Illuminati Press Office
3 minutes ago

#CyberSecurity is an increasingly important issue, and #TheIlluminati takes this very seriously. We must all work together to ensure that ransomware victims are protected from these malicious attacks. Our goal is to help victims recover their losses and to prevent future attacks. #ProtectYourData #RansomwareProtection #CyberAttackPrevention

Zeljka Zorz
24 minutes ago

Apple has fixed three zero-days exploited “against versions of iOS before iOS 16.7.”

@hawkes @citizenlab #0day #iOS #cybersecurity

Apple logo on broken glass background

"🔐 BBTok Banking Malware Resurfaces with a Vengeance in LATAM 🌎"

Check Point Research (CPR) has unearthed a new variant of the BBTok banking malware actively targeting over 40 banks in Mexico and Brazil. Initially discovered in 2020, this variant mimics the interfaces of these banks, duping victims into divulging their 2FA codes or payment card details. The malware, now employing diversified infection chains for different Windows versions, showcases an evolution in the threat actor's tactics, notably utilizing multi-layered geo-fencing to ensure infections are localized to Mexico and Brazil. The malware's functionality extends to process enumeration, keyboard and mouse control, alongside classic banking Trojan features like simulating fake login pages. The campaign's sophistication underscores the need for heightened vigilance when entering banking credentials online.

Source: Check Point Blog

Tags: #BBTok #BankingMalware #CyberSecurity #LATAM #Phishing #2FA #CheckPointResearch #MalwareEvolution #GeoFencing 🏦🛡️🌐

"🚀 P2PInfect Botnet Skyrockets: A 600X Surge in Traffic Unveiled by Cado Security Labs 🚀"

Cado Security Labs has unveiled a staggering 600X increase in P2PInfect traffic since August 28, with a notable 12.3% spike just a week before the publication of their findings. The botnet, primarily targeting servers hosting publicly-accessible instances of Redis, has seen its tentacles spread across China, the US, Germany, the UK, Singapore, Hong Kong, and Japan. The malware, dubbed P2PInfect, has evolved significantly since its discovery in July 2023, showcasing a self-update mechanism and a rapid release of new variants by its developers. The botnet's exponential growth is alarming, with its nodes now spanning across major Cloud Service Providers (CSPs) in both East-Asian and American regions. The malware's primary objective remains elusive, although its rapid iteration and geographical spread hint at a larger, possibly more nefarious agenda in the offing. The detailed analysis by Cado also sheds light on the botnet's sophisticated evasion and persistence mechanisms, making it a formidable threat to global cybersecurity.

Source: Cado Security Labs

Tags: #P2PInfect #Botnet #CyberSecurity #Malware #CadoSecurityLabs #Redis #CloudSecurity #CyberThreats #InfoSec

The Nimble Nerd
1 hour ago
The Nimble Nerd
1 hour ago
1 hour ago

🛡️ Origin servers are a crucial component of the web infrastructure, and ensuring their availability and security is essential for maintaining a reliable online presence.

Discover the fundamentals of #originserverprotection in our latest blog! 💻

We'll cover:

✅ Understanding what is an origin server and its criticality.
✅ Common threats involved in exploiting an origin server
✅ Six ways to protect the origin servers.

Read the full blog now! 🔒🌐

#webapplications #mobileapplications #apiapplications #ddosattacks #waap #waf #cdn #cybersecurity #apptrana #indusface

Raumfahrer.Net Neuigkeiten
2 hours ago

Hacking Contest mit virtueller Mars-Mission
ATHENE und ESA veranstalten internationalen Cybersecurity-Wettbewerb. Eine Presseinformation des Fraunhofer-Instituts für Sichere Informationstechnologie #SIT. #cybersecurity #ESA #athene

3 hours ago

Phase 2 von #HSK „Existenzbedrohende Risiken …“ ( am 19.09.2023 in @Cyberagentur mit Symposium gestartet. Dass sich wissenschaftliche #Konkurrenten im Wettbewerbsprozess gegenseitig kennen lernen können, ist ein Novum in #Forschung. Grundlage ist das PCP-Verfahren.

