Masthash

#InfoSec

CTI.FYI
4 minutes ago

🚨New ransom group blog post!🚨

Group name: rhysida
Post title: Holding Slovenske elektarne
Info: https://cti.fyi/groups/rhysida.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

Ninja Owl
1 hour ago

GCHQ shrinks amid recruitment and retention challenges https://therecord.media/gchq-workforce-shrinks-isc-report #cybersecurity #infosec #privacy

CTI.FYI
3 hours ago

🚨New ransom group blog post!🚨

Group name: rhysida
Post title: Hse
Info: https://cti.fyi/groups/rhysida.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

Dumb Password Rules
3 hours ago

This dumb password rule is from Lowes.

- Be 8 to 12 characters in length
- Include at least 1 letter and 1 number
- Contain no spaces
- Contain no more than 3 of the same consecutive characters

https://dumbpasswordrules.com/sites/lowes/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

hackNpatch :donor:
3 hours ago

The Rural Tech Fund Golden Ticket #fundraiser is live - opportunities to win #infosec training and support a good cause.

https://ruraltechfund.org/goldenticket/

Ninja Owl
4 hours ago

SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs https://thehackernews.com/2023/12/slam-attack-new-spectre-based.html #cybersecurity #infosec #privacy

RDP Snitch
5 hours ago

2023-12-09 RDP #Honeypot IOCs - 237 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
194.165.17.21 - 42
62.204.41.240 - 12
51.75.160.42 - 12

Top ASNs:
AS48721 - 54
AS396982 - 36
AS208091 - 15

Top Accounts:
hello - 84
Test - 48
Administr - 39

Top ISPs:
Flyservers S.A. - 63
Google LLC - 36
Xhost Internet Solutions LP - 21

Top Clients:
Unknown - 237

Top Software:
Unknown - 237

Top Keyboards:
Unknown - 237

Top IP Classification:
Unknown - 162
hosting - 57
mobile - 15

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/WruZt54t

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch
5 hours ago

2023-12-09 RDP #Honeypot IOCs - 158 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
194.165.17.21 - 28
62.204.41.240 - 8
51.75.160.42 - 8

Top ASNs:
AS48721 - 36
AS396982 - 24
AS208091 - 10

Top Accounts:
hello - 56
Test - 32
Administr - 26

Top ISPs:
Flyservers S.A. - 42
Google LLC - 24
Xhost Internet Solutions LP - 14

Top Clients:
Unknown - 158

Top Software:
Unknown - 158

Top Keyboards:
Unknown - 158

Top IP Classification:
Unknown - 108
hosting - 38
mobile - 10

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/mwv9TQRg

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch
5 hours ago

2023-12-09 RDP #Honeypot IOCs - 79 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
194.165.17.21 - 14
62.204.41.240 - 4
51.75.160.42 - 4

Top ASNs:
AS48721 - 18
AS396982 - 12
AS208091 - 5

Top Accounts:
hello - 28
Test - 16
Administr - 13

Top ISPs:
Flyservers S.A. - 21
Google LLC - 12
Xhost Internet Solutions LP - 7

Top Clients:
Unknown - 79

Top Software:
Unknown - 79

Top Keyboards:
Unknown - 79

Top IP Classification:
Unknown - 54
hosting - 19
mobile - 5

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/EWWwbjpg

#CyberSec #SOC #Blueteam #SecOps #Security

Kiri Bloodrose
6 hours ago

Happy Saturday, guys... We're doing more #AdventOfCyber things on #TryHackMe tonight. Haven't decided what I'm doing on stream afterwards tonight. Maybe #Fortnite or #GTA.

https://twitch.tv/kiribloodrose
https://www.youtube.com/watch?v=UTZu06t3LKc

#Twitch #YouTube #ENVTubers #VTubers #InfoSec #VTuber

Ninja Owl
6 hours ago

Microsoft warns of Cactus ransomware actors using malvertising to infect victims https://therecord.media/cactus-ransomware-actors-using-malvertising-microsoft #cybersecurity #infosec #privacy

Mark Stosberg
6 hours ago

Some push notifications you receive are encrypted and some are not. There’s no clear way for users to know which are which. All the push notifications are relied through servers at Google or Apple, who would have access to any unencrypted content.

