#Cybersecurity
#CyberSecurity is an increasingly important issue, and #TheIlluminati takes this very seriously. We must all work together to ensure that ransomware victims are protected from these malicious attacks. Our goal is to help victims recover their losses and to prevent future attacks. #ProtectYourData #RansomwareProtection #CyberAttackPrevention http://www.techmeme.com/230922/p6#a230922p6
Apple has fixed three zero-days exploited “against versions of iOS before iOS 16.7.”
www.helpnetsecurity.com/2023/09/22/cve-2023-41992-cve-2023-41991-cve-2023-41993/
"🔐 BBTok Banking Malware Resurfaces with a Vengeance in LATAM 🌎"
Check Point Research (CPR) has unearthed a new variant of the BBTok banking malware actively targeting over 40 banks in Mexico and Brazil. Initially discovered in 2020, this variant mimics the interfaces of these banks, duping victims into divulging their 2FA codes or payment card details. The malware, now employing diversified infection chains for different Windows versions, showcases an evolution in the threat actor's tactics, notably utilizing multi-layered geo-fencing to ensure infections are localized to Mexico and Brazil. The malware's functionality extends to process enumeration, keyboard and mouse control, alongside classic banking Trojan features like simulating fake login pages. The campaign's sophistication underscores the need for heightened vigilance when entering banking credentials online.
Source: Check Point Blog
Tags: #BBTok #BankingMalware #CyberSecurity #LATAM #Phishing #2FA #CheckPointResearch #MalwareEvolution #GeoFencing 🏦🛡️🌐
Delta Dental of California reports MOVEit related data breach
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/delta-dental-of-california-reports-moveit-related-data-breach-c-4-s-v-z/gD2P6Ple2L
"🚀 P2PInfect Botnet Skyrockets: A 600X Surge in Traffic Unveiled by Cado Security Labs 🚀"
Cado Security Labs has unveiled a staggering 600X increase in P2PInfect traffic since August 28, with a notable 12.3% spike just a week before the publication of their findings. The botnet, primarily targeting servers hosting publicly-accessible instances of Redis, has seen its tentacles spread across China, the US, Germany, the UK, Singapore, Hong Kong, and Japan. The malware, dubbed P2PInfect, has evolved significantly since its discovery in July 2023, showcasing a self-update mechanism and a rapid release of new variants by its developers. The botnet's exponential growth is alarming, with its nodes now spanning across major Cloud Service Providers (CSPs) in both East-Asian and American regions. The malware's primary objective remains elusive, although its rapid iteration and geographical spread hint at a larger, possibly more nefarious agenda in the offing. The detailed analysis by Cado also sheds light on the botnet's sophisticated evasion and persistence mechanisms, making it a formidable threat to global cybersecurity.
Source: Cado Security Labs
Tags: #P2PInfect #Botnet #CyberSecurity #Malware #CadoSecurityLabs #Redis #CloudSecurity #CyberThreats #InfoSec
The $612 Million Breakup: UK’s Expensive Divorce from Huawei
https://thenimblenerd.com/article/the-612-million-breakup-uks-expensive-divorce-from-huawei #cybersecurity
The Great Digital Pants Down: Atlassian and ISC Caught Off-Guard
https://thenimblenerd.com/article/the-great-digital-pants-down-atlassian-and-isc-caught-off-guard #cybersecurity
🛡️ Origin servers are a crucial component of the web infrastructure, and ensuring their availability and security is essential for maintaining a reliable online presence.
Discover the fundamentals of #originserverprotection in our latest blog! 💻
We'll cover:
✅ Understanding what is an origin server and its criticality.
✅ Common threats involved in exploiting an origin server
✅ Six ways to protect the origin servers.
