The hottest Threat intelligence Substack posts right now

And their main takeaways
Category
Top Technology Topics

Announcing the 2025 Cyber 150

The Security Industry 21 implied HN points 13 Jan 25
🕹 Technology Cybersecurity Data security Investment Software Development Threat intelligence
  1. The 2025 Cyber 150 list highlights the fastest growing midsize cybersecurity companies, showcasing how many of them have expanded significantly over the last year.
  2. Dopple was the standout performer, increasing its headcount by 217%, which shows that some companies can grow rapidly even in a competitive market.
  3. Overall, these companies have raised a total of $8.6 billion in funding, and their success attracts even more investment, allowing them to grow and hire more employees.

The KQL Mysteries: Chapter 5

Rod’s Blog 456 implied HN points 18 Jan 24
🕹 Technology Cybersecurity Data Analysis Hacking AI Threat intelligence
  1. Jon and Sofia successfully identified and captured the teenage threat actors behind a financial breach using KQL queries and OSINT techniques.
  2. The threat actors were operating from a suburban house in Seattle, Washington, and were quickly apprehended by authorities, leading to the recovery of the funds.
  3. Despite the success, Jon remains suspicious about the involvement of the Night Princess hacker group, hinting at a potential unresolved mystery for the next chapter.

The KQL Mysteries: Chapter 3

Rod’s Blog 456 implied HN points 05 Jan 24
🕹 Technology Cybersecurity Data Analysis Threat intelligence Cryptocurrency Malware
  1. Jon and Sofia's financial accounts were compromised by hackers, leading them to investigate the breach and work towards recovering the stolen funds.
  2. Through KQL queries and Microsoft Sentinel workspace, Jon and Sofia uncovered details about the malware used in the cyberattack and the group of threat actors behind it.
  3. Jon and Sofia utilized Microsoft Defender Threat Intelligence and various online resources to track the remote servers, cryptocurrency wallets, and patterns involved in the financial heist, narrowing down their search for the threat actors.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Denial of Service Attacks with Microsoft Sentinel

Rod’s Blog 734 implied HN points 28 Sep 23
🕹 Technology Cybersecurity Threat intelligence IT Infrastructure Incident Management
  1. Denial of service (DoS) attacks aim to overwhelm a system with traffic, rendering it inaccessible. Robust security operations center capabilities are crucial for detecting and mitigating these attacks effectively.
  2. Microsoft Sentinel offers tools like analytics rules, incident management, and threat intelligence integration for detecting and responding to DoS attacks in real-time.
  3. To mitigate DoS attacks, organizations can leverage network traffic monitoring, DDoS protection integration, and incident response playbooks offered by Microsoft Sentinel.

Intrusion Truth Methods: How Can They Get It Right Again and Again?

Natto Thoughts 79 implied HN points 10 Apr 24
🕹 Technology Cybersecurity Investigative Reporting Threat intelligence Community Building
  1. Intrusion Truth has a track record of correctly identifying Chinese threat actors tied to APT groups, leading to US DoJ indictments.
  2. Their success stems from starting investigations by leveraging report findings, receiving tips, and exploring science and technology companies in specific regions.
  3. Intrusion Truth's methods showcase the value of outdated research, the importance of community collaboration for threat hunting, and the need for deep understanding of the threat environment.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Announcing LASEC: LLM Application Security Executive Certification

PromptArmor Blog 100 implied HN points 20 Mar 24
🕹 Technology Cybersecurity Artificial Intelligence Education Compliance Threat intelligence
  1. LASEC is a new certification focused on LLM application security. It aims to educate leaders on current security threats and best practices.
  2. Participants will learn about real-world threats, including a new exploit discovered by PromptArmor. They'll also dive into compliance standards and how to balance security with product development.
  3. The certification program is designed to share knowledge gained from working with top security leaders in Fortune 100 companies, making it a valuable resource for security professionals.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Malware Attacks with Microsoft Sentinel

Rod’s Blog 99 implied HN points 20 Sep 23
🕹 Technology Security Threat Detection Threat intelligence Incident Response Automation
  1. Malware attacks can result in data breaches, financial losses, and damage to an organization's reputation, underscoring the importance of robust security measures and tools like Microsoft Sentinel.
  2. Microsoft Sentinel offers customizable anomaly detection and User and Entity Behavior Analytics (UEBA) anomalies to identify and respond to potential threats effectively without complex tuning.
  3. Threat intelligence integration, data connectors, and built-in analytics rule templates in Microsoft Sentinel help organizations import, centralize, and leverage threat indicators to proactively detect and respond to malware attacks.

