Corsin
@cocaman.ch
it security & cyber guy, research @ http://vulnerability.ch, friendly, swiss | Opinions are my own
Reposted by Corsin
Our annual review is out covering technical highlights such as
- Engineering resilience against critical loss
- Passkeys
- The future of digital identity
- Post quantum crypt transition
- Our Initiate r&d program with industry
- Radical transparency in technology
.. and more
- Engineering resilience against critical loss
- Passkeys
- The future of digital identity
- Post quantum crypt transition
- Our Initiate r&d program with industry
- Radical transparency in technology
.. and more
It’s time to act
Today we’ve published our 2025 Annual Review, revealing that cyber threats facing the UK are accelerating rapidly. We must take action.
Today we’ve published our 2025 Annual Review, revealing that cyber threats facing the UK are accelerating rapidly. We must take action.
October 14, 2025 at 6:23 AM
Our annual review is out covering technical highlights such as
- Engineering resilience against critical loss
- Passkeys
- The future of digital identity
- Post quantum crypt transition
- Our Initiate r&d program with industry
- Radical transparency in technology
.. and more
- Engineering resilience against critical loss
- Passkeys
- The future of digital identity
- Post quantum crypt transition
- Our Initiate r&d program with industry
- Radical transparency in technology
.. and more
Reposted by Corsin
You know you want to speak at Disobey 2026. And now is your chance to do that!
Our CfP is open at: cfp.disobey.fi/disobey-2026/
Check the guidelines from the link and send your proposal by Sep 30th!
Our CfP is open at: cfp.disobey.fi/disobey-2026/
Check the guidelines from the link and send your proposal by Sep 30th!
August 5, 2025 at 2:52 PM
You know you want to speak at Disobey 2026. And now is your chance to do that!
Our CfP is open at: cfp.disobey.fi/disobey-2026/
Check the guidelines from the link and send your proposal by Sep 30th!
Our CfP is open at: cfp.disobey.fi/disobey-2026/
Check the guidelines from the link and send your proposal by Sep 30th!
Reposted by Corsin
Tap in to the stream this week for some YARA fun, highlighting some crazy rules, how I think about learning yara (or anything) as a mid-career professional, and more!
July 21, 2025 at 5:06 PM
Tap in to the stream this week for some YARA fun, highlighting some crazy rules, how I think about learning yara (or anything) as a mid-career professional, and more!
July 15, 2025 at 5:34 PM
Finally a new template for a phishing email.
Sender IP: 45.138.48[.]158
Subject: Your email quarantine summary!!!
URLscan: urlscan.io/result/01980...
Phishing URL reported and blocked by Google Safe Browsing already.
Sender IP: 45.138.48[.]158
Subject: Your email quarantine summary!!!
URLscan: urlscan.io/result/01980...
Phishing URL reported and blocked by Google Safe Browsing already.
July 14, 2025 at 11:43 AM
Finally a new template for a phishing email.
Sender IP: 45.138.48[.]158
Subject: Your email quarantine summary!!!
URLscan: urlscan.io/result/01980...
Phishing URL reported and blocked by Google Safe Browsing already.
Sender IP: 45.138.48[.]158
Subject: Your email quarantine summary!!!
URLscan: urlscan.io/result/01980...
Phishing URL reported and blocked by Google Safe Browsing already.
Reposted by Corsin
@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...
TA406 Pivots to the Front | Proofpoint US
What happened In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these
www.proofpoint.com
May 13, 2025 at 9:53 AM
@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...
Reposted by Corsin
amazing work from Palo Alto and Wired today on TraderTraitor (aka SlowPisces, UNK_MachoMan, UNC something or other, Jade Sleet)
unit42.paloaltonetworks.com/slow-pisces-...
www.wired.com/story/trader...
and a minor line item, only one mention of the L word is a major success
unit42.paloaltonetworks.com/slow-pisces-...
www.wired.com/story/trader...
and a minor line item, only one mention of the L word is a major success
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. North Korean state-sponsored group ...
unit42.paloaltonetworks.com
April 14, 2025 at 4:20 PM
amazing work from Palo Alto and Wired today on TraderTraitor (aka SlowPisces, UNK_MachoMan, UNC something or other, Jade Sleet)
unit42.paloaltonetworks.com/slow-pisces-...
www.wired.com/story/trader...
and a minor line item, only one mention of the L word is a major success
unit42.paloaltonetworks.com/slow-pisces-...
www.wired.com/story/trader...
and a minor line item, only one mention of the L word is a major success
Reposted by Corsin
Infosec must not remain silent while Trump goes after Chris Krebs: www.eff.org/deeplinks/20...
