Masthash

#InfoSec

Tae'lur Alexis :verified:
6 minutes ago

#100DaysOfHacking Day 1️⃣1️⃣:
Writing a Bash script called ‘Auto-recon.sh’ that performs reconnaissance on a target and incorporates my fave tools like amass, nmap, subfinder, sublist3r, etc to find subdomains, open ports and services, and more. It creates a folder (for ex, “tinder.com_recon”) for the target and stores the results in separate files in it. I’m working on implementing 2 modes - stealth mode using passive recon tools & active mode.

#infosec #cybersecurity

Anonymous :anarchism: 🏴
13 minutes ago

An unknown threat actor has hacked the #Italian luxury automaker #Ferrari SpA and is now demanding a ransom in exchange for certain client contact details.
#cybersecurity #infosec #ransomware
https://cybernews.com/news/ferrari-hit-by-cyber-incident/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet

🎙️ ✨ A new episode has been published on @ITSPmagazine

Show: Audio Signals With @Marcociappelli and @seanmartin 
Episode: A Conversation About Podcasting with The Shared Security Show Podcast Host

Guest: Tom Eston @agent0x0

Podcast format: Video & Audio

Enjoy, share, and subscribe! 😬

📻 👉 https://www.itspmagazine.com/audio-signals

📺 👉 https://youtu.be/xWfTCBhnR54

#cybersecurity #podcasting #podcast #video #tech #technology #infosec #infosecurity

Lockdownyourlife
44 minutes ago

It was him using the same burner phone as his friend to get women, and making multiple dates at the Tropical Smoothie Cafe that did it.

Need a consult? 👀​​https://lockdownyourlife.as.me/strategy

#investigation #safety #privacy #infosec

cyberfeed
49 minutes ago

Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager https://cyberfeed.io/article/d0fb48f4dea4e1ed7e059d34c1fbe76a #cybersec #security #infosec #cybersecurity

Marcus "MajorLinux" Summers
54 minutes ago

Hope those prompts weren't too personal.

ChatGPT bug temporarily exposes AI chat histories to other users https://www.theverge.com/2023/3/21/23649806/chatgpt-chat-histories-bug-exposed-disabled-outage

#ChatGPT #OpenAI #Leaks #UserData #InfoSec #TechNews

A brain made out of circuitry with lines surrounding it in red.
cyberfeed
55 minutes ago
⠠⠵ avuko
58 minutes ago

For the love of the gods of Incident Response and Threat Intel:

#CTI #InfoSec #IncidentResponse

I AM ONCE AGAIN ASKING YOU


TO ADD TIMESTAMPS TO IOCS

(Bernie meme)
Ian Chard
1 hour ago

Just discovered by accident (and prompted by @climagic) that ‘less’ will delete a ~/.lesshst symlinked to /dev/null so it can write its history file. I’m sure there are good reasons behind that behaviour but I find it very unpleasant. #infosec #linux

@bryanbrake Have a look at that list of #infosec events I maintain. Might be useful to you and your student.

https://github.com/xsa/infosec-events

Also, feel free to submit events if you don't see them there :)

BrBr.Prime
1 hour ago

#informationsecurity #cybersecurity

Hello #infosec folks... was in an initial mentor call today and I realized that I'm not sure of what still is happening in the next few months for #Conferences in the Northeast US, specifically in the NYC/NJ area. I have a Uni Student looking for networking opportunities.

🆘Bill Cole 🇺🇦
1 hour ago

Ever have one of those days where every item on the to-do list involves doing work which you know will ultimately disappoint the requester of the work, because they clearly don’t understand their own needs but demand specific deliverables that they think they want but which will absolutely not satisfy them?

#Sysadminnery
#SubberThanSubToot
#IWillGiveYouThatZipFileButYouWillNotLikeIt
#IfYouInsistOnRunningStrangeVBAMacrosTheCleanupIsTimeAndAHalfNotPartOfRoutineSupport
#InfoSec

Gerald @ Simply Cyber :verified:
1 hour ago

Practical Experience is important in getting cybersecurity work, and a home lab is a great option, but how do you do this for a SOC Analyst or cyber defender lab?

@eric_capuano of @recon_infosec spells it out in a blog post. I will show you exactly why this Home SOC lab will give you an incredible advantage in learning practical cybersecurity skills.

https://youtu.be/BBTlKrYU0HQ

#infosec #homelab

CJ
2 hours ago

I think if you’re arguing in favor of user training instead of application control in 2023 you may be missing some fundamental pieces of effective cyber security posture.

