#InfoSec
#100DaysOfHacking Day 1️⃣1️⃣:
Writing a Bash script called ‘Auto-recon.sh’ that performs reconnaissance on a target and incorporates my fave tools like amass, nmap, subfinder, sublist3r, etc to find subdomains, open ports and services, and more. It creates a folder (for ex, “tinder.com_recon”) for the target and stores the results in separate files in it. I’m working on implementing 2 modes - stealth mode using passive recon tools & active mode.
An unknown threat actor has hacked the #Italian luxury automaker #Ferrari SpA and is now demanding a ransom in exchange for certain client contact details.
#cybersecurity #infosec #ransomware
https://cybernews.com/news/ferrari-hit-by-cyber-incident/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet
#BreachForums admin decided to shut down the website, fearing the arrest of the #cybercrime marketplace’s leader allowed the feds to access secured systems.
#cybersecurity #infosec #ShutDown https://cybernews.com/news/breachforums-shutdown-over-user-exposure-fears/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet
Oakland continues to suffer from #cyberattacks as #LockBit, the infamous #ransomware gang, adds the Californian city to its list of victims.
#cybersecurity #infosec #US
The #online matchmaking platform – called #PalmGuixi – is part of a larger campaign to boost marriage rates.
#infosec #China #matchmaking #app https://cybernews.com/tech/state-marriage-broker-china-matchmaking-app/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet
The #Chinese-owned #app is rolling out updated community guidelines to "respond to new threats and potential harms."
#cybersecurity #infosec #TikTok #socialmedia #tech https://cybernews.com/tech/tiktok-updates-content-guidelines/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet
Has Oakland been hit with a second ransomware attack?
First Play, and now LockBit? There's a lot we don't yet know.
https://www.databreaches.net/has-oakland-been-hit-with-a-second-ransomware-attack/
h/t, @brett
@BleepingComputer @lawrenceabrams
@carlypage
@allan @aj_vicens
#databreach #LockBit #Play #ransomware #infosec #GovSec #cybersecurity
🎙️ ✨ A new episode has been published on @ITSPmagazine
Show: Audio Signals With @Marcociappelli and @seanmartin
Episode: A Conversation About Podcasting with The Shared Security Show Podcast Host
Guest: Tom Eston @agent0x0
Podcast format: Video & Audio
Enjoy, share, and subscribe! 😬
📻 👉 https://www.itspmagazine.com/audio-signals
📺 👉 https://youtu.be/xWfTCBhnR54
#cybersecurity #podcasting #podcast #video #tech #technology #infosec #infosecurity
It was him using the same burner phone as his friend to get women, and making multiple dates at the Tropical Smoothie Cafe that did it.
Need a consult? 👀https://lockdownyourlife.as.me/strategy
Zoom Paid Out $3.9 Million in Bug Bounties in 2022 https://cyberfeed.io/article/4770449c9eb2a470f142a4f7cb50a17a #cybersec #security #infosec #cybersecurity
Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager https://cyberfeed.io/article/d0fb48f4dea4e1ed7e059d34c1fbe76a #cybersec #security #infosec #cybersecurity
LockBit ransomware gang now also claims City of Oakland breach https://cyberfeed.io/article/fa2be1ec33b8e8a6e11069c3efd7be9b #cybersec #security #infosec #cybersecurity
For the love of the gods of Incident Response and Threat Intel:
@bryanbrake Have a look at that list of #infosec events I maintain. Might be useful to you and your student.
https://github.com/xsa/infosec-events
Also, feel free to submit events if you don't see them there :)
#informationsecurity #cybersecurity
Hello #infosec folks... was in an initial mentor call today and I realized that I'm not sure of what still is happening in the next few months for #Conferences in the Northeast US, specifically in the NYC/NJ area. I have a Uni Student looking for networking opportunities.
Ever have one of those days where every item on the to-do list involves doing work which you know will ultimately disappoint the requester of the work, because they clearly don’t understand their own needs but demand specific deliverables that they think they want but which will absolutely not satisfy them?
#Sysadminnery
#SubberThanSubToot
#IWillGiveYouThatZipFileButYouWillNotLikeIt
#IfYouInsistOnRunningStrangeVBAMacrosTheCleanupIsTimeAndAHalfNotPartOfRoutineSupport
#InfoSec
Practical Experience is important in getting cybersecurity work, and a home lab is a great option, but how do you do this for a SOC Analyst or cyber defender lab?