#Cybersicherheit #Cybersecurity #KRITIS #Hochsicherheit #PCP #KI #Innovation #Wissenschaft #StartUp #HalleSaale

Großes Interesse an den unterschiedlichen Forschungsansätzen der drei Konsortien im Forschungsprojekt HSK. Symposium zum Start der Phase 2 gab Möglichkeit zum Kennenlernen und zum Austausch über neue Projekte. Foto: Cyberagentur
3 hours ago

Every now and again, I write something that makes me think about the #CyberSecurity industry in a new way. I hope you, too, get some insights from this post about #NIST and #CISA
(TL;DR: Get your secrets out of your code and have a plan to prove you did sooner than later)

"🚨 The Inside Story: How Equifax Was Breached in 2017 🚨"

On a seemingly ordinary Saturday night, an Equifax security engineer's routine update unveiled a massive breach. The aftermath? Personal data of 163 million customers had been compromised. The breach's origin? A vulnerability in Apache Struts (CVE-2017-5638) from March 2017, which allowed remote code execution. Despite Equifax's swift response to patch affected applications, the Automated Consumer Interview System (ACIS), a legacy system from the 1970s, was overlooked. By May 2017, attackers had exploited this vulnerability, gaining control over a web server. The breach was further exacerbated by poor network segmentation, allowing attackers to access 48 different databases and exfiltrate vast amounts of personal identifiable information (PII).

Source: 0x7D0 Blog by vedard

Tags: #EquifaxBreach #Cybersecurity #DataBreach #ApacheStruts #CVE2017-5638 #LegacySystems #PII 🌍🔓🔐

"🚨 Real Time Automation 460 Series Vulnerability Alert! 🚨"

Real Time Automation's 460 Series, versions prior to v8.9.8, have been identified with a high-risk Cross-site Scripting (XSS) vulnerability (CVE-2023-4523, CVSS v3 score: 9.4). Exploiting this could allow attackers to run malicious JavaScript content. The vulnerability was discovered by Yehia Elghaly. Real Time Automation recommends users to update their product to the latest version. CISA has provided mitigation strategies, emphasizing the importance of minimizing network exposure and using secure methods like VPNs. No known public exploitation targeting this vulnerability has been reported yet.

Source: CISA Advisory

Tags: #CyberSecurity #Vulnerability #XSS #RealTimeAutomation #CISA #CVE2023 #ICS #IndustrialControlSystems #CyberDefense 🌐🔐🔍

🔗 MITRE CVE-2023-4523

4 hours ago

🎙️ Here are the glimpses of conversation from the recent #SaaSTrana Podcast.

In this SaaSTrana podcast, Mona Salvi (Senior Director – Product Security, HubSpot) talks to Venkatesh (Venky) Sundar about building a unified org structure and North Star metrics to drive security-related initiatives in a cohesive working environment.

She also shares how to manage three pillars – platform security + trust & safety + payments fraud together under a single leadership umbrella.

Key highlights from the discussion:

Key highlights from the discussion :
- About Mona Salvi and HubSpot
- Developing the mindset of intrinsic vs. extrinsic security
- Driving secure product experiences along with focusing on core business
- The pillars of platform security + trust and safety + payments fraud
- Breaking the silos between the risk officer and the security officer
- Developing applications at speed without impacting the security
- Building security champions within the organizations
- Building North Star metrics for security teams - Security
an enabler for customers to pick the right vendor of choice
- Protecting from threats caused by OpenAI and LLM tools (The facts on utilizing security co-pilots)

Tune in to the full podcast now! Listen on:
1. YouTube:
2. Spotify:
3. Amazon Music:
4. Apple Podcasts:
5. Anchor (others):

#cybersecurity #webapplications #openai #LLMTools #productsecurity #cyberthreats #webapplicationsecurity #saas #saassecurity #fraudprotection #saassecurity #appsec #apptrana #indusface

5 hours ago

Since mid-2020, Gold Melody has expanded its target scope to include retail, healthcare, energy, financial, and high-tech organizations in North America, Northern Europe, and Western Asia.

#Cybersecurity #HackerGroup #Ransomware #GoldMelody

Marlon Cyberwald
5 hours ago

Cybersecurity Morgenreport - Ausgabe 20230922
Guten Morgen Mastodon, hier gibt es die aktuelle Ausgabe:

Das Archiv findet ihr unter:

Viel Spaß beim lesen und bleibt sicher!