Just like how law enforcement can access the metadata in phone records, push notification data can be requested as well.

#security #infosec https://mastodon.social/@arstechnica/111540177701814450

Ninja Owl
6 hours ago

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability https://thehackernews.com/2023/12/wordpress-releases-update-642-to.html #cybersecurity #infosec #privacy

@juliewebgirl watched it last night. As an #infosec professional, it had a lot in it that I've been thinking about. Woke up thinking about it; that kind of movie. Fairly well done.

Matthias Schulze
7 hours ago

Meta defies FBI opposition to encryption, brings E2EE to Facebook, Messenger https://arstechnica.com/?p=1989426&utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #infosec

Jim Jones
7 hours ago

Hanging out in my office catching up on #TryHackMe's #AdventOfCyber2023 while my son is going to the new Studio Ghibly movie on this side of town with some friends.

I can tell that the capture the flag challenges that I have been doing for fun and the exercises from last year's Advent of Cyber have had an effect. I haven't felt lost yet *and*, more importantly, I haven't had to watch a video walk-thru of any of the challenges so far (though I will, if need be).

#InfoSec #CTF

Windows Portable Apps
7 hours ago

We Develop Useful Apps for Windows and Android that Increase the Daily Productivity of many People. (If you love "Simplicity, Functionality and Productivity", then our Apps are a Must for you!) [Android Apps from Amazon Appstore can be installed in Windows 11]
.
Microsoft Store:
https://apps.microsoft.com/search/publisher?name=25%2F8
.
Amazon Appstore:
https://www.amazon.com/s?rh=p_4%3AWindows+Portable+Apps
.
Official Web Page:
https://windowsportableapps.blogspot.com
.
#windows11 #windows10
#Android
#Infosec #netsec #cybersec #CyberSecurity
#Encryption
#passwordmanager

amvinfe
8 hours ago
Zoidberg Rodríguez
8 hours ago

Maybe not really #infosec related, but how and where would I start to find some #osint about a domain / site. Whois has nothing. In particular it’s about this site: https://helopal[.]club
What’s it doing? Collecting data? Who’s behind it? I can’t find ANY company related to this. Read the privacy and terms but still clueless. And how do I convince my 10yr old to not enter here data on every crap site?

Ninja Owl
8 hours ago

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme https://thehackernews.com/2023/12/founder-of-bitzlato-cryptocurrency.html #cybersecurity #infosec #privacy

skry
10 hours ago

So @josephcox digs into a very scary story about a stalker and his fake warrants. The woman is safe.

This is not just about them, sadly. It illustrates the ease with which phone companies can turn their customers into victims by not having any vetting process. I hope there are consequences to this horrible lapse of judgement.

Kudos to subscriber-supported https://www.404media.co, for bringing the tech and #infosec investigative journalism we need.

https://www.404media.co/verizon-gave-phone-data-to-stalker-edrs-search-warrant-pose-as-cop/

Julie Webgirl
10 hours ago

Anyone watch "Leave the World Behind" on Netflix?

Apocalyptic cyberattack film starring Julia Roberts, Ethan Hawke, Mahershala Ali, Kevin Bacon...

...Did you know it was produced by Barack & Michelle Obama?

Am I the only one who finds this interesting?

🤔

#Apocalypse #Prepper #infosec

https://youtu.be/cMVBi_e8o-Y?si=wkDZD78mBc04FJep

Ninja Owl
11 hours ago

Kaneva - 3,901,179 breached accounts #cybersecurity #infosec #privacy

cyberfeed
11 hours ago

Europe Reaches a Deal on the World’s First Comprehensive AI Rules https://cyberfeed.io/article/2ff9fdd0ff5885457533526158ff509f #cybersec #security #infosec #cybersecurity