Read the full blog now! 🔒🌐 https://bit.ly/46dtksA
#webapplications #mobileapplications #apiapplications #ddosattacks #waap #waf #cdn #cybersecurity #apptrana #indusface
Mobile security threats on the rise #QandA #CyberSecurity #Mobile
Apple releases urgent critical updates to all Apple Products
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-urgent-critical-update-ios-17-0-1-to-iphones-1-u-8-w-w/gD2P6Ple2L
Hacking Contest mit virtueller Mars-Mission
ATHENE und ESA veranstalten internationalen Cybersecurity-Wettbewerb. Eine Presseinformation des Fraunhofer-Instituts für Sichere Informationstechnologie #SIT. #cybersecurity #ESA #athene
https://www.raumfahrer.net/hacking-contest-mit-virtueller-mars-mission/
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats – Source: www.darkreading.com https://ciso2ciso.com/opswat-sponsored-sans-2023-ics-ot-cybersecurity-report-reveals-vital-priorities-to-mitigate-ongoing-threats-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #OPSWATSponsored #Cybersecurity #DARKReading
Siemens Automation License Manager vulnerable to remote takeover
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-automation-license-manager-vulnerable-to-remote-takeover-n-n-5-8-v/gD2P6Ple2L
Phase 2 von #HSK „Existenzbedrohende Risiken …“ (https://t1p.de/aasnr) am 19.09.2023 in @Cyberagentur mit Symposium gestartet. Dass sich wissenschaftliche #Konkurrenten im Wettbewerbsprozess gegenseitig kennen lernen können, ist ein Novum in #Forschung. Grundlage ist das PCP-Verfahren. https://t1p.de/6wgky
#Cybersicherheit #Cybersecurity #KRITIS #Hochsicherheit #PCP #KI #Innovation #Wissenschaft #StartUp #HalleSaale
Every now and again, I write something that makes me think about the #CyberSecurity industry in a new way. I hope you, too, get some insights from this post about #NIST and #CISA
(TL;DR: Get your secrets out of your code and have a plan to prove you did sooner than later)
https://blog.gitguardian.com/software-supply-chain-security-updates-from-cisa-and-nist/
"🚨 The Inside Story: How Equifax Was Breached in 2017 🚨"
On a seemingly ordinary Saturday night, an Equifax security engineer's routine update unveiled a massive breach. The aftermath? Personal data of 163 million customers had been compromised. The breach's origin? A vulnerability in Apache Struts (CVE-2017-5638) from March 2017, which allowed remote code execution. Despite Equifax's swift response to patch affected applications, the Automated Consumer Interview System (ACIS), a legacy system from the 1970s, was overlooked. By May 2017, attackers had exploited this vulnerability, gaining control over a web server. The breach was further exacerbated by poor network segmentation, allowing attackers to access 48 different databases and exfiltrate vast amounts of personal identifiable information (PII).
Source: 0x7D0 Blog by vedard
Tags: #EquifaxBreach #Cybersecurity #DataBreach #ApacheStruts #CVE2017-5638 #LegacySystems #PII 🌍🔓🔐
Droplet Basket Antiviral Captivity Hamlet | 234 bits of #entropy | #cybersec #infosec #cybersecurity #infosecurity https://myownpassphrase.com/droplet-basket-antiviral-captivity-hamlet-234-bits-of-entropy-cybersec-infosec-cybersecurity-infosecurity/?utm_source=dlvr.it&utm_medium=mastodon
"🚨 Real Time Automation 460 Series Vulnerability Alert! 🚨"
Real Time Automation's 460 Series, versions prior to v8.9.8, have been identified with a high-risk Cross-site Scripting (XSS) vulnerability (CVE-2023-4523, CVSS v3 score: 9.4). Exploiting this could allow attackers to run malicious JavaScript content. The vulnerability was discovered by Yehia Elghaly. Real Time Automation recommends users to update their product to the latest version. CISA has provided mitigation strategies, emphasizing the importance of minimizing network exposure and using secure methods like VPNs. No known public exploitation targeting this vulnerability has been reported yet.
Source: CISA Advisory
Tags: #CyberSecurity #Vulnerability #XSS #RealTimeAutomation #CISA #CVE2023 #ICS #IndustrialControlSystems #CyberDefense 🌐🔐🔍
🎙️ Here are the glimpses of conversation from the recent #SaaSTrana Podcast.
In this SaaSTrana podcast, Mona Salvi (Senior Director – Product Security, HubSpot) talks to Venkatesh (Venky) Sundar about building a unified org structure and North Star metrics to drive security-related initiatives in a cohesive working environment.
She also shares how to manage three pillars – platform security + trust & safety + payments fraud together under a single leadership umbrella.
Key highlights from the discussion:
Key highlights from the discussion :
- About Mona Salvi and HubSpot
- Developing the mindset of intrinsic vs. extrinsic security
- Driving secure product experiences along with focusing on core business
- The pillars of platform security + trust and safety + payments fraud
- Breaking the silos between the risk officer and the security officer
- Developing applications at speed without impacting the security
- Building security champions within the organizations
- Building North Star metrics for security teams - Security
an enabler for customers to pick the right vendor of choice
- Protecting from threats caused by OpenAI and LLM tools (The facts on utilizing security co-pilots)
Tune in to the full podcast now! Listen on:
1. YouTube: https://youtu.be/HpLD6OU9OYM
2. Spotify: https://bityl.co/L6V6
3. Amazon Music: https://bityl.co/L6V8
4. Apple Podcasts: https://bityl.co/L6VF
5. Anchor (others): https://bityl.co/L6VD
#cybersecurity #webapplications #openai #LLMTools #productsecurity #cyberthreats #webapplicationsecurity #saas #saassecurity #fraudprotection #saassecurity #appsec #apptrana #indusface
Since mid-2020, Gold Melody has expanded its target scope to include retail, healthcare, energy, financial, and high-tech organizations in North America, Northern Europe, and Western Asia.
