macOS as a "safe" platform with no malware and security issues? I'm probably preaching to the choir but if that ever was a false truth, no more than ever. Took a look at the malware landscape for macOS.

As can be expected:

1. Credential Stealers rule.
2. Crypocurrency and North Korea
3. "ClickFix" modus works on macOS as well.

It's one thing to see all these individual articles published, but it's a whole other thing to see them brought together and attempting to tease out... what does it mean? Where are we heading? What's the trajectory?

As a foundation for this analysis I used articles published through the Cyber Espresso.

https://cstromblad.com/posts/macos-malware-analysis-and-assessment/

Thank you to the following companies who freely publish all this great content:

Huntress: @huntress
Sentinel Labs: @SentinelLabs
Walmart Global Tech: @walmartglobaltech
CloudSek: @cloudsek
MoonLock: @moonlock_lab
Imperva: @imperva
Cyfirma: @cyfirmar

#ThreatIntel #Cybersecurity #Infosec

Jag trodde en bensinslang till en bränslepump skulle tåla bensin, men oj så fel jag hade.

#bensinpump #supermotard

Norrland.

@mastodonmigration While the statistics for the Fediverse is a little bit harder to understand and collect, it appears to generally be pretty stable.

https://fedidb.com/stats

There was a very interesting and strange bump which I'm going to attribute to a collection error...

The BSky user decline is undeniable and I don't mean this as an insult to the platform, their current users and what not. But this really has felt inevitable from the start. It never was anything else than another centralized platform, and perhaps now it's beginning to sink in.

The hype has passed, the romantic early cozy feeling has been replaced with the cold and harsh reality of centralized social media platforms.

Hopefully as users begin to notice declining interaction they will come looking for an alternative and perhaps Mastodon has matured enough to cater to at least some of these users looking for a home.

#BlueSky #Mastodon

https://bsky.jazco.dev/stats

@mastodonmigration

Palo Alto (Unit42) yet again publishes a comprehensive and quite useful article on the whole "ClickFix" modus.

Worth reading IMHO.

https://social.cyberespresso.eu/@ThreatIntel/114828784856150190

#ThreatIntel #Cybersecurity #Infosec

Well THAT was surprising. The backup task finished after having run for four hours. This usually takes just a few minutes. Is there a seldomly run task that sometimes kicks in??

”If there’s a problem, fill out a complaint form and place it in an envelope addressed to the hospital in which you were born.”

16 years ago, I had no idea this would be evergreen content.

https://youtu.be/gEyFH-a-XoQ

This is something I've discussed also in professional settings. The old "business need Linux" being Red Hat might not hold with how things look in the US at the moment, if you're a European company. Yet, there are definitely benefits to staying in the rpm ecosystem when looking elsewhere.

SUSE seems well placed - and doing their part:

https://lemmy.ca/post/47667761

#Linux #RedHat #SUSE

Here are my current working results of the cyber incident monitoring (results so far):

Given the following article:
https://hackread.com/rockerbox-server-tax-firm-exposed-sensitive-records/

Here's the summary extract of the event:

Event summary: Data exposure due to misconfiguration of a non-password-protected database containing sensitive personal and financial information"

Incident Classification: Accident
Secondary: Data Leak, Misconfiguration

Target system(s): Cloud Database, Data Storage
Target org: Rockerbox

Victims: USA, 245 949 individuals

Origin source reporting: https://www.vpnmentor.com/news/report-rockerbox-breach/

Hopefully I can add a first version to the Espresso later.

#Cybersecurity #Incident #Infosec #CyberEspresso

Is there (or has there been) an attempt at establishing a "cyber incident" categorization?

(Initially wrote classification, but that might be interpreted as the damage caused by an incident...)

Do you know of any?

#Cybersecurity #CyberIncident #Incident #Infosec

Threat actors Raven Beaverhead, and Advantageous Bottomfeeder are now attacking industry Telefactoring, beware if you're in this industry.

They are using advanced and sophisticated techniques such as using unpatched vulnerabilities, overprivileged user accounts that have more access than what they should have.

But instead of taking care of these basic hygiene factors you can leverage our hyper-advanced fully integrated platform where you can benefit from quantum resistant algorithms for corner cases and AI-agents that will go entirely underused and serve no real purpose.

Happy to have ya onboard!

#Cybersecurity #Infosec

Day 7 of our trip, and wow, it sure feels like more than a week! Which isn’t to say we’ve been bored at all. Rather that traveling some each day really gets quite intense. Tomorrow evening we’ll get on the ferry back to #Stockholm, and that’ll be our last night before checking in back home. But first another day here in #Helsinki, a city we’re all really fond of.

And this update to 4.4.0 brings quite a lot of news to Mastodon, here are a few:

- Improved list management
- Quote Posts (part 1, SEE, but NOT CREATE)
- Features for admins (communicate with all users, terms of service etc.)

And the list of fixes and changes is quite long:

https://blog.joinmastodon.org/2025/07/mastodon-4.4/

Version tag on Github: https://github.com/mastodon/mastodon/releases/tag/v4.4.0

#Mastodon

And we're back, sorry for the delay folks, had to debug some stuff in production, and now make some notes about this because I will forget it.

Will be performing an upgrade of the Swecyb Mastodon instance. Not expecting any troubles, but you never know.

See you on the other side.

@GossiTheDog has written a new post about the CitrixBleed 2 drama.

https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71

#Cybersecurity #ThreatIntel #Infosec

Yeah ops... just pushed something to all feeds... 🙂

Deploy to prod yolo...

Beta testing a beta feature of the beta release.

Yeah... that's quite something. But here's what I'm working on for the Cyber Espresso.

Cyber Incident monitoring -> Get notified when an article from the 'News' source category discusses a cyber related incident. Extract potentially affected entity/entities, likely original source of the information.

It will be possible to configure one (or more) feed(s) to receive Cyber Incidents and connect it to the source collection 'News'.

This will further enable you to configure (but not in first version) regional notifications by connecting to "Local and Regional" news sources.

Coming soon to a Cyber Espresso feed configuration near you.

Was recently made aware of this book about GRU of Russia.

https://lab52.io/blog/new-book-now-available-cyber-gru-russian-military-intelligence-in-cyberspace/

Had a look through the ToC, ohh... interesting. Then I had a browse on Google Books, even more oooh and ah...

This definitely looks like a well-researched and referenced book and will be purchased.

#Cybersecurity #ThreatIntel #GRU #Russia