Viele Grüße
Marlon von Cyberwald
#Security #Sicherheitslücken #news #cybersecurity

In montagna ti puoi bagnare in due modi: sotto un franco e abbondante temporale, oppure attraversando un banco di nebbia. Con il primo sai esattamente dove e quando ti sei infradiciato, con il secondo ti ritrovi zuppo senza avere idea di dove e quando hai preso acqua. Il nostro Paese sta diventando ogni giorno di più un sistema carcerario a cielo aperto, sorvegliare e punire è la risposta di default a qualunque problema. Questi “ampliamenti” fanno paura, somigliano molto alla legge Reale degli anni ‘70. Con la scusa dei mafiosi e della sicurezza nazionale alla fine non sai mai quanta altra gente finirà per essere sorvegliata (e punita) e per quali iniziative considerate in qualche modo “eversive”. I casi #Snowden e #Assange dovrebbero far riflettere. Con la scusa del terrorismo e della sicurezza nazionale hanno controllato la vita di milioni di persone.

RedPacket Security
7 hours ago
RedPacket Security
7 hours ago
Kristin Ides 🎃
8 hours ago


I just got back from the Fal.Con #cybersecurity conference in #Vegas, held at #Caesars...

When I was checking out at 4am this morning, I blearily stumbled to a self-checkout machine to get my folio for Expensify without talking to a human (living that #tech life, yo), I quickly stopped myself as I realized that these machines littering the massive casino ask you to insert your driver's license INTO the machine, while the screens are flickering and Windows is having a meltdown.

After, you know, everything mentioned in the article below. Unreal! 👇

#hack #cyberattack

P.S. I had hella fun tho!

Three smiling people sitting in front of a neon sign for the Fal.Con conference.

"New ‘Privacy Badger’ Extension Better Protects Against Google Link Tracking" by @ResPrivacy - Upgraded tooling to circumvent tracking and delays from following links through them. #privacy🔏 #cybersecurity🛡️ #surveillance👀 #tech

Dumb Password Rules
8 hours ago

This dumb password rule is from Seur.

Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Anonymous :anarchism: 🏴
8 hours ago

⚠️ Attention #Linux users who downloaded the "Free Download Manager" software between 2020 and 2022:

Its website was breached in 2020, and a #Ukrainian hacker group distributed #malware.

#cybersecurity #cyberattack #infosec 🐧

Anonymous :anarchism: 🏴
8 hours ago

#GoldMelody, the financially motivated cybercrime group, is selling access to compromised organizations for #ransomware attacks.

Researchers have revealed their tactics and targets:

#malware #cybersecurity #informationsecurity

8 hours ago

New zero day in the wild, originates from #libwebp and played down by #apple and #google

For those who couldn't be bothered to read, affected list below:

In short, you are.

#cybersecurity #infosec #0day #zeroday #cve202341064 #cve20234863

    Basecamp 3
    Beaker (web browser)
    Cryptocat (discontinued)
    Eclipse Theia
    GitHub Desktop
    Light Table
    Logitech Options +
    Microsoft Teams
    MongoDB Compass
    QQ (for macOS)
    Quasar Framework
    Symphony Chat
    Visual Studio Code
Google Chrome –  Mac and Linux 116.0.5845.187 and Windows 116.0.5845.187/.188.
    Mozilla – Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
    Brave Browser – version 1.57.64 (Chromium: 116.0.5845.188).
    Microsoft Edge – versions 109.0.1518.140, 116.0.1938.81 and 117.0.2045.31.
    Tor Browser – version 12.5.4.
    Opera – version 102.0.4880.46.
    Vivaldi – version 6.2.3105.47.
Operating systems

    Debian – released a partial security fixes for chromium, firefox, firefox-esr, libwebp and thunderbird, not all distributions have a fix.
    Ubuntu – released a partial security fixes for chromium-browser, libwebp, firefox, thunderbird and mozjs, not all distributions have a fix.
    Alpine – released security fixes to chromium, libwebp, qt5-qtimageformats and firefox-esr.
    Gentoo – released security fix to media-libs/libwebp version 1.3.1_p20230908.
    RedHat – released security fixes (RHSA) for Mozilla Thunderbird, Mozilla Firefox and libwebp.
    SUSE – released security fixes (SUSE-SU and openSUSE-SU) for Mozilla Firefox, Mozilla Thunderbird, libwebp and chromium packages.
    Oracle – released security fixes (ELSA) for Mozilla Firefox and Mozilla Thunderbird.
    Amazon Linux – still haven’t pushed fixes to their AMI images
Other software

    Zulip Server – version 7.4.
    Electron – versions 22.3.24, 24.8.3, 25.8.1, 26.2.1 and 27.0.0-beta.2
    Xplan – version 23.9.289.
    Signal-Desktop –  version 6.30.2.
    Honeyview – version 5.51.
Anonymous :anarchism: 🏴
8 hours ago

🚨 China's Ministry of State Security accuses the U.S. of cyber espionage against Huawei servers since 2009.

#cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
8 hours ago

🚨 #P2PInfect Worm Alert : P2PInfect #malware activity skyrockets 600x in a week. Researchers shed light on its rapid growth and evolving tactics.

#cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
8 hours ago

🚨 Beware of Malicious Apps. Threat actors are using sneaky tactics to connect harmful third-party apps to your core SaaS apps.


Anonymous :anarchism: 🏴
8 hours ago

The Internet of Things is booming, but it's also a playground for hackers. Learn about the growing threat of IoT-driven #DDoS attacks and how to safeguard your network.

#cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
8 hours ago

#Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campaign.

#cybersecurity #informationsecurity

9 hours ago


📱 iOS 17.0.2 - no CVE entries

#apple #cybersecurity #infosec #security #ios

16 hours ago


Apple pushed additional updates for a zero-day that may have been actively exploited.

🐛 CVE-2023-41993 (WebKit) additional patches:
- Safari 16.6.1

#apple #cybersecurity #infosec #security #ios

16 hours ago


🌐 Safari 16.6.1 - 1 bug fixed

#apple #cybersecurity #infosec #security #ios

Apple just released iOS 17.0.1 and iPadOS 17.0.1 and iOS 16.7 and iPadOS 16.7.

Three seemingly critical security issues reported by @citizenlab have been patched. All of which have this warning:

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7"
#privacy #CyberSecurity #infosec

17 hours ago


Apple pushed additional updates for 3 zero-days that may have been actively exploited.

🐛 CVE-2023-41992 (Kernel) additional patches,
🐛 CVE-2023-41991 (Security) additional patches:
- iOS and iPadOS 16.7
- iOS and iPadOS 17.0.1
- watchOS 10.0.1
- watchOS 9.6.3

🐛 CVE-2023-41993 (WebKit) additional patches:
- iOS and iPadOS 16.7
- iOS and iPadOS 17.0.1

#apple #cybersecurity #infosec #security #ios

17 hours ago


📱 iOS and iPadOS 17.0.1 - 3 bugs fixed
📱 iOS and iPadOS 16.7 - 3 bugs fixed
⌚ watchOS 9.6.3 - 2 bugs fixed
⌚ watchOS 10.0.1 - 2 bugs fixed

#apple #cybersecurity #infosec #security #ios

17 hours ago


Apple pushed updates for 3 new zero-days that may have been actively exploited.

🐛 CVE-2023-41992 (Kernel):
- macOS Monterey 12.7
- macOS Ventura 13.6

🐛 CVE-2023-41991 (Security),
🐛 CVE-2023-41993 (WebKit):
- macOS Ventura 13.6

#apple #cybersecurity #infosec #security #ios

17 hours ago


💻 macOS Ventura 13.6 - 3 bugs fixed
💻 macOS Monterey 12.7 - 1 bug fixed

#apple #cybersecurity #infosec #security #ios

Tib3rius :antiverified:
18 hours ago

Answering my web #AppSec interview question from yesterday!

Question 44: You find XSS in an application, however the customer informs you that users should be able to submit HTML code. What advice would you give them to remain secure?

The easiest solution is likely to use an HTML sanitizer like DOMPurify with an allowlist of "safe" elements and attributes.

Another option is to use a separate "sandbox" domain to host the HTML code, displaying it using an iframe. Any JavaScript code will run in the security context of the sandbox and will not be able to affect the main application.

As an additional measure, a well-configured Content Security Policy can be used to instruct the browser to only run trusted JavaScript code.

#InfoSec #Cybersecurity #BugBounty #Hacking

Graham Cluley
18 hours ago

Snatch ransomware - what you need to know.

Learn more in my article on the Tripwire blog:

#cybersecurity #ransomware #dataloss

18 hours ago

We just sent out our first round of speaker acceptance emails!! Still have more reviews in the works, but the top ones were pretty unanimous from all our reviewers!! #BSidesChicago #hacking #CyberSecurity

Aida Akl
18 hours ago

The leaking of source codes used by #LockBit and #Conti in recent years has spawned new, smaller #ransomware operators looking for easier targets. #cybersecurity #infosec

“Whereas there used to be three to five big ones and a tail, there are now three big ones and a very long tail."

