Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback.

Join the team at LimaCharlie for an interactive open forum about much of what has happened in 2022. Dive into and learn about key feature releases and hear a little about what's to come for the future. 2022 was a major growth year for LimaCharlie and we'll discuss the wide range of capabilities we have added that enable our users to assemble a security stack unique to their organizations.

Unknown threat actors observed hiding malware execution behind a legitimate Windows support binary. S3 buckets now encrypted by default. Powerful Android malware targeting banking applications. End of life for WIndows Server 2008.

New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8. Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.

LimaCharlie and SnapAttack are pleased to announce a new integration that gives organizations access to open-source intelligence objects and behaviorally-oriented detections developed by the SnapAttack threat research team as well as popular community tools, such as Atomic Red Team and Sigma. The ruleset contains high-confidence detections for most platforms that have been verified against true positive data by SnapAttack’s threat detection team.

Unfortunately a novel technique has been developed by Or Yair, a security researcher to weaponize the file deletion functionality of most enterprise quality EDR solutions to include SentinelOne and Microsoft. If you're running or you support small business that runs F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras be on the lookout for a Go-based malware named Zerobot in the wild.

Open source as a philosophy was born alongside the Internet at a time when the world was much more optimistic. The naysayers said it couldn’t be done, that it wasn’t secure, and that it was just a matter of time before all these projects failed. Fast forward 30-40 years and the open source ecosystem is thriving. Linux runs on the top 500 super computers in the world, almost 95% of the world’s servers, and 85% of all smart phones.

Most commonly used passwords in 2022. A new red teaming tool called Nighthawk. Avast has published a report on the Venomsoft malware chrome extension. WhatsApp data leak: 500 million user records for sale. Recommendations that statistically reduces the number of cyber incidents experienced by a business by a whopping 85%.

The top cyber news stories you need to know about right now. CISA make Cyber.org range available to all 50 states. New rules around blue checkmarks on Twitter cause swings in the stock market. Mondelez International has settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover the snack giant's $100-million-plus cleanup bill following the 2017 NotPetya outbreak.

LimaCharlie sits down with Paul Caiazzo: Cyber security expert, entrepreneur and strategist, CISO and CPO. Paul has dedicated his career to advancing the field of global cyber security. In his current role as Chief Growth Officer at SnapAttack, Paul focuses on product/market fit, strategic partnerships, and business development.