@eric_capuano of @recon_infosec spells it out in a blog post. I will show you exactly why this Home SOC lab will give you an incredible advantage in learning practical cybersecurity skills.
I think if you’re arguing in favor of user training instead of application control in 2023 you may be missing some fundamental pieces of effective cyber security posture.
There must be a use-case for this, but... what??
Today I did my annual validation required to apply for NIH grants. No suprise that there was a forced-password expiration. But it was surprising that the website did not allow me to [PASTE] my new password.
It had to be TYPED into the new password box -- and then re-typed into the password confirmation box.
Of course I simplified the new P/W so I could reliably type it properly two times.
Breached hacking forum shuts down, fears it's not 'safe' from FBI https://cyberfeed.io/article/f889af04fafda15f5a44cf9133448ad7 #cybersec #security #infosec #cybersecurity
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War https://cyberfeed.io/article/44beddeaa41f2c62bffab7144ca0ad31 #cybersec #security #infosec #cybersecurity
Recommendation needed from #infosec :
Preferred password manager for Android/Chrome?
Thanks in advance ! 🌴🌞🌴
#security #questions #boostme
Just wasted 35 mins debating, of all things, record retention policy with Compliance who clearly didn’t understand the technology and therefore made an incorrect interpretation. Who keeps AD groups disabled for 3 years when the policy states we retain the access and authentication logs.
If I've learned anything from this purple team exercise, it's good to rotate testing vendors. You learn more about crafting rules to scenarios when differing teams use the same tools in different ways - in essence showing their TTPs.
I learned a lot from the first external team purple team. I've learned far more from having done it a second time. I've had to better tune and refine my rules to better balance signal//noise ratios. And start teaching my team my logic flows.
I love this part of my job.
Docker vs Kubernetes, what's better in a Homelab? https://cyberfeed.io/article/78fc98b2efa6f54e5ef6cee4f3e70c30 #cybersec #security #infosec #cybersecurity
My favorite new #ThreatIntel trick is to visit https://ransomware.live/ daily and monitor the recent postings for changes in group targeting behavior.
Coinbase Wallet 'Red Pill' flaw allowed attacks to evade detection https://cyberfeed.io/article/21386374a75125a0bb263c5cea4b6294 #cybersec #security #infosec #cybersecurity
This dumb password rule is from Easyjet.
No more than 20 characters, use any symbols you like... Oh except #, &, +, or space of course.
https://dumbpasswordrules.com/sites/easyjet/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Web fingerprinting is worse than I thought https://cyberfeed.io/article/ffd6b1bab6b0b71a57df86cf53c40b96 #tech #security #infosec #cybersecurity
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products https://cyberfeed.io/article/b2f5979b5d2fbfc0df9f22510a6bd81b #cybersec #security #infosec #cybersecurity
Google Pixel Vulnerability Allows Recovery of Cropped Screenshots https://cyberfeed.io/article/56e9947624df116ad663223d3b2067e8 #cybersec #security #infosec #cybersecurity
Malicious NuGet Packages Used to Target .NET Developers https://cyberfeed.io/article/9d07bd48a9aea9025191bcdc429656f1 #cybersec #security #infosec #cybersecurity
News Analysis: UK Commits $3 Billion to Support National Quantum Strategy https://cyberfeed.io/article/43839a2ffe0941cf877a1dcf2f67e575 #cybersec #security #infosec #cybersecurity
Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant https://cyberfeed.io/article/6b9f8f934dfe284f1bbc7fff1ce18577 #cybersec #security #infosec #cybersecurity
Here are a few blog posts on Bluetooth devices reverse engineering:
How I Reverse Engineered and Exploited a Smart Massager
https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33
Reverse Engineering a Smart Band — Bluetooth-LE RE
https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2
I hacked MiBand 3, and here is how I did it
https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391
Hacking Smart Locks with Bluetooth / BLE
https://getkisi.com/blog/smart-locks-hacked-bluetooth-ble
The NCSC has launched two new tools for small businesses which can be used by non technical staff to find and fix a small range of security issues in their organizations along with a "Cyber Action Plan" a questionnaire for small organizations and individuals which delivers a free, personalized security to-do list. 👇🏾
When I say, don't trust any USB device for security reasons, that you don't know or is sent to you. I didn't mean anything like that, although this is more dangerous for your life.
