Tom
@tom.wicked.design
CEO & founder of wicked.design ✌️,
lecturer at Swiss 🇨🇭 & Ukraine 🇺🇦 universities.
Cyber guy turned social scientist & system theorist 📚
🏳️🌈 (he/him) - vegan, cuz friends not food 🌱
lecturer at Swiss 🇨🇭 & Ukraine 🇺🇦 universities.
Cyber guy turned social scientist & system theorist 📚
🏳️🌈 (he/him) - vegan, cuz friends not food 🌱
Daraus ergibt sich ein sehr enger Blick rein auf die Technik. Und natürlich möchte man seinen eigenen Bereich auch bestmöglich darstellen. Was am Ende zu grösseren Problemen führt.
🔗:
- www.ncsc.gov.uk/files/ncsc-a...
- www.bitkom.org/sites/main/f...
🔗:
- www.ncsc.gov.uk/files/ncsc-a...
- www.bitkom.org/sites/main/f...
www.bitkom.org
October 15, 2025 at 10:47 AM
Daraus ergibt sich ein sehr enger Blick rein auf die Technik. Und natürlich möchte man seinen eigenen Bereich auch bestmöglich darstellen. Was am Ende zu grösseren Problemen führt.
🔗:
- www.ncsc.gov.uk/files/ncsc-a...
- www.bitkom.org/sites/main/f...
🔗:
- www.ncsc.gov.uk/files/ncsc-a...
- www.bitkom.org/sites/main/f...
Deswegen bin ich auch sehr skeptisch ob der Selbsteinschätzung der Firmen im Wirtschaftsschutz
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
October 15, 2025 at 10:47 AM
Deswegen bin ich auch sehr skeptisch ob der Selbsteinschätzung der Firmen im Wirtschaftsschutz
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
Was wollen wir schützen?
Was haben wir für, regulatorische, Anforderungen?
Wogegen wollen wir es schützen (was kann tatsächlich passiern)?
Und vor allem, was machen wir wenn es passiert?
Deswegen liefern wir nicht nur Excel Listen, sondern diskutieren mit unseren Kundinnen & Kunden!💪
Was haben wir für, regulatorische, Anforderungen?
Wogegen wollen wir es schützen (was kann tatsächlich passiern)?
Und vor allem, was machen wir wenn es passiert?
Deswegen liefern wir nicht nur Excel Listen, sondern diskutieren mit unseren Kundinnen & Kunden!💪
August 13, 2025 at 11:49 AM
Was wollen wir schützen?
Was haben wir für, regulatorische, Anforderungen?
Wogegen wollen wir es schützen (was kann tatsächlich passiern)?
Und vor allem, was machen wir wenn es passiert?
Deswegen liefern wir nicht nur Excel Listen, sondern diskutieren mit unseren Kundinnen & Kunden!💪
Was haben wir für, regulatorische, Anforderungen?
Wogegen wollen wir es schützen (was kann tatsächlich passiern)?
Und vor allem, was machen wir wenn es passiert?
Deswegen liefern wir nicht nur Excel Listen, sondern diskutieren mit unseren Kundinnen & Kunden!💪
Somit besteht auch keine oder kaum mehr die Möglichkeit für ein MDM den angedachten remote wipe durchzuführen.
Genau deswegen lohnt es ernsthaftes #Risikomanagement.
Genau deswegen lohnt es ernsthaftes #Risikomanagement.
August 13, 2025 at 11:49 AM
Somit besteht auch keine oder kaum mehr die Möglichkeit für ein MDM den angedachten remote wipe durchzuführen.
Genau deswegen lohnt es ernsthaftes #Risikomanagement.
Genau deswegen lohnt es ernsthaftes #Risikomanagement.
Häufig höre ich bei Kunden:innen: "Wir haben ein MDM, damit wir Geräte remote löschen können!"
Die Idee ist gut, und häufig auch durch Compliance gefordert.
