59 minutes ago

"La sicurezza del Made in Italy", dopo il successo a Torino, iscrizioni aperte per la tappa di Firenze
Dopo il positivo esordio de "La sicurezza del Made in Italy", la nuova iniziativa itinerante di Assosicurezza accolta con grande...
#Assosicurezza #LasicurezzadelMadeinItaly #cybersecurity

Dumb Password Rules
2 hours ago

This dumb password rule is from E-learning (Unipd).

Exactly 8 characters for password! There must be at least 1 lowercase
letter, at least 1 uppercase letter, at least 1 number and at least 1
*special* char ( \* , . $ # @ etc...).

#password #passwords #infosec #cybersecurity #dumbpasswordrules

3 hours ago
Tom Uren
3 hours ago

This week's Seriously Risky Business:
- Air Force. Navy. Army. Cyber Force?
- Biden Spyware EO formalises Status Quo
- The UK's health sector cyber security strategy

Thanks to for his thoughts

Read and subscribe here:

#cybersecurity #policy #seriouslyriskybusiness

Michal Bryxí
4 hours ago

One of the billion reasons why we can't have nice things in #cybersecurity:
- Correct password
- Correct SMS verification (not 2fa)
- Did not use "previously used device" nor "known WiFi"
Therefore: We can't sign you in. Awesome. Awesome to the max Google...

Google couldn't verify that this account belongs to you
Couldn't verify that it was you. You will have to use previously used device or previously used WiFi.
4 hours ago
Bob Young :verified:
5 hours ago

Excuses for not applying patches and updates…

EXCUSE 1: “Patches may break our production network, and we can’t afford the downtime.”
MY REPLY: If you can’t afford downtime, then you can’t afford not to have redundant systems and reversion procedures in place.

EXCUSE 2: “We can’t afford the staff it would take to do all the updates.”
MY REPLY: You are understaffed. And BTW, this is a great entry-level area for developing your in-house cybersecurity team. You need one experienced cybersecurity infrastructure/systems manager to run the patch and update team.

EXCUSE 3: “We ARE patching, but with our change management process and verification process, we’re always at least six months behind.”
MY REPLY: Your change management and verification processes are broken. Very. Badly. Broken.

EXCUSE 4: “We patch the critical systems, but not the other systems connected to the same network.”
MY REPLY: The cybercriminal needs any foothold in the network. Next comes lateral movement. If it’s connected, it needs to be protected.

EXCUSE 5: “Our cloud services providers are handling all the updates.”
MY REPLY: And you trust them? You’re not verifying this? And you haven’t spun up any VMs that you’re responsible for updating?

#CallMeIfYouNeedMe #fifonetworks
#cybersecurity #patches #updates #changemanagement #grc

5 hours ago

📧 Supercharge your email campaigns with #MailingProxy! 🚀📨
Boost deliverability, security, and privacy for a seamless email marketing experience. Reach your audience like never before! 🎯


#proxysocks5 #internetprivacy #cybersecurity #emailmarketing #onlinefreedom #webanonymity #mailingproxy

Get started today! 💌🛒

5 hours ago 📚
6 hours ago

#Cybersecurity #researchers have discovered a fundamental #security flaw in the design of the IEEE 802.11 #WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.

6 hours ago

oh, and and @mttaggart for the kind words of encouragement... both excellent #smallstreamers for learning Infrastructure, #cybersecurity, and #education

Alexandra :vinyl:
6 hours ago

So people can say that the Wifi vulnerability don't touch #unify #ubiquity device
#security #cybersecurity #cyberdefence #wifi

Ui-Marcus Team ubiquiti say in their forum :
UniFi Is not affected due to proprietary method used for Client Isolation
rodtrent :verified:
6 hours ago

Why De-privileging?

This post starts a series explaining why we at Microsoft Security Services for Incident Response recommend some of our favorite protections. Our first post in the series talks about identity hygiene.

#Cybersecurity #MicrosoftSecurity #Security

signalblur 📡🛸:verified:
6 hours ago

Holy damn this is wild

“I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office365 accounts.

