Mike Sec's Avatar

Mike Sec

@sudoinit0.bsky.social

Nat Sec | Info Sec | CTI Nerd

59 Followers  |  196 Following  |  102 Posts  |  Joined: 02.09.2023  |  1.6675

Latest posts by sudoinit0.bsky.social on Bluesky

Original post on cyberplace.social

ArticWolf say they have observed Akira ransomware incidents gaining access via fully patched SonicWall SSL VPN boxes with accounts with MFA enabled, speculate they have another zero day […]

02.08.2025 09:16 β€” πŸ‘ 31    πŸ” 23    πŸ’¬ 2    πŸ“Œ 1
Preview
Microsoft Used China-Based Engineers to Support Product Recently Hacked by China Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular SharePoint software but didn’t mention that it has long used China-based engineers to maintain the...

While I give the ProPublica team accolades for their digital escorts article, this one lacks direct evidence/connections. Lack of substantive proof leads to analytical leaps, as seen here. Friendly reminder, correlation doesn’t equal causation.
www.propublica.org/article/micr...

01.08.2025 23:32 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Introducing Unit 42’s Attribution Framework Peel back the layers on Unit 42's Attribution Framework. We offer a rare inside view into the system used to ultimately assign attribution to threat groups.

unit42.paloaltonetworks.com/unit-42-attr...

01.08.2025 01:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

www.linkedin.com/pulse/harder...

31.07.2025 18:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Feds still trying to crack Volt Typhoon hackers’ intentions, goals Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon might have intended by setting up shop there, a CISA official said Thursday.

Given the number of government officials who have repeatedly stated the intentions of Volt for the last 2 years, either they were all wrong, or this one is not yet up to speed and may need to be briefed…
cyberscoop.com/feds-still-t...

31.07.2025 17:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
US government will ingest all federal data into AI models, WH tech director says That's one of the national-security reasons the U.S. needs to lead the world in AI, said OSTP's Michael Kratsios.

Lost in this strategy are the security implications this will have. Where threat actors may have had to gain access to multiple agencies and databases to develop insights on intelligence targets, now they will only need to gain access to the models.
www.defenseone.com/policy/2025/...

31.07.2025 00:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Similar to something I commented recently on regarding the use of cyber in Russia/Ukraine - that conflict, and underscored by Israel/Iran - showed how cyber is only a means to an end, or a β€œcombined arm” in military parlance, but not the end itself, and should not be viewed that way.

30.07.2025 18:59 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Sad to see the next generation of military leaders losing the opportunity to learn from the last generation of leaders because of the present generation of leaders.

30.07.2025 18:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
Preview
Minnesota National Guard activated, state of emergency declared after cyber attack against St. Paul City officials are planning a news conference at some point on Tuesday.

Glad to see MN taking advantage of NG CPTs. I don’t think governors leverage their Title 32 authorities in this space as often as they could or should. (I think if we saw them employ DSCA it would definitely cause some concern from a β€œwhat aren’t they telling us” aspect.) kstp.com/kstp-news/to...

29.07.2025 17:18 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image 29.07.2025 14:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Russia/Ukraine underscored the fact that cyber enables the means to an end but is not the end itself.

28.07.2025 17:34 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

In short, it may not be about cybersecurity principles, but their real time application that is needed to defend against agentic AI. (Though, likely both.)

28.07.2025 17:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Research shows LLMs can conduct sophisticated attacks without humans The project, launched by Carnegie Mellon in collaboration with Anthropic, simulated the 2017 Equifax data breach.

β€œCurrently, a lot of cybersecurity defenses rely on human operators and I am not sure how well that will scale up to machine-timescale defenses,” www.cybersecuritydive.com/news/researc...

28.07.2025 17:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Revisiting UNC3886 Tactics to Defend Against Present Risk We examine the past tactics used by UNC3886 to gain insights for insights on how to best strengthen defenses against the continued and emerging threats of this APT group.

UNC3886 continues to gather more attention since CSA’s public comments... www.trendmicro.com/en_us/resear...

28.07.2025 15:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image 27.07.2025 18:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Beyond the Patch: SharePoint Exploits and the Hidden Threat of IIS Module Persistence | Splunk The cybersecurity landscape witnessed a perfect storm in July 2025 when multiple critical SharePoint vulnerabilities collided with sophisticated IIS module-based persistence techniques, creating a nig...

