#CyberSecurity
From Dark Reading:
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software https://www.darkreading.com/cloud/moveit-progress-critical-bug-ws_ftp-software
#DarkReading #RSSfeed #MastoFeed #cybersecurity #journalism #bot
One can learn much from the study of how ill-prepared realms were destroyed. #cybersecurity https://cromwell-intl.com/cybersecurity/major-breaches.html?s=mc
You're never done learning about #cybersecurity. https://cromwell-intl.com/cybersecurity/basics/13-going-further.html?s=mb
It's Cybersecurity Awareness Month and the first thing you should do?
Go check out The Cybersecurity Canon: THE Canonical List of books about Cybersecurity, curated by experts. PS Thanks Rick Howard, your efforts in creating this will last (@raceBannon99)
Follow @CyberSecCanon for more information.
PS How does @CyberSecCanon have FEWER followers than me? I'm just a librarian... this is a whole library.
“Progress Software’s Cyber Threat Buffet: A Severe Vulnerability Smorgasbord!”
https://thenimblenerd.com/article/progress-softwares-cyber-threat-buffet-a-severe-vulnerability-smorgasbord #cybersecurity
🎉 It's National Cyber Security Awareness Month in the US🎉
Let's work together to make it count! Join and help your favorite Open-Source project by reporting or fixing a bug!
A traditional battlefield is soaked with blood and gore. A digital one, however, may hold useful information. #cybersecurity https://cromwell-intl.com/cybersecurity/forensics.html?s=mc
If you understand the implications, encrypt your mobile devices. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/12-encryption.html?s=mb
Crypto++ 8.9 released - C++ #cryptography/#encryption library made an unplanned release for a memory error, no CVEs https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_9_0 #CPP #cybersecurity #OpenSource #software #engineering #tech
Most people use Windows. Keep it clean. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/11-clean-windows.html?s=mb
nice to see that some modern good #cybersecurity documentaries are finally for "most" part saying #cybercrime #criminals and such instead of the myth of #hackers and #hacking is not perfect but is much better. I recommend it, the documentary is called "Billion Dollar Heist" https://www.imdb.com/title/tt11028122/?ref_=fn_al_tt_1 I paste some pics from it below #HackingIsNotACrime #HackerCulture
Hey #Cybersecurity folks! It's October which means yet again it's Cybersecurity Awareness Month and I am here with my annual plea NOT to abbreviate it #CSAM.
In security and law enforcement communities "CSAM" means Child Sexual Abuse Material, not Cybersecurity Awareness Month.
Try #CAM or just "Security Awareness Month" instead.
I will personally put anyone I see using "CSAM" on blast because it shows a complete lack of awareness of the very topic you're trying to make us aware of.
Be careful during business #travel. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/10-road-warrior.html?s=mb
Be skeptical, avoid on-line scams. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/09-scams.html?s=mb
I wrote a post about how difficult entry-level #cybersecurity jobs are to find, and what you can do to set yourself apart. #infosec https://twin-security.com/advice-for-entry-level-cybersecurity-job-seekers/
None can be a #cybersecurity warrior without knowing the basics of #cryptography. https://cromwell-intl.com/cybersecurity/crypto/?s=mc
Protect your systems against malware. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/08-viruses-and-other-malware.html?s=mb
Millions of Exim mail servers exposed to #zero-day #RCE attacks
#cybersecurity #hacking
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/
Network defenders can use a YARA rule to analyze logs for signs of potential exploitation on their SharePoint servers using the CVE-2023-29357 PoC exploit.
A warrior has never learned all there is to know. https://cromwell-intl.com/cybersecurity/basics/13-going-further.html?s=mc #cybersecurity
In her PhD thesis, Nynke Brouwe ‘investigated how cyber insurance functions on the Dutch market, viewed from the current (legal) frameworks, the contents of cyber insurances, and the responsibilities of the actors operating in the insurance market.’ Open access. Book is in Dutch, but includes English summary
https://repository.ubn.ru.nl/handle/2066/237797
#tech #databreach #security #dataprotection #cybersecurity #insurance #privacy
Delete your #Facebook account. If you can't, be very careful. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/07-social-media.html?s=mb
From Dark Reading:
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files https://www.darkreading.com/dr-global/targeted-attacks-on-azerbaijan-businesses-drop-malware-via-fake-image-files
#DarkReading #RSSfeed #MastoFeed #cybersecurity #journalism #bot
If only you and your bravos speak an obscure tongue of a distant land, then none may eavesdrop on your plans. https://cromwell-intl.com/cybersecurity/basics/12-encryption.html?s=mc #cybersecurity
Use email and web browsers safely. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/06-safe-email-and-web.html?s=mb
When living in a civilized settlement, keep your Windows clean. https://cromwell-intl.com/cybersecurity/basics/11-clean-windows.html?s=mc #cybersecurity
From ChatGPT to HackGPT: Meeting the Cybersecurity Threat of Generative AI https://sloanreview.mit.edu/article/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-generative-ai/ #ChatGPT #GenerativeAI #Cybersecurity
Be extra careful on shared computers. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/05-shared-computers.html?s=mb
Some wizards conjure numbers from patterns of speech. But does this help in #cybersecurity battles? https://cromwell-intl.com/cybersecurity/attack-study/textual-analysis-for-pattern-detection.html?s=mc
Here's how to manage passwords. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/04-passwords.html?s=mb
Oh Exim, you have been so unkind
To millions whose emails you've left behind
Your critical flaws, they do beset
But now for your issues, we won't regret
A fix that is critical, let's find and deploy
To make security issues a thing of the past joy
The vulnerability allows attackers to potentially decrypt RSA ciphertexts, forge signatures, and even decrypt sessions recorded on a vulnerable TLS server.
