April 23, 2023

TSD #038: Linking supply chain attacks

3 mins

Presented by eCrime.ch​

This week's edition is brought to you by eCrime.ch. The eCrime.ch service monitors over 90 threat actor-maintained ransomware and data leak sites on the dark web. Intelligence analysts enrich the collected data with geo- and sector-specific data information, attributing a cyber event to an entity anywhere in the world. Integrate the data feeds into your existing cyber-solutions (TIP, SIEM, ticketing system) and respond to cyber-threats targeting your customers, peers or third parties and protect your valuable asset - your data. Learn more.



Hello friend πŸ‘‹

This week on LinkedIn I publicly launched the waitlist for my upcoming book: "Cyber Threat Intelligence 101". There's been a tonne of interest in the book, which is motivating to say the least! This will be a cathartic and fun project because I'll be getting a lot of the things I know about CTI written down on paper and out of my head in a way. It's a real privilege to be able to put a book like this together. If you're new here and want to get on the waitlist, just fill in the form below:

Also, I'm in the slow process of moving my website to a new design framework, so if you happen to notice the odd text box out of line...feel free to let me know! πŸ€™

This week's cyber news:

Microsoft & Citizen Lab report forces QuaDream to shut down.

QuaDream made spyware that was used against journalists and politicians. Including a zero-click iOS exploit that was incredibly advanced. They did business through a shell company in Cyprus and now they're out of business. But will their leadership simply create another company? Read more.

The 3CX breach was two linked supply chain attacks.

TEARLINE reported the 3CX VoIP breach at the end of March. The company's software is used by 600k companies. It turns out, their breach happened because of another supply chain breach! Check out Andy Greenberg's write-up on Wired. Read more.

Fun Things

πŸ“„ Awesome Article
Google and Apple analyse NSO spyware

Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series Google's Project Zero team will describe for the first time how an in-the-wild zero-click iMessage exploit works. They teamed up with Apple to break this one apart. It's an eye-opening read, even if you don't understand it all - which I certainly don't! Read it here.

πŸŽ™οΈ Podcasts

I found a podcast from the team at Proofpoint that I'd never heard of before. It's been going on for a year and is really nice. This week's episode is about SMS attacks. Listen on Spotify or Apple Podcasts.


πŸ‘Ύ Cool Tool

Crawling and spidering are fundamental features in things like Burp Suite. It's really useful for mapping out pages (even hidden ones) on a site so that you can then gather intel or find entry points. Here's a fun little tool I found on my travels that I'm really enjoying! Check it out on GitHub.


See you next week,


Say hi πŸ‘‹ on Twitter or LinkedIn

☎️ Book a 1:1 call with me


πŸ‘‹ Ways I can help you

  1. ​Sponsor this newsletter - get in front of 1,500+ infosec readers.
  2. Get daily cyber news - LinkedIn, Twitter, or Telegram.
  3. ​Cyber Career Course - the fastest way to a career in cybersecurity.
  4. ​Take a workshop - learn essential skills to create content.
  5. Have me speak at your event.