Probably one of the more comprehensive detection blogs I’ve seen for the SharePoint activity. Also states what some forget: IIS modules can persist even after SharePoint patches are applied, so orgs need to go back and see if they were hit and didn’t know if.
www.splunk.com/en_us/blog/s...

26.07.2025 17:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Why it's time for the US to go on offense in cyberspace In this op-ed, cybersecurity expert Dave Kennedy argues that the U.S. must pivot to offensive cyber operations in 2025.

The assumption that the US isn’t doing anything offensive in cyberspace and should be doing more is both inaccurate and not helpful to the β€œdeterrence” cause. Doing more and not saying anything about it due to sensitivities doesn’t achieve the intended outcome either. cyberscoop.com/us-offensive...

21.07.2025 14:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

2) Microsoft stated in their original blog that the attackers realized they could use a similar vulnerability as the ones previously known - CISA wasn’t the originator.
3) No idea why the ProPublica article is mentioned here. That paragraph could be removed and the article would hold the same value.

21.07.2025 01:15 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Officially a zero day - new CVE, no patch. msrc.microsoft.com/blog/2025/07...

20.07.2025 01:29 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
SharePoint Under Siege: ToolShell Mass Exploitation Eye Security uncovers active exploitation of ToolShell on vulnerable SharePoints (CVE-2025-49706 & CVE-2025-49704), affecting on-prem deployments globally. Get technical IOCs, threat analysis, cryptog...

For those of you with SharePoint exposed to the internet, you may want to go look at those logs: research.eye.security/sharepoint-u...

19.07.2025 20:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1

PRC targeting of law firms has been going on for over a decade. From IP theft to policy disputes and human rights cases - there are a myriad of reasons for them to be targeted.

12.07.2025 14:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image 04.07.2025 18:21 β€” πŸ‘ 419    πŸ” 101    πŸ’¬ 2    πŸ“Œ 0

For those unfamiliar, Ellen Nakashima is also one of the best natsec/intelligence/cyber reporters in the world, and has been for decades, in no small part because of course she cultivates high level sources instead of relying on official agency press offices.

03.07.2025 19:35 β€” πŸ‘ 402    πŸ” 94    πŸ’¬ 4    πŸ“Œ 3
Preview
CitrixBleed 2: Electric Boogalooβ€Šβ€”β€ŠCVE-2025–5777 Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? It’s back.

nobody reverse this patch πŸ€ͺ

doublepulsar.com/citrixbleed-...

24.06.2025 20:52 β€” πŸ‘ 16    πŸ” 9    πŸ’¬ 0    πŸ“Œ 1
Preview
The Pentagon knows its cyber force model is broken. Here’s how to fix it The U.S. military has tried almost everything to fix its cyber readiness issues except the one solution that would work: standing up a dedicated cyber service.

Probably one of the more cogent pieces on why a US Cyber Force is needed, what it should focus on, and how it should be designed. Personally don’t know where I stand on the issue, but the authors do make a strong case…

defensescoop.com/2025/06/20/p...

21.06.2025 16:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The names of the malware are about as British as you get…

20.06.2025 01:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Microsoft Copilot flaw raises urgent questions for any business deploying AI agents Microsoft fixed the Copilot flaw, but researchers warn the real danger lies in how all AI agents are built.

Interesting read about a scope violation vulnerability discovered in Copilot. Sounds like an authorization bypass by a different name. Either way, interesting TTP for actors to abuse - assume more like it to follow. fortune.com/2025/06/11/m...

14.06.2025 14:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

The SEC has withdrawn its proposed Biden-era cybersecurity regulations for investment advisers and securities market participants: www.sec.gov/rules-regula... www.sec.gov/rules-regula...

13.06.2025 21:00 β€” πŸ‘ 6    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order The White House accused the Biden administration of trying to β€œsneak problematic and distracting issues into cybersecurity policy.”

So much for cybersecurity being non-partisan… www.cybersecuritydive.com/news/trump-c...

07.06.2025 12:33 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@sudoinit0 is following 20 prominent accounts