CTI.FYI
11 hours ago

🚨New ransom group blog post!🚨

Group name: rhysida
Post title: Qatar Racing and Equestrian Club
Info: https://cti.fyi/groups/rhysida.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

shh
12 hours ago

. @bsidessf 2024 is still soliciting submissions to its CFP: https://bsidessf.org/cfp

INFORMATIONAL TRACK (Closes 2024-01-08)
- Presentation, General - 30m regular presentation format
- Presentation, Deep Dive - 45m extended presentation format
- Panels - 45m, 1 facilitator + 3-4 expert panelists
COLLABORATIVE TRACK (Closes 2024-02-05)
- Workshops - 120m interactive teaching session / lab
- Villages - all-day topical dedicated spaces, with hands-on activities
- Birds of a Feather (NEW!) - 45m informal topical roundtable discussion

(Some of you may or may not be aware that I run BSidesSF Program Operations in my spare time. This year Astha returns as Program Chair, running the review committee and curating content for the informational track; Crystal and Aaron returning to oversee and curate villages; and Yash and Julia providing additional operational support. I’m grateful to be working with a fantastic team for the 2024 program).

I encourage you to take part in the conference program for our 2024 event, taking place in beautiful San Francisco at the Metreon on May 4-5!

Our theme this year is "You can't spell dystopia without AI".

We are additionally still looking for sponsors: https://bsidessf.org/sponsors ; if you would like to support on an individual capacity, consider becoming a "Friend of BSidesSF" :). Security B-Sides is a federally recognized 501c3 nonprofit, run entirely by volunteers; your contributions are what allows us to throw such a great event pulling in 2000+ people every year.

Questions? E-mail info@bsidessf.org, program@bsidessf.org, or sponsors@bsidessf.org .

SEE YOU THERE!

(Mirrored from https://www.linkedin.com/posts/shharvey_bsidessf-2024-call-for-participation-activity-7139270619862355968-_dzO )

#bsidessf #bsides #bsidessf2024 #cfp #callforpapers #conference #conference2024 #sanfrancisco #sf #security #privacy #cyber #cybersecurity #infosec #rsac #rsac2024

Ninja Owl
13 hours ago
The Coding Beard
14 hours ago

@ernie I enjoyed using Beeper - but let’s be very clear - it was never more secure - it relies on each Apple user logging in to a remote Mac running in a DC somewhere in Europe (I know this as I received 2FA alerts when I tried to login) giving Beeper access your Apple account.

This means that your entire Apple #account - literally everything that is tied to it - is as secure as whatever practices Beeper implements.

#ios #iosdev #infosec

Cory Doctorow
14 hours ago

There's plenty of ways to do that on a part-time, voluntary basis, but if this kind of thing enflames you enough to make a career out of it, here's a tenure-track job for an #infosec professor at #CitizenLab, fearless slayers of high-tech corporate ogres:

https://jobs.utoronto.ca/job/Toronto-Assistant-Professor-Information-Security-ON/576463017/

36/

Julian
14 hours ago

The Differences Between DNS/Route-Based Email Security and Email Security Via API

https://www.hornetsecurity.com/en/podcast/api-email-security-vs-dns-route-email-security/

#infosec

Aditya Telange
14 hours ago

Firewall Rule Set and Configuration Review
https://youtu.be/7RmHwPrOUG4

#network #security #firewall #infosec

ilyess
15 hours ago

I was shocked witnessing someone logging into their bank on the phone in public recently:
1. Their phone’s big display was at full brightness so everyone around could see what they were doing.
2. They typed their password in, so no password manager. Unsurprisingly the password was weak: 5 lowercase letters and 1 numeric character.
3. They didn’t have any kind of 2FA set up!

How on earth is this still happening?! 🤦

#infosec #security #privacy #2fa #passwordManager

Dumb Password Rules
15 hours ago

This dumb password rule is from Banco Nacional (Costa Rica National Bank).

Between 8 and 16 characters.

Must have 4 numbers and 4 letters.

Must not contain same letter or number in consecutive order.

Can't contain vowel letters neither the letter Ñ.