How did I do it? Well, it all started with a simple click in Azure… 👀

This is the story of #BingBang

#Microsoft #Azure #Bing #OpenAI #InformationSecurity #Cyber #Cloud #InfoSec #CyberSecurity #ThreatIntel

Super Troopers Wow GIF
6 hours ago

📢 #Google’s Threat Analysis Group (TAG) has uncovered "highly-targeted" mobile spyware campaigns using #0day exploits to deploy spyware against iOS and Android devices.


#Security #Spyware #iOS #Android #Cybersecurity

6 hours ago

Cybersecurity firms warn of 3CX desktop app supply chain attack #cybersec #security #infosec #cybersecurity

Taz Wake
7 hours ago

UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....

I have no words.

Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.

But even so, this is terrible.

Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.

And, yes, you will absolutely find a lot of exceptions to that. Well done.

But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.

It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.

But this is a significant problem. It really is.

If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.

For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.

I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.

Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.

That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.

Back to being a bluffer.

The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.

I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.

Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...

I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security

Job advert for Head of Cyber Security at HM Treasury, offering a salary of £50,500 - £57,500 per year.
Simple Cyber Defense
7 hours ago

Carl B. Wade (@SimCyberDefense) talks about the misconceptions surrounding #cybersecurity , the growing integration of #iot devices, and the resulting increase in threat vectors.

Listen and Watch it here:
Anchor -
YouTube -

Miguel Afonso Caetano
7 hours ago

#CyberSecurity #Spyware #Android #UAE: "In November 2022, Google revealed the existence of a then-unknown spyware vendor called Variston. Now, Google researchers say they have seen hackers use Variston’s tools in the United Arab Emirates.

In a report published on Wednesday, Google’s Threat Analysis Group (TAG) said it discovered hackers targeting people in the UAE who used Samsung’s native Android browser, which is a customized version of Chromium. The hackers used a set of vulnerabilities chained together and delivered via one-time web links sent to the targets by text message. Of the four vulnerabilities in the chain, two were zero-days at the time of the attack, meaning they had not been reported to the software maker and were unknown at that point, according to the new blog post by TAG."

8 hours ago

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App #cybersec #security #infosec #cybersecurity

Christopher Parsons
8 hours ago

ChatGPT and LLMs: what's the risk?

This is a good and high-level assessment of what #ChatGPT (and #LLMs more broadly) is and isn’t good for from the UK’s National Cyber Security Centre. Recommended if you want something short to cut through the hype that is pervading too many #cybersecurity conversations these days.

8 hours ago

@bleuenzian Ein 8stelliges Passwort dauert 39min zu hacken, ein 12stelliges 3000 Jahre, hab ich iwo gelesen 🔒
#itsicherheit #cybersecurity

The Real Stem Sadie :verified:
9 hours ago

🎉 This Tuesday, April 4th 2023 🎉

I’ll be speaking at the upcoming SANS #NeurodiversitySummit! The agenda is loaded with content developed by and for ND cybersecurity professionals, but will also be valuable to anyone who manages, reports to, works with, or just wants to support ND colleagues and friends.

Whether you can attend virtually or in-person during the SANS 2023 Orlando event, I really hope you can make it!

Register for Free:

-------------------HASHTAGS BELOW-------------------
#sansinstitute #neurodivergent #cyber #cybersecurity #neurodivergence #freeconference #freesummit #CyberSummit #cyberconference #NeurodiversitySummit #conference #summit #cybersec

5 circles featuring the faces of the panelists for the event listed in detail below. The first image circle is of a panelist who is a white, bald male with a large friendly smile and dark framed glasses - Rob Lee from SANS. The second image circle is of a panelist who is a white male with wiry rimmed glasses, salt-and-pepper hair and beard - Mick Douglas from SANS. The third image circle is of a panelist who is a white female with auburn hair - Sadie Gauthier from SANS. The forth image circle is of a white, bald male with a big smile, no glasses - Jason Nickola from SANS. The fifth and final image circle is of a white male with brown hair in a suit and tie - Adam Kosloski from GIAC.

The rest of the image is text for the SANS Neurodiversity in Cybersecurity Summit 2023 which is a free summit live online on Tuesday April 4. The Panel is titled "Higher Ed: Navigating Continuing Education & Industry Certifications".
Anonymous :anarchism: 🏴
9 hours ago

Beware of 🦠 Trojanized TOR installers targeting Russia & Eastern Europe with clipper #malware designed to steal cryptocurrencies.