💣 https://www.bbc.com/news/world-latin-america-65026522
--
#usb #security #itsecurity #infosec #devices #bomb #media #journalist #Ecuador #letter #letterbomb
Don’t trust unknown USB devices. #InfoSec #SomebodySetUsUpTheBomb
https://www.bbc.com/news/world-latin-america-65026522
Bypass #HSTS protection with HTTP header injection! 🤩
Curious how it works?
I've just published a simple lab to simulate the attack on GitHub.
Here is a walkthrough so you can learn all about the attack. 🧵
💸 Over $1.6 million in #cryptocurrency stolen from hot wallets due to a zero-day security flaw in General Bytes' ATM software.
https://thehackernews.com/2023/03/hackers-steal-over-16-million-in-crypto.html
55 zero-day vulnerabilities exploited in 2022, with #Microsoft, #Google, and #Apple software the most targeted!
Though lower than 81 in 2021, still a significant uptick in recent years.
https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html
NIST CSF is a powerful tool for SMEs, but it has its limitations.
🔐 Discover how the Cyber Defense Matrix can fill the gaps and secure your business! #InfoSec
Download the guide:
https://thehackernews.com/2023/03/the-best-defense-against-cyber-threats.html
Data breaches can happen anywhere in your supply chain. Lab 1's platform monitors and alerts you about breaches across your entire network, helping you build a more robust system.
https://thehackernews.com/2023/03/new-cyber-platform-lab-1-decodes-dark.html
Don't let hidden Dark Web secrets impact your business. #InfoSec
Ferrari Announces Data Breach. Customers Risk Data Leakage https://cyberfeed.io/article/16ab248c5b4eb9b33dca3bed0ce1ca0a #cybersec #security #infosec #cybersecurity
#Ferrari breached and asked for ransom 🏎️
#cybersecurity #infosec #ransomware
(Copy of communication via @troyhunt)
“There are legitimate data privacy concerns about all social media platforms, including but not limited TikTok. They all harvest and monetize our personal data and incentivize other online businesses to do the same. The result is that detailed information about us is widely available to purchasers, thieves, and government subpoenas.”
I'm on a roll today! Hot new blog post providing a hands-on guide for using Hayabusa to find threats in Windows Event Logs.
Thanks so much to Zach Mathis from @YamatoSecurity for making this tool free and awesome.
https://blog.ecapuano.com/p/find-threats-in-event-logs-with-hayabusa?sd=pf
So when you are doing threat modelling, if you only have a very limited understanding of who your adversaries are, and what their capabilities are, then you are only going to generate a pretty limited threat model. This leads to only understanding and implementing a limited set of mitigations and often overlooking some potential problem spaces.
Also, as people change, data changes, attackers change, your business changes and your product changes, then the potential type and impact of attacks is certainly going to change. So it pays to revisit and update threat models pretty regularly to ensure they are current and you have enumerated and mitigated the right risks.
*** PAID #INFOSEC #INTERNSHIP ***
Security Intern on site in San Francisco with r2c.
https://jobs.lever.co/returntocorp/6b365b9d-e0c6-43e6-94f6-043a557ba66b
Blue teamers, if you want to appear like a wild-eyed sorcerer, learn your Windows Event IDs. Having those near to hand is basically a superpower.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j
#100DaysOfHacking Day 10:
✅ My new book came in, don’t judge me lol 😂 Hacking APIs teaches you how to break and secure both REST & GraphQL APIs. As a web developer this will be keyyy. I won’t start til next month
✅ Completed a few labs on SSRF & SQLi on Portswigger
✅ I’ve been working on finding vulnerabilities on vulnerable web apps like Damn Vulnerable Web App and learning how to write a proper pentest report! :-)
Another mega bundle, packed with #linux, #security, #networking goodies from #humblebundle
https://www.humblebundle.com/books/linux-mega-bundle-packt-books
#infosec fam- can anyone recommend a personal cyber hygiene checklist?
Looking for something succinct, actionable, intended for laypersons (not tech professionals).