Password can't be the same as the previous 6 used.

https://dumbpasswordrules.com/sites/banco-nacional-costa-rica-national-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Aida Akl
15 hours ago

#WordPress Patches POP Chain Flaw That Exposed Over 800M+ Websites to Attack #cybersecurity #infosec https://gbhackers.com/wordpress-pop-chain-flaw/

Chris Sanders 🔎 🧠
15 hours ago

Want to win a free seat in ALL my training courses, $500 worth of tech books, a Cliff Stoll signed Klein bottle, and a lot more?

Here's your chance, and all you have to do is donate $20 to charity.

https://ruraltechfund.org/goldenticket/

#DFIR #Infosec #ThreatIntel #Charity #STEM

0xor0ne
20 hours ago

Interesting reading on Tapo TC60 Smart Security Camera reverse engineering and exploitation

https://medium.com/@two06/hacking-a-tapo-tc60-camera-e6ce7ca6cad1

#IoT #embedded #infosec

Alexandre Dulaunoy
21 hours ago

“Nebula Genomics – First to offer consumer anonymous sequencing” when I saw it. I was wondering about it and then I saw the “Protected By” on their website. Ok forget about this.

#privacy #infosec #dna #leak

“Nebula Genomics – First to offer consumer anonymous sequencing“ screenshot showing random stuff to make people comfortable
buffer
1 day ago

Privacy Not Included - car manufacturer Nissan - “They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes.” https://foundation.mozilla.org/en/privacynotincluded/nissan/ #infosec #privacy

FXBG Hackers
1 day ago
Banner
Mark Morowczynski
1 day ago

If you have #EntraID or #Microsoft365 and you have #Apple #macOS in your environment (hint everyone does), the session @_michaelepping, Sean Rabbit from JAMF and I did at their #JNUC conference this year is finally up on YouTube. You can find the session at https://youtu.be/D9-4miD-3pM?si=AU_pCsR-jwaQ8OZr. If you haven't paid attention to this space you really should be. Either your #macOS user experience is probably pretty poor or you have security gaps because you've been excluding them from your policies. It doesn't have to be that way. We'll cover how you can make sure you are following best practices from a security and an end user experience. #Infosec

Lockdownyourlife
1 day ago

You would not believe the things I'm finding on Telegram. Fascinating.

As if I needed another platform to figure out and leverage for all the reasons.

#OSINT #infosec #tech #safety #privacy #security

Aida Akl
2 days ago

From yesterday. But the US HHS is seeking public comments on this (document linked below.) #infosec

HIPAA needs to be updated to stop the current abuse of personal health data. Better late than never.

HHS proposes new #cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare https://therecord.media/hhs-proposes-cyber-requirements-for-hospitals @therecord_media @jgreig

Here is the proposed HHS strategy: https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf

🆘Bill Cole 🇺🇦
2 days ago

@reswob A perennially valid idea…
Aside from the special case of motivated targeted attacks (i.e. YOU specifically are on someone’s attack list for external reasons) the most efficient way to evade harm is to be noticeably different from the predominant “low hanging fruit" of the world. You don't even need to be demonstrably *better* in your responses, just enough to break one step in an unsupervised attack chain.
#InfoSec

Simple Nomad :verified:
2 days ago

Well, well. It's Friday and time for another odd tale of yesteryear. Or yestercentury. An odd tale from #defcon involving a few beers, uninhibited buzzed Feds, the Clintons, and a swimming pool. You might need a tin foil hat for this one...

https://www.markloveless.net/blog/2023/12/8/fun-friday-but-her-emails

#HackerLife #hacker #infosec

I have read about the recent WordPress vulnerability this week https://wordpress.org/news/2023/12/wordpress-6-4-2-maintenance-security-release/ https://socradar.io/latest-alerts-for-wordpress-pop-chain-leading-to-site-takeover-backdoor-distributing-phishing-campaign/
But I have a hard time estimating how trivial it is to exploit, any idea about that? #infosec

Alex Ivanovs
2 days ago

Vulnerability in Microsoft Edge allows code smuggling

Also, Microsoft snuck in a change in their release notes that turns on a feature to share your search history with outside sites by default. You've got to manually turn it off if you don't want it.