And the tendency is "not to do ransomware anymore, they just hack and then extort.”

Trend Micro: New #Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses @TrendMicro

#Cybersecurity #IncidentResponse in a nutshell.

(Sorry/not-sorry for stealing your template, @krishean)

Syndrome meme: "When every incident is a priority zero none will be"
Graham Cluley
20 hours ago

Donald Trump Jr’s hacked Twitter account announces his father has died.

That'll be his dad who previously chose Twitter passwords like "yourefired" and "MAGA2020!"

#cybersecurity #donaldtrump #password #twitter

Hacked Donald Trump  Jr Twitter account, against backdrop of American flag

Ever wish #Splunk could cost *more*? Ever wonder what it would be like if Splunk had *even more* SKUs?

Dreams can come true!

#Cisco to buy Splunk for $28 Billion(ish)


Avoid the Hack! :donor:
21 hours ago

Proton Pass #security flaw exposed: #Firefox users at risk

Quick scope: Requires access to the browser + memory (so in other words, your machine would have to be compromised.) Proton Pass doesn't clear retrieved data from memory even after locking the vault. With a memory dump, an attacker could retrieve stored items fetched from the vault from memory.

The bug was fixed after disclosure in a Cure53 audit, but popped up again after Proton pushed feature updates to the Proton Pass browser extension.

Apparently, as of posting this issue is fixed for Chrome extensions but not yet for Firefox add-ons. Firefox fix is on the way.

#cybersecurity #browsers #passwordmanagers #opensource

22 hours ago

It's not about "the children", they're just a scapegoat. Governments all over the world want to continue blanket surveillance and end-to-end encryption stops that, so they are just using kids as an excuse.

"Government vs Meta: End-to-end encryption without the encryption?"

#Privacy #Security #Cybersecurity #Encryption

Dissent Doe :cupofcoffee:
23 hours ago

It's a serious #databreach, but hats off to TissuPath Australia for its security notice that provides more info than we usually see about how a breach occurred. It doesn't come back and tell people that the data were dumped, but it had revealed the threat and possibility of it.

@brett @euroinfosec

#HealthSec #cybersecurity #vendor #extortion #dataleak #databreach #AlphV #transparency

Craig Newmark
23 hours ago

The cybersecurity 202
Via @aaronjschaffer @ddimolfetta
#CyberCivilDefense #cybersecurity
Garland defends spy powers, but their future remain uncertain

Eva Wolfangel
1 day ago

Receiving a leak is like Christmas - we want to open it immediately, we are sure it will satisfy our needs - and we are not sure if we really want to know who brought it to us (Santa Claus?)
Thanks ⁦‪Sandrine Rigaud‬⁩ - I feel understood.

Panel „Working with Hackers“ at the Investigative Journalism conference with Jan Strozyk, Lorax Horne, Alena Prykhodzka and Sandrine Rigaud
Forum Standaardisatie
1 day ago

Ook Stichting Kennisnet verdient🧁 met een 100% score op de meting moderne internetveiligheidstandaarden.

Gefeliciteerd Larissa Zegveld🎈! Belangrijk dat bestuurders ook voor #openstandaarden zijn die zorgen voor meer betrouwbaarheid en verdere groei van het internet. Uitgereikt door @internet_nl op #IBC23. Wie volgt?

Ook weten hoe jij er voor staat met je website?👉Test het op

@minbzk #cybersecurity

Directeur Stichting Kennisnet ontvangt van Platform Internetstandaarden taart voor 100% score IV-meting.
1 day ago
Anonymous :anarchism: 🏴
2 days ago

🛡️ #Signal messaging app's latest update adds a quantum-resistant shield. Learn how the PQXDH protocol boosts #encryption against future quantum threats.

#privacy #cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
2 days ago

Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.

#infosec #cybersecurity #technews

Anonymous :anarchism: 🏴
2 days ago

🔥 Finnish authorities shut down PIILOPUOTI, a dark web hub for illegal narcotics.

#cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
2 days ago

Worried about web app security? You should be!

Modern web applications' modular nature makes them vulnerable. Discover how supply chain vulnerabilities can compromise your business.