Bis der Ernstfall eintritt.
SIM-Karte weg, Netzverbindung getrennt 📵
Durch die Alufolie blockiert man WiFi 🛜, GPS🛰️
Die Idee ist gut, und häufig auch durch Compliance gefordert.
Bis der Ernstfall eintritt.
SIM-Karte weg, Netzverbindung getrennt 📵
Durch die Alufolie blockiert man WiFi 🛜, GPS🛰️
August 13, 2025 at 11:49 AM
Häufig höre ich bei Kunden:innen: "Wir haben ein MDM, damit wir Geräte remote löschen können!"
Die Idee ist gut, und häufig auch durch Compliance gefordert.
Bis der Ernstfall eintritt.
SIM-Karte weg, Netzverbindung getrennt 📵
Durch die Alufolie blockiert man WiFi 🛜, GPS🛰️
Die Idee ist gut, und häufig auch durch Compliance gefordert.
Bis der Ernstfall eintritt.
SIM-Karte weg, Netzverbindung getrennt 📵
Durch die Alufolie blockiert man WiFi 🛜, GPS🛰️
Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
July 28, 2025 at 1:58 PM
Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
🚩 Data obtained includes 12TB of databases, 8TB of files from Windows Share, and 2TB of corporate email.
Passengers flight data has also been exfiltrated and is available for researchers for further analysis.
www.linkedin.com/posts/wicked...
Passengers flight data has also been exfiltrated and is available for researchers for further analysis.
www.linkedin.com/posts/wicked...
Aeroflot suffers massive outage of their IT systems. | Tom H.
Aeroflot suffers massive outage of their IT systems. 🛬🚫
Two groups, Silent Crow and Cyberpartisans BY, claim responsibility in support of Ukraine🇺🇦.
🚩 7,000 servers — physical and virtual — were de...
www.linkedin.com
July 28, 2025 at 1:48 PM
🚩 Data obtained includes 12TB of databases, 8TB of files from Windows Share, and 2TB of corporate email.
Passengers flight data has also been exfiltrated and is available for researchers for further analysis.
www.linkedin.com/posts/wicked...
Passengers flight data has also been exfiltrated and is available for researchers for further analysis.
www.linkedin.com/posts/wicked...
Full panel and blog are still functioning.
The hacker supposedly goes by "kho-kho" from Prague. Let me know who he is—I'll pay real money if the information is genuine." 2/2
The hacker supposedly goes by "kho-kho" from Prague. Let me know who he is—I'll pay real money if the information is genuine." 2/2
May 8, 2025 at 3:26 PM
Full panel and blog are still functioning.
The hacker supposedly goes by "kho-kho" from Prague. Let me know who he is—I'll pay real money if the information is genuine." 2/2
The hacker supposedly goes by "kho-kho" from Prague. Let me know who he is—I'll pay real money if the information is genuine." 2/2
Lockbit confirmed:
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
May 8, 2025 at 3:26 PM
Lockbit confirmed:
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
It reveals the brutal reality of ransomware attacks. They are even attacking #schools: "Dude, we’re #non-profit, educating children,".
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
May 8, 2025 at 3:26 PM
It reveals the brutal reality of ransomware attacks. They are even attacking #schools: "Dude, we’re #non-profit, educating children,".
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
For anyone interested, here is the sourcode of the phishing site - heavily obfuscated: drive.proton.me/urls/3Z8SZZN...
Proton Drive
Securely store, share, and access your important files and photos. Anytime, anywhere.
drive.proton.me
February 26, 2025 at 10:38 AM
For anyone interested, here is the sourcode of the phishing site - heavily obfuscated: drive.proton.me/urls/3Z8SZZN...
Be cautious:
As the QR code is ment to be scanned via smartphone, DNS and firewall blocking might have a limited effect!