#cybersecurity #privacy #technews #cryptocurency

Anonymous :anarchism: 🏴
9 hours ago

#Microsoft unveils Security Copilot in preview! Powered by #OpenAI's GPT-4, it offers end-to-end defense 🔒 at machine speed and scale.

#Microsoft #SecurityCopilot #InfoSec #GPT4 #Cybersecurity

Anonymous :anarchism: 🏴
9 hours ago

New Chinese-linked #malware, Mélofée, threatens #Linux servers!

Uncovered by ExaTrack, it enables remote control over servers and hides itself using kernel-mode rootkits.

#infosec #cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
9 hours ago

#Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on #Android & iOS devices last year.

These highly targeted campaigns put dissidents, journalists, & human rights workers at risk.

#infosec #cybersecurity

10 hours ago
rodtrent :verified:
10 hours ago

Once you have the MDTI Connector and Solution working, this will show the TI only from the MDTI connector

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #MicrosoftDefender #MDTI #MustLearnKQL #KQL

10 hours ago

macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs #cybersec #security #infosec #cybersecurity

10 hours ago

SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool #cybersec #security #infosec #cybersecurity

10 hours ago

🔮 Cybersecurity Threats for 2030

If "prevention is better than cure", then what are the top #cybersecurity threats to emerge by 2030 and the probable actors, methods and impact.

The full #ENISA Foresight report is now available:!WPxQN6


11 hours ago

"@Splunk releases #security & #observability platform to help build secure #digital #enterprise" via @ITOpsTimes

Interesting to see $SPLK conflate #cybersecurity w/ #DevOps tech in one PR.

#DevSecOps anyone? Can they (finally) break Conway's Law?


rodtrent :verified:
11 hours ago

Having trouble getting MDTI Solution working? Here's a step-by-step process of how to install the solution and then enable the MDTI data connector

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security

Aida Akl
11 hours ago

If you recall this incident, it's not that it wasn't expected. It's that the #ChatGPT hype has been more robust than the security around it. #cybersecurity #opensource

The breach was "caused by a bug in an open source library."

#OpenAI has confirmed a ChatGPT data breach @SecurityWeek @ekovacs

Ellen Timmer
11 hours ago


Tja, voor #cybersecurity moet je niet bij de @EU_Commission zijn (toch? @bert_hubert )

rodtrent :verified:
11 hours ago

Multi-cloud Cyberattack Response | How Microsoft's SIEM & XDR work together

#MicrosoftSentinel #MicrosoftDefender #Cybersecurity #MicrosoftSecurity #Security

rodtrent :verified:
11 hours ago

Get Ahead of Cyberattacks with Microsoft Defender Threat Intelligence

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

rodtrent :verified:
11 hours ago

What's New: Intel Profiles Deliver Crucial Information, Context About Threats

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

rodtrent :verified:
11 hours ago

Microsoft Sentinel — Azure OpenAI Incident Response Playbook

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #OpenAI #AI

12 hours ago

This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet

Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

#cybersecurity #podcast #stuxnet

Taggart: ~# :idle:
12 hours ago

Okay #BlueTeam, here's your weekly tip: never forget to check global prevalence!

Once you find something weird on one endpoint, or from one source, widen your lens to see how common it is across your entire environment. What may seem odd when zoomed in may become part of your baseline with wider perspective.

Or it doesn't, in which case you have further evidence that you found a live one.

#InfoSec #CyberSecurity

Lenny Zeltser
14 hours ago
rodtrent :verified:
15 hours ago

Stream Google Cloud Platform logs into Microsoft Sentinel

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security

Daniel Bretschneider
15 hours ago

Neuer NSA-Leitfaden für sichere Heimnetzwerke zusammengefasst von

#infosec #cybersecurity #homeoffice

📬 The third opus of my series on "A Jump into a Cybersecurity Career" hit your mailbox earlier today!