Removing Deprecated Analytics Rules in Microsoft Sentinel

Rod’s Blog 99 implied HN points 06 Jun 23
🕹 Technology Microsoft Sentinel Threat intelligence
  1. Having outdated Indicators of Compromise (IOCs) in your analytics rules in Microsoft Sentinel can be unproductive and consume resources. Consider cleaning up the deprecated rules to optimize performance.
  2. Check for **[Deprecated]** rules in the Rule Templates section of the Analytics Rules blade in Microsoft Sentinel to identify outdated rules that need removal.
  3. Consider implementing Microsoft's Threat Intelligence solution to enhance threat detection by matching log data with up-to-date IOCs generated by Microsoft.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Rare Domains Seen in Cloud Logs with Microsoft Sentinel

Rod’s Blog 59 implied HN points 06 Nov 23
🕹 Technology Security Cloud Computing Data Analysis Threat intelligence Automation
  1. Rare or malicious domains in cloud logs can be used by attackers for phishing, malware delivery, data exfiltration, and command and control.
  2. Detection and analysis of rare domains in cloud logs can help identify threats like phishing attacks, malware delivery, data exfiltration, and command and control activities.
  3. Microsoft Sentinel offers features like built-in hunting queries, automation rules, and playbooks to help detect, enrich, validate, and respond to rare domains in cloud logs.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Botnet Attacks with Microsoft Sentinel

Rod’s Blog 59 implied HN points 16 Oct 23
🕹 Technology Cybersecurity Analytics Threat intelligence Automation Collaboration
  1. Botnet attacks can be detrimental to network security by causing massive disruptions through DDoS attacks, data theft, and malware distribution.
  2. Microsoft Sentinel provides advanced AI and machine learning capabilities to detect and mitigate botnet attacks effectively, offering features like threat intelligence integration and automated incident response.
  3. Organizations can enhance botnet detection with Microsoft Sentinel by setting up custom alerts, regularly updating systems, implementing strong access controls, and collaborating with security teams for threat intelligence sharing.

Beyond Alerts: Easing Security Fatigue with Autonomous Moving Target Defense

Phoenix Substack 14 implied HN points 05 Feb 24
🕹 Technology Cybersecurity Automation Threat intelligence Incident Response
  1. Moving Target Defense (MTD) can prevent successful attacks by introducing dynamic configurations and variability.
  2. MTD reduces false positives by making it harder for automated scanning tools to generate consistent patterns.
  3. MTD shifts security from reactive to proactive by constantly changing the attack surface and reducing the need for continuous detection.

The Art of Camouflage

Deceiving Adversaries 7 implied HN points 09 May 23
🕹 Technology Cybersecurity Deception Psychology Threat intelligence Data Analysis
  1. Understand the mindset, behavior, and tactics of potential cyber adversaries to tailor effective lures.
  2. Craft believable lures by focusing on realism, integration into the environment, and attractiveness to attackers.
  3. Deploy and manage lures strategically, monitor attacker interactions, adapt tactics over time for a dynamic deception strategy.

How Threat Intelligence and Cyber Deception Intersect

Deceiving Adversaries 2 HN points 19 Jun 23
🕹 Technology Cybersecurity Data Analysis Threat intelligence
  1. Cyber Threat Intelligence provides insights into potential threats and helps organizations anticipate, detect, and respond effectively.
  2. Cyber Deception uses deceptive tactics to mislead attackers, acting as a proactive security approach.
  3. The combination of Cyber Threat Intelligence and Cyber Deception creates a powerful tool for organizations to detect, deter, and disrupt cyber threats, enhancing overall cybersecurity.

The Revoke Action for Threat Indicators in Microsoft Sentinel

Rod’s Blog 0 implied HN points 12 Jan 23
🕹 Technology Security Microsoft Sentinel Threat intelligence
  1. Marking a threat indicator as 'Revoked' in Microsoft Sentinel sets a flag indicating the indicator is no longer active, excluding it from rules.
  2. By marking an indicator as 'Revoked' instead of deleting it, you can keep it excluded from rules while still being able to query against it.
  3. This feature is particularly useful for managing potential false positives from 3rd party sources in Microsoft Sentinel's Threat Intelligence blade.