Cybersecurity Morgenreport - Ausgabe 20230922
Guten Morgen Mastodon, hier gibt es die aktuelle Ausgabe:
https://github.com/cyber-wald/Cybersecurity_Morgenreport/blob/main/morgenreport20230922.pdf
Das Archiv findet ihr unter:
https://github.com/cyber-wald/Cybersecurity_Morgenreport
Viel Spaß beim lesen und bleibt sicher!
Viele Grüße
Marlon von Cyberwald
#Security #Sicherheitslücken #news #cybersecurity
In montagna ti puoi bagnare in due modi: sotto un franco e abbondante temporale, oppure attraversando un banco di nebbia. Con il primo sai esattamente dove e quando ti sei infradiciato, con il secondo ti ritrovi zuppo senza avere idea di dove e quando hai preso acqua. Il nostro Paese sta diventando ogni giorno di più un sistema carcerario a cielo aperto, sorvegliare e punire è la risposta di default a qualunque problema. Questi “ampliamenti” fanno paura, somigliano molto alla legge Reale degli anni ‘70. Con la scusa dei mafiosi e della sicurezza nazionale alla fine non sai mai quanta altra gente finirà per essere sorvegliata (e punita) e per quali iniziative considerate in qualche modo “eversive”. I casi #Snowden e #Assange dovrebbero far riflettere. Con la scusa del terrorismo e della sicurezza nazionale hanno controllato la vita di milioni di persone.
#cybersecurity
https://formiche.net/2023/09/operazione-contro-cyber-terrorismo-governo/
Linux vs Windows (why doesn't this work?)
YouTube short: https://youtube.com/shorts/1AwVAhkD3mQ?feature=shared
#linux #kalilinux #windows #ubuntu #cybersecuritytips #cyber #hacking #hack #hacker #CyberSecurity #Pentesting #infosec
Pizza Hut Australia warns 193,000 customers of a data breach - https://www.redpacketsecurity.com/pizza-hut-australia-warns-customers-of-a-data-breach/
GitHub passkeys generally available for passwordless sign-ins - https://www.redpacketsecurity.com/github-passkeys-generally-available-for-passwordless-sign-ins/
‘Sandman’ hackers backdoor telcos with new LuaDream malware - https://www.redpacketsecurity.com/sandman-hackers-backdoor-telcos-with-new-luadream-malware/
Publishers Spotlight: Nisos: Your Managed Intelligence Partner – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/publishers-spotlight-nisos-your-managed-intelligence-partner-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #cyberdefensemagazine #cyberdefensemagazine #CyberSecurityNews #Cybersecurity #Intelligence #FEATURED #Defense
Y'allllll...
I just got back from the Fal.Con #cybersecurity conference in #Vegas, held at #Caesars...
When I was checking out at 4am this morning, I blearily stumbled to a self-checkout machine to get my folio for Expensify without talking to a human (living that #tech life, yo), I quickly stopped myself as I realized that these machines littering the massive casino ask you to insert your driver's license INTO the machine, while the screens are flickering and Windows is having a meltdown.
After, you know, everything mentioned in the article below. Unreal! 👇
P.S. I had hella fun tho!
"New ‘Privacy Badger’ Extension Better Protects Against Google Link Tracking" by @ResPrivacy - Upgraded tooling to circumvent tracking and delays from following links through them. https://restoreprivacy.com/new-privacy-badger-better-protects-against-google-link-tracking/ #privacy🔏 #cybersecurity🛡️ #surveillance👀 #tech
This dumb password rule is from Seur.
Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.
https://dumbpasswordrules.com/sites/seur/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
⚠️ Attention #Linux users who downloaded the "Free Download Manager" software between 2020 and 2022:
Its website was breached in 2020, and a #Ukrainian hacker group distributed #malware.
https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html
#GoldMelody, the financially motivated cybercrime group, is selling access to compromised organizations for #ransomware attacks.
Researchers have revealed their tactics and targets: https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html
New zero day in the wild, originates from #libwebp and played down by #apple and #google
For those who couldn't be bothered to read, affected list below:
In short, you are.
