Anthony Coggins
@cogcyber.com
Infosec Leader, Yogi, Father, Husband, Nerd
Reposted by Anthony Coggins
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. See: research.eye.security/sharepoint-u...
~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserver.org/statistics/i...
~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserver.org/statistics/i...
July 20, 2025 at 11:52 AM
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with Eye Security & watchTowr we are notifying compromised parties. See: research.eye.security/sharepoint-u...
~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserver.org/statistics/i...
~9300 Sharepoint IPs seen exposed daily (population, no vulnerability assessment): dashboard.shadowserver.org/statistics/i...
Reposted by Anthony Coggins
It’s that time again, apparently.
June 28, 2025 at 4:52 PM
It’s that time again, apparently.
Reposted by Anthony Coggins
🚨🚨The White House is pissed off about this ad so you know what to do, share it everywhere! ICE is disappearing people just because of the color of their skin! No Warrant! No Due Process! This is not who we are as Americans! #MAGAKidnappers want an all white America, fuck that‼️
June 18, 2025 at 8:08 PM
🚨🚨The White House is pissed off about this ad so you know what to do, share it everywhere! ICE is disappearing people just because of the color of their skin! No Warrant! No Due Process! This is not who we are as Americans! #MAGAKidnappers want an all white America, fuck that‼️
Reposted by Anthony Coggins
A different taken on the CISO / Cybersecurity Leader Job Description.
www.philvenables.com/post/ciso---...
www.philvenables.com/post/ciso---...
CISO / Cybersecurity Leader Job Description
There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too detailed to capture the actual essence of the role. I developed t...
www.philvenables.com
May 31, 2025 at 2:44 PM
A different taken on the CISO / Cybersecurity Leader Job Description.
www.philvenables.com/post/ciso---...
www.philvenables.com/post/ciso---...
if u see this
post your getaway vehicle
post your getaway vehicle
May 4, 2025 at 9:03 PM
if u see this
post your getaway vehicle
post your getaway vehicle
Reposted by Anthony Coggins
For the last few days we are also scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities.
We see around 4000 IPs exposed.
We see around 4000 IPs exposed.
March 27, 2025 at 1:22 PM
For the last few days we are also scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities.
We see around 4000 IPs exposed.
We see around 4000 IPs exposed.
Reposted by Anthony Coggins
Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.
@lhn.bsky.social has a guide for you:
www.wired.com/story/the-wi...
@lhn.bsky.social has a guide for you:
www.wired.com/story/the-wi...
March 13, 2025 at 2:06 PM
Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.
@lhn.bsky.social has a guide for you:
www.wired.com/story/the-wi...
@lhn.bsky.social has a guide for you:
www.wired.com/story/the-wi...
Reposted by Anthony Coggins
This doesn't happen everyday folks!!
Entra ID application management policies no longer require a Workload ID Premium license! 👏🎁🍾🥳🎊
This change happened back in October last year and I somehow missed it.
Here's a complete walkthrough 🧵👇
✳️ Bookmark this.
Entra ID application management policies no longer require a Workload ID Premium license! 👏🎁🍾🥳🎊
This change happened back in October last year and I somehow missed it.
Here's a complete walkthrough 🧵👇
✳️ Bookmark this.
March 4, 2025 at 9:15 AM
This doesn't happen everyday folks!!
Entra ID application management policies no longer require a Workload ID Premium license! 👏🎁🍾🥳🎊
This change happened back in October last year and I somehow missed it.
Here's a complete walkthrough 🧵👇
✳️ Bookmark this.
Entra ID application management policies no longer require a Workload ID Premium license! 👏🎁🍾🥳🎊
This change happened back in October last year and I somehow missed it.
Here's a complete walkthrough 🧵👇
✳️ Bookmark this.
We're cooked
😡🤬
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
therecord.media
February 28, 2025 at 11:44 PM
We're cooked
Reposted by Anthony Coggins
What does Crowdstrike do when their government contacts are threatened if they make an attrib this government doesn't like?
