
Why wait to make it open source?

@ryanc @jerry @shadownetworks @cR0w
Is this RFC 768 in the room with us right now?

@ryanc @jerry @shadownetworks @cR0w
UDP packets aren't even real.

KITTAY! That house is not for you!

#NeighborCats #caturday

@sj
Doesn't VLC use ffmpeg?

@ekis
They weren't stealing, they were playing short-necked plucked guitars.

Wondering if anyone else has seen this behavior.

We received an alert from MS Defender for Cloud that a suspicious IP had downloaded from a storage blob using a SAS token. It turned out that someone was misusing the SAS token feature and had sent the URL via email.

Since then, we've determined that every URL sent via email (O365) is being downloaded immediately by... someone. We brought in someone for IR but they haven't seen anything similar and we can't find a cause. We even set up two secops mailboxes (which are supposed to bypass all MS security) and sending an email between them still triggers the downloads.

The source IPs so far have all been in the US, and Spur tags most with "Oculus Proxy" and most ASNs are "Constant" or "HostRoyale". User agents match Chrome 125 or 131.

The only thing I've found online is complaints on Reddit about this causing a 100% click rate in KnowBe4. No real resolution there though.

We're thinking it's something automated/enterprise, but I want to be sure. Has anyone seen anything similar? TIA.

#threatintel #incidentresponse

@ekis
Maybe they're building the bunkers for all of us!

@ekis
We yearn to rise to mediocrity.

@azonenberg
Is that the Godot logo?

@mcc @kevin
Updog is a word but downcat is not.

@ekis
This seems like good hacking music.

@jrconlin @ekis
Oh you mean hysteria, not a Martian invasion.

@cR0w @screaminggoat
Is that the right cve? It looks like a different product.

@GossiTheDog
Those teeth are disturbing somehow.

@GossiTheDog
I should have looked at page 2...

Server: Cleo LexiCom/4.5 (Windows NT (unknown))

@GossiTheDog
LOL
Server: Cleo LexiCom/4.2 (Windows 2000)

@silverwizard @GossiTheDog
Agreed, but sysadmins typically don't have a budget.