#infosec

There must be a use-case for this, but... what??

Today I did my annual validation required to apply for NIH grants. No suprise that there was a forced-password expiration. But it was surprising that the website did not allow me to [PASTE] my new password.

It had to be TYPED into the new password box -- and then re-typed into the password confirmation box.

Of course I simplified the new P/W so I could reliably type it properly two times.

#InfoSec #security #password #UX #NIH

cyberfeed
2 hours ago

Breached hacking forum shuts down, fears it's not 'safe' from FBI https://cyberfeed.io/article/f889af04fafda15f5a44cf9133448ad7 #cybersec #security #infosec #cybersecurity

cyberfeed
2 hours ago

New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War https://cyberfeed.io/article/44beddeaa41f2c62bffab7144ca0ad31 #cybersec #security #infosec #cybersecurity

Sean Riley
2 hours ago

Recommendation needed from #infosec :

Preferred password manager for Android/Chrome?

Thanks in advance ! 🌴​🌞​🌴​
#security #questions #boostme

Steve Anderson
2 hours ago

Just wasted 35 mins debating, of all things, record retention policy with Compliance who clearly didn’t understand the technology and therefore made an incorrect interpretation. Who keeps AD groups disabled for 3 years when the policy states we retain the access and authentication logs.

#infosec

Eddie.
3 hours ago

If I've learned anything from this purple team exercise, it's good to rotate testing vendors. You learn more about crafting rules to scenarios when differing teams use the same tools in different ways - in essence showing their TTPs.

I learned a lot from the first external team purple team. I've learned far more from having done it a second time. I've had to better tune and refine my rules to better balance signal//noise ratios. And start teaching my team my logic flows.

I love this part of my job.

#infosec #blueteam

Taggart: ~# :idle:
3 hours ago

My favorite new #ThreatIntel trick is to visit https://ransomware.live/ daily and monitor the recent postings for changes in group targeting behavior.

#InfoSec #CyberSecurity

cyberfeed
3 hours ago

Coinbase Wallet 'Red Pill' flaw allowed attacks to evade detection https://cyberfeed.io/article/21386374a75125a0bb263c5cea4b6294 #cybersec #security #infosec #cybersecurity

Dumb Password Rules
3 hours ago

This dumb password rule is from Easyjet.

No more than 20 characters, use any symbols you like... Oh except #, &, +, or space of course.

https://dumbpasswordrules.com/sites/easyjet/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

cyberfeed
4 hours ago

Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products https://cyberfeed.io/article/b2f5979b5d2fbfc0df9f22510a6bd81b #cybersec #security #infosec #cybersecurity

cyberfeed
4 hours ago

Google Pixel Vulnerability Allows Recovery of Cropped Screenshots https://cyberfeed.io/article/56e9947624df116ad663223d3b2067e8 #cybersec #security #infosec #cybersecurity

cyberfeed
4 hours ago
cyberfeed
4 hours ago

News Analysis: UK Commits $3 Billion to Support National Quantum Strategy https://cyberfeed.io/article/43839a2ffe0941cf877a1dcf2f67e575 #cybersec #security #infosec #cybersecurity

cyberfeed
4 hours ago

Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant https://cyberfeed.io/article/6b9f8f934dfe284f1bbc7fff1ce18577 #cybersec #security #infosec #cybersecurity

0xor0ne
4 hours ago

Here are a few blog posts on Bluetooth devices reverse engineering:

How I Reverse Engineered and Exploited a Smart Massager
https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33

Reverse Engineering a Smart Band — Bluetooth-LE RE
https://medium.com/@arunmag/my-journey-towards-reverse-engineering-a-smart-band-bluetooth-le-re-d1dea00e4de2

I hacked MiBand 3, and here is how I did it
https://medium.com/@yogeshojha/i-hacked-xiaomi-miband-3-and-here-is-how-i-did-it-43d68c272391

Hacking Smart Locks with Bluetooth / BLE
https://getkisi.com/blog/smart-locks-hacked-bluetooth-ble

#iot #embedded #infosec

#infosec #SMB

The NCSC has launched two new tools for small businesses which can be used by non technical staff to find and fix a small range of security issues in their organizations along with a "Cyber Action Plan" a questionnaire for small organizations and individuals which delivers a free, personalized security to-do list. 👇🏾

https://checkcybersecurity.service.ncsc.gov.uk/

Check your cyber security
This free government service for UK organisations performs a range of simple online checks to identify common vulnerabilities in your public-facing IT.
All checks are remote, without the need to install software and uses the same kind of publicly available information as cyber criminals use to find easy targets.
KubikPixel™
4 hours ago

When I say, don't trust any USB device for security reasons, that you don't know or is sent to you. I didn't mean anything like that, although this is more dangerous for your life.