#Exploits #Cybersecurity #OpenSSL #RedHat #RSA #GNU #Vulnerabilities
https://cybersec84.wordpress.com/2023/10/01/new-marvin-attack-exploits-25-year-old-rsa-decryption-flaw/
Be cautious when you venture out along the trade roads. https://cromwell-intl.com/cybersecurity/basics/10-road-warrior.html?s=mc #cybersecurity
Business email compromise (BEC) costs businesses billions annually. Learn how to protect yourself from this scam.
#infosec #cybersecurity #cybersecurityawareness #businessemailcompromise
Finalizamos la cuarta y última sesión del Último Curso Virtual de Hacking Aplicaciones Web del año 2023. #cybersecurity #hacking #readteam #bugbounty #forensics #osint https://www.reydes.com/d/?q=Curso_de_Hacking_Aplicaciones_Web ¡Muchas Gracias a todos los participantes!
Answering my web #AppSec interview question from yesterday!
Question 49: What are some types of race condition vulnerabilities in web applications?
1. Limit overrun - performing more actions than allowed (e.g. redeeming gift cards, transferring money).
2. State changes - bypassing a state change within normal application flow (e.g. a MFA step during login).
3. Resource access - accessing a shared resource prior to / during the processing of the resource (e.g. uploading and accessing a malicious file prior to AV detection).
The khans along the trade routes are frequented by many who would separate a rogue from his dinars. https://cromwell-intl.com/cybersecurity/basics/09-scams.html?s=mc #cybersecurity
Protect your smart phone. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/02-smart-phone-and-tablet.html?s=mb
Keep your systems up to date. #cybersecurity https://cromwell-intl.com/cybersecurity/basics/01-update.html?s=mb
It's the U.S. Government's #Cybersecurity Awareness Month. Here's where to start. https://cromwell-intl.com/cybersecurity/basics/?s=mb
Ransomed.vc has not disclosed the specific amount for which these files are being held ransom.
#Sony #Cybersecurity #Ransomware #Cyberattack
https://cybersec84.wordpress.com/2023/10/01/sony-reports-possible-ransomware-attack/
𝐑𝐞𝐦𝐞𝐝𝐢𝐚𝐭𝐞 𝐔𝐬𝐞𝐫 𝐑𝐢𝐬𝐤𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐓𝐡𝐫𝐨𝐮𝐠𝐡 𝐎𝐧-𝐩𝐫𝐞𝐦𝐢𝐬𝐞𝐬 𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐂𝐡𝐚𝐧𝐠𝐞𝐬
While we recommend mastering password changes in Entra ID to take advantage of Password Protection, hybrid customers who do password changes on-premises can now use the new setting called "Allow on-premises password change to reset user risk"
#entraid #azuread #azure #idp #identityprotection #passwordchange #passwordprotection #identityrisk #soc #identity #cybersecurity #zerotrust #azureactivedirectory #hybrididentity #hybrid #identityprotection #microsoft #microsoftsecurity
“Climate Change, Internet Trolls and Power-Hungry Tyrants: A Triple Threat Cocktail Stirring Up a Global Storm”
https://thenimblenerd.com/article/climate-change-internet-trolls-and-power-hungry-tyrants-a-triple-threat-cocktail-stirring-up-a-global-storm #cybersecurity
If you missed this, BBB warns about the rise in artificial intelligence used in emergency scams #AI #cybersecurity #infosec https://www.msn.com/en-us/money/personalfinance/bbb-warns-residents-about-the-rise-in-artificial-intelligence-used-in-emergency-scams/ar-AA1hv1xL
Slow day.
New Marvin attack revives 25-year-old decryption flaw in RSA #cybersecurity #infosec https://www.bleepingcomputer.com/news/security/new-marvin-attack-revives-25-year-old-decryption-flaw-in-rsa/ @BleepingComputer @billtoulas
This dumb password rule is from CloverSecurity.
* Password restricts quantity of characters "of same case", making [correcthorsebatterystaple](https://xkcd.com/936/)-style passwords problematic
* No feedback for which rules are broken
* Unlisted prohibited characters
https://dumbpasswordrules.com/sites/cloversecurity/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Flipper Zero WiFi hacking in a few minutes with Talking Sasquach 😀
Includes Marauder, Wireshark and Hashcat!
YouTube video: https://youtu.be/F5iiwounbzY
#wifi #flipperzero #hashcat #wireshark #wpa2 #cyber #flipper #hacking #Cybersecurity #cyber #hacker #hack #infosec
All users are recommended to pay attention to their device settings after the update and make sure their data is saved in the cloud.
#Apple #Privacy #Cybersecurity #iOS #iPadOS #macOS #Passwords #Sonoma
Security researchers have revealed zero-day vulnerabilities in Exim, a mail transfer agent software. Successful exploitation of some of the vulnerabilities can lead to arbitrary code execution. The vulnerability was previously reported to Exim but they have not provided an update. Millions of Exim servers are available on the Internet, according to a network scan. Administrators are advised to restrict Internet access to Exim servers.