#cybersecurity #infosec #jobs #career #mentoring

Rest assured, you can also check it below 👇

Craig Newmark
17 hours ago

The Cybersecurity 202: Inside North Korean hackers’ unusual money laundering technique
Via @timstarks @ddimolfetta
#CyberCivilDefense #cybersecurity

rodtrent :verified:
18 hours ago

Azure OpenAI Sentinel Use Cases - Incident Enrichment with AI-generated KQL queries

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security

JM ☠️
18 hours ago

“fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.”
#network #security #wifi #wireless #infosec #cybersecurity

Tarah Wheeler :donor:
18 hours ago

We at Red Queen Dynamics have an opening for a #Django/#Python web application #developer (full time, contract, 100% #remote/flexible, emphasis on front end and SaaS applications). Reports directly to me, and you get to work with a great and fun team! Either respond to the JD as requested in the URL or email me at with the 18th and 34th post-decimal digits of #pi as the first two characters in the subject line and I'll review your resume/#Github first 😉

#infosec #infosecjobs #cybersecurity #hiring

While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector.

#data #privacy #cybersecurity #infosec

Alexandra :vinyl:
1 day ago

There is a flaw in Wifi protocol, some hardware are vulnerable, disable power save feature on AP (if you can) and use WPA3 (if you can) to reduce the possibility of being taken.

source :

#security #cybersecurity #cyberdefence #wifi #wpa3 #powersave

rodtrent :verified:
1 day ago

Get Ahead of Attacks | Microsoft Defender Threat Intelligence

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

Taggart: ~# :idle:
1 day ago

Finally getting a chance to test my hypothesis that Twine makes an amazing TTX platform.

#InfoSec #CyberSecurity

Graph of Twine interactive story components. The tree includes:

SOC Alert
Network Investigation
The alert is a False Positive
Endpoint Investigation
System Services
Process Executions
Network Connections
The SOC Alert

Another Friday after another busy week. Just as you're about to close out and log off for the day, you decide just in case to check the SOC alerts one more time.
Of course, there's a new Low Priority alert.
What the heck? you think. Shouldn't take long.
You click on the alert.

"The most dangerous phrase in #cybersecurity is, 'We've always done it this way.'" – Anonymous

According to #ChatGPT this is a famous #quote used in the #infosec community.

Do we agree on what this Anonymous person said? 🤔

#technology #business #infosecurity #quotes #tech

Dissent Doe :cupofcoffee:
1 day ago

Unsurprisingly, HHS-OIG replied, "Thank you for contacting HHS-OIG. We are not able to provide further
information regarding this case." to my inquiries about their role in the "disruption" of BreachForums.

I have written back that they should be able to explain their regulatory or statutory authority to engage in "disruption" activities, even if they do not want to discuss the specifics of the case at hand. We'll see if they answer substantively to that or not.

If that doesn't work, formal FOIA next step, I think.

Original post at

#cybersecurity #FBI #disruption #BreachForums #cybercrime #transparency

My late nite summary of the Cyber EO: “only buy cyber tools that aren’t also being used against us, from suppliers we can trust not to also back door us through the tools we buy.”

take this with plenty of salt, I was only half awake when I read it… #cybersecurity

Violet Blue
1 day ago

New #cybersecurity roundup:

-Newest Tesla hacked twice
-City of Oakland *already* facing ransomware identity theft lawsuits from city workers
-CISA releases Untitled Goose Tool
-Neurodiversity and National Security
-Sneak peek at #Covid roundup 😷


Joey deVilla 🪗
1 day ago

Hey, Tampa Bay cybersecurity practitioners and aspiring cybersecurity people: the “Bsides Tampa” security conference is happening this Saturday, and it’s *very* affordable! I’ll be there — come say hi!

#security #cyber #cybersecurity #conference #conferences #Tampa #TampaBay #BSides

Thomas Dang :verified:
1 day ago

I'm thrilled to share that I've been accepted into the NYU Tandon MS Cybersecurity program! Starting in the fall of 2023, I'll dive headfirst into cybersecurity and expand my knowledge in this ever-changing field.

As someone passionate about technology and cybersecurity, I'm excited to gain new skills and insights through this program. Staying on top of the latest tech and strategies is crucial to keeping our institutions secure and citizens safe.

I can't wait to see where this journey takes me and how I can use my newfound expertise to make a positive impact.

