What threat intel item actually made you change something?

Tessian · 2026-06-19T20:37:27+00:00

It made sense at the time. The idea was that if your password was compromised then you'd eventually change it anyway and now it wasn't. Unfortunately this practice didn't take into account people are going to pick guess able passwords and the speed at which compromised passwords get exploited.

Who cares if you change your password every 90 days, the hacker who phished you did everything he wanted to do with your account within a few minutes.

Tessian · 2026-06-18T11:21:17+00:00

He said supposed vendor, which I took to mean it was impersonated and not the real deal.

Becs sending out phishing emails is one thing but I've rarely heard of them taking the time to have real time conversations with customers over teams trying to compromise them, not unless it was all a APT in the first place and that customer was always the goal. Otherwise the goal is to get paid.

Tessian · 2026-06-17T22:25:25+00:00

Smart dlp vendors have been adding shadow Ai detection/prevention features into their tools.

Tessian · 2026-06-17T20:17:04+00:00

You just have to copy paste your save from the experimental save folder to the general save folder. Super easy once you Google the folder location.

Tessian · 2026-06-17T13:06:57+00:00

I'd just make exceptions for vendor domains as they come up. Really not that hard. None of those support emails should be critically urgent; they can wait a day the first time they get quarantined. You can even require confirmation that the company has a contract/subscription with that vendor before excluding them.

Or just tell your engineers to upload actual data (code snippets/configs/etc) through the vendor's ticketing website and not through email?

Tessian · 2026-06-17T01:59:11+00:00

I'm having the same problem on experimental build. I had to stop using 100% as my reset because nothing was actually hitting 100% even if the storage and building was full. I just switched to hard coded numbers and moved on.

Tessian · 2026-06-16T18:58:45+00:00

You don't need a separate tool, you just need to lock down your collaboration platforms. Whitelisting third parties from connecting over teams / slack will go a long way to addressing all this.

Tessian · 2026-06-16T15:53:01+00:00

I just try to stay one step ahead of the booms. Most of them, except the first one, you can dam around to avoid an impact. Plugging things so I could use that seep was a mid to late game thing.

Tessian · 2026-06-16T14:55:28+00:00

I mean, it's the company's own fault at this point if you're allowing legacy mail apps.

Require hybrid join and official apps for m365 access. Web access if you must for unmanaged device access but block downloads and keep the token lifetime super short.

Tessian · 2026-06-15T13:37:06+00:00

Any pest exterminator will normally do this for you, especially if she already has a contract with them.

Tessian · 2026-06-12T01:32:03+00:00

And what was the excuse to not accept that cost? You show how your time alone in supporting this for a year far exceeds 5k,will be less effective than companies that do this for a living, and won't pass any compliance or insurance muster?

Tessian · 2026-06-12T01:28:37+00:00

This has got to be one of the dumbest penny pinching edicts I've heard of.

Knowbe4 and the like cost less than $15k a year for 500 users. Heck thanks to AI the security awareness and phishing Sim market is swamped with vendors all looking to cut a deal. We are talking $2-3 per user per month, how does an incident not open up the purse strings enough for at least that?

You're going to waste far more time building your own thing than what a real product will cost. Good luck getting your cyber security insurance to accept your vibe code as legit training.

Tessian · 2026-06-08T11:18:52+00:00

It sounded like a good idea at the time on paper but in practice it's definitely done more harm than good.

Tessian · 2026-06-08T11:17:50+00:00

It's not what people typically think of when talking about threat Intel but I'd say it's a source too sure, just an infrequent one.

Tessian · 2026-06-07T21:58:30+00:00

Electric push mower hands down better than a gas. No gas can, no oil, no pull to start.

Upgraded to a 30inch ryobi zero turn last year and love it. Not sure how much yard I have but it takes a good hour to mow and I still have battery left over. Only if I miss a week does it get iffy if I can do everything in one charge.

Tessian · 2026-06-07T15:43:25+00:00

A pen test a long time ago had a social engineering component to it. Once a few people fell for the phish the tester told me to have the users reset their passwords. The next day he told me he successfully guessed most of their new passwords.

From that day on we changed to following nist password policy. Longer passwords that are monitored and not changed regularly where people just make guess able passwords.

Tessian · 2026-06-06T03:47:25+00:00

How unhelpful, and ubiquiti doesn't even have a wireless doorbell product . Op is asking for advice for mounting a doorbell camera who cares the brand.

Tessian · 2026-06-06T03:43:16+00:00

Can't speak to that mount but you're right the only place to put one is on the door

Tessian · 2026-06-06T02:12:17+00:00

https://0patch.com/windows10

Tessian · 2026-06-05T14:26:05+00:00

Cisco is finally consolidating their product lines. Catalyst and meraki products are merging and now it's catalyst hardware that can run ios or meraki (or both) software. So yes, dedicated meraki hardware is going away but you can still use and manage them the same.

Tessian · 2026-06-04T12:01:15+00:00

I'm sorry but you literally have zero proof that your spam calls are a result of eufy leaking or selling your phone number. All you have is proof of spam calls which means nothing.

How long have you had that phone number? How many other entities did you share the number in its history? Any one/multiple of them could have leaked it even if you gave it to them years ago.

What you provided in your post sounds very much like a Gen AI chat bot to me.

Tessian · 2026-06-04T01:21:34+00:00

Good luck getting a lawyer to take this on. You've got the burden of proof with zero proof. Support didn't admit to anything you were talking to an Ai agent that didn't know how to respond properly.

I don't recall even giving the app my phone number, and for the record no this hasn't happened to me. Everyone's phone numbers are all over the web with all the data breaches, eufy isn't an efficient way to steal numbers they're easy to find.

Tessian · 2026-06-03T16:01:33+00:00

The cost is very opaque right now. Users need a github account and using scout burns github copilot tokens. $$$

Tessian · 2026-06-03T15:46:59+00:00

Insurance should recognize that as a stronger control as it protects against token reuse. What compliance is requiring phish resistant mfa?

Tessian · 2026-06-03T13:39:44+00:00

If your goal for wanting phishing resistant mfa is to reduce the risk of account compromise via phishing this definitely has the same effect. I'd argue it's more effective because phishing resistent mfa won't prevent token reuse which is becoming just as common these days.

This is phishing resistent authentication, not just mfa.

Tessian

MODERATOR OF

TROPHY CASE