#cybersecurity #infosec

Harry Sintonen
2 days ago

#Cybersecurity before #cyber - "The Computer Chronicles - Computer Security (1984)"

40 years later and the problems are the same, just a fair bit larger in scope. #infosec #cybercrime #computerchronicles

Miguel Afonso Caetano
2 days ago

#Crypto #Cryptocurrencies #Cybersecurity #Cybercrime: "Billionaire Mark Cuban has long been a major supporter of cryptocurrencies, promoting Bitcoin as a better investment than gold and criticizing security regulators’ approach to reigning in the industry. Now, he’s been hit with a nearly $1 million loss after falling victim to a phishing scam.

The substantial theft was first spotted by an anonymous blockchain watcher on social media, who noticed that Cuban’s crypto wallet was being drained of all its funds on Friday. “Lmao, did Mark Cuban's wallet just get drained? Wallet inactive for 160 days and all assets just moved,” said WazzCrypto in a tweet with an attached screenshot of Cuban’s wallet activity. The losses amounted to roughly $870,000, according to blockchain data from the attacker’s crypto address."

2 days ago

On this episode of The Cybersecurity Defenders Podcast, we talk go-to-market strategies in cybersecurity with Chad Loeven, VP of Business Development at OPSWAT.

Listen to the episode:

#podcast #cybersecurity #secops

2 days ago

Getting people to adopt new tools, especially those for #security, helps keep companies protected. Learn why Ocrolus chose to go with Bitwarden as their password manager:

#cybersecurity #passwordmanager #passwordsecurity #passwordmanagement

Ocrolus and Bitwarden case study
Sooraj Sathyanarayanan
2 days ago

Looking for a reliable TOTP Authenticator app? I've been using @ente auth for a while now.

🔓 #OpenSource - Check out their code at
🔐 End-to-End Encrypted Backups
📱 Multi-Device Support
🌐 Offline Mode
💻 Cross-Platform

Go to to access your codes on your desktop. Make the switch to ente auth and take back control! 🛡️

#CyberSecurity #enteauth #TOTP #MultiFactorAuthentication #TechTips #cybersecurityawareness #privacy #opsec

Frederik Borgesius
2 days ago

'Data breaches: Does the GDPR help?'.

New blog post by @hadi & me.

There's a German version too:

'Datenschutzverletzung: Was hilft da die DSGVO?'

#privacy #dataprotection #GDPR #law #security #cybersecurity #EU #tech

Abstract image, kinda tech-looking, with picture of Hadi & me. Includes text: 'Data breaches: does the GDPR help? The data breach notification obligation'

Philips Hue will soon force users to create a Hue account and sign in to continue to use the app and control the smart lights. The best security model to protect smart devices is to keep them disconnected from the internet, or at least keep this option available.
#Privacy #InfoSec #privacymatters #cybersecurity

Screenshot of the Hue app:

Help safeguard your home with
Philips Hue Secure! Tap to learn

Hue accounts are designed to
enhance your system's security.
Starting soon, you'll need to be
signed in. Tap to learn more
OWASP Ottawa
2 days ago

#OWASP #Ottawa returns tonight @ 6pm at the University of Ottawa STEM building:

150 Louis-Pasteur Private room 117

Tonight we learn about state sanctioned #Cyberwarfare with an investigation of the Vulkan files.

#AppSec #CyberSecurity #infosec

We will also be live streaming at:

heise Security
2 days ago

Cyberangriff: Offenbar Attacke auf den Internationalen Strafgerichtshof

Der Internationale Strafgerichtshof hat nach eigenen Angaben "anomale Aktivitäten in seinen IT-Systemen entdeckt". Weitere Informationen dazu gibt es nicht.

#Cybersecurity #Hacking #Security #news

Gerichtssaaal von Zuschauertribüne gesehen
Graham Cluley
2 days ago

What a mess! Clorox warns of "material impact" to its financial results following cyberattack.

Read more in my article on the Bitdefender blog:


Clorox products

🎙️ ✨ A new episode has been published on @ITSPmagazine

Show: Redefining CyberSecurity With @seanmartin

Episode: Book | Irreducibly Complex Systems: An Introduction to Continuous Security Testing

Guest: David Hunt

Podcast format: Video & Audio



#cybersecurity #book #datasecurity #infosec #security #technology #tech

BSides Orlando - October 7, 2023
2 days ago

Prepare to have your circuits rewired and your data banks updated.

We are proud to announce our keynote speaker is @eljefedsecurit !

Check out our list of speakers and schedule.

Don't forget to get your tickets.