#technology #cybersecurity

1 day ago
Hippy Steve
1 day ago

Well that sounds... disturbing.

Ultrasound Attack Can Secretly Hijack Phones and Smart Speakers, Researchers Find


rodtrent :verified:
2 days ago

What's New at Microsoft Secure for Microsoft Defender Threat Intelligence

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity

2 days ago

Writeup by Chris Leech on Xiongmai DVRs devices exploitation (buffer overflow)

#iot #embedded #infosec #cybersecurity

Daniel W. Seiler
2 days ago

Beware of #MacStealer, a new info-stealing malware targeting Mac users! It steals iCloud KeyChain credentials, browser data, and crypto wallets, and is sold as Malware-as-a-Service for $100. Stay vigilant and avoid untrustworthy downloads.

Taggart: ~# :idle:
2 days ago

If you've ever been curious about immutable OSes like #NixOS or #Fedora Silverblue, you won't want to miss last Saturday's stream, where we examined 3 immutable OSes and their utility for security work.

#InfoSec #CyberSecurity

Nicky Veitch
2 days ago

Every bubble in the chart below is a data breach that put Australians at likely risk of “serious harm” #DataPrivacy #DataSecurity #CyberSecurity

Neil Brown
2 days ago

A US, more expensive, version of the Tuckers monetary penalty notice in the UK, about law firm #cybersecurity?

Attorney General James Secures $200,000 from Law Firm for Failing to Protect New Yorkers’ Personal Data | New York State Attorney General


#lawfedi #fedilaw

Graham Cluley
3 days ago

UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals.

Read more in my article on the Bitdefender blog:

#cybersecurity #ddos #denialofservice

"This site was created and controlled by the National Crime Agency"
Dissent Doe :cupofcoffee:
3 days ago

NEW: No need to hack when 682,000 medical records are leaking, Monday edition:

When, oh when, will covered entities learn to purge old data or at least secure it properly?

@carlypage @brett @allan @campuscodi

#HIPAA #databreach #dataprotection #HealthSec #infosec #cybersecurity #PHI #IncidentResponse #ResponsibleDisclosure

Bob Carver
3 days ago
Tae'lur Alexis :verified:
3 days ago

I published it! A detailed walkthrough of the updated OWASP Top 10 room where I explain how to solve each challenge as well as explain each vulnerability and how to prevent them in your next web application. Hope you enjoy this lengthy read 🙃
#cybersecurity #infosec

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #12/2023 is out!

It includes, but not only:

--Beloved hacking veteran Kelly @aloria Lum passes away at 41 😢
--Procter & Gamble confirms data theft via #GoAnywhere zero-day
--US Charges 20-Year-Old Head of Hacker Site #BreachForums
--UK creates fake #DDoS-for-hire sites to identify cybercriminals
--Exploit released for #Veeam bug allowing cleartext credential theft
--Five brutal hours for #TikTok: CEO raked over coals amid privacy, security concerns
--Cloud Security Podcast: EP113 Love it or Hate it, Network Security is Coming to the Cloud
--Nexus: a new Android botnet?
-- #Facebook accounts hijacked by new malicious ChatGPT Chrome extension
-- #McDonald's Korea fined 696 mln won for breach of customers' personal data
-- #LockBit ransomware gang now also claims City of Oakland breach
--Journalist opens USB letter bomb in newsroom
--Ferrari Says #Ransomware Attack Exposed Customer Data
-- #WomeninCyber: Stories Uncut, Uncensored and Unbelievable
-- #Adobe Acrobat Sign Abused to Distribute Malware
--Largest #Crypto ATM manufacturer hacked over security hitch- Over $1.5 bitcoin (BTC) Stolen

Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️

Anonymous :anarchism: 🏴
5 days ago

UK's National Crime Agency has revealed that it set up fake #DDoS-for-hire websites as a trap to catch cybercriminals.

#infosec #hacking #cybersecurity

5 days ago

Cool introduction on how to build a MacOS Mach-O in-memory loader

Restoring Dyld Memory Loading:

Building a Custom Mach-O Memory Loader:

#macos #apple #redteam #infosec #cybersecurity

6 days ago

CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections #cybersec #security #infosec #cybersecurity

Eva Wolfangel
6 days ago

Wieso bin ich trotz allem auf die Phishing-E-Mail hereingefallen? Was lösen diese Trainings und was nicht? Welche negativen Folgen haben sie, wenn man sie falsch angeht?