#cybersecurity #infosec #0day #zeroday #cve202341064 #cve20234863
🚨 China's Ministry of State Security accuses the U.S. of cyber espionage against Huawei servers since 2009.
https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html
🚨 #P2PInfect Worm Alert : P2PInfect #malware activity skyrockets 600x in a week. Researchers shed light on its rapid growth and evolving tactics.
https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html
🚨 Beware of Malicious Apps. Threat actors are using sneaky tactics to connect harmful third-party apps to your core SaaS apps.
https://thehackernews.com/2023/09/the-rise-of-malicious-app.html
The Internet of Things is booming, but it's also a playground for hackers. Learn about the growing threat of IoT-driven #DDoS attacks and how to safeguard your network.
https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html
#Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campaign.
https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html
Drupal patches critical Vulnerability in Drupal Core
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/drupal-patches-critical-vulnerability-in-drupal-core-4-e-z-4-v/gD2P6Ple2L
It might Be Time to Rethink Phishing Awareness
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
#cybersecurity #cybersecurityawareness #phishing
@hackinarticles
Evolution of Operations
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
📣 EMERGENCY UPDATE 📣
Apple pushed additional updates for a zero-day that may have been actively exploited.
🐛 CVE-2023-41993 (WebKit) additional patches:
- Safari 16.6.1
🐛 NEW SECURITY CONTENT 🐛
🌐 Safari 16.6.1 - 1 bug fixed
https://support.apple.com/kb/HT213930
Apple just released iOS 17.0.1 and iPadOS 17.0.1 and iOS 16.7 and iPadOS 16.7.
Three seemingly critical security issues reported by @citizenlab have been patched. All of which have this warning:
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7"
#privacy #CyberSecurity #infosec
📣 EMERGENCY UPDATES 📣
Apple pushed additional updates for 3 zero-days that may have been actively exploited.
🐛 CVE-2023-41992 (Kernel) additional patches,
🐛 CVE-2023-41991 (Security) additional patches:
- iOS and iPadOS 16.7
- iOS and iPadOS 17.0.1
- watchOS 10.0.1
- watchOS 9.6.3
🐛 CVE-2023-41993 (WebKit) additional patches:
- iOS and iPadOS 16.7
- iOS and iPadOS 17.0.1
🐛 NEW SECURITY CONTENT 🐛
📱 iOS and iPadOS 17.0.1 - 3 bugs fixed
https://support.apple.com/kb/HT213926
📱 iOS and iPadOS 16.7 - 3 bugs fixed
https://support.apple.com/kb/HT213927
⌚ watchOS 9.6.3 - 2 bugs fixed
https://support.apple.com/kb/HT213929
⌚ watchOS 10.0.1 - 2 bugs fixed
https://support.apple.com/kb/HT213928
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 3 new zero-days that may have been actively exploited.
🐛 CVE-2023-41992 (Kernel):
- macOS Monterey 12.7
- macOS Ventura 13.6
🐛 CVE-2023-41991 (Security),
🐛 CVE-2023-41993 (WebKit):
- macOS Ventura 13.6
🐛 NEW SECURITY CONTENT 🐛
💻 macOS Ventura 13.6 - 3 bugs fixed
https://support.apple.com/kb/HT213931
💻 macOS Monterey 12.7 - 1 bug fixed
https://support.apple.com/kb/HT213932
Answering my web #AppSec interview question from yesterday!
Question 44: You find XSS in an application, however the customer informs you that users should be able to submit HTML code. What advice would you give them to remain secure?
The easiest solution is likely to use an HTML sanitizer like DOMPurify with an allowlist of "safe" elements and attributes.
Another option is to use a separate "sandbox" domain to host the HTML code, displaying it using an iframe. Any JavaScript code will run in the security context of the sandbox and will not be able to affect the main application.
As an additional measure, a well-configured Content Security Policy can be used to instruct the browser to only run trusted JavaScript code.
Snatch ransomware - what you need to know.
Learn more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/snatch-ransomware-what-you-need-know
We just sent out our first round of speaker acceptance emails!! Still have more reviews in the works, but the top ones were pretty unanimous from all our reviewers!! #BSidesChicago #hacking #CyberSecurity
The leaking of source codes used by #LockBit and #Conti in recent years has spawned new, smaller #ransomware operators looking for easier targets. #cybersecurity #infosec
“Whereas there used to be three to five big ones and a tail, there are now three big ones and a very long tail."
And the tendency is "not to do ransomware anymore, they just hack and then extort.”
Trend Micro: New #Ransomware Victims Surge by 47% with Gangs Targeting Small Businesses https://www.infosecurity-magazine.com/news/ransomware-victims-surge-gangs/ @TrendMicro
#Cybersecurity #IncidentResponse in a nutshell.
