Daniel Fírvida
@danielfirvida.bsky.social
IT Security Analyst, GCIH, GCFA, GCTI & CISSP
"These APT actors are having considerable success using publicly known CVEs to gain access to networks, so organizations are strongly encouraged to prioritize patching in a way that is proportionate to this threat, such as by sequencing patches to address the highest risks first." 🥳🥳
media.defense.gov
August 28, 2025 at 7:51 AM
"These APT actors are having considerable success using publicly known CVEs to gain access to networks, so organizations are strongly encouraged to prioritize patching in a way that is proportionate to this threat, such as by sequencing patches to address the highest risks first." 🥳🥳
Reposted by Daniel Fírvida
Barcelona-based spyware maker Variston seems to be shutting down. The company is comprised mainly of Israelis and their best-known customer is UAE. Do I expect all these folks to be working together under another name soon? Yes.
techcrunch.com/2024/02/15/v...
techcrunch.com/2024/02/15/v...
Spyware startup Variston is losing staff — some say it's closing | TechCrunch
The Barcelona-based startup's malware has been used to target iPhones, Android devices and PCs running Windows Defender.
techcrunch.com
February 13, 2025 at 7:09 PM
Barcelona-based spyware maker Variston seems to be shutting down. The company is comprised mainly of Israelis and their best-known customer is UAE. Do I expect all these folks to be working together under another name soon? Yes.
techcrunch.com/2024/02/15/v...
techcrunch.com/2024/02/15/v...
Reposted by Daniel Fírvida
ℹ️ INFORMACIÓN DE INTERÉS PÚBLICO
Cómo sacarse el certificado digital de la FNMT en 5 minutos desde el sofá:
Resulta que la FNMT ha sacado una app móvil para poder hacerlo rápido y fácil... Y FUNCIONA. Es que sigo sin creérmelo. 🥹
🔗 El link con la info, aquí:
www.sede.fnmt.gob.es/certificados...
Cómo sacarse el certificado digital de la FNMT en 5 minutos desde el sofá:
Resulta que la FNMT ha sacado una app móvil para poder hacerlo rápido y fácil... Y FUNCIONA. Es que sigo sin creérmelo. 🥹
🔗 El link con la info, aquí:
www.sede.fnmt.gob.es/certificados...
(NUEVO) App Móvil - Sede
El proceso de obtención del Certificado software con Dispositivo Móvil (como archivo descargable) de Ciudadano, se divide en cuatro pasos que deben realizarse en el orden señalado:
www.sede.fnmt.gob.es
December 26, 2024 at 12:31 PM
ℹ️ INFORMACIÓN DE INTERÉS PÚBLICO
Cómo sacarse el certificado digital de la FNMT en 5 minutos desde el sofá:
Resulta que la FNMT ha sacado una app móvil para poder hacerlo rápido y fácil... Y FUNCIONA. Es que sigo sin creérmelo. 🥹
🔗 El link con la info, aquí:
www.sede.fnmt.gob.es/certificados...
Cómo sacarse el certificado digital de la FNMT en 5 minutos desde el sofá:
Resulta que la FNMT ha sacado una app móvil para poder hacerlo rápido y fácil... Y FUNCIONA. Es que sigo sin creérmelo. 🥹
🔗 El link con la info, aquí:
www.sede.fnmt.gob.es/certificados...
China mala.. new age. Como nadie más tiene vulnerabilidades... 🤔
US Government moving on China associated TP Link as another concern in our cyber supply chain. Growing to dominate the residential WiFi and router market, they are seen as vulnerable and a tool used in hacks. Similar to advisories on Huawei and Kaspersky, move away!
www.bloomberg.com/news/article...
www.bloomberg.com/news/article...
US Probes China-Founded Router Maker on National Security Fears
The US government has launched a national-security investigation into TP-Link, the China-founded router maker whose equipment now dominates the American market and has been targeted in repeated Chines...
www.bloomberg.com
December 18, 2024 at 10:01 PM
China mala.. new age. Como nadie más tiene vulnerabilidades... 🤔
Reposted by Daniel Fírvida
Agencies will also have to run CISA's SCuBA tool to audit their Microsoft 365 tenants for common misconfigurations. Agencies will have to integrate the tool's result feeds with CISA's monitoring solutions by April 25.
github.com/cisagov/Scub...
github.com/cisagov/Scub...
GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Automation to assess the state of your M365 tenant against CISA's baselines - cisagov/ScubaGear
github.com
December 18, 2024 at 9:40 PM
Agencies will also have to run CISA's SCuBA tool to audit their Microsoft 365 tenants for common misconfigurations. Agencies will have to integrate the tool's result feeds with CISA's monitoring solutions by April 25.
github.com/cisagov/Scub...
github.com/cisagov/Scub...
Reposted by Daniel Fírvida
CISA has ordered federal government agencies to review and secure their Microsoft cloud environments.
Federal agencies will be required to inventory and report all their cloud infrastructure to CISA by February 21, next year: www.cisa.gov/news-events/...
Federal agencies will be required to inventory and report all their cloud infrastructure to CISA by February 21, next year: www.cisa.gov/news-events/...