https://stackdiary.com/vulnerability-in-microsoft-edge-allows-code-smuggling/

#Microsoft #CVE #Edge #Infosec #cybersecurity #Privacy

skry
2 days ago
Pentagrid AG
2 days ago
grep logic
2 days ago

“Wake up babe! New modem vulns dropped that affect everyone we know.”
https://www.5ghoul.com
#5Ghoul #infosec #memes

Affected Devices
https://docs.google.com/spreadsheets/d/13TQDN0wWWEOaBlj3RJfxoeOM92vqE4B5qihzvGg-qQM/htmlview

Always has been meme. An astronaut pointing a gun at the back of the head of another astronaut who is gazing at earth. 4G text above the astronaut with the gun. 5G text above the astronaut gazing at the Earth
Julie Webgirl
2 days ago

@fuzzface

Both ends are Meta?

#infosec

Anonymous :anarchism: 🏴
2 days ago

🚨 New #Linux Trojan Alert!

Meet "Krasue," a stealthy remote access trojan targeting Thai telecom companies. Krasue relies on a rootkit derived from open-source projects to maintain persistence.

https://thehackernews.com/2023/12/new-stealthy-krasue-linux-trojan.html

#infosec #cybersecurity #hacking

Lockdownyourlife
2 days ago

Some of us decorate differently.

Also trenchcoats never go out of style.

#holidays #ornaments #spy #spying #tech #infosec #safety #privacy

A card with two spies in trench coats. A sticker that says NoFornHub and two ornaments in boxes. One is a squirrel and has 'Secret Squirrel' written on it. The other ornament has two spies making a snowman on it.

@ljrk @lexd0g It's worse because #Passkey brick a lot of workflows and systems as an addon-layer instead of fixing the core problem.
And the core problem is that #ITsec, #OpSec, #ComSec and #InfoSec are just "Afterthoughts" at best for all but the most #TechLiterate.

Using i.e. #PGP encryption and login on everything [and not as a "password replacement"] would be a way better fix.
Just like @torproject does a self-signing namespace on #OnionServices.

Again, not perfect but better than #SSL!

LimaCharlie
2 days ago

Join us live for DEFENDER FRIDAYS tomorrow at 10:30am PT/ 1:30pm ET with special guest @_lennart of @nzyme on detecting DNS exfiltration.

Register now! https://limacharlie.io/defender-fridays

#cybersecurity #infosec

Defender Fridays | LimaCharlie
Lockdownyourlife
2 days ago

Them: What creds do you have to do OSINT?
Me: Absolutely none. I just wander around the internet for funsies.
Them: I meant credentials.
Me: I'm aware.

#infosec #tech #technology #security #safety #privacy #smallbusiness #consultant #OSINT

Anna Wasilewska-Śpioch
3 days ago

The Polish Cyber Command (DKWOC) partnered with Microsoft to take action against a Russian-based nation-state threat actor tracked as Forest Blizzard (also known as APT28 and Fancy Bear)

https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ [ENG]

#infosec #security #APT

I have exciting news. My new O'Reilly book Hacker Culture: A to Z (which is already available in paperback and eBook) will be available in audiobook format on January 9th 2024.

You should be able to preorder the audiobook from audiobooks.com, Google Play, Barnes & Noble, and other retailers about 30 days before publication. Which means very soon.

I will share preorder links very soon. #tech #cybersecurity #infosec #hacking

Hacker Culture: A to Z paperback cover.
Back cover. Text: "O'REILLY

"Few tech books deserve the moniker "page-turner," but Kim Crawley deserves that praise-and more-for Hacker Culture A to Z. Nerds and makers of a certain age will find fun nostalgia on every page, while everyone will discover plenty of new, often overlooked details along the way. Our tech history has such a rich and diverse cast of characters and gadgets. They all spring to life under Crawley's insightful gaze. I'm earnestly hoping for a second volume!"