@huntress is hosting a CTF that starts this Monday, October 2, if anyone is interested in competing. It’s a month long competition for Cybersecurity Awareness month. There will be challenges released daily and prizes for the top teams 🏆🥇
Sign up / info: https://huntress.ctf.games/
Discord: https://huntress.ctf.games/discord
📢 Attention #IT Admins! Multiple vulnerabilities in Exim mail agent exposed. Find out how unauthenticated attackers could exploit these vulnerabilities.
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
'Fundamental rights assessment
of the framework for detection orders under the CSAM proposal', by Ot van Daalen at IViR. Thorough and well-written legal analysis. Highly recommended.
https://www.ivir.nl/publicaties/download/CSAMreport.pdf
#law #eu #security #cybersecurity #politics #cryptography #ai #tech
McLaren operates a network of 13 hospitals across Michigan, along with various medical facilities such as infusion centers, cancer centers, primary and specialty care offices, and a clinical laboratory network.
#Healthcare #Cybersecurity #Michigan #Cyberattack #USA #Ransomware
https://cybersec84.wordpress.com/2023/09/30/michigan-healthcare-provider-hit-by-ransomware-attack/
Some vulnerabilities have been fixed, but not all, if you missed this: #cybersecurity #infosec
Critical vulnerabilities in Exim threaten over 250k email servers worldwide https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/ @arstechnica @dangoodin
Cybercrime: Erpressergang greift Hotelkette MotelOne an
Terabytes interne Daten der Hotelkette MotelOne stehen offen im Darknet. Darunter befinden sich auch Buchungs- und Zahlungsinformationen und interne Zugänge.
Remarks on “Chat Control”. By @matthew_d_green
Very clear, very informative - also for a lawyer like me. I highly recommend this.
https://blog.cryptographyengineering.com/2023/03/23/remarks-on-chat-control/
#law #eu #security #cybersecurity #politics #cryptography #ai #tech
The attack began with the target receiving a message on LinkedIn from a fake recruiter claiming to work for Meta Platforms.
#Meta #Cybersecurity #LazarusGroup #NorthKorea #Spain #Cyberthreat
InfoSec Events by Region
This list only contains accounts for security bsides, events, and conferences found on Mastodon :mastodon: and in the fediverse. I will regular update this post as more events migrate here. For hacker meet-ups and hackerspaces, please refer to the links below.
📌InfoSec Events by Region
📌Hacker Meet-ups by Region
📌Hackerspaces by Region
🐈🥗
⸻ Event Info
@cfp_time - Call for Papers (#CFP)
@InfoCon - #InfoCon
@InfoconDB - #InfoconDB archive
@SecurityBSidesGlobal - Security BSides Global
⸻ Online 🌐
@ComfyConAU - #ComfyCon
@Digit4lOverdose - D.O. Conference
@pancakescon - #PancakesCon
⸻ Canada 🇨🇦
@BSidesCalgary - #BSidesCalgary, AB
@BSidesEdmonton - #BSidesEdmonton, AB
@BSidesFredericton - BSidesFredericton, NB
@BSidesMTL - #BSidesMTL Montreal, QC
@BSidesOttawa - #BSidesOttawa, ON
@BSidesRegina - #BSidesRegina, SK
@BSidesStJohns- #BSidesStJohns, NL
@BSidesTO - #BSidesTO Toronto, ON
@BSidesVancouver - #BSidesVancouver, BC
@BSidesVI - #BSidesVI Vancouver Island, BC
@hackfest - #Hackfest Québec City, QC
@halifaxbsides - #BSidesHalifax, NS
@NorthSec - #NorthSec Montréal, QC
@polar - #PolQc POLAR Conf, QC
@seqcure - #SeQCure Québec, QC
@thelongcon - #TheLongCon Winnipeg, MB
⸻ US - Northeast
@bsidesboston - #BSidesBoston, MA
@BSidesBuffalo - #BSidesBuffalo, NY
@BSidesCambridgeMA - #BSidesCambridge, MA
@BSidesCharm - #BSidesCharm Towson, MD
