Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.

Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cyber threats.

On this segment of Threat Vector, Chris Brewer, a Director at Unit 42 and expert in digital forensics and incident response, joins host David Moulton discussing Mastering IR Sniping: A Deliberate Approach to Cybersecurity Investigations.

Threat Vector links.

Sniper Incident Response from Cactus Con on GitHub

Sniper Incident Response presentation by Chris Brewer on YouTube

Selected reading.

Results of Major Technical Investigations for Storm-0558 Key Acquisition (Microsoft Security Response Center)

Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained (Bitdefender)

Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks (Bitdefender) 

MITRE and CISA release Caldera for OT attack emulation (Security Affairs) 

MITRE Caldera for OT now available as extension to open-source platform (Help Net Security)

Silverfort and Osterman Research Report Exposes Critical Gaps in Identity Threat Protection (Silverfort) 

United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang (US Department of the Treasury)

Estonian PM: cyberspace is Ukraine war frontline (Euromaidan Press)

Cyberwar and Conventional Warfare in Ukraine (19FortyFive)