(Sorry/not-sorry for stealing your template, @krishean)
Donald Trump Jr’s hacked Twitter account announces his father has died.
That'll be his dad who previously chose Twitter passwords like "yourefired" and "MAGA2020!"
https://grahamcluley.com/donald-trump-jrs-hacked-twitter-account-announces-his-father-has-died/
Ever wish #Splunk could cost *more*? Ever wonder what it would be like if Splunk had *even more* SKUs?
Dreams can come true!
#Cisco to buy Splunk for $28 Billion(ish)
https://www.cnbc.com/2023/09/21/cisco-acquiring-splunk-for-157-a-share-in-cash.html
Proton Pass #security flaw exposed: #Firefox users at risk
Quick scope: Requires access to the browser + memory (so in other words, your machine would have to be compromised.) Proton Pass doesn't clear retrieved data from memory even after locking the vault. With a memory dump, an attacker could retrieve stored items fetched from the vault from memory.
The bug was fixed after disclosure in a Cure53 audit, but popped up again after Proton pushed feature updates to the Proton Pass browser extension.
Apparently, as of posting this issue is fixed for Chrome extensions but not yet for Firefox add-ons. Firefox fix is on the way.
It's not about "the children", they're just a scapegoat. Governments all over the world want to continue blanket surveillance and end-to-end encryption stops that, so they are just using kids as an excuse.
"Government vs Meta: End-to-end encryption without the encryption?"
#Privacy #Security #Cybersecurity #Encryption
https://www.techradar.com/pro/government-vs-meta-end-to-end-encryption-without-the-encryption
It's a serious #databreach, but hats off to TissuPath Australia for its security notice that provides more info than we usually see about how a breach occurred. It doesn't come back and tell people that the data were dumped, but it had revealed the threat and possibility of it.
#HealthSec #cybersecurity #vendor #extortion #dataleak #databreach #AlphV #transparency
The cybersecurity 202
Via @aaronjschaffer @ddimolfetta
#CyberCivilDefense #cybersecurity
Garland defends spy powers, but their future remain uncertain https://wapo.st/455VB34
Pizza Hut Australia hack: data breach exposes customer information and order details #CyberSecurity #DataSecurity #DataPrivacy
https://www.theguardian.com/australia-news/2023/sep/20/pizza-hut-hack-australia-data-breach-passwords-information-leak
Receiving a leak is like Christmas - we want to open it immediately, we are sure it will satisfy our needs - and we are not sure if we really want to know who brought it to us (Santa Claus?)
Thanks Sandrine Rigaud - I feel understood.
#gijc23
#cybersecurity
Ook Stichting Kennisnet verdient🧁 met een 100% score op de meting moderne internetveiligheidstandaarden.
Gefeliciteerd Larissa Zegveld🎈! Belangrijk dat bestuurders ook voor #openstandaarden zijn die zorgen voor meer betrouwbaarheid en verdere groei van het internet. Uitgereikt door @internet_nl op #IBC23. Wie volgt?
Ook weten hoe jij er voor staat met je website?👉Test het op internet.nl.
I made a #tiktok about the @purism Librem 5 that's getting pretty popular
https://www.tiktok.com/t/ZT86LKkY7/
#Linux #opensource #phone #review #infosec #cybersecurity #technology #computer
🛡️ #Signal messaging app's latest update adds a quantum-resistant shield. Learn how the PQXDH protocol boosts #encryption against future quantum threats.
https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
🔥 Finnish authorities shut down PIILOPUOTI, a dark web hub for illegal narcotics.
https://thehackernews.com/2023/09/finnish-authorities-dismantle-notorious.html
Worried about web app security? You should be!
Modern web applications' modular nature makes them vulnerable. Discover how supply chain vulnerabilities can compromise your business.
https://thehackernews.com/2023/09/do-you-really-trust-your-web.html
#Cybersecurity before #cyber - "The Computer Chronicles - Computer Security (1984)"
https://www.youtube.com/watch?v=DGBLzYyHBJk
40 years later and the problems are the same, just a fair bit larger in scope. #infosec #cybercrime #computerchronicles
#Crypto #Cryptocurrencies #Cybersecurity #Cybercrime: "Billionaire Mark Cuban has long been a major supporter of cryptocurrencies, promoting Bitcoin as a better investment than gold and criticizing security regulators’ approach to reigning in the industry. Now, he’s been hit with a nearly $1 million loss after falling victim to a phishing scam.