@BSidesCT - #BSidesCT Hamden, CT
@BSidesFloodCity - #BSidesFloodCity Johnstown, PA
@BSidesHBG - #BSidesHBG Harrisburg, PA
@BSidesNJ - #BSidesNJ ? NJ
@BSidesNYC - #BSidesNYC New York City, NY
@bsidesphilly - #BSidesPhilly Philadelphia, PA
@bsidespgh - #BSidesPGH Pittsburgh, PA
@bsidesroc - #BSidesROC Rochester, NY
@hushcon - #HushCon New York City, NY
@jawncon - #JawnCon Philadelphia, PA
@pumpcon - #PumpCon Philadelphia, PA
@ShmooCon - #ShmooCon Washington, DC
@SummerC0n - #SummerCon Brooklyn, NY
⸻ US - Midwest
@BlueTeamCon - #BlueTeamCon Chicago, IL
@bsides312 - #BSides312 Chicago, IL
@BSIDESBloomington - #BSidesBloomington, IN
@BSides_BTown - #BSides_BTown Bloomington, IN
@bsidesboulder - #BSidesBoulder, CO
@bsideschicago - #BSidesChicago, IL
@BSidesColoradoSprings - #BSidesColoradoSprings, CO
@BSidesColumbus - #BSidesColumbus, OH
@bsidesdayton - #BSidesDayton, OH
@bsidesdenver - #BSidesDenver, CO
@BSidesFtWayne - #BSidesFtWayne, IN
@bsideskc - #BSidesKC Kansas City, MO
@BSidesMilwaukee - #BSidesMilwaukee, WI
@BSidesPeoria - #BSidesPeoria, IL
@bsidesspfd - #BSidesSpfd Springfield, MO
@CircleCityCon - #CircleCityCon Indianapolis, IN
@CypherCon - #CypherCon Milwaukee, WI
@GrrCON - #GrrCON Grand Rapids, MI
@thotcon - #THOTCON Chicago, IL
@WWHackinFest - #WWHackinFest Deadwood, SD
⸻ US - West
@bsidescv - #BSidesCV Central Valley, CA
@BSidesHawaii - #BSidesHawaii Honolulu, HI
@bsidesla - #BSidesLA Los Angeles, CA
@BSidesPDX - #BSidesPDX Portland, OR
@BsidesSD - #BSidesSD San Diego, CA
@bsidesseattle - #BSidesSeattle, WA
@bsidessf - #BSidesSF San Francisco, CA
@soups - #SOUPS Symposium on Usable Privacy and Security, Anaheim, CA
⸻ US - Southwest
@AustinHackers - #AHA Austin, TX
@BSidesAlbuquerque - #BSidesAlbuquerque, NM
@bsidesaustin - #BSidesAustin, TX
@BSidesDFW - #BSidesDFW Dallas-Fort Worth, TX
@BSidesLV - #BSidesLV Las Vegas, NV
@BSidesRGV - #BSidesRGV Rio Grande Valley, McAllen, TX
@BSidesSATX - #BSidesSATX San Antonio, TX
@BSidesSantaFe - #BSidesSantaFe, NM
@BSidesTucson - #BSidesTucson, AZ
@cactuscon - #CactusCon Mesa, AZ
@defcon - #DEFCON Las Vegas, NV
@DianaInitiative - #DianaInitiative Las Vegas, NV
⸻ US - Southeast
@bsidesatl - #BSidesATL Atlanta, GA
@BSidesAugusta - #BSidesAugusta, GA
@BSidesBirmingham - #BSidesBirmingham, AL
@BSidesCharleston - #BSidesCharleston, SC
@BSidesCLT - #BSidesCLT Charlotte, NC
@BSidesCHS - #BSidesCHS Charleston, SC
@BSidesCharlotte - #BSidesCharlotte, NC
@BSidesGVL - #BSidesGVL Greenville, SC
@BSidesHSV - #BSidesHSV Hunstville, AL
@BSidesJAX - #BSidesJAX, Jacksonville, FL
@bsideskc - #BSidesKC Kansas City, MO
@bsidesknoxville - #BSidesKnoxville, TN
@BSidesNOLA - BSidesNOLA New Orleans, LA
@BSidesNoVA - #BSidesNoVA Arlington, VA
@bsidesorlando - #BSidesOrlando, FL
@BSidesRoanoke - #BSidesRoanoke, VA
@BSidesRDU - #BSidesRDU Raleigh/Durham, NC
@bsidesspfd - #BSidesSPFD Springfield, MO
@bsidesSTL - #BSidesSTL St. Louis, MO
@BSidesStPete - #BSidesStPete St. Petersburg, FL
@BSidesTampa - #BSidesTampa, FL
@CackalackyCon - #Cackalacky Con, Raleigh, NC
@CYBERWARCON - #CyberwarCon Arlington, VA
@securityonion - #SecurityOnion Con, Augusta, GA
⸻ US - Territories
@BSidesPR - #BSidesPR San Juan, PR 🇵🇷
⸻ Caribbean
@BSidesCaymanIslands - #BSidesCaymanIslands, KY 🇰🇾
⸻ Latin America
@BSidesArgentina - #BSidesArgentina Jujuy, Argentina 🇦🇷
@bsidescdmx - #BSidesCDMX Mexico City, Mexico 🇲🇽
@BSidesCO - #BSidesCO Bogotá, Colombia 🇨🇴
@bsidesjp - #BSidesJoãoPessoa, Brazil 🇧🇷
@BSidesPeru - #BSidesPeru Lima, Peru 🇵🇪
@BSidesPanama - #BSidesPanama Panama City, Panama 🇵🇦