💣 https://www.bbc.com/news/world-latin-america-65026522

--
#usb #security #itsecurity #infosec #devices #bomb #media #journalist #Ecuador #letter #letterbomb

Konstantin :C_H:
5 hours ago

Bypass #HSTS protection with HTTP header injection! 🤩

Curious how it works?

I've just published a simple lab to simulate the attack on GitHub.

Here is a walkthrough so you can learn all about the attack. 🧵

#InfoSec #CyberSecurity #BugBounty #Pentesting

Anonymous :anarchism: 🏴
6 hours ago

💸 Over $1.6 million in #cryptocurrency stolen from hot wallets due to a zero-day security flaw in General Bytes' ATM software.

https://thehackernews.com/2023/03/hackers-steal-over-16-million-in-crypto.html

#infosec #hacking #malware

Anonymous :anarchism: 🏴
6 hours ago

55 zero-day vulnerabilities exploited in 2022, with #Microsoft, #Google, and #Apple software the most targeted!

Though lower than 81 in 2021, still a significant uptick in recent years.

https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html

#infosec #cybersecurity #hacking

Anonymous :anarchism: 🏴
6 hours ago

NIST CSF is a powerful tool for SMEs, but it has its limitations.

🔐 Discover how the Cyber Defense Matrix can fill the gaps and secure your business! #InfoSec

Download the guide:

https://thehackernews.com/2023/03/the-best-defense-against-cyber-threats.html

Anonymous :anarchism: 🏴
6 hours ago

Data breaches can happen anywhere in your supply chain. Lab 1's platform monitors and alerts you about breaches across your entire network, helping you build a more robust system.

https://thehackernews.com/2023/03/new-cyber-platform-lab-1-decodes-dark.html

Don't let hidden Dark Web secrets impact your business. #InfoSec

cyberfeed
6 hours ago

#Ferrari breached and asked for ransom 🏎️

#cybersecurity #infosec #ransomware

(Copy of communication via @troyhunt)

Email communication from Ferrari to their clients informing them of the breach and client data exposed.
Topher 🌱🐧
14 hours ago

For typical use, do you generally run your web browser with JavaScript JIT compilation enabled, disabled, or with JavaScript disabled altogether?

#browser #security #infosec

“There are legitimate data privacy concerns about all social media platforms, including but not limited TikTok. They all harvest and monetize our personal data and incentivize other online businesses to do the same. The result is that detailed information about us is widely available to purchasers, thieves, and government subpoenas.”

#data
#privacy
#InfoSec

From: @eff
https://mastodon.social/@eff/110056911437828541

Eric Capuano
15 hours ago

I'm on a roll today! Hot new blog post providing a hands-on guide for using Hayabusa to find threats in Windows Event Logs.

Thanks so much to Zach Mathis from @YamatoSecurity for making this tool free and awesome.

https://blog.ecapuano.com/p/find-threats-in-event-logs-with-hayabusa?sd=pf

#infosec #threathunting #dfir

Zate 🦘🇦🇺
17 hours ago

So when you are doing threat modelling, if you only have a very limited understanding of who your adversaries are, and what their capabilities are, then you are only going to generate a pretty limited threat model. This leads to only understanding and implementing a limited set of mitigations and often overlooking some potential problem spaces.

Also, as people change, data changes, attackers change, your business changes and your product changes, then the potential type and impact of attacks is certainly going to change. So it pays to revisit and update threat models pretty regularly to ensure they are current and you have enumerated and mitigated the right risks.

#infosec #threatmodel

InfoSecSherpa
18 hours ago

*** PAID #INFOSEC #INTERNSHIP ***

Security Intern on site in San Francisco with r2c.

https://jobs.lever.co/returntocorp/6b365b9d-e0c6-43e6-94f6-043a557ba66b

Taggart: ~# :idle:
20 hours ago

Blue teamers, if you want to appear like a wild-eyed sorcerer, learn your Windows Event IDs. Having those near to hand is basically a superpower.