The substantial theft was first spotted by an anonymous blockchain watcher on social media, who noticed that Cuban’s crypto wallet was being drained of all its funds on Friday. “Lmao, did Mark Cuban's wallet just get drained? Wallet inactive for 160 days and all assets just moved,” said WazzCrypto in a tweet with an attached screenshot of Cuban’s wallet activity. The losses amounted to roughly $870,000, according to blockchain data from the attacker’s crypto address."
On this episode of The Cybersecurity Defenders Podcast, we talk go-to-market strategies in cybersecurity with Chad Loeven, VP of Business Development at OPSWAT.
Listen to the episode: https://cybersecuritydefenderspodcast.buzzsprout.com/2050721/13628364-66-go-to-market-strategies-in-cybersecurity-with-chad-loeven-vp-business-development-at-opswat
It might Be Time to Rethink Phishing Awareness
#cybersecurity #cybersecurityawareness #phishing
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Schools Are the Most Targeted Industry by Ransomware Gangs -- according to a report by Sophos and AtlastVPN
https://www.hackread.com/schools-most-targeted-industry-ransomware-gangs/
@douglevin @brett @funnymonkey
#EduSec #EdTech #ransomware #infosec #cybersecurity #dataBreach
Getting people to adopt new tools, especially those for #security, helps keep companies protected. Learn why Ocrolus chose to go with Bitwarden as their password manager: https://bitwarden.com/resources/ocrolus-guards-against-credential-theft-and-password-reuse-with-bitwarden/
#cybersecurity #passwordmanager #passwordsecurity #passwordmanagement
Looking for a reliable TOTP Authenticator app? I've been using @ente auth for a while now.
🔓 #OpenSource - Check out their code at https://github.com/ente-io/auth
🔐 End-to-End Encrypted Backups
📱 Multi-Device Support
🌐 Offline Mode
💻 Cross-Platform
Go to https://auth.ente.io to access your codes on your desktop. Make the switch to ente auth and take back control! 🛡️
#CyberSecurity #enteauth #TOTP #MultiFactorAuthentication #TechTips #cybersecurityawareness #privacy #opsec
'Data breaches: Does the GDPR help?'.
New blog post by @hadi & me.
https://www.hiig.de/en/data-breach-notification/
There's a German version too:
'Datenschutzverletzung: Was hilft da die DSGVO?'
https://www.hiig.de/dsgvo-datenschutzverletzung/
#privacy #dataprotection #GDPR #law #security #cybersecurity #EU #tech
Philips Hue will soon force users to create a Hue account and sign in to continue to use the app and control the smart lights. The best security model to protect smart devices is to keep them disconnected from the internet, or at least keep this option available.
#Privacy #InfoSec #privacymatters #cybersecurity
#OWASP #Ottawa returns tonight @ 6pm at the University of Ottawa STEM building:
150 Louis-Pasteur Private room 117
Tonight we learn about state sanctioned #Cyberwarfare with an investigation of the Vulkan files.
https://meetu.ps/e/MqQDd/tc6qb/i
#AppSec #CyberSecurity #infosec
We will also be live streaming at:
Cyberangriff: Offenbar Attacke auf den Internationalen Strafgerichtshof
Der Internationale Strafgerichtshof hat nach eigenen Angaben "anomale Aktivitäten in seinen IT-Systemen entdeckt". Weitere Informationen dazu gibt es nicht.
What a mess! Clorox warns of "material impact" to its financial results following cyberattack.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/what-a-mess-clorox-warns-of-material-impact-to-its-financial-results-following-cyberattack/
🎙️ ✨ A new episode has been published on @ITSPmagazine
Show: Redefining CyberSecurity With @seanmartin
Episode: Book | Irreducibly Complex Systems: An Introduction to Continuous Security Testing
Guest: David Hunt
Podcast format: Video & Audio
Enjoy!
👉https://www.itspmagazine.com/redefining-cybersecurity-podcast
#cybersecurity #book #datasecurity #infosec #security #technology #tech
Prepare to have your circuits rewired and your data banks updated.
We are proud to announce our keynote speaker is @eljefedsecurit !
Check out our list of speakers and schedule.
https://bsidesorlando.org/schedule/
Don't forget to get your tickets.
https://bsorl.org/reg-23
Yikes! My sex video has been uploaded to YouPorn!
Hong Kong University researchers discovered this. The API keys "were already accidentally public." but the finding shows that "if data is pulled into a training set for an LLM, it can be resurfaced."