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructur...
www.eff.org
April 11, 2025 at 8:03 PM
Infosec must not remain silent while Trump goes after Chris Krebs: www.eff.org/deeplinks/20...
Reposted by Corsin
Aaaaand we have just released the #PIVOTcon25 #agenda Again You will find there crème de la crème of #CTI #ThreatIntel #ThreatReserch Top researchers tracking both APTs and cybercriminals using very clever and effective PIVOTs 😎💪 Link and thank you ⬇️1/2
📣 Oops!... They did it again!!!
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
March 7, 2025 at 3:12 PM
Aaaaand we have just released the #PIVOTcon25 #agenda Again You will find there crème de la crème of #CTI #ThreatIntel #ThreatReserch Top researchers tracking both APTs and cybercriminals using very clever and effective PIVOTs 😎💪 Link and thank you ⬇️1/2
Reposted by Corsin
February 2025 was a high-volume month on data leak and ransomware sites. Our system picked up and enriched 705 events, the highest ever.
CL0p has been active posting victims from their December 2024 attack against vulnerable Cleo servers.
Get the full picture with our subscription at eCrime.ch
CL0p has been active posting victims from their December 2024 attack against vulnerable Cleo servers.
Get the full picture with our subscription at eCrime.ch
March 3, 2025 at 8:50 AM
February 2025 was a high-volume month on data leak and ransomware sites. Our system picked up and enriched 705 events, the highest ever.
CL0p has been active posting victims from their December 2024 attack against vulnerable Cleo servers.
Get the full picture with our subscription at eCrime.ch
CL0p has been active posting victims from their December 2024 attack against vulnerable Cleo servers.
Get the full picture with our subscription at eCrime.ch
Great job by police organisations around the globe to seize domains and arrest #ransomware operators of Phobos/#8BASE.
www.khaosodenglish.com/news/2025/02...
www.khaosodenglish.com/news/2025/02...
February 10, 2025 at 2:07 PM
Great job by police organisations around the globe to seize domains and arrest #ransomware operators of Phobos/#8BASE.
www.khaosodenglish.com/news/2025/02...
www.khaosodenglish.com/news/2025/02...
Reposted by Corsin
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting. www.wired.com/story/edward...
DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
www.wired.com
February 6, 2025 at 7:43 AM
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting. www.wired.com/story/edward...
Reposted by Corsin
Subscribing to WIRED should be mandatory for anyone who is concerned about what's happening and wants in-depth coverage from journalists who have been reporting on privacy, security, feds, and national security for years. Plus my besties @dell.bsky.social and @couts.bsky.social work there.
Exclusive: Federal workers have filed an emergency motion requesting a restraining order to disconnect the DOGE server that's being used to conduct Trump's "deferred resignation program." The workers had previously accused DOGE of illegally bypassing a mandated privacy audit.
By me at @wired.com:
By me at @wired.com:
Federal Workers Sue to Disconnect DOGE Server
Two federal workers, citing reports that Elon Musk’s associates are operating an illegally connected email server at OPM, seek a restraining order.
www.wired.com
February 4, 2025 at 6:22 PM
Subscribing to WIRED should be mandatory for anyone who is concerned about what's happening and wants in-depth coverage from journalists who have been reporting on privacy, security, feds, and national security for years. Plus my besties @dell.bsky.social and @couts.bsky.social work there.
Reposted by Corsin
Interesting report from Twitter:
"Another certificate was acquired by this company and used to sign a malicious kernel driver. The driver injects an IIS module into w3wp.exe, embedding JS into webpages that redirects to a Chinese adult site, tricking users into downloading a spyware-like app."
"Another certificate was acquired by this company and used to sign a malicious kernel driver. The driver injects an IIS module into w3wp.exe, embedding JS into webpages that redirects to a Chinese adult site, tricking users into downloading a spyware-like app."
January 18, 2025 at 12:23 PM
Interesting report from Twitter:
"Another certificate was acquired by this company and used to sign a malicious kernel driver. The driver injects an IIS module into w3wp.exe, embedding JS into webpages that redirects to a Chinese adult site, tricking users into downloading a spyware-like app."