Risky Biz News: Facebook takes down NodeStealer malware before it can take off the ground

Risky Business News 0 implied HN points 05 May 23
🕹 Technology Cybersecurity Vulnerabilities Tools Company News Threat intelligence
  1. Meta disrupted the NodeStealer malware, preventing its spread and protecting user credentials from being compromised.
  2. Various cyberattacks and ransomware incidents have been reported, affecting entities like universities and cities.
  3. Key developments in the tech and privacy sector include the FTC proposing a ban on Facebook monetizing youth data and Discord transitioning to a new username format.

Practical Cyber Threat Intel (CTI)

Detection at Scale 0 implied HN points 22 Apr 24
🕹 Technology Cybersecurity Threat intelligence Incident Response
  1. Cyber Threat Intelligence (CTI) helps identify malicious actors, active exploits, and ongoing attacks, guiding defenders on potential sources of attacks and hacker strategies.
  2. Tactical CTI involves indicators of compromise (IoCs) within attacker tactics and techniques (TTPs) while operational CTI tracks state-sponsored groups, enhancing detection accuracy and preparation for potential threats.
  3. Best practices for an effective CTI program include tracking prior incidents, using CTI in the context of behaviors, selecting relevant threat feeds, enriching IoCs during data ingestion, and periodically refreshing and updating threat intelligence to maintain effectiveness.

RSA conference note, WPP CEO, Router, GooseEgg, Chrome Zero day, VPN, Black Basta

Secure GenAI 0 implied HN points 12 May 24
🕹 Technology Cybersecurity AI Networks Ransomware Threat intelligence
  1. Sophisticated deepfake scams targeting corporate executives like WPP CEO are on the rise, showing the dangers of AI voice clones and impersonation for financial gains.
  2. Critical security updates like the Google Chrome zero-day flaw highlight the constant threat of cyber attacks, emphasizing the importance of prompt action to protect systems and users from potential compromises.
  3. Emerging vulnerabilities in VPNs, such as TunnelVision, expose weaknesses that can be exploited by attackers to bypass encrypted tunnels and intercept user traffic, underscoring the need for robust security measures and vigilance in online activities.

When Security Goes From Karate Kid to Ghostbusters: Why Waiting for Trouble is Bogus

Phoenix Substack 0 implied HN points 04 Nov 24
🕹 Technology Cybersecurity Threat intelligence Incident Response
  1. Putting all your security in one spot is risky. If that one spot fails, everything goes down.
  2. When everyone uses the same security setup, it’s easy for hackers to find and exploit weaknesses. Variety is important to stay safe.
  3. Waiting to react to threats instead of acting first is a bad plan. Being proactive helps you catch problems before they happen.

Beyond Firewalls: The Autonomous Frontier of Moving Target Defense

Phoenix Substack 0 implied HN points 23 Dec 23
🕹 Technology Cybersecurity AI Threat intelligence Kubernetes
  1. Autonomous Moving Target Defense (AMTD) is an innovative strategy to challenge sophisticated AI adversaries.
  2. Dynamic configuration changes in Kubernetes are crucial for adapting defenses against known vulnerabilities.
  3. Collaborative defense ecosystems in Kubernetes clusters enhance real-time communication and threat intelligence sharing.

Risky Biz News: AU, UK, US sanction Russian behind Medibank ransomware attack

Risky Business News 0 implied HN points 24 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Threat intelligence Malware Tech Updates
  1. Australia, UK, and US have sanctioned a Russian individual for ransomware attack on Medibank.
  2. Various cybersecurity incidents like data breaches, ransomware attacks, and malware discoveries are on the rise.
  3. Significant security updates and patches have been released for vulnerabilities in various platforms and software.

Risky Biz News: Brazilian police arrest Grandoreiro malware gang

Risky Business News 0 implied HN points 31 Jan 24
🕹 Technology Cybersecurity Malware Vulnerabilities Infosec Industry Threat intelligence
  1. Brazilian police arrested members of the Grandoreiro malware gang, known for stealing millions from bank customers in Brazil, Mexico, and Spain.
  2. Ukraine's GUR conducted a hack wiping 60TB of data from Russian company IPL Consulting and worked to cripple Akado-Telekom infrastructure.
  3. Various cybersecurity incidents, including crypto-heists, ransomware attacks on companies like Schneider Electric, Romanian government, and details on malware strains like Trigona and Ermac.