Cloudflare is an American company. So how is it doing business with Russian entities?
We were just hit with a phishing campaign pointing to a Russian URL, from a brand new Russian domain, from a Russian registrar, but content served through Cloudflare.
I may be mistaken on the totality of global sanctions against Russia, but it would seem that Cloudflare would not want to do business with these entities.
🌌 Trying to triage #security alerts is a bit like playing a game of Asteroids. 👀 You can respond more efficiently to #cybersecurity alerts if you understand and prioritize the threats—just like you'd decide which asteroids might harm your ship and which ones you could ignore in the game Asteroids! 🕹️ 🙌
A structured approach to triaging security incidents allows you to appropriately allocate resources during the response process, as well as communicate more effectively with everyone involved. And, centralizing all security activities helps you implement a structured, risk-based approach to triage in incident response.
💡 Learn about the challenges and benefits of incident response alert triage, best practices for improving triage for incident response, and more, in our latest blog.👇
https://graylog.org/post/the-importance-of-triage-in-incident-response #incidentresponse #SIEM
MathWorks was struck by a ransomware attack that took MATLAB offline, impacting over 5 million users. How did a trusted tech tool become a digital weak spot—and what does it mean for our data security?
https://thedefendopsdiaries.com/mathworks-ransomware-attack-a-wake-up-call-for-cybersecurity/
#ransomware
#cybersecurity
#incidentresponse
#mathworks
#digitalvulnerability
What if we flipped the script on incident response communications?
Most IR drills ask "what could go wrong?" But what if we started asking "what could go RIGHT?"
Our latest Discernible Drills challenges subscribers to practice positive incident framing during a ransomware scenario. Instead of just damage control, participants learn to:
✅ Transform incident communications into competitive advantages
✅ Identify opportunities to strengthen stakeholder relationships
✅ Reverse engineer foundational investments that enable excellent responses
✅ Convert incident response into lasting business value
Traditional IR training focuses on minimizing impact. This drill teaches teams to maximize opportunity.
By strengthening your skills in positive framing, you don't just respond to incidents more effectively -- you can fundamentally change your role within the organization, becoming a strategic partner who helps businesses navigate challenges while identifying opportunities for growth.
Ready to practice turning your next incident into a new competitive advantage?
Most security teams ask "what could go wrong?" when planning incident response. But I've found that asking "what could go right?" fundamentally changes how we prepare -- and opens up more positive opportunities for teams in their response.
It's possible to thrive through an incident, not merely survive it.
🔥 X (formerly Twitter) is recovering after a global outage this morning — following a data center fire in Oregon earlier this week.
⚙️ NetBlocks confirmed the disruption wasn’t due to country-level filtering, and Downdetector showed tens of thousands of reports dropping back down by midday.
👨💻 While most users are back online, degraded performance remains, especially for login systems like OAuth. This highlights how vulnerable SaaS platforms and social networks are when physical infrastructure — like batteries in data centers — is disrupted.
⚡ As organizations increasingly rely on cloud and SaaS, how prepared are they for sudden physical failures? Should we rethink redundancy and crisis response?
#TechNews #CloudInfrastructure #SaaS #IncidentResponse #DataCenters
https://www.theverge.com/news/674129/x-is-down-after-data-center-fire
It's a busy conference season for #Graylog! 😅 #AWSreInforce is coming up soon on June 16th through 18th in Philadelphia, PA. Grayloggers Sam Parikh, Quinn Kroll, Justine Simpson, and Rich Murphy will be there to answer all your Graylog questions.
And... Rich Murphy will share insight on how to tame your alert avalanche — on June 17th, 1:30 PM, in his presentation at the show. 🚨🏔️ Learn about a battle-tested playbook for alert noise reduction!
More: https://reinforce.awsevents.com/ #TDIR #threatdetection #incidentresponse #cybersecurity
🎉 OUR 5-YEAR ANNIVERSARY GIVEAWAY WINNERS HAVE BEEN SELECTED! 🎉
Thank you to everyone who participated in our anniversary celebration this week! We were blown away by your thoughtful comments about which blog posts have made the biggest impact on your incident response teams. We’ve included a few of our favorites from multiple platforms in the responses below.👇
Congratulations to our 5 Pro subscription winners! We’ll be reaching out directly with your access details for our weekly incident response communication drills.
Reading through your entries reminded us why we do this work — seeing how our frameworks, insights, and strategies have helped real teams communicate more effectively is incredibly rewarding. 🫶
Thank you for being part of our journey over these 5 years. 💙
Here’s to the next 5 years of helping teams communicate clearly when it matters most! 🚀
🏁FINAL DAY OF OUR 5TH ANNIVERSARY GIVEAWAY 🏁
Today we’ll be selecting winners for Pro subscriptions to our weekly incident response communication drills!
Last chance to enter: Comment with a blog post from our team that impacted your security practices, and tell us why it mattered.
Every comment increases your chances! Winners notified by end of day.
Thank you for 5 amazing years of learning and growing together. 💙
🔥 DFIR Labs is Evolving! Have You Seen What's New? 🔥
Big things are happening at DFIR Labs! We've been hard at work implementing a wave of exciting changes and improvements, all designed to enhance your experience!
But we're not stopping there – even more updates are on the horizon!
➡️ Check it out now! https://dfirlabs.thedfirreport.com
🚨 1 day left in our giveaway!
Tomorrow we’re selecting 5 winners to receive free Pro subscriptions to our weekly incident response communication drills!
Have our blog posts on gaining influence, cross-functional communications, or post-mortems improved your team’s effectiveness?
