Shoot the Messenger, Sunday Edition: Reporting on a leak is not unethical, Hamilton County

https://databreaches.net/2025/03/30/shoot-the-messenger-sunday-edition-reporting-on-a-leak-is-not-unethical-hamilton-county/

See the Chattanooga Times Free Press's full OpEd at: https://www.timesfreepress.com/news/2025/mar/30/opinion-reporting-on-a-leak-is-not-unethical/

Oracle Health is becoming the poster child for how NOT to respond to a breach:

https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/

It would be nice if infosec and IT tools provided better IPv6 support.

Weren't we supposed to run out of IPv4 addressees 10 years ago? What happened to the IPv6 revolution?

Seen a lot of hype about this Trend Micro blog, but im not sure I can get on board with it. The whole thing seems a bit of a stretch.

Whether there are blank characters or line breaks doesn't change how the technique works, its only prevents a user easily spotting it via the lnk file

The push on zero day, vulnerability, 1000s of instances across multiple 'APTs' is a bit much and comes across as marketing hype too.

https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

from our archives: "Training to Become a Savable Victim"

Just as rescue scuba divers learn to be cooperative victims, executives need to know how to support cybersecurity teams during incidents.

This reader-favorite post explores how leadership teams often become "unsavable victims" by disrupting response efforts, and what CISOs can do about it.

Read the full post: https://discernibleinc.com/blog/empowering-business-leaders-to-be-savable-victims-drawing-incident-response-insights-from-rescue-scuba-diving

NEW:

Almost one month after Brain Cipher claimed to have attacked them, Pulmonary Physicians of South Florida has yet to publicly confirm or deny any breach.

Part of the proof of claims is a file tree with almost 424k files.

https://databreaches.net/2025/03/17/almost-one-month-after-brain-cipher-claimed-to-have-attacked-them-pulmonary-physicians-of-south-florida-has-yet-to-publicly-confirm-or-deny-any-breach/

Weekly security communication practice with your peers!

Join industry colleagues in 60-min weekly Slack simulations where you can:

Test communication approaches you can't try at work
Learn from diverse perspectives across organizations
Build "muscle memory" for high pressure communication
Network with professionals facing similar challenges

Unlike traditional tabletops, these bite-sized drills fit your schedule and focus on practical communication skills across 12 security incident categories.

Available now starting at $50/month.

Learn more: https://discernibleinc.com/drills

#SecurityCommunication #IncidentResponse
#ProfessionalDevelopment

Did you know a ransomware tabletop exercise can uncover gaps and failure points in your incident response plan? A recent study found it can also reduce your data breach costs by an average of $248K! If you have not planned a ransomware tabletop exercise already, it's time to put this on your schedule!

In our new blog, we share common failure points, @MDurrin's favorite ransomware tabletop exercise scenarios, and tips to help you get the most out of your next exercise.

Read the blog: https://www.lmgsecurity.com/how-a-ransomware-tabletop-exercise-can-dramatically-reduce-your-losses-if-youre-attacked/

Scenario: Someone is notifying you of a data breach that occurred almost a year ago. They refer it to as a "recent incident."

Their notification does not tell you WHEN the incident occurred, WHEN they first discovered it, or the fact that the data were leaked more than 6 months ago. They just talk about a "recent incident."

I wish they weren't allowed to get away with such deceptive notices.

The FIRST Board of Directors has unveiled a comprehensive Strategy Framework to enhance our ability to fulfill our mission as a global leader in cybersecurity and incident response.

This framework introduces a structured three-year Strategic Plan focused on five key objectives:

Global Recognition and Trust
Member Value Creation
Development and Education
Trusted Venue for Standards
Effective Governance and Financial Resilience

Learn more here: https://go.first.org/fQNwV

Launching today: Discernible Drills - our new weekly security/privacy communication training delivered via Slack!

Based on 20 years of experience in, this new service helps security and privacy professionals practice communication skills through weekly 60-minute drills.

- Covers 12 different incident types
- Text-based with multimedia elements for auditory learners
- No PO required - individual subscriptions
- Currently runs Wednesdays 12-1pm ET with more times coming soon
- Two tiers: $50/mo or $100/mo

Security incidents are more than breaches, and communication is more than media statements. Practice makes perfect.

Learn more at https://discernibleinc.com/blog/introducing-discernible-drills

@hacks4pancakes (@dragosinc) will join us on March 19 for our Foundations of DFIR panel!

While that's a few weeks away, you can check out Lesley's blog post on The Shifting Landscape of OT Incident Response which illustrates the importance of specialized incident response and digital forensics in maintaining the security and integrity of OT systems.

Find it here: https://www.dragos.com/blog/the-shifting-landscape-of-ot-incident-response/

If you want to catch Lesley along with panelists @danonsecurity, David Bianco, and Sarah Sabotka for unique insights on bolstering your DFIR foundations, save your spot here: https://www.domaintools.com/webinar-getting-back-to-the-foundations-of-dfir/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFIR-To-You

I've had quite a few outrageous responses to my alerts, this is another one of those, sent by teammateapp.com CEO.

After my initial alert and follow up email, I get a reply lying about the severity of the exposure and telling me to stop harassing the company.

This CEO also didn't know what Proton is and thought I work for them and threatened to report me to them in case I didn't stop.

Read about it here: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security

I had a fabulous two-slide presentation today at work. The topic was the results of the data analysis we did after collecting calls to action from the 2024 incident retro I volunteered to run three weeks ago.

So I distilled our actions into four dimensions of work, created user stories, and prioritized by stack ranking the actions. Already been knocking those out, but slow since I am on-call this week, too.

I had fun breaking through a linear "crawl-walk-run" metaphor that is slung around here a lot, by describing how our work is a hypercube, and those dimensions (Metrics, Tracking, IC / Responder support, the Post-Incident) are dynamic but linked.

Unter dem Motto "meet. learn. protect." findet die auch dieses Jahr die secIT von @heisec in Hannover statt - am 18.03. mit ganztägigen Workshops zu unterschiedlichen Security-Themen und am 19. und 20.03. zusätzlich mit einem umfangreichen Messe- und Konferenzprogramm.
In diesem Rahmen bieten auch zahlreiche HiSolutions-Experten vertiefende Workshops zu den Themen #NIS-2, #KI, #IncidentResponse, #Pentest und #BCM an.
Mehr zum Programm @secIT by heise: https://secit-heise.de/programm#programm
#itsecurity

Drum Roll! Join us for the 37th Annual FIRST Conference from June 22-27, 2025 in Denmark, Copenhagen. Save the date for your favorite annual conference #annualconference #incidentresponse #secconf #savethedate https://go.first.org/Nz2u9

I've had to analyze several MS Quick Assist compromises and found challenges during each one. Threat Hunting for malicious activity thru QA is not easy either.

So I wrote a blog post on what to look for: https://inversion6.com/resources/blog/january-2025/microsoft-quick-assist-an-it-security-primer

DFIR LABS is a compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting: https://github.com/Azr43lKn1ght/DFIR-LABS

Lateral Movement Analysis: Using Chainsaw, Hayabusa, and LogParser for Cybersecurity Investigations: https://medium.com/@cyberengage.org/lateral-movement-analysis-using-chainsaw-hayabusa-and-logparser-for-cybersecurity-investigations-b927843bd8d4

Vulnerability Management compliance tip of the day:

Create a web page to report security issues: https://www.gohighlevel.com/security-response

Now make sure the email you provided doesn't accept emails so you don't have to deal with any report.