@BSidesSP - #BSidesSP Sao Paulo, Brazil 🇧🇷
@BSidesVitória - #BSidesVitória, Brazil 🇧🇷
⸻ Europe 🇪🇺
@botconf - #Botconf Nice, FR 🇫🇷
@brucon - #BruCON Mechelen, BE 🇧🇪
@BSidesAthens - #BSidesAthens, GR 🇬🇷
@BSidesBUD - #BSidesBUD Budapest, HU 🇭🇺
@BSidesCyprus - #BSidesCyprus Limassol, CY 🇨🇾
@BSidesDublin - #BSidesDublin, IE 🇮🇪
@BSidesKraków - #BSidesKraków, PL 🇵🇱
@bsideskbh - #BSidesKbh København, DK 🇩🇰
@bsideslisbon - #BSidesLisbon, PT 🇵🇹
@bsidesljubljana - #BSidesLjubljana, SI 🇸🇮
@BSidesMilano - #BSidesMilano, IT 🇮🇹
@BSidesOsijek - #BSidesOsijek, HR 🇭🇷
@bsidesoslo - #BSidesOslo, NO 🇳🇴
@BSidesPrishtina - #BSidesPrishtina, XK 🇽🇰
@BSidesRoma - #BSidesRoma, IT 🇮🇹
@bsidesrvk - #BSidesReykjavik, IS 🇮🇸
@BSidesSOF - #BSidesSOF Sofia, BG 🇧🇬
@BSidesTallinn - #BSidesTallinn, EE 🇪🇪
@BSidesTirana - #BSidesTirana, AL 🇦🇱
@BSidesTransylvania - #BSidesTransylvania Cluj-Napoca, RO 🇷🇴
@BSidesUmeå - #BSidesUmeå, SE 🇸🇪
@bsidesvienna - #BSidesVienna, AT 🇦🇹
@BSidesZurich - #BSidesZurich, CH 🇨🇭
@deepsec - #DeepSec Con, Vienna, AT 🇦🇹
@hack_lu - #HackLu, LU 🇱🇺
@passthesaltcon - Pass the SALT Con, Lille, FR 🇫🇷
@securitybsidesitalia - #BSidesItalia IT 🇮🇹
@TumpiConIT - #TumpiCon Turin area, IT 🇮🇹
⸻ Germany 🇩🇪
@BSidesBerlin - #BSidesBerlin
@BSidesFrankfurt - #BSidesFrankfurt am Main
@BSidesMunich - #BSidesMunich
@BSidesStuttgart - #BSidesStuttgart
@elbsides - #Elbsides Hamburg
@WEareTROOPERS - TROOPERS Conference, Heidelberg
⸻ United Kingdom 🇬🇧
@44CON - #44CON London 🏴
@AbertayHackers - #SecuriTay Abertay, Dundee, 🏴
@BSidesBasingstoke - #BSidesBasingstoke
@BSidesBelfast - #BSidesBelfast
@BSidesBHAM - #BSidesBham Birmingham 🏴
@BSidesBristol - #BSidesBristol
@BSidesCambridge - #BSidesCambridge
@BSidesCheltenham - #BSidesCheltenham 🏴
@BSidesDundee - #BSidesDundee 🏴
@BSidesExeter - #BSidesExeter
@BSidesLancashire - #BSidesLancashire
@bsidesleeds - #BSidesLeeds 🏴
@BSidesNewcastle - #BSidesNewcastle
@VirusBulletin - #VB2024 VirusBulletin, London 🏴
⸻ Africa
@BSidesCapeTown - #BSidesCapeTown, South Africa 🇿🇦
@BSidesNairobi - #BSidesNairobi, Kenya 🇰🇪
⸻ India 🇮🇳
@BSidesAhmedabad - #BSidesAhmedabad
@BSidesBangalore - #BSidesBangalore
@BSidesChennai - #BSidesChennai
@BSidesIndore - #BSidesIndore
@BSidesJaipur - #BSidesJaipur
@bsidesodisha - #BSidesOdisha
⸻ Asia
@BSidesMyanmar - #BSidesMyanmar, Myanmar 🇲🇲
@BSidesSG - #BSidesSG Singapore, China 🇨🇳
@BSidesTokyo - #BSidesTokyo, Japan 🇯🇵
@BSidesYerevan - #BSidesYerevan, Armenia 🇦🇲
⸻ Australasia
@bsides_bne - #BSides_Bne Brisbane, AU 🇦🇺
@bsidescbr - #BSidesCanberra, AU 🇦🇺
@bsidesmelbourne - #BSidesMelbourne, AU 🇦🇺
@bsidesperth - #BSidesPerth, AU 🇦🇺
@bsidessydney - #BSidesSydney, AU 🇦🇺
@crikeycon - #CrikeyConAU Brisbane, AU 🇦🇺
⸻
For other events not in the fediverse try:
➡️https://securitybsides.com
➡️https://github.com/xsa/infosec-events by Xavier Santolaria @0x58
Feel free use, copy, modify, steal, boost, encrypt, or plagiarize this information anyway you want.
:cc_cc:𝟶 "No Rights Reserved"
This #cybersecurity awareness month you should buy everyone in your family a FIDO2 token
One is fine because they’re just going to put it in a drawer and never use it
But at least you can say you tried
Guilds offer #cybersecurity warrior badges. If you desire one, learn how to operate a thriving caravanserai. https://cromwell-intl.com/cybersecurity/isc2-cissp/domain-7-security-operations.html?s=mc
Next week, our team will join Virus Bulletin's #VB2023 conference. The event brings together #cybersecurity leaders from around the world to learn, debate, and knowledge share to help move the industry forward.