IOCs:
▶️ [01] no-reply@nepalpottery[.]com
▶️ [02] https://864b5744a8e3e6f83afff7bd2c6.altedsx[.]com/
▶️ [03] https://w5vv.mdernstyle[.]ru/
As the QR code is ment to be scanned via smartphone, DNS and firewall blocking might have a limited effect!
IOCs:
▶️ [01] no-reply@nepalpottery[.]com
▶️ [02] https://864b5744a8e3e6f83afff7bd2c6.altedsx[.]com/
▶️ [03] https://w5vv.mdernstyle[.]ru/
February 26, 2025 at 10:24 AM
Be cautious:
As the QR code is ment to be scanned via smartphone, DNS and firewall blocking might have a limited effect!
IOCs:
▶️ [01] no-reply@nepalpottery[.]com
▶️ [02] https://864b5744a8e3e6f83afff7bd2c6.altedsx[.]com/
▶️ [03] https://w5vv.mdernstyle[.]ru/
As the QR code is ment to be scanned via smartphone, DNS and firewall blocking might have a limited effect!
IOCs:
▶️ [01] no-reply@nepalpottery[.]com
▶️ [02] https://864b5744a8e3e6f83afff7bd2c6.altedsx[.]com/
▶️ [03] https://w5vv.mdernstyle[.]ru/
Defender apparently picks up on it while other mail filters currently let it pass.
Recommended actions:
▶️ Implement a block filter for the nepalpottery
▶️ Implementation of DNS filtering should be implemented.
▶️ Inform your organisation about the current situation.
Recommended actions:
▶️ Implement a block filter for the nepalpottery
▶️ Implementation of DNS filtering should be implemented.
▶️ Inform your organisation about the current situation.
February 26, 2025 at 10:24 AM
Defender apparently picks up on it while other mail filters currently let it pass.
Recommended actions:
▶️ Implement a block filter for the nepalpottery
▶️ Implementation of DNS filtering should be implemented.
▶️ Inform your organisation about the current situation.
Recommended actions:
▶️ Implement a block filter for the nepalpottery
▶️ Implementation of DNS filtering should be implemented.
▶️ Inform your organisation about the current situation.
It contains a lure about an updated company handbook and a QR code.
The QR code leads to Cloudflare protected website [02]. It then forwards to a Microsoft Microsoft 365 themed phishing website [03].
The QR code leads to Cloudflare protected website [02]. It then forwards to a Microsoft Microsoft 365 themed phishing website [03].
February 26, 2025 at 10:24 AM
It contains a lure about an updated company handbook and a QR code.
The QR code leads to Cloudflare protected website [02]. It then forwards to a Microsoft Microsoft 365 themed phishing website [03].
The QR code leads to Cloudflare protected website [02]. It then forwards to a Microsoft Microsoft 365 themed phishing website [03].
The sender is the compromised mail account Nepal pottery [01].
The subject follows a certain pattern:
<ORG-NAME>-2025 Q1 Staff Pay Adjustment Handbook-<NUMBER>
The subject follows a certain pattern:
<ORG-NAME>-2025 Q1 Staff Pay Adjustment Handbook-<NUMBER>
February 26, 2025 at 10:24 AM
The sender is the compromised mail account Nepal pottery [01].
The subject follows a certain pattern:
<ORG-NAME>-2025 Q1 Staff Pay Adjustment Handbook-<NUMBER>
The subject follows a certain pattern:
<ORG-NAME>-2025 Q1 Staff Pay Adjustment Handbook-<NUMBER>
What is the problem of people and companies with the concept „a better place for all of us - no matter who you are“.
It doesn‘t hurt anyone, but it helps people who are already marginalized.
It doesn‘t hurt anyone, but it helps people who are already marginalized.
January 26, 2025 at 11:06 AM
What is the problem of people and companies with the concept „a better place for all of us - no matter who you are“.
It doesn‘t hurt anyone, but it helps people who are already marginalized.
It doesn‘t hurt anyone, but it helps people who are already marginalized.