#GitHub Copilot, #Amazon Code Whisperer sometimes emit other people's API keys https://www.theregister.com/2023/09/19/github_copilot_amazon_api/?td=rt-3a @theregister @thomasclaburn
Even the Uber driver to Bilbao airport wanted to chat about #AI and #CyberSecurity… #ossummiteu
Likes/Interests:
#Technology #OpenSource #FreeSoftware #FOSS #FLOSS #Fediverse #OnlineFreedom #Privacy #Anonymity #Anonymous #InfoSec #CyberSecurity #Manjaro #Linux #Science #Socialism #MultipolarWorld #Programming #Rust #Golang #RetroGaming #SelfHosted #TechNews #Matrix #Anime #Hentai #Futurology #AI #Singularity #Fitness #Health #Collapse #ClimateCrisis #Audiobooks #Books #Fanfiction #Conspiracy #CriticalThinking #DataHoarding #Piracy #FileSharing #Meshnet #Decentralized #Distributed #P2P #PeerToPeer #IPFS #Zeronet #Freenet #I2P #Tor
Dislikes/Disinterests:
#Music #Memes #Nazis #CIA #NATO #UsEmpire #Oligarchy #Plutocracy #Kleptocracy #Imperialism #Fascism #Racism #Capitalism #Billionaires #Woke #Wokeism #Liberals #Democrats #Republicans #Conservatives #BigTech #ClosedSource #Microsoft #Discord #Copyright #Censorship #WesternMedia #OfficialPropaganda #MaintreamNews #Surveillance #PoliticalCorrectness
Best to worst: #fopnu #nicotine+ ( #soulseek ) #aMule ( #edonkey2000 #ed2k ) #EiskaltDC++ ( #dcpp ) #gnutella #Shareaza #qBittorrent ( #BitTorrent #torrent )
Hey, everyone in the #Cybersecurity or #Sysadmin space, mostly in the USA,
I’m looking to make a career change from retail sales. Investigating my options. Seeing that there’s usually a minimum requirement of some jobs training.
I’d like to avoid going back to school for a four year degree, if it can be avoided. Do you see people being hired with their only training being these boot camps or technical degrees I’m seeing some places? Should I just consider a 4 year degree as cost of entry here?
Ages ago (pre Corona) there was a 2 day #CyberSecurity #Unconference/ #OpenSpace event.
AFAIR in Dortmund or close
Anyone knows this conference and can give me hints to find it again?
I went back to the Birdsite and believe I found it.
It was the #SecCamp / #SecCampCologne
https://sec.camp/
Last organised in 2020 by @caoilinn and others (I could find here)
Any chance that it will happen again?
@estherschindler I'm totally stealing this.
This was my &%#$ing face when I told a customer about a no-cost privacy solution that had no downside/maintenance & solved a problem for them such that they'd all look like big damned heroes.
...and the #cybersecurity tech in the mtg, against everyone else, refused to approve its use for no reason other than he wasn't listening & his ego wouldn't admit it.
Epilogue: Their CISO contacted me & after I reexplained it, apologized & said they'd use it.
Turns out I didn’t need @element as the @purism has #Matrix built into the native chat app. This is measurably getting better and better as a #security and #privacy phone. I’m still installing it for better chat room capability but THIS IS AWESOME.
#linux #encryption #infosec #cybersecurity #opensourcd
Doing my initial tinkering of the @purism Librem 5 phone and WOW. I am impressed it’s truly full #Linux I just installed @element using apt out the box. Their official instructions! Taking the phone apart as well and thoroughly impressed
#cellphone #infosec #cybersecurity #review #privacy
Answering my web #AppSec interview question from yesterday!
Question 43: Describe some potential CAPTCHA weaknesses.
1. Replay attacks - using a previously confirmed correct answer.
2. Improper input validation - removing or blanking CAPTCHA-related parameters.
3. Leaked answers - the correct answer appears somewhere in the source code (I once found a CAPTCHA which worked by using CSS to distort text 🙄).
4. Low entropy - if the set of possible answers is too small, a brute-force attack may work.
5. Machine learning susceptible - with enough training data, a computer can solve the CAPTCHA.
Look what came in the mail? My @purism Librem 5, but I am still waiting on my SIM card For the Librem cell service for some testing between that and @Efani but this will be an interesting review of the battle of the privacy phone ecosystems I have made.
Android/Graphene OS on Pixel 7a and PureOS on Purism Librem 5
#infosec #cybersecurity #linux #opensource #cellphone #review #privacy
A curated, continuously-updated and (decently) categorized list of online"infosec tools", many of which I use myself.
ICYMI: I interviewed the hacker known as "USDoD" who was responsible for the InfraGard incident last year, as well as the recent Airbus and TransUnion breaches. He tells me he's been busy targeting NATO, Europol, CEPOL, and Interpol. He's an ambitious hacker and is really going after U.S. military intelligence in his own way and for his own endgame purposes.