Four of our leaders will lead discussions over the course of the conference. Presentations will cover updates on #cybercrime techniques, the value of collaboration, and more. Join Gabor Szappanos, Jagadeesh Chandraiah — two Peter Szor award winners — Chester Wisniewski, and Sara Eberle in London. Register now: https://www.virusbulletin.com/conference/vb2023/
Digital Trick Or Treat? My latest cartoon for October’s #CybersecurityAwarenessMonth #NCSAM #Halloween #cybersec #utilityscams #USA #cybersecurity #cybercrime
https://www.slanecartoon.com/media/a5f40d37-99b7-42d8-8007-fcdaf12f8166-digital-trick-or-treat-color
October is cyber awareness month.. hit me with your best staff awareness ideas, books, posters etc. We’re including a guide for parents (for their children, obvs), to take it a bit out of the workplace, amongst other things. #infosec #cybersecurity
Hi 👋 are you a BIPOC, LGBTQI+, Women, or Military/Veteran studying #cybersecurity #hacking #infosec? Check-out this awesome #scholarship opportunity! One winner from each category will receive a free boot camp and voucher for a course of their choice valued at up to $5K!
https://www.infosecinstitute.com/scholarship-opportunities-for-aspiring-cybersecurity-professionals/
Update now! #Chrome, other software hit by 0-day exploit – and it’s being attacked #zeroday #cybersecurity #infosec https://www.pcworld.com/article/2087108/update-now-chrome-and-other-software-vulnerable-to-new-zero-day-exploit.html @pcworld @mikemuch
Three men found guilty of laundering $2.5 million in Target gift card tech support scam.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/three-men-found-guilty-of-laundering-2-5-million-in-target-gift-card-tech-support-scam/
#cybersecurity #scam #techsupportscam #moneylaundering #giftcard
If you missed this, DHS is investigating whether floor plans and other security information were exposed in #ransomware attack on contractor #cybersecurity #infosec https://www.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack/index.html @cnnbrk
Cool collection of tip and tricks, one-liners, etc. for various shells and security tools
Worth a reading!
https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet
ZeroFont trick makes users think that message has been scanned for threats.
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/zerofont-trick-dupes-users-thinking-message-has-been-scanned-threats
The cybersecurity 202
Via @timstarks @ddimolfetta
#CyberCivilDefense #cybersecurity
A ransomware gang innovates, putting pressure on victims but also exposing itself https://www.washingtonpost.com/politics/2023/09/29/ransomware-gang-innovates-putting-pressure-victims-also-exposing-itself/
My employer is looking for 5 people to join their Technology Advisory Board in the #UK.
https://www.linkedin.com/jobs/view/3728957970/
They're particularly interested in people with experience in:
* #CyberSecurity
* Health Data / #NHS
* #Cloud Infrastructure
* #Privacy
* Technology leadership
Please spread the word - and do consider applying yourself.
Deadline: 18th October.
When do you cover the selfie camera on your smartphone?
#Polls #Smartphones #Privacy #Cybersecurity #Selfie #PhoneCameras #Poll
The 2024 Open #CyberSecurity #Conference takes place in Tenerife, Spain, 26. Feb - 01. Mar.
"The #OCSC is a unique event to celebrate 30 years of international collaboration of European cyber security and incident management teams within a truly global community of trusted practitioners."
Organized by the Open #CSIRT Foundation (#OCF) in close collaboration with TF-CSIRT and #FIRST.
“The silver lining for cybersecurity in any government shutdown is that most government personnel involved with cybersecurity operations are likely to be classified as essential and will be exempt from furlough. These would include roles like security monitoring and incident response, but generally not roles like security governance,” commented @malwarejake, veteran cybersecurity expert and faculty at IANS Research.
“The dark cloud is that in many government agencies, large percentages of the tactical security operations work is performed by contractors, who have historically not had the same exemptions to remain in place. In any shutdown scenario, there will be fewer staff available for security monitoring and response,” Williams added.
#infosec #cybersecurity #shutdown 🇺🇸
https://www.securityweek.com/80-of-cisa-staff-at-risk-of-furlough-as-government-shutdown-looms/
US National Security Agency unveils artificial intelligence security centre
🚨 Malicious actors targeting #GitHub accounts, posing as Dependabot contributors.
Goal: Steal passwords from developers and inject password-stealer code in #JavaScript files of projects, impacting end-users.
https://thehackernews.com/2023/09/github-repositories-hit-by-password.html
① #China Is Investing Billions in Global #Disinformation Campaign ft. Fake #Journalism, #Bot armies & lawsuits🟠https://archive.ph/XoJxH#selection-4493.148-4493.172
❶ In growing #Security challenge to #USA🟠https://archive.ph/jMjWS
❷ With elections looming, China is flooding #Taiwan with disinformation & wants #Taiwanese voters to think #America is their greatest threat🟠https://archive.ph/Wg5xT#selection-895.0-899.94
#LatinAmerica #Media #Africa #COVID #Ukraine #Facebook #Russia #Meta #News #Instagram #CyberSecurity #Law #Education #SocialMedia▼
The WebP vulnerability in libwebp is nasty. Here's a fairly comprehensive list of applications affected:
#webp #opensource #cybersecurity
https://gist.github.com/mttaggart/02ed50c03c8283f4c343c3032dd2e7ec
If you want to delete your data so Xitter cannot use it to train AI (starting tomorrow!):
Here is a browser script which deletes tweets (so you don't have to pay for a dubious app)
Scroll down to the June 14 'answer'/code offering from Adam Boyle. Open your "Replies" tab in Chrome, use cmd+alt+j & paste the code into the sidebar. Refresh/reload periodically
https://stackoverflow.com/questions/64863099/deleting-tweets-with-js-console/71333246#71333246
#Xitter #Twitter
#AI #Privacy #Surveillance #ElonMusk #Bluesky #MastodonMigration #Academia #Data #Cybersecurity
This week's @symfonystation newletter is out. If you like what you see, you can join our list via the button in the top left corner. Otherwise, please enjoy this week's coverage and boost this post for reach. Thanks for following us. https://us9.campaign-archive.com/?u=ff4ae8c89c97001794aa14c24&id=c7214c7591 :symfony: #Symfony #Drupal #PHP #Cybersecurity #Fediverse
TurkuSec October Meetup!