"Another certificate was acquired by this company and used to sign a malicious kernel driver. The driver injects an IIS module into w3wp.exe, embedding JS into webpages that redirects to a Chinese adult site, tricking users into downloading a spyware-like app."
@benkoe.com Apple Intelligence seit heute in der Schweiz verfügbar?
January 14, 2025 at 9:21 AM
@benkoe.com Apple Intelligence seit heute in der Schweiz verfügbar?
Reposted by Corsin
This year, we worked swiftly to save legacy media sites Vice.com and MTVNews before decades worth of valuable journalism could be erased. These sites are now searchable on the Wayback Machine!
Help us in saving these resources:: https://archive.org/donate/?origin=blsky-eoy2024
Help us in saving these resources:: https://archive.org/donate/?origin=blsky-eoy2024
December 28, 2024 at 4:00 PM
This year, we worked swiftly to save legacy media sites Vice.com and MTVNews before decades worth of valuable journalism could be erased. These sites are now searchable on the Wayback Machine!
Help us in saving these resources:: https://archive.org/donate/?origin=blsky-eoy2024
Help us in saving these resources:: https://archive.org/donate/?origin=blsky-eoy2024
Reposted by Corsin
The Annual Report for the National Cyber Security Centre is out
www.ncsc.gov.uk/collection/n...
Threat assessment:
www.ncsc.gov.uk/collection/n...
www.ncsc.gov.uk/collection/n...
Threat assessment:
www.ncsc.gov.uk/collection/n...
NCSC Annual Review 2024
Looking back at the National Cyber Security Centre's eighth year and its key developments and highlights, between 1 September 2023 and 31 August 2024.
www.ncsc.gov.uk
December 3, 2024 at 7:27 AM
The Annual Report for the National Cyber Security Centre is out
www.ncsc.gov.uk/collection/n...
Threat assessment:
www.ncsc.gov.uk/collection/n...
www.ncsc.gov.uk/collection/n...
Threat assessment:
www.ncsc.gov.uk/collection/n...
It’s complete!
The script migrated 37.7 million archived posts, making them lightning-fast to search.
The script migrated 37.7 million archived posts, making them lightning-fast to search.
November 28, 2024 at 7:49 PM
It’s complete!
The script migrated 37.7 million archived posts, making them lightning-fast to search.
The script migrated 37.7 million archived posts, making them lightning-fast to search.
Well, I am doing it a different way now, as the import broke down after two weeks. And now it might actually work and is fast :-D
Trying to migrate 34 million SQL rows to an OpenSearch system. Time remaining: 1364 hours.
I am sure there must be a better way :-D
I am sure there must be a better way :-D
November 27, 2024 at 5:18 PM
Well, I am doing it a different way now, as the import broke down after two weeks. And now it might actually work and is fast :-D
Reposted by Corsin
#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
November 27, 2024 at 3:11 PM
#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Reposted by Corsin
I have no words - and if you know me, that's super surprising!
Thank you to the Australian Information Security Association (AISA) for the awards to Kids SecuriDay for Best STEM Promoter of the Year and Community Education Program of the Year!
Thank you to the Australian Information Security Association (AISA) for the awards to Kids SecuriDay for Best STEM Promoter of the Year and Community Education Program of the Year!
November 27, 2024 at 12:10 AM
I have no words - and if you know me, that's super surprising!
Thank you to the Australian Information Security Association (AISA) for the awards to Kids SecuriDay for Best STEM Promoter of the Year and Community Education Program of the Year!
Thank you to the Australian Information Security Association (AISA) for the awards to Kids SecuriDay for Best STEM Promoter of the Year and Community Education Program of the Year!
Reposted by Corsin
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
Third time this year an NHS unit's IT systems have come under attack
A UK hospital is declaring a "major incident," cancelling all outpatient appointments due to "cybersecurity reasons."…
dlvr.it
November 26, 2024 at 11:40 AM
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
Discovered bsky-follow-finder.theo.io to find more interesting people to follow here
Bluesky Network Analyzer
Find accounts that you don't follow (yet) but are followed by lots of accounts that you do follow.
bsky-follow-finder.theo.io
November 24, 2024 at 8:22 PM
Discovered bsky-follow-finder.theo.io to find more interesting people to follow here