Apparently we aren't going to talk about LockBit as a threat anymore. https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
Good going "cybersecurity isn't political" chucklenuts. You're cooked. We're cooked.
Good going "cybersecurity isn't political" chucklenuts. You're cooked. We're cooked.
February 28, 2025 at 10:16 PM
What does Crowdstrike do when their government contacts are threatened if they make an attrib this government doesn't like?
Reposted by Anthony Coggins
This is a fun one :)
Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource
Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app?
learn.microsoft.com/...
Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource
Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app?
learn.microsoft.com/...
February 20, 2025 at 6:51 PM
This is a fun one :)
Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource
Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app?
learn.microsoft.com/...
Let's say you have a Conditional Access policy requiring MFA for All resources, and then you exclude one resource
Did you know that also automatically adds additional exlusions for some low privileged scopes depending on client app?
learn.microsoft.com/...
Y'all know this is how Horizon Zero Dawn started right?
February 6, 2025 at 1:28 AM
Y'all know this is how Horizon Zero Dawn started right?
Reposted by Anthony Coggins
I'm getting tired of vendors trying to build security products that do everything. Seriously, pick something and do that. The rest is a distraction for you and friction for me.
February 4, 2025 at 4:51 PM
I'm getting tired of vendors trying to build security products that do everything. Seriously, pick something and do that. The rest is a distraction for you and friction for me.
Reposted by Anthony Coggins
Meta is leaving its users to wade through hate and disinformation
Meta is leaving its users to wade through hate and disinformation
Meta’s decision to eliminate fact-checking could unleash a flood of disinformation, experts warn.
buff.ly
January 7, 2025 at 11:20 PM
Meta is leaving its users to wade through hate and disinformation
Reposted by Anthony Coggins
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
CrowdStrike Services Releases Free Incident Response Tracker
This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.
www.crowdstrike.com
January 3, 2025 at 7:41 PM
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Reposted by Anthony Coggins
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
www.bleepingcomputer.com
December 20, 2024 at 12:05 PM
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
Cybersecurity... Amirite?
December 18, 2024 at 10:27 PM
Cybersecurity... Amirite?
Reposted by Anthony Coggins
As many people suspected, CL0P is taking credit for the CLEO 0-Day attack. That’s not…good.
Via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Clop ransomware claims responsibility for Cleo data theft attacks
The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data.
www.bleepingcomputer.com
December 15, 2024 at 8:35 PM
As many people suspected, CL0P is taking credit for the CLEO 0-Day attack. That’s not…good.
Via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Reposted by Anthony Coggins
Second in series on advanced identity attacks and mitigations - Adversary in the middle phishing: techcommunity.microsoft.com/blog/identit...
Defeating Adversary-in-the-Middle phishing attacks | Microsoft Community Hub
Welcome to the second in our series of articles on dealing with advanced identity-related attacks.
As we’ve crossed the threshold of more than 40% of...
techcommunity.microsoft.com
December 7, 2024 at 3:09 PM
Second in series on advanced identity attacks and mitigations - Adversary in the middle phishing: techcommunity.microsoft.com/blog/identit...
Reposted by Anthony Coggins
How to make pentesters cry...
Run PingCastle/PurpleKnight, Locksmith, and ScriptSentry in your environment and fix all the critical issues before your next pentest.
I promise you...they will be weep
Run PingCastle/PurpleKnight, Locksmith, and ScriptSentry in your environment and fix all the critical issues before your next pentest.
I promise you...they will be weep
December 6, 2024 at 3:16 PM
How to make pentesters cry...
Run PingCastle/PurpleKnight, Locksmith, and ScriptSentry in your environment and fix all the critical issues before your next pentest.
I promise you...they will be weep
Run PingCastle/PurpleKnight, Locksmith, and ScriptSentry in your environment and fix all the critical issues before your next pentest.
I promise you...they will be weep