-Marc Loy, Author of Learning Java, 6th Edition

Hacker Culture A to Z

A FUN GUIDE TO THE PEOPLE, IDEAS, AND GADGETS THAT MADE THE TECH WORLD

Hacker culture can be esoteric, but this entertaining reference is here to help. Written by longtime cybersecurity researcher and writer Kim Crawley, this fun reference introduces you to key people and companies, fundamental ideas, and milestone films, games, and magazines in the annals of hacking. From airgapping to phreaking to zombie malware, grasping the terminology is crucial to understanding hacker culture and history.

If you're just getting started on your hacker journey, you'll find plenty here to guide your learning and help you understand the references and cultural allusions you come across. More experienced hackers will find historical depth, wry humor, and surprising facts about familiar cultural touchstones.

• Understand the relationship between hacker culture and cybersecurity... "
Simple Nomad :verified:
3 days ago

I truly do not understand the trend of mass shootings, in that I don’t understand why the shooters themselves chose this path - especially since it nearly always ends with the shooter being gunned down by law enforcement. Now since most of my followers on this platform are #infosec I am not expecting answers here beyond speculation, but if you are aware of serious psychological studies by reputable sources I’d love to read them.

While a few apps such as Signal, iMessages, WhatsApp, and Threema encrypt the payload of their push notifications end-to-end, many other apps don't encrypt the payload. This includes most email apps and most apps in the social networking and shopping categories.

#Privacy #infoSec #infosecurity

https://www.cnbc.com/2023/12/06/apple-and-google-phone-users-spied-on-through-phone-push-notifications.html

Anna Wasilewska-Śpioch
3 days ago

Jako uzupełnienie dyskusji o hakowaniu pociągów bardzo polecam ostatni wpis na blogu @gynvael

https://gynvael.coldwind.pl/?id=777

Krótko mówiąc, jeśli firmware w poszczególnych pociągach został zrekompilowany (jak sugeruje Newag), to porównując jego kod źródłowy z oryginalnym, zobaczymy wyraźne ślady (artefakty), których nie da się uniknąć ani zatrzeć.

#infosec #cyberbezpieczenstwo

Kushal Das :python: :tor:
3 days ago

In my team we have openings for #developer focused on #offensive / #redteam development. You will help to make the research and education sector better (focused specially for #sweden) with your skills and write all #opensource tools.

https://vr.se/sidfot/arbeta-hos-oss/lediga-jobb.html?rmpage=job&rmjob=441&rmlang=SE #python #sverige #svenska #sunet #infosec

Ask me any question about the position or team and culture.

Please boost for more reach

Gus
3 days ago

Looking at the LogoFAIL white paper and I'm not connecting the "just about every device vulnerable" part of the headlines.

IIUC, vulnerable UEFI firmware has to support loading a custom logo from the EFI system partition. I can't find much vendor support for this?

The only documented method I've found is from HP: https://support.hp.com/au-en/document/c01646879

Do more vendors support this but don't document it?

Other "custom BIOS logo" tutorials I've found involve repacking a firmware image, in which case surely the logo is in the BGRT inside the firmware payload which is verified by Intel Boot Guard / Secure Boot before it's loaded. Isn't it?

#logofail #infosec #uefi

defguard
3 days ago

The most beautiful #Wireguard #VPN Desktop Client has arrived in time for Saint Nicholas' Day!

Check it out and lots of new features in the 0.8 #release of defguard #opensource #enterprise #SSO and #VPN #security platform.

More at: https://github.com/DefGuard/defguard

Full release notes: https://github.com/DefGuard/defguard/releases

#SelfHosting #selfHosted #linux #freebsd #sysadmin #YubiKey #identity #keycloak #infosec #OPNSense #floss #macos #openvpn #homelab

Defguard #wireguard #VPN desktop client for Linux, macOS and Windows
Megan Lynch (she/her)
3 days ago

"Recology’s Davis Recycling Center closed on Nov. 2, and remains shuttered by a cybersecurity breach.”