Comment & tell us which blog post helped you the most!
Remember: each comment = new entry. More participation = better chances!
Get your entries in before tomorrow’s deadline!
What’s your biggest incident response communication lesson?
Share which of our blog posts taught you something valuable!
Our 5-year anniversary giveaway continues: 5 Pro subscriptions to our weekly IR comms drills up for grabs. (a $1,200 value!)
Each blog post you share on counts as a separate entry. Multiple entries encouraged!
Winners randomly selected Friday.
Still plenty of time to participate!
💫 New Discernible Drill this week!
You’ll face escalating challenges that force difficult tradeoffs between business continuity, stakeholder communications, and technical remediation - all while racing against the clock. 😰
Subscribe at DiscernibleInc.com/drills
Neue Podcast-Folge: HiWay – Wegweiser für Digitalisierung und Sicherheit „Headless Chicken Mode“ In Folge 10 spricht @jan Frongia über die wachsende Professionalität von Ransomware-Angriffen – und was sich im Krisenmodus trotz allem nicht verändert hat.
Er blickt zurück auf zehn Jahre Incident Response, erklärt typische Muster und verrät, wie Teams auch unter maximalem Druck wieder die Kontrolle gewinnen.
3 Fragen | 10 Minuten | alle 14 Tage neu. Jetzt anschauen, anhören und abonnieren – auf YouTube, Spotify und überall, wo es Podcasts gibt. Moderation: @Lena Morgenroth
YouTube: https://youtu.be/P_MIsURzG5Q
Spotify: https://open.spotify.com/show/6FwPurxOj5ND2H7UcVizA4
Apple: https://podcasts.apple.com/us/podcast/hiway-wegweiser-f%C3%BCr-digitalisierung-und-sicherheit/id1789738836
Moderierte Expertentalks zu Themen, Trends & Herausforderungen aus
✔️ IT-Sicherheit
✔️ Digitale Transformation
✔️ Business Continuity & Krisenmanagement
✔️ IT-Management
✔️ Regulatorik, Compliance & Governance
Die nächste HiWay-Folge erscheint am 4. Juni.
#Ransomware #Cybersicherheit #ITSicherheit #HiSolutions #IncidentResponse #Krisenmanagement
🎉DAY 2 OF OUR ANNIVERSARY GIVEAWAY 🎉
To give back to our amazing community, we’re offering free 1-year Pro subscriptions to our weekly #IncidentResponse communication drills!
To enter: Share which blog post from our team helped you the most & why.
5 random winners chosen Friday.
The hackers got hacked! In an ironic twist, LockBit, the infamous ransomware-as-a-service gang, was breached. Watch the new episode of Cyberside Chats as @sherridavidoff and @MDurrin share the details and explain what it means for cyber defenders.
We explore what was leaked, why it matters, and how this incident compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization.
Watch or listen now and get practical takeaways to strengthen your ransomware response playbook.
Watch: https://youtu.be/xr-8GhazgME
Listen: https://www.chatcyberside.com/e/lockbits-own-medicine-when-hackers-get-hacked/?token=914ee622fe9d4797c7a87bfedd0294f0
#Ransomware #Cybersecurity #LockBit #DFIR #IncidentResponse #ThreatIntel #CybersideChats #LMGSecurity #Cybercrime #Hackers #DataBreach #CISO #CyberAware
In januari 2025 werd de Technische Universiteit Eindhoven (TU/e) getroffen door een ernstige cyberaanval. Wat op het eerste gezicht een technologische crisis leek, werd al snel een belangrijk lesmoment voor de hele onderwijssector.
Podcast Spotify: https://open.spotify.com/episode/6QNXPzNENfVedOvbM3nxcP?si=3418e9dcdf1840d5
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/2514415_hoe-de-tu-e-een-cyberaanval-stopte-een-les-in-snelle-actie-en-transparantie
#TUe #cyberaanval #cybersecurity #incidentresponse #MFA #darkweb #privilegeescalation #DCSync #SURFsoc #FoxIT #vpnbeveiliging #transparantie #netwerkbeveiliging #onderwijs
What makes the difference between minute-long and millisecond response times for MSSPs?
Our SecOps Cloud Platform (SCP) offers three key advantages for MSSPs looking to improve incident response times, with some reporting a 98% reduction in response time:
> Effective EDR Capabilities - The platform enables response actions on endpoints in as little as 100ms, reducing the gap between detection and mitigation for critical threats.
> Rapid Deployment for Incident Response - The multi-platform agent can be deployed at scale in minutes during IR engagements, providing immediate visibility and access to forensic tools like Velociraptor, Hayabusa, and Plaso.
> Sleeper Mode Deployment - MSSPs can pre-deploy sensors to client endpoints for minimal cost, then activate full EDR capabilities when needed. This approach enables faster response and more competitive service-level agreements.
"Our previous technology was cutting-edge, but our mean time to detect and respond was still measured in minutes. The LimaCharlie SCP agent has improved our MTTD and MTTR by around 98%," reports an MSSP founder.
Find detailed implementation guides on our blog, including Infrastructure as Code templates for IR automation and step-by-step instructions for configuring "Sleeper Mode" deployments: https://limacharlie.io/blog/MSSPs-improve-response-times
Five years ago this week, I launched Discernible with a vision that the best security communications is transformative rather than reactive.
Today, I couldn't be prouder of the teams we've helped build political capital and decision-making frameworks that expand their options during critical moments.
In our blog post, I share the most profound lesson from our journey- how an organization's daily choices shape their response capabilities during incidents, and how effective communication turns potential crises into opportunities to demonstrate organizational strength.