December 18, 2024 at 9:39 PM
CISA has ordered federal government agencies to review and secure their Microsoft cloud environments.
Federal agencies will be required to inventory and report all their cloud infrastructure to CISA by February 21, next year: www.cisa.gov/news-events/...
Federal agencies will be required to inventory and report all their cloud infrastructure to CISA by February 21, next year: www.cisa.gov/news-events/...
Reposted by Daniel Fírvida
Russian security firm Kaspersky says it spotted new activity from Careto, one of the oldest known APT groups.
Also known as The Mask, the group was first seen in 2007 and is believed to operate from a Spanish-speaking country.
securelist.com/careto-is-ba...
www.youtube.com/watch?v=d3DS...
Also known as The Mask, the group was first seen in 2007 and is believed to operate from a Spanish-speaking country.
securelist.com/careto-is-ba...
www.youtube.com/watch?v=d3DS...
The Mask has been unmasked again - Georgy Kucherin & Marc Rivero López
YouTube video by Virus Bulletin
www.youtube.com
December 12, 2024 at 11:25 AM
Russian security firm Kaspersky says it spotted new activity from Careto, one of the oldest known APT groups.
Also known as The Mask, the group was first seen in 2007 and is believed to operate from a Spanish-speaking country.
securelist.com/careto-is-ba...
www.youtube.com/watch?v=d3DS...
Also known as The Mask, the group was first seen in 2007 and is believed to operate from a Spanish-speaking country.
securelist.com/careto-is-ba...
www.youtube.com/watch?v=d3DS...
Reposted by Daniel Fírvida
Exploiting Device Authentication Vulns in Cloud-Managed IoT Devices
Exploiting Device Authentication Vulns in Cloud-Managed IoT Devices
claroty.com
December 12, 2024 at 3:09 PM
Exploiting Device Authentication Vulns in Cloud-Managed IoT Devices
Reposted by Daniel Fírvida
In his latest blog, @chudypb.bsky.social covers a pre-auth Arbitrary File Deletion bug he discovered in the SolarWinds Access Rights Manager (ARM). It may not sound exciting, but it can lead to an LPE on domain-joined Windows machines. Read the details at www.zerodayinitiative.com/blog/2024/12...
Zero Day Initiative — SolarWinds Access Rights Manager: One Vulnerability to LPE Them All
Some time ago, I spent some time researching a core SolarWinds product, SolarWinds Platform (previously Orion Platform). At that time, I hadn’t been aware of the SolarWinds Access Right Manager produc...
www.zerodayinitiative.com
December 12, 2024 at 4:56 PM
In his latest blog, @chudypb.bsky.social covers a pre-auth Arbitrary File Deletion bug he discovered in the SolarWinds Access Rights Manager (ARM). It may not sound exciting, but it can lead to an LPE on domain-joined Windows machines. Read the details at www.zerodayinitiative.com/blog/2024/12...
Reposted by Daniel Fírvida
Ransomware Detection Using ML Models
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
GitHub - muditmathur2020/RansomwareDetection: Ransomware Detection using Machine Learning Models and Ensemble Technique
Ransomware Detection using Machine Learning Models and Ensemble Technique - muditmathur2020/RansomwareDetection
github.com
December 11, 2024 at 6:06 PM
Ransomware Detection Using ML Models
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
Reposted by Daniel Fírvida
Romania's cybersecurity agency says the Lynx ransomware is behind the attack on the country's largest electricity provider
dnsc.ro/citeste/aler...
Per PAN, Lynx is allegedly a rebrand of the old INC gang: unit42.paloaltonetworks.com/inc-ransomwa...
dnsc.ro/citeste/aler...
Per PAN, Lynx is allegedly a rebrand of the old INC gang: unit42.paloaltonetworks.com/inc-ransomwa...
December 11, 2024 at 6:58 PM
Romania's cybersecurity agency says the Lynx ransomware is behind the attack on the country's largest electricity provider
dnsc.ro/citeste/aler...
Per PAN, Lynx is allegedly a rebrand of the old INC gang: unit42.paloaltonetworks.com/inc-ransomwa...
dnsc.ro/citeste/aler...
Per PAN, Lynx is allegedly a rebrand of the old INC gang: unit42.paloaltonetworks.com/inc-ransomwa...
Reposted by Daniel Fírvida
For those of you involved in the energy sector (and indeed all others) here are the IOCs and YARA rules relating to the Lynx ransomware incident at the Romanian utility Electrica
dnsc.ro/citeste/aler...
dnsc.ro/citeste/aler...
DNSC
ALERTĂ: LYNX Ransomware - Indicators of Compromise (IOCs)
dnsc.ro
December 11, 2024 at 7:34 PM
For those of you involved in the energy sector (and indeed all others) here are the IOCs and YARA rules relating to the Lynx ransomware incident at the Romanian utility Electrica
dnsc.ro/citeste/aler...
dnsc.ro/citeste/aler...
Hola mundo. Aquí estamos a ver si este es un lugar más "limpio"
December 11, 2024 at 1:33 AM
Hola mundo. Aquí estamos a ver si este es un lugar más "limpio"