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

#InfoSec #CyberSecurity

Tae'lur Alexis :verified:
21 hours ago

#100DaysOfHacking Day 10:
✅ My new book came in, don’t judge me lol 😂 Hacking APIs teaches you how to break and secure both REST & GraphQL APIs. As a web developer this will be keyyy. I won’t start til next month

✅ Completed a few labs on SSRF & SQLi on Portswigger

✅ I’ve been working on finding vulnerabilities on vulnerable web apps like Damn Vulnerable Web App and learning how to write a proper pentest report! :-)

#infosec #linux #python #cybersecurity

serious business :donor:
23 hours ago

#infosec fam- can anyone recommend a personal cyber hygiene checklist?

Looking for something succinct, actionable, intended for laypersons (not tech professionals).

Password practices, setting phone lock screens, that sort of thing

#cybersecurity

Why aren’t there enough #WomenInCybersecurity? The answer may lie not in the depth of 2D statistics but in the real-life narratives of the women in the sector that have trodden the path. @eleanordallaway gets to the heart of the gender gap by telling those stories, uncut, uncensored and, at times, unbelievable…

#cybersecurity #infosec #careers

https://assured.co.uk/2023/women-in-cyber-stories-uncut-uncensored-and-unbelievable/

⬆️ Oh. And recommended reading this week is @adamshostack's famous #ThreatModeling book 📚

If you don't have it yet, grab a copy.

#bookstodon #books #infosec #appsec

#infosec #ransomware

Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm 👇🏾

"Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution"

https://www.securityweek.com/hitachi-energy-blames-data-breach-on-zero-day-as-ransomware-gang-threatens-firm/

The vulnerability exploited in the attack is CVE-
2023-0669, a remote code execution flaw whose existence was disclosed by Fortra on February 1, after attacks exploiting it were detected. A patch was released a week later.
Exploitation of CVE-2023-0669 has been linked to the ClOp ransomware group, which claimed to have used the zero-day to breach more than 130 organizations. It appears that the hackers leveraged the security hole to gain access to data stored on servers associated with the Fortra product.
CrowdSec
1 day ago

💡Learn how to subscribe to the new IP external #blocklists on the #CrowdSec Console in a snap of a finger!

👉 https://youtu.be/xvwS6JaVEXk

#infosec #cybersecurity #CyberSec

Tae'lur Alexis :verified:
1 day ago

Server side validation is critical for a web app. Not an option lol! It helps prevent SQL injections, XSS, Local File Inclusion and my fave, server side request forgery ♡ #infosec

Simple Nomad :verified:
1 day ago

Interesting story by @briankrebs, personally I figure I might be preaching to the #infosec choir, but I do encourage you to always plow through the various settings deep in your account info for your various providers and opt out of anything and everything you can.

https://krebsonsecurity.com/2023/03/why-you-should-opt-out-of-sharing-data-with-your-mobile-provider/

Josh Braun
1 day ago

A friendly reminder that Dr. Aynne Kokas's book talk on "Trafficking Data" is TODAY at 11am Eastern. Please join us via Zoom (or in person if you happen to be at UMass).

It's worth mentioning that Dr. Kokas's work extensively explores and contextualizes the debate around the proposed TikTok ban that has been in the news for the past week, and so may be of particular interest to students.

Event details / free Zoom registration: https://www.umass.edu/journalism/trafficking-data-how-china-winning-battle-digital-sovereignty

@communicationscholars #commodon #infosec

Promotional image for an upcoming book talk by Aynne Kokas, who will be speaking on March 20th at 11am EST about her book "Trafficking Data: How China Is Winning the Battle for Digital Sovereignty" (Oxford University Press, 2022). The event will be available over Zoom. The poster includes a photo of the author leaning against a brick wall and the cover of the book, which features the title and author's byline, superimposed over maps of the U.S. and China, stylized to resemble circuit boards. The poster text reads:

Join us for a book talk with Aynne Kokas

March 20, 2023
11 a.m. – 12:15 p.m.

In the Communication Hub (3rd Floor of the ILC)

UMass Amherst College of Social & Behavioral Sciences | Journalism

Co-sponsored by the College of Social and Behavioral Sciences, the Department of Communication, the School of Public Policy, the Public Interest Technology Initiative, and the Public Engagement Project

Dish Network stated it reinstated the ability customers of its Boost Mobile brand to access account information as it provided an update on its bid to recover from a cyberattack in February.