Password practices, setting phone lock screens, that sort of thing
Why aren’t there enough #WomenInCybersecurity? The answer may lie not in the depth of 2D statistics but in the real-life narratives of the women in the sector that have trodden the path. @eleanordallaway gets to the heart of the gender gap by telling those stories, uncut, uncensored and, at times, unbelievable…
#cybersecurity #infosec #careers
https://assured.co.uk/2023/women-in-cyber-stories-uncut-uncensored-and-unbelievable/
⬆️ Oh. And recommended reading this week is @adamshostack's famous #ThreatModeling book 📚
If you don't have it yet, grab a copy.
Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm 👇🏾
"Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution"
💡Learn how to subscribe to the new IP external #blocklists on the #CrowdSec Console in a snap of a finger!
Server side validation is critical for a web app. Not an option lol! It helps prevent SQL injections, XSS, Local File Inclusion and my fave, server side request forgery ♡ #infosec
Interesting story by @briankrebs, personally I figure I might be preaching to the #infosec choir, but I do encourage you to always plow through the various settings deep in your account info for your various providers and opt out of anything and everything you can.
A friendly reminder that Dr. Aynne Kokas's book talk on "Trafficking Data" is TODAY at 11am Eastern. Please join us via Zoom (or in person if you happen to be at UMass).
It's worth mentioning that Dr. Kokas's work extensively explores and contextualizes the debate around the proposed TikTok ban that has been in the news for the past week, and so may be of particular interest to students.
Event details / free Zoom registration: https://www.umass.edu/journalism/trafficking-data-how-china-winning-battle-digital-sovereignty
Dish Network stated it reinstated the ability customers of its Boost Mobile brand to access account information as it provided an update on its bid to recover from a cyberattack in February.
So Kali Purple's got you bewildered? A handful of screenshots isn't sufficient guidance? What if I told you there were a resource of literally hours of video demonstrating how to set up such a lab?
We got you, fam: https://www.youtube.com/watch?v=zFkfysBBk_A&list=PLlfDtLAF5S2TxsYLKCNppHaHYMPafzfiu
Looking to be a super busy spring!!
Catch Mental Health Hackers at
@bsidesnash
@HackSpaceCon
@BSidesCharm
And hopefully two more!!
Currently looking for amazing people to fill our MHH Ambassador roles and help at conferences :D
I wrote a post about #WordPress disaster/breach recovery, what code injections are, as well as the tools and methods that I use to get breached websites back in the air, what to look for and how to close the report.
https://aldavigdis.dev/2023/03/20/wordpress-code-injections-and-my-emergency-recovery-toolbox/
This one, dubbed 'aCropalypse', is also a bit heinous. Screenshots cropped on Pixel phones using the de facto tool store the cropped part within the image itself, and this omitted part can later be un-cropped/recovered. The result is countless screenshots out in the wild with potentially sensitive info not intended to be shared.
Easy read version:
And an excellent technical writeup for fellow #infosec peeps:
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
If you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days.
You may not reuse any of the most recent 12 faces.
For those using Fingerprint recognition, please note that the same restrictions apply. You should ensure you wear easily removable shoes so you can use your toes after you have exhausted your available fingers.
If you have misplaced your hands, face, or feet, please contact Support for information on Cryptographically secure prostheses. #Infosec (originally by @maxleibman )
Google's Project Zero (day) found 18 baseband vulns implicating Exynos modems used in many phones such that an attacker solely needs the victim’s phone number to compromise the handset without awareness of its owner. Phones affected include Vivo, Pixel and multiple Galaxy models. A couple of devices and vehicles using the T5123 chipset are under the heatlamp too. Short term fix is to disable WiFi calling. Patch forthcoming.
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html?m=1
#infosec
#100DaysOfHacking Day 9:
Exploring OWASP ZAP to pentest Juice Shop but first, can we get into how pretty Kali Linux purple distro is lol 💀. First impression of ZAP is how interesting the vulnerability scanner is and the spider feature. And of course I love how it’s open source 💜
#infosec #kalilinux #cybersecurity
New EDR/AV evasion technique added to the #UnprotectProject by @Praetorian_GRD "Unloading Module Using FreeLibrary". Check out the detailed description, code snippet and CAPA rule👇 #cybersecurity #malware #infosec
https://unprotect.it/technique/unloading-module-with-freelibrary/
#PancakesCon is very interesting and entertaining.
