@sj
Doesn't VLC use ffmpeg?
Notices by Fritz Adalis (fritzadalis@infosec.exchange)
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 11-Jan-2025 08:52:29 JST 
Fritz Adalis
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 09-Jan-2025 11:33:44 JST
Fritz Adalis
@ekis
They weren't stealing, they were playing short-necked plucked guitars. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 02-Jan-2025 23:00:14 JST
Fritz Adalis
Wondering if anyone else has seen this behavior.
We received an alert from MS Defender for Cloud that a suspicious IP had downloaded from a storage blob using a SAS token. It turned out that someone was misusing the SAS token feature and had sent the URL via email.
Since then, we've determined that every URL sent via email (O365) is being downloaded immediately by... someone. We brought in someone for IR but they haven't seen anything similar and we can't find a cause. We even set up two secops mailboxes (which are supposed to bypass all MS security) and sending an email between them still triggers the downloads.
The source IPs so far have all been in the US, and Spur tags most with "Oculus Proxy" and most ASNs are "Constant" or "HostRoyale". User agents match Chrome 125 or 131.
The only thing I've found online is complaints on Reddit about this causing a 100% click rate in KnowBe4. No real resolution there though.
We're thinking it's something automated/enterprise, but I want to be sure. Has anyone seen anything similar? TIA.
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 31-Dec-2024 23:59:32 JST
Fritz Adalis
@ekis
Maybe they're building the bunkers for all of us! -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Monday, 30-Dec-2024 09:18:27 JST
Fritz Adalis
@ekis
We yearn to rise to mediocrity. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Wednesday, 25-Dec-2024 05:34:07 JST
Fritz Adalis
@azonenberg
Is that the Godot logo? -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Sunday, 22-Dec-2024 07:59:50 JST
Fritz Adalis
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 21-Dec-2024 12:51:37 JST
Fritz Adalis
@ekis
This seems like good hacking music. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Wednesday, 18-Dec-2024 21:54:54 JST
Fritz Adalis
@jrconlin @ekis
Oh you mean hysteria, not a Martian invasion. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 12-Dec-2024 22:36:10 JST
Fritz Adalis
@cR0w @screaminggoat
Is that the right cve? It looks like a different product. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 10-Dec-2024 21:20:00 JST
Fritz Adalis
@GossiTheDog
Those teeth are disturbing somehow. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 10-Dec-2024 21:18:19 JST
Fritz Adalis
@GossiTheDog
I should have looked at page 2...Server: Cleo LexiCom/4.5 (Windows NT (unknown))
-
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 10-Dec-2024 21:06:50 JST
Fritz Adalis
@GossiTheDog
LOL
Server: Cleo LexiCom/4.2 (Windows 2000) -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 07-Dec-2024 11:40:25 JST
Fritz Adalis
@silverwizard @GossiTheDog
Agreed, but sysadmins typically don't have a budget. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Saturday, 07-Dec-2024 09:17:50 JST
Fritz Adalis
@GossiTheDog
They don't care about the operations team because they don't pick what to buy and are hard to buy off with a couple of steaks. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 03-Dec-2024 04:51:18 JST
Fritz Adalis
@jerry
I was a senior director at the NSA for 10 years, so sure. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Friday, 29-Nov-2024 05:45:40 JST
Fritz Adalis
@GossiTheDog
Everybody has DLP but refuses to classify their data. -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Wednesday, 27-Nov-2024 05:08:10 JST
Fritz Adalis
@GossiTheDog @cR0w
Is this a supply chain attack? -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Tuesday, 26-Nov-2024 07:28:27 JST
Fritz Adalis
@GossiTheDog
Like a TENS device? -
Embed this notice
Fritz Adalis (fritzadalis@infosec.exchange)'s status on Thursday, 21-Nov-2024 09:59:10 JST
Fritz Adalis
@joshbressers
Ooh, single serving pack, too.
All GNU social JP content and data are available under the