#cybersecurity #infosec #ransomware #DishNetwork

https://www.mobileworldlive.com/featured-content/top-three/dish-network-updates-on-ransomware-attack/

The Taggart Institute
1 day ago

So Kali Purple's got you bewildered? A handful of screenshots isn't sufficient guidance? What if I told you there were a resource of literally hours of video demonstrating how to set up such a lab?

We got you, fam: https://www.youtube.com/watch?v=zFkfysBBk_A&list=PLlfDtLAF5S2TxsYLKCNppHaHYMPafzfiu

#InfoSec #CyberSecurity #HomeLab

infosystir
1 day ago

Looking to be a super busy spring!!

Catch Mental Health Hackers at
@bsidesnash
@HackSpaceCon
@BSidesCharm

And hopefully two more!!

Currently looking for amazing people to fill our MHH Ambassador roles and help at conferences :D

#infosec #MentalHealthAwareness

I wrote a post about #WordPress disaster/breach recovery, what code injections are, as well as the tools and methods that I use to get breached websites back in the air, what to look for and how to close the report.

https://aldavigdis.dev/2023/03/20/wordpress-code-injections-and-my-emergency-recovery-toolbox/

#WP #InfoSec #Security #Privacy

Julian Oliver
1 day ago

This one, dubbed 'aCropalypse', is also a bit heinous. Screenshots cropped on Pixel phones using the de facto tool store the cropped part within the image itself, and this omitted part can later be un-cropped/recovered. The result is countless screenshots out in the wild with potentially sensitive info not intended to be shared.

Easy read version:

https://www.techtimes.com/articles/289229/20230319/google-pixel-acropalypse-exploit-s-markup-tool-uncrop-photos-reveal.htm

And an excellent technical writeup for fellow #infosec peeps:

https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

Rob Thomas
1 day ago

If you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days.

You may not reuse any of the most recent 12 faces.

For those using Fingerprint recognition, please note that the same restrictions apply. You should ensure you wear easily removable shoes so you can use your toes after you have exhausted your available fingers.

If you have misplaced your hands, face, or feet, please contact Support for information on Cryptographically secure prostheses. #Infosec (originally by @maxleibman )

Julian Oliver
1 day ago

Google's Project Zero (day) found 18 baseband vulns implicating Exynos modems used in many phones such that an attacker solely needs the victim’s phone number to compromise the handset without awareness of its owner. Phones affected include Vivo, Pixel and multiple Galaxy models. A couple of devices and vehicles using the T5123 chipset are under the heatlamp too. Short term fix is to disable WiFi calling. Patch forthcoming.

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html?m=1
#infosec

Tae'lur Alexis :verified:
2 days ago

#100DaysOfHacking Day 9:
Exploring OWASP ZAP to pentest Juice Shop but first, can we get into how pretty Kali Linux purple distro is lol 💀. First impression of ZAP is how interesting the vulnerability scanner is and the spider feature. And of course I love how it’s open source 💜
#infosec #kalilinux #cybersecurity

A video of Kali Linux’s new desktop wallpaper!
Thomas Roccia :verified:
2 days ago

New EDR/AV evasion technique added to the #UnprotectProject by @Praetorian_GRD "Unloading Module Using FreeLibrary". Check out the detailed description, code snippet and CAPA rule👇 #cybersecurity #malware #infosec

https://unprotect.it/technique/unloading-module-with-freelibrary/

Claudius Link
2 days ago

#PancakesCon is very interesting and entertaining.
The mix of an #InfoSec topic and different (personal) topic lets you learn about stuff you weren't even aware of 🙂 .
Not sure if I manage to stay to the end (it's getting late here)

Thanks @hacks4pancakes

Absolutely loving #PancakesCon. Plenty of great #InfoSec presentations left today if you want to join
https://pancakescon.com/2023-conference-information/

Dan Summers
2 days ago

Today, I am spending some time at @pancakescon - a pop-up virtual hacker / infosec convention on Chicago time. Just started and running for the next ~10 hours. Come join us! #infosec #hacking

LocalAreaKnitwork 🧶
2 days ago

I love my new cards ❤️ I'll have to make stickers too!