Und welche anderen Lösungen für mehr IT-Sicherheit werden vor lauter Awareness-Trainings übersehen? Darüber habe ich mit Sicherheitsforscher:innen, Hacker:innen und einer Arbeitspsychologin gesprochen - und nebenbei in einem Cybervorfall ermittelt:

#cybersecurity #Phishing

Eva Wolfangel
6 days ago

Ihr könntet jetzt natürlich spotten, dass ich mein Trauma, auf eine Phishing-E-Mail reingefallen zu sein, in einem Radiobeitrag verarbeite. Tatsächlich kam diese E-Mail aber mitten in der Recherche. Ich war also höchst "aware", wie die Branche der Awarenesstrainings sagt, und ich recherchiere seit Jahren über Cybersecurity.

Und trotzdem bin ich reingefallen. Glücklicherweise war es eine Test-Phishing-Email - was weitere Fragen und Probleme aufwirft:


#cybersecurity #socialengineering

Claudius Link
6 days ago

As I just found the #SECWEREWOLF #SecurityGame

Let me write some more about Security Games.

Why do I consider them so important?

#InfoSec / #Cybersecurity is a topic which is often experienced as
* obstructive (the department of NO),
* unrealistic (they want WHAT? I can't work that way)
* complex (yesterday you told me it's ok),
* boring (SO many details),
and attached to fear (everybody does some stuff they either don't know if it is compliant or are aware that it is noncompliant).

At the same time security can't impose security and security is everyone's job.

Game help to address these issues.

If something is prohibited in a game it's no problem. Either it's part of the game rule or you don't have to fear being noncompliant.

Games don't need to be realistic. Actually, being unrealistic at least on some dimensions is probably a core trait of a game.

As they don't need to be realistic you can reduce the complexity as needed.

A good game is fun and not boring :-).

And you don't need to fear the consequences. If I open attachment, execute everything, use my last name as password on all accounts, the whole infrastructure gets owned because of me,
I won't get fired.

The Conversation U.S.
6 days ago

#TikTok’s CEO got grilled in Congress today – where many would like to ban the Chinese-owned app entirely. Could they? A #cybersecurity researcher looks at that possibility and the #privacy risks


heise online
6 days ago

TikTok: Verfassungsschutz hat Bedenken, Chef bei US-Anhörung unter Druck

Der Druck auf die Kurzvideo-App TikTok steigt im Westen. In Washington geriet eine Befragung im US-Kongress für den TikTok-Chef zum Spießrutenlauf.

#Cybersecurity #Datenschutz #Jugendschutz #Security #SocialMedia #TikTok #news

TikTok-Symbol auf Smartphone
Aram Sinnreich
6 days ago

I spoke with @Forbes about #TikTok and the weird combination of moral panics, political posturing, and genuine #DataPrivacy and #cybersecurity concerns swirling around calls to ban the app.

Graham Cluley
6 days ago
Graham Cluley
1 week ago

In the latest @smashingsecurity podcast the irrepresible @ThomLangford joined me and Carole Theriault, as we discussed a possible aCropalypse for Google Pixel users, house buying scams, and just why TikTok is being singled out for attack by... well, everyone.

Find "Smashing Security" in your favourite podcast app such as Apple Podcasts or Spotify, or listen at

#cybersecurity #podcast #tiktok #android #vulnerability #scam

Smashing Security episode 314: Photo cropping bombshell, TikTok debates, and real estate scams.

With a relevant - if you listen to the podcast - picture of Elizabeth Hurley pouring a lovely cup of tea for naked international man of mystery Austin Powers.
Graham Cluley
1 week ago

Europe's transport sector terrorised by ransomware, data theft, and denial-of-service attacks.

Read more in my article on the Tripwire blog:

#cybersecurity #transport #malware #ransomware #databreach #datatheft #denialofservice #ddos

Ai-generated image of weird transport with a phasing wibbly section of ones and zeroes....