The mix of an #InfoSec topic and different (personal) topic lets you learn about stuff you weren't even aware of 🙂 .
Not sure if I manage to stay to the end (it's getting late here)
Thanks @hacks4pancakes
Absolutely loving #PancakesCon. Plenty of great #InfoSec presentations left today if you want to join
https://pancakescon.com/2023-conference-information/
Today, I am spending some time at @pancakescon - a pop-up virtual hacker / infosec convention on Chicago time. Just started and running for the next ~10 hours. Come join us! #infosec #hacking
I'm speaking at @pancakescon 4 today!
Tune in to hear me chat about why phishing sims are bad and what I think about when designing and knitting things!
#PancakesCon4 #securityawareness #infosec #knitting @knitting
Microsoft is testing a built-in crypto wallet in Microsoft Edge https://cyberfeed.io/article/e2ef8ce3d6f91ed6e22a0b1202907500 #cybersec #security #infosec #cybersecurity
#100DaysOfHacking Day 7-8:
I took it mad easy today :-p
I learned Hydra for brute force password attacks- really because im obsessed with performing them. I’m currently doing some nmap rooms rn since that’s the tool I’ve been using dang near every day
Btw I stole this book from my friend ayee 🤸🏽♀️#infosec #learning #hacking
About 24h left before my @pancakescon talk! Feeling good on the presentation and using show & tell props
Trust me, you’ll want to watch https://pancakescon.com/2023-conference-information/ track 2 3/19 5:15-6pm Central time just for the prop sections alone 😂 Plus you’ll learn about #FT8 and #GCP too!
Bonus points to anyone who can identify all 4 #hamradio props + the musical instrument in the photo prop :)
Google: use our Pixel devices, we make sure they are secure and amazing!
Also Google:
- "for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating."
https://mstdn.social/@delroth@delroth.net/110043776992285210
- internet-to-baseband remote code execution 0day, unfixed for 90 days now, affects Google Pixel 6 and 7 series
https://www.forbes.com/sites/daveywinder/2023/03/17/new-samsung-0-click-security-threat-alert-disable-wi-fi-calling-now/?sh=6f90dede4940
@patrickcmiller
As she should. Any organization that stores such #SensitiveData should have #infosec on the same level as the #BigBanks (hardware token #MFA on every login, #DualControl on the most sensitive stuff, #honeypots, #IDS, etc.), but that was clearly not the case here. Hopefully, her #attorneys will mop the floor with this reckless organization, thereby setting a precedent that makes other #HealthcareProviders think twice about skimping on #cybersecurity.
How is the #DishTV collapse not bigger news? They’ve been dead for almost a month and other than an occasional #Fediverse post amounting to “Huh, I guess Dish is still dead. Wonder why?”
#RansomWare took out one of the largest TV providers in the US and it’s barely a blip.
A calculator just popped on my screen and scared me. Thought I was pwned, but turns out I accidentally hit the "Cal" key on my keyboard which exists for whatever reason. #infosec
New by me at Forbes: The security research supremos over at Project Zero have uncovered no less than 18 zero-days impacting the Samsung Exynos modem chipset. That's bad right? Even worse, four of them, including CVE-2023-24033, enable internat-to-baseband level remote code execution. Silently and with zero user interaction. That's *really* bad.
Even worse, yeah, sorry, these were disclosed to Samsung more than 90 days ago, and no public patch is available yet - hence the Project Zero disclosure now.
Recommendations for affected users awaiting patches (Google Pixel 6 and 7 series were impacted but patched in the March security update) are advised to disable both Wi-Fi calling and VoLTE as a matter of urgency.
Holy shit this looks bad. Zero day wireless code execution vulnerabilities on a boatload of #Samsung and #Google phones... and also *cars* with the Samsung wireless chipset. Good luck getting automakers to patch those quickly.
https://www.theverge.com/2023/3/16/23644013/samsung-exynos-modem-security-issue-project-zero
Just had a reply from a local #InfoSec conference about their #COVID precautions.
"We take everyone’s safety very seriously, and we hope that people will not attend the event if they are feeling unwell. It is up to the individual if they choose to wear a mask. <venue> is following the government guide lines in regards to covid, but we will not be monitoring CO2 levels."
So in other words they're doing bugger all and do not, in fact, take safety seriously at all.