#infosec #netsec

Bex Markwick
2 days ago

I'm speaking at @pancakescon 4 today!
Tune in to hear me chat about why phishing sims are bad and what I think about when designing and knitting things!
#PancakesCon4 #securityawareness #infosec #knitting @knitting

cyberfeed
3 days ago

Microsoft is testing a built-in crypto wallet in Microsoft Edge https://cyberfeed.io/article/e2ef8ce3d6f91ed6e22a0b1202907500 #cybersec #security #infosec #cybersecurity

Tae'lur Alexis :verified:
3 days ago

#100DaysOfHacking Day 7-8:
I took it mad easy today :-p

I learned Hydra for brute force password attacks- really because im obsessed with performing them. I’m currently doing some nmap rooms rn since that’s the tool I’ve been using dang near every day

Btw I stole this book from my friend ayee 🤸🏽‍♀️#infosec #learning #hacking

Tom Costello
3 days ago

About 24h left before my @pancakescon talk! Feeling good on the presentation and using show & tell props

Trust me, you’ll want to watch https://pancakescon.com/2023-conference-information/ track 2 3/19 5:15-6pm Central time just for the prop sections alone 😂 Plus you’ll learn about #FT8 and #GCP too!

Bonus points to anyone who can identify all 4 #hamradio props + the musical instrument in the photo prop :)

#pancakescon #infosec #amateurradio #homelab

dual-screen presentation practice with some ham radios and a picture of 9 year old version of author

Google: use our Pixel devices, we make sure they are secure and amazing!

Also Google:

- "for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating."
https://mstdn.social/@delroth@delroth.net/110043776992285210

- internet-to-baseband remote code execution 0day, unfixed for 90 days now, affects Google Pixel 6 and 7 series
https://www.forbes.com/sites/daveywinder/2023/03/17/new-samsung-0-click-security-threat-alert-disable-wi-fi-calling-now/?sh=6f90dede4940

#InfoSec #Google

@delroth /cc #InfoSec ☝️ ☝️ ☝️

James Bartlett :terminal:
4 days ago

@patrickcmiller
As she should. Any organization that stores such #SensitiveData should have #infosec on the same level as the #BigBanks (hardware token #MFA on every login, #DualControl on the most sensitive stuff, #honeypots, #IDS, etc.), but that was clearly not the case here. Hopefully, her #attorneys will mop the floor with this reckless organization, thereby setting a precedent that makes other #HealthcareProviders think twice about skimping on #cybersecurity.

🆘Bill Cole 🇺🇦
4 days ago

How is the #DishTV collapse not bigger news? They’ve been dead for almost a month and other than an occasional #Fediverse post amounting to “Huh, I guess Dish is still dead. Wonder why?”

#RansomWare took out one of the largest TV providers in the US and it’s barely a blip.

#infosec

jomo
4 days ago

A calculator just popped on my screen and scared me. Thought I was pwned, but turns out I accidentally hit the "Cal" key on my keyboard which exists for whatever reason. #infosec

New by me at Forbes: The security research supremos over at Project Zero have uncovered no less than 18 zero-days impacting the Samsung Exynos modem chipset. That's bad right? Even worse, four of them, including CVE-2023-24033, enable internat-to-baseband level remote code execution. Silently and with zero user interaction. That's *really* bad.

Even worse, yeah, sorry, these were disclosed to Samsung more than 90 days ago, and no public patch is available yet - hence the Project Zero disclosure now.

Recommendations for affected users awaiting patches (Google Pixel 6 and 7 series were impacted but patched in the March security update) are advised to disable both Wi-Fi calling and VoLTE as a matter of urgency.

#infosec #samsung #google #projectzero #zeroday #tech #news

https://www.forbes.com/sites/daveywinder/2023/03/17/new-samsung-0-click-security-threat-alert-disable-wi-fi-calling-now/

Aaron Weiss
5 days ago

Holy shit this looks bad. Zero day wireless code execution vulnerabilities on a boatload of #Samsung and #Google phones... and also *cars* with the Samsung wireless chipset. Good luck getting automakers to patch those quickly.

https://www.theverge.com/2023/3/16/23644013/samsung-exynos-modem-security-issue-project-zero

#infosec #security #zeroday

Honorary Seagull
5 days ago

Just had a reply from a local #InfoSec conference about their #COVID precautions.

"We take everyone’s safety very seriously, and we hope that people will not attend the event if they are feeling unwell. It is up to the individual if they choose to wear a mask. <venue> is following the government guide lines in regards to covid, but we will not be monitoring CO2 levels."

So in other words they're doing bugger all and do not, in fact, take safety seriously at all.

#CovidIsNotOver