Date: 13.10.2023 (Friday)
Time: 17:45 – Onwards
Venue: SparkUp Turku (Tykistökatu 4B)
“Safe(ish) app development with GenAI” by Satu Korhonen
“Freelancing in cybersecurity: what is it like and how to start?” by Joonatan Kauppi
Join us!
More info: https://turkusec.fi/turkusec-october-meetup-4/
#TurkuSec #Meetup #GenAI #Freelancing #cybersecurity #Turku #Åbo
🚨 Malicious actors targeting #GitHub accounts, posing as Dependabot contributors.
Goal: Steal passwords from developers and inject password-stealer code in #JavaScript files of projects, impacting end-users.
Learn more: https://thehackernews.com/2023/09/github-repositories-hit-by-password.html
Mark your calendar! Join us tomorrow for Vault Hours and learn what's new in the world of #security — plus get a sneak preview of upcoming product updates. https://www.crowdcast.io/c/bitwarden-vault-hours-35
#cybersecurity #passwordmanagement #passwordmanager #passwordsecurity
If there’s ever a chance you’ll need to access your Vault while offline, Bitwarden has you covered. Read how to configure your client applications for offline access: https://bitwarden.com/blog/configuring-bitwarden-clients-for-offline-access/
#passwordsecurity #cybersecurity #security #passwordmanagement #passwordmanager
Mastodon friends, be sure to remind folks that Xitter’s new privacy policy takes effect *tomorrow*!
If you don’t want the world’s richest man using your data to train AI, it’s time to bail.
Get your Xitter Archive now via settings, use tools to find ppl here or on Bluesky, & be ready to welcome newcomers ✨
Plz share, & pass on any tips you have for migrating/tempting people over!
#Xitter #Twitter #AI #Privacy #Surveillance #ElonMusk #Bluesky #MastodonMigration #Academia #Data #Cybersecurity
![Cool cat posted for attention: a black short haired cat with a shocked expression, laying on gravel and resting his foot on a stone frog engraved with ‘Live, Love, [obscured]’, with gurning stone heads visible in the background](https://cdn.masto.host/frontendsocial/cache/media_attachments/files/111/151/053/636/807/237/small/7288fedd05fde9c4.png)
This dumb password rule is from Zurich.
Password must be EXACTLY 8 characters long.
Alpha numeric characters ONLY.
The first character must be alphabetic.
NO spaces.
The new Password cannot be the same as the last 32 passwords you have used. (they actually store your last 32 passwords)
https://dumbpasswordrules.com/sites/zurich/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Very interesting findings in the latest Cisco Security Outcomes study. One quick highlight answers the question of which has more impact on security threat detection, mature people, processes, or technology. Spoiler, they’re all about equal in importance to a mature program.
Including the best graph from one of the authors @wade
Looking for ways to work the phrase Ravine of Reality into future discussions.
Shout out to @wendynather and her team as well.
Answering my web #AppSec interview question from the other day!
Question 47: Name some user account enumeration techniques.
1. Error/success messages on login / registration / forgot password pages.
2. Insecure Direct Object References.
3. Timing Attacks (e.g. login).
4. Excessive data exposure on APIs (e.g. /v1/users).
Okay, for those tracking CVE-2023-5129, aka the #Libwebp fiasco, here's how to validate if your Electron app is vulnerable.
The patched version of Electron is v26.2.1. To confirm what version of Electron your app is using, you need to run strings against the executable. The version is in the app's User-Agent, so:
strings app.exe | grep "Electron/"Will do the trick. The attached image shows this method for Teams, which tracks with their published version listings.
I'd love it if folks who try this with updated apps post their results as replies here, so we can collect this #ThreatIntel.
#CVE20235129 #InfoSec #CyberSecurity
British charities warn supporters their personal data has been breached.
https://grahamcluley.com/british-charities-warn-supporters-their-personal-data-has-been-breached/
Securely manage access to your organization’s infrastructure secrets with Bitwarden Secrets Manager. https://bitwarden.com/products/secrets-manager/
#secretsmanager #cybersecurity #security #datasecurity #devops
FIDO2 WebAuthn #2FA is now free for everyone! All users can secure their Bitwarden account using a hardware security key or other FIDO2 WebAuthn credential generator. Learn more here: https://bitwarden.com/blog/fido2-webauthn-2fa-in-all-bitwarden-plans
#cybersecurity #passwordsecurity #passwordmanagement #passwordmanager
Apple just updated the support page about iCloud Keychain and removed the part that says when keychain data is deleted from Apple servers. This means if #iOS17, #iPadOS17, or #macOS 14 has turned syncing on without your permission, it's a hassle to make sure data is deleted from #Apple servers.