#bsidesorlando #informationsecurity #CyberSecurity

Aida Akl
3 days ago

🙄 #cybersecurity #infosec #AI

Hong Kong University researchers discovered this. The API keys "were already accidentally public." but the finding shows that "if data is pulled into a training set for an LLM, it can be resurfaced."

#GitHub Copilot, #Amazon Code Whisperer sometimes emit other people's API keys @theregister @thomasclaburn

Daniel Appelquist
3 days ago

Even the Uber driver to Bilbao airport wanted to chat about #AI and #CyberSecurity#ossummiteu

Sam :opensuse: :popos:
3 days ago

Hey, everyone in the #Cybersecurity or #Sysadmin space, mostly in the USA,

I’m looking to make a career change from retail sales. Investigating my options. Seeing that there’s usually a minimum requirement of some jobs training.

I’d like to avoid going back to school for a four year degree, if it can be avoided. Do you see people being hired with their only training being these boot camps or technical degrees I’m seeing some places? Should I just consider a 4 year degree as cost of entry here?

Claudius Link
3 days ago

Ages ago (pre Corona) there was a 2 day #CyberSecurity #Unconference/ #OpenSpace event.
AFAIR in Dortmund or close
Anyone knows this conference and can give me hints to find it again?

I went back to the Birdsite and believe I found it.
It was the #SecCamp / #SecCampCologne

Last organised in 2020 by @caoilinn and others (I could find here)

Any chance that it will happen again?

3 days ago

@estherschindler I'm totally stealing this.

This was my &%#$ing face when I told a customer about a no-cost privacy solution that had no downside/maintenance & solved a problem for them such that they'd all look like big damned heroes.

...and the #cybersecurity tech in the mtg, against everyone else, refused to approve its use for no reason other than he wasn't listening & his ego wouldn't admit it.

Epilogue: Their CISO contacted me & after I reexplained it, apologized & said they'd use it.

4 days ago

Turns out I didn’t need @element as the @purism has #Matrix built into the native chat app. This is measurably getting better and better as a #security and #privacy phone. I’m still installing it for better chat room capability but THIS IS AWESOME.
#linux #encryption #infosec #cybersecurity #opensourcd

4 days ago

Doing my initial tinkering of the @purism Librem 5 phone and WOW. I am impressed it’s truly full #Linux I just installed @element using apt out the box. Their official instructions! Taking the phone apart as well and thoroughly impressed
#cellphone #infosec #cybersecurity #review #privacy

Tib3rius :antiverified:
4 days ago

Answering my web #AppSec interview question from yesterday!

Question 43: Describe some potential CAPTCHA weaknesses.

1. Replay attacks - using a previously confirmed correct answer.
2. Improper input validation - removing or blanking CAPTCHA-related parameters.
3. Leaked answers - the correct answer appears somewhere in the source code (I once found a CAPTCHA which worked by using CSS to distort text 🙄).
4. Low entropy - if the set of possible answers is too small, a brute-force attack may work.
5. Machine learning susceptible - with enough training data, a computer can solve the CAPTCHA.

#InfoSec #Cybersecurity #BugBounty #Hacking

4 days ago

Look what came in the mail? My @purism Librem 5, but I am still waiting on my SIM card For the Librem cell service for some testing between that and @Efani but this will be an interesting review of the battle of the privacy phone ecosystems I have made.
Android/Graphene OS on Pixel 7a and PureOS on Purism Librem 5
#infosec #cybersecurity #linux #opensource #cellphone #review #privacy

4 days ago

A curated, continuously-updated and (decently) categorized list of online"infosec tools", many of which I use myself.

#mondayblogs #blogging #infosec #cybersecurity

Dissent Doe :cupofcoffee:
4 days ago

ICYMI: I interviewed the hacker known as "USDoD" who was responsible for the InfraGard incident last year, as well as the recent Airbus and TransUnion breaches. He tells me he's been busy targeting NATO, Europol, CEPOL, and Interpol. He's an ambitious hacker and is really going after U.S. military intelligence in his own way and for his own endgame purposes.

Why does he tell us his targets? For the challenge -- he wants to beat his targets when they know he's coming.

Read what he told me in “I’m Not Pro-Russia and I’m Not a Terrorist!” —- InfraGard and Airbus Hacker 'USDoD' Unveils His New Campaigns:"

On a positive note, it appears that NATO detected him when he attempted to gain access to an internal area; part of their site has now been "under maintenance" for days.