Why does he tell us his targets? For the challenge -- he wants to beat his targets when they know he's coming.
Read what he told me in “I’m Not Pro-Russia and I’m Not a Terrorist!” —- InfraGard and Airbus Hacker 'USDoD' Unveils His New Campaigns:"
On a positive note, it appears that NATO detected him when he attempted to gain access to an internal area; part of their site has now been "under maintenance" for days.
How serious a threat is he really? I can't judge that -- maybe you can.
#NatSec #cybersecurity #intel #socialengineering #hacker #databreach #defense #USDoD #InfraGard #InfoSec
5/5 Almost 500 scientists & academics in #cybersecurity & privacy have warned that the CSAR measures are dangerous & untenable: https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit
There is no evidence that the #CSAR law will achieve its goals. EU Council MUST say 🙅♀️NO to CSAR.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #37/2023 is out! It includes the following and much more:
➝ ☁️ 🔑 How #Google Authenticator made one company’s network #breach much, much worse
➝ 🇬🇧 🔓 30k primary pupils’ data may be at risk after #Capita cyber attack
➝ 🇬🇧 🔓 #Manchester Police officers' data exposed in #ransomware attack
➝ 🇺🇸 🎰 #Caesars Entertainment says customer data stolen in #cyberattack
➝ 🇺🇸 🎰 #MGM Resorts shuts down IT systems after cyberattack
➝ 🔓 #Rollbar discloses data breach after hackers stole access tokens
➝ 🇫🇷 🔓 #Airbus Launches Investigation After Hacker Leaks Data
➝ 🇮🇷 Microsoft: Iranian espionage campaign targeted satellite and defense sectors
➝ 💸 Hackers steal $53 million worth of #cryptocurrency from #CoinEx
➝ 🧨 After #Microsoft and X, Hackers Launch DDoS Attack on #Telegram
➝ 🇺🇸 ❌ #California passes first-in-the-nation data broker deletion tool
➝ 🇨🇴 💸 Several Colombian #government ministries hampered by ransomware attack
➝ 🇮🇪 💰 #TikTok slapped with $368 million fine over child privacy violations
➝ 📱 📡 #Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?
➝ 🇺🇸 🔐 Washington summit grapples with securing #opensource software
➝ 🇷🇺 👀 Hacking #Meduza: Pegasus #spyware used to target #Putin’s critic
➝ ⚖️ 💻 The International Criminal Court will now prosecute #cyberwar crimes
➝ 🇵🇱 👀 Polish Senate says use of government spyware is illegal in the country
➝ 🦠 #Rust-Written 3AM Ransomware: A Sneak Peek into a New #Malware Family
➝ 🇺🇸 🥸 US Agencies Publish Cybersecurity Report on #Deepfake Threats
➝ 🐧 🦠 Password-stealing Linux malware served for 3 years and no one noticed
➝ 🍏 🦠 #MetaStealer Malware Targets Apple #macOS in Recent Attacks
➝ 🇮🇷 🦠 Iranian hackers #backdoor 34 orgs with new Sponsor malware
➝ 🩹 ☁️ Researchers Detail 8 Vulnerabilities in #Azure HDInsight Analytics Service
➝ 🍏 🔓 Mullvad #VPN Warns of Critical Firewall Flaw in Apple's MacOS #Sonoma
➝ ☁️ 🔓 New #Kubernetes #Vulnerabilities Enable Remote Attacks on Windows Endpoints
➝ 🇺🇸 💦 CISA offers free security scans for public water utilities
➝ 🩹 #Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
➝ 🩹 Google Patches #Chrome Zero-Day Reported by Apple, Spyware Hunters
➝ 🩹 Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
📚 This week's recommended reading is: "Extreme Privacy: What It Takes to Disappear" by Michael Bazzell
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-372023
Next hurdle no VPN app from either @mullvadnet or @protonvpn for the @PINE64 Pinebook Pro, so now to figure out how to make that work on this ARM64 laptop and I think that’s the last piece I need on my laptop
#opensource #linux #laptop #review #vpn #infosec #cybersecurity
Answering my web #AppSec interview question from yesterday!
Question 42: Describe three "403 Forbidden" bypass techniques.
1. Using different HTTP methods (e.g. POST instead of GET), or using "method override" headers / URL parameters (e.g. X-HTTP-Method) if a back-end server supports them.
2. Using "Client Origin" HTTP headers (e.g. X-Forwarded-For) to forge our source IP address, bypassing IP-based blocklists.
3. Manipulating the URL path using directory traversal, case modification, adding characters, or double-URL encoding.