Our investigation and testing showed that upgrading to Apple's latest operating systems switch iCloud Keychain on without user permission. The number of users experiencing this issue is growing 👇:
@JT Although not individuals themselves, check the account followers of these #Cybersecurity events/groups and their respective tags (like #BSides and #DEFCON):
📌InfoSec Events by Region
📌Hacker Meet-ups by Region
Also, I follow lots of #InfoSec and peers and recently posted some list exports to my github, so if you want to add a bunch at once, download the following:
➡️ cslists.20230924.Sec🔐.csv
➡️ cslists.20230924.Bsides🥞.csv
Then import as a Lists type here:
📥https://infosec.exchange/settings/imports
Hope this helps!
![Screenshot showing the Import web page on Mastodon.
Import type *
You can import data that you have exported from another server, such as a list of the people you are following or blocking.
> Lists
Data *
CSV file exported from another Mastodon server
[Browse] cslists.20230924.Bsides🥞.csv
● Merge
Keep existing records and add new ones
○ Overwrite
Replace current records with the new ones](https://cdn.masto.host/frontendsocial/cache/media_attachments/files/111/136/487/003/156/329/small/bfe9cea19e9c20af.jpeg)
Ok but for real.
I fought like HELL to get a Tier 1 IT job. I know my stuff.
My coworkers don't know how to use command line interface, navigate an OS, or do basic IT troubleshooting. They don't know the names of computer components. The difference between IPv4 and IPv6. Powershell. Infosec.
Is this really T1 Tech support? This was my 'competition' for this job? Is this what I solo studied for for years? Fought for?
WHAT'S HAPPENING??
😭😫
I am in mild despair.
#blackmastodon #IT #Cybersecurity
Newly discovered attack lets malicious websites "read the usernames, passwords, and other sensitive visual data displayed by other websites." #infosec #cybersecurity
It "violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet."
GPUs from all major suppliers are vulnerable to new pixel-stealing attack https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/ @arstechnica @dangoodin
Exiled Russian journalist claims "European state" hacked her iPhone with Pegasus spyware.
Read more in my article on the Bitdefender blog:
Learn how the Gramm-Leach-Bliley Act regulates #datasecurity practices in financial institutions, and how an enterprise-wide password manager can help: https://bitwarden.com/blog/gramm-leach-bliley-act-data-security-practices
Our Director for #Cybersecurity, Grzegorz Minczakiewicz and Head of CERT-EU, Saâd Kadhi are now in the panel "Bracing up for cyber impact: the response of CERT-EU, EU institutions and Agencies to current and future threats".
This panel is part of the interinstitutional kick-off event for the European Cybersecurity Month.
Watch it live 👉 https://europa.eu/!YgBRf3
🚨PSA: iOS 17 turns these sensitive location options back on. If you have disabled significant locations as well as adding your location information to your iPhone analytics before upgrading to iOS 17, iOS 17 will turn the options on as shown in the screenshot.
While significant locations remain local on your iPhone, they can be abused as they record detailed information about the locations you visit frequently. iPhone analytics, on the other hand, are shared with Apple. Having your location information included in these analytics reports might have privacy implications, even if the reports don't identify you.
Security experts have always advised to turn these two options off.
Go the Settings app: Privacy & Security ➡️ Location Services ➡️ Scroll down to System Services ➡️ Find these two options and turn them off:
👉 Significant Locations
👉 iPhone Analytics
Re-post and share it with your friends.
You're welcome!
#Privacy #Apple #iOS17 #CyberSecurity
Reposted from X (https://twitter[.]com/mysk_co/status/1705665324035498016)
🚨Important Update: After some further investigation with several attempts to reproduce the issue, it appears this could simply be a rare edge case and these location settings will not turn back on when upgrading to iOS 17.
We regret the error, and we promise to do better in the future. It’s always our goal to promote privacy in a world of Big Tech, and the best way to do so is to keep everyone honest including ourselves 🙏
Infosec folks!
@qtc has too few followers.
He's a former colleague of mine and doesn't post much, but when he does, it's either the release of one of his groundbreaking tools, cutting-edge research, or both.
This is a definite follow recommendation!
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking
Got Bitwarden questions? Check out this FAQ to get answers and learn about sharing with organizations: https://bitwarden.com/help/org-faqs/
#passwordmanager #cybersecurity #passwordsecurity #security #passwordmanagement
I have an announcement about a virtual talk from the #IEEE San Diego Section called "Design and Application of Discrete-Time Chaotic Systems"
This speaker is great! This is a follow up from a presentation earlier this year.
It's a real thrill to see the evolution of ideas between researchers and interested audiences.
Sign up to attend this event below:
https://events.vtools.ieee.org/m/375332
Here's a headstart on the #abstract
This talk will focus on design and application of discrete-time #chaotic systems. It will cover both #digital and #analog implementations of such systems and outline their respective advantages for several applications. The goal is to introduce chaos theory, widely considered as one of the monumental scientific findings of the last century and then shed light on the possible opportunities and challenges for its widespread adoption in diverse engineering applications specially in the field of #cybersecurity.
In the latest "Smashing Security" podcast we discuss (amongst other topics) what happened when YouPorn told me I'd uploaded my sex video to their servers. With Carole Theriault, and special guest Andrew Agnes.
Find it in all good podcast apps.
iOS 17 update secretly changed your privacy settings; here's how to set them back.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/ios-17-update-secretly-changed-your-privacy-settings-heres-how-to-set-them-back/