#DavisCA #Recycling #Infosec

https://www.davisenterprise.com/news/comings-goings-recology-buy-back-program-on-hold/article_549fad78-8fe8-11ee-b905-3f8938a9a6be.html

Mike Sheward
4 days ago

The Blue Team is charged with defending an organization against an array of technical security threats.

The Blue Team Diaries allow the reader to ride along with the Blue Team at Syntatic, a Seattle-based cloud company, who are charged with keeping millions of customer records safe.

Based on the author's real-world experiences, the diaries tell fictionalised versions of responding to actual security incidents. A must-read for anyone interested in computer security or the incident response field.

Read more about the book: https://infosecdiaries.com

#infosec #cybersecurity #DFIR #BlueTeam

Blue Team Diaries book cover
Hans-Cees
4 days ago

@AlexandraB discovered more than 3,800 servers across more than 110 countries exposing the personal information of some 16 million patients. Aplite said they found patient names, genders, addresses and phone numbers, and in some cases Social Security numbers.
#zorg #datalek #infosec #dicom azure

Benjamin Geer
4 days ago

Polish hackers figured out that a train manufacturer had programmed its trains to break down after certain dates, or if they were serviced at another company's workshop.

https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

attn @jon @echo_pbreyer

#trains #RighttoRepairEurope #InfoSec #railway #Poland #Polska

Albert Cardona
4 days ago

Hi #infosec community: any recommended practices for preventing a personal blog webpage from being dominated by crawlers?

The robots.txt seems largely ignored. Crawlers presently consume ~75% of resources according to the access logs.

I don't mind not being listed on any web search engines.

Would a basic auth work? Can one make the basic auth dialog show a message that provides the password hint in it, like "What is my first name?"

#blogging

Chris 👾
4 days ago

⚠️ Just got this e-mail from Blizzard. The Battle.net Authenticator will be DISABLED on January 5, 2024. 2FA will be removed, you can no longer login and your password will be reset automatically. All users must migrate their Battle.net Authenticator to the Battle.net Mobile App.

What could possibly go wrong? 🤯

If you have an active or inactive #WoW #Diablo #CoD or any other #Blizzard account, please check your account security.

More info: https://eu.battle.net/support/en/article/000347144

#gaming #gamingNews #infosec

🌱 Ligniform :donor:​
4 days ago

Time of the day where we play "Is it a misconfiguration or malware"

#CyberSecurity #InfoSec #Malware #or #NotMalware

Håkon O.
4 days ago

Skrev en liten #infosec-bloggpost om personvern og sikkerhetsovervåkning på jobben - litt mer balanse hadde ofte vært bra! https://safecontrols.blog/2023/12/05/can-enterprise-security-respect-privacy/

Avoid the Hack! :donor:
4 days ago

Targeted Ads are a Cybersecurity Risk

As malvertising continues to rise, increasingly delivering #malware and redirecting users to #phishing websites, more and more websites plead with visitors to disable their adblockers. Even Google has responded harshly to adblockers across its platforms...

Should you always disable your adblocker when asked? I don't think you should - targeted ads have shown to be quite the security risk _on top of_ being invasive to your #privacy.

#cybersecurity #security #infosec #avoidthehack #ads #adblocking

https://avoidthehack.com/ads-cybersecurity-risk

Chris Sanders 🔎 🧠
5 days ago

My friends, the come has come once again. This holiday season, I'm giving away a golden ticket that grants free entry into ALL my training courses, a Cliff Stoll signed Klein bottle, and tons of other amazing prizes.

All you have to do to enter is donate $20 to the Rural Tech Fund or our local food bank and forward us the receipt. Every $20 gives you another entry.

You can see the full prize list and contest details here: https://ruraltechfund.org/goldenticket/

#givingback #charity #stem #teched #infosec

Matt Burgess
5 days ago

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

Analysis of more than 117 million censorship records confirms what students and civil rights advocates have long warned: Web filters are preventing kids from finding critical information about their health, identity, and the subjects they’re studying in class.

https://www.wired.com/story/inside-americas-school-internet-censorship-machine/

#news #tech #privacy #infosec

Grant
5 days ago

This is some sort of joke right or am I missing something here? #infosec