How serious a threat is he really? I can't judge that -- maybe you can.

#NatSec #cybersecurity #intel #socialengineering #hacker #databreach #defense #USDoD #InfraGard #InfoSec

4 days ago

5/5 Almost 500 scientists & academics in #cybersecurity & privacy have warned that the CSAR measures are dangerous & untenable:

There is no evidence that the #CSAR law will achieve its goals. EU Council MUST say 🙅‍♀️NO to CSAR.

A screenshot of the first page of the open letter available in the link

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #37/2023 is out! It includes the following and much more:

➝ ☁️ 🔑 How #Google Authenticator made one company’s network #breach much, much worse
➝ 🇬🇧 🔓 30k primary pupils’ data may be at risk after #Capita cyber attack
➝ 🇬🇧 🔓 #Manchester Police officers' data exposed in #ransomware attack
➝ 🇺🇸 🎰 #Caesars Entertainment says customer data stolen in #cyberattack
➝ 🇺🇸 🎰 #MGM Resorts shuts down IT systems after cyberattack
➝ 🔓 #Rollbar discloses data breach after hackers stole access tokens
➝ 🇫🇷 🔓 #Airbus Launches Investigation After Hacker Leaks Data
➝ 🇮🇷 Microsoft: Iranian espionage campaign targeted satellite and defense sectors
➝ 💸 Hackers steal $53 million worth of #cryptocurrency from #CoinEx
➝ 🧨 After #Microsoft and X, Hackers Launch DDoS Attack on #Telegram
➝ 🇺🇸 ❌ #California passes first-in-the-nation data broker deletion tool
➝ 🇨🇴 💸 Several Colombian #government ministries hampered by ransomware attack
➝ 🇮🇪 💰 #TikTok slapped with $368 million fine over child privacy violations
➝ 📱 📡 #Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?
➝ 🇺🇸 🔐 Washington summit grapples with securing #opensource software
➝ 🇷🇺 👀 Hacking #Meduza: Pegasus #spyware used to target #Putin’s critic
➝ ⚖️ 💻 The International Criminal Court will now prosecute #cyberwar crimes
➝ 🇵🇱 👀 Polish Senate says use of government spyware is illegal in the country
➝ 🦠 #Rust-Written 3AM Ransomware: A Sneak Peek into a New #Malware Family
➝ 🇺🇸 🥸 US Agencies Publish Cybersecurity Report on #Deepfake Threats
➝ 🐧 🦠 Password-stealing Linux malware served for 3 years and no one noticed
➝ 🍏 🦠 #MetaStealer Malware Targets Apple #macOS in Recent Attacks
➝ 🇮🇷 🦠 Iranian hackers #backdoor 34 orgs with new Sponsor malware
➝ 🩹 ☁️ Researchers Detail 8 Vulnerabilities in #Azure HDInsight Analytics Service
➝ 🍏 🔓 Mullvad #VPN Warns of Critical Firewall Flaw in Apple's MacOS #Sonoma
➝ ☁️ 🔓 New #Kubernetes #Vulnerabilities Enable Remote Attacks on Windows Endpoints
➝ 🇺🇸 💦 CISA offers free security scans for public water utilities
➝ 🩹 #Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
➝ 🩹 Google Patches #Chrome Zero-Day Reported by Apple, Spyware Hunters
➝ 🩹 Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

📚 This week's recommended reading is: "Extreme Privacy: What It Takes to Disappear" by Michael Bazzell

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

5 days ago

Next hurdle no VPN app from either @mullvadnet or @protonvpn for the @PINE64 Pinebook Pro, so now to figure out how to make that work on this ARM64 laptop and I think that’s the last piece I need on my laptop
#opensource #linux #laptop #review #vpn #infosec #cybersecurity

Tib3rius :antiverified:
5 days ago

Answering my web #AppSec interview question from yesterday!

Question 42: Describe three "403 Forbidden" bypass techniques.

1. Using different HTTP methods (e.g. POST instead of GET), or using "method override" headers / URL parameters (e.g. X-HTTP-Method) if a back-end server supports them.
2. Using "Client Origin" HTTP headers (e.g. X-Forwarded-For) to forge our source IP address, bypassing IP-based blocklists.
3. Manipulating the URL path using directory traversal, case modification, adding characters, or double-URL encoding.

#InfoSec #Cybersecurity #BugBounty #Hacking