#cybersecurity
"La sicurezza del Made in Italy", dopo il successo a Torino, iscrizioni aperte per la tappa di Firenze
Dopo il positivo esordio de "La sicurezza del Made in Italy", la nuova iniziativa itinerante di Assosicurezza accolta con grande...
https://zpr.io/8iS7FPfUKFEY
#Assosicurezza #LasicurezzadelMadeinItaly #cybersecurity
ICYMI: Pwn2Own: Tesla Model 3 hacked, hackers win $250K and a Tesla Model 3 https://www.cybercareers.blog/2023/03/pwn2own-tesla-model-3-hacked-hackers-win-250k-and-a-tesla-model-3/?utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #cyber #infosec
This dumb password rule is from E-learning (Unipd).
Exactly 8 characters for password! There must be at least 1 lowercase
letter, at least 1 uppercase letter, at least 1 number and at least 1
*special* char ( \* , . $ # @ etc...).
https://dumbpasswordrules.com/sites/e-learning-unipd/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Srsly Risky Biz: Army. Navy. Air Force. Cyber Force? https://cyberfeed.io/article/6928207f9491eabae9b7ca5f736edf55 #cybersec #security #infosec #cybersecurity
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT https://cyberfeed.io/article/b2efb95afc48c239cd94dd38b2d928cd #cybersec #security #infosec #cybersecurity
This week's Seriously Risky Business:
- Air Force. Navy. Army. Cyber Force?
- Biden Spyware EO formalises Status Quo
- The UK's health sector cyber security strategy
Thanks to
https://twitter.com/mrjamessullivan for his thoughts
Read and subscribe here:
https://srslyriskybiz.substack.com/p/air-force-navy-army-cyber-force
One of the billion reasons why we can't have nice things in #cybersecurity:
- Correct password
- Correct SMS verification (not 2fa)
- Did not use "previously used device" nor "known WiFi"
Therefore: We can't sign you in. Awesome. Awesome to the max Google...
How Military Veterans Can Protect Themselves From Online Scams #GIBill #Veterans #JointServicesTranscript #VABenefits #VSO #Cybersecurity #Privacy #Phishing #SocialEngineering - https://youtu.be/V_BcT9qcABU
Excuses for not applying patches and updates…
EXCUSE 1: “Patches may break our production network, and we can’t afford the downtime.”
MY REPLY: If you can’t afford downtime, then you can’t afford not to have redundant systems and reversion procedures in place.
EXCUSE 2: “We can’t afford the staff it would take to do all the updates.”
MY REPLY: You are understaffed. And BTW, this is a great entry-level area for developing your in-house cybersecurity team. You need one experienced cybersecurity infrastructure/systems manager to run the patch and update team.
EXCUSE 3: “We ARE patching, but with our change management process and verification process, we’re always at least six months behind.”
MY REPLY: Your change management and verification processes are broken. Very. Badly. Broken.
EXCUSE 4: “We patch the critical systems, but not the other systems connected to the same network.”
MY REPLY: The cybercriminal needs any foothold in the network. Next comes lateral movement. If it’s connected, it needs to be protected.
EXCUSE 5: “Our cloud services providers are handling all the updates.”
MY REPLY: And you trust them? You’re not verifying this? And you haven’t spun up any VMs that you’re responsible for updating?
#CallMeIfYouNeedMe #fifonetworks
#cybersecurity #patches #updates #changemanagement #grc
📧 Supercharge your email campaigns with #MailingProxy! 🚀📨
Boost deliverability, security, and privacy for a seamless email marketing experience. Reach your audience like never before! 🎯
🔗 https://proxysocks5.com/product/mailing-proxy/
#proxysocks5 #internetprivacy #cybersecurity #emailmarketing #onlinefreedom #webanonymity #mailingproxy
Get started today! 💌🛒
Hackers compromise 3CX desktop app in a supply chain attack https://cyberfeed.io/article/0d19b3e9dc3fe180731fc383a2cbcd09 #cybersec #security #infosec #cybersecurity
#Cybersecurity #researchers have discovered a fundamental #security flaw in the design of the IEEE 802.11 #WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. https://tchlp.com/3lNTD74
oh, and https://www.twitch.tv/alh4zr3d and @mttaggart for the kind words of encouragement... both excellent #smallstreamers for learning Infrastructure, #cybersecurity, and #education
Restrict Act Can Ban So Much More Than Tiktok
As Broadly Worded As It Is: Could Threaten VPN's & Other Tech
#VPN #News #RestrictAct #restrictact #USA #civilliberties #FreeExpression #FreeSpeech #Constitution #Tiktok #Infosec #Cybersecurity #Journalism
https://www.vice.com/en/article/4a3ddb/restrict-act-insanely-broad-ban-tiktok-vpns
So people can say that the Wifi vulnerability don't touch #unify #ubiquity device
#security #cybersecurity #cyberdefence #wifi
Why De-privileging?
This post starts a series explaining why we at Microsoft Security Services for Incident Response recommend some of our favorite protections. Our first post in the series talks about identity hygiene.
Holy damn this is wild
“I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office365 accounts.
How did I do it? Well, it all started with a simple click in Azure… 👀
This is the story of #BingBang”
https://nitter.net/hillai/status/1641146508639600646#m
#Microsoft #Azure #Bing #OpenAI #InformationSecurity #Cyber #Cloud #InfoSec #CyberSecurity #ThreatIntel
Senate Bill to Ban TikTok https://cyberfeed.io/article/68b362250e92da5a2d2f1deb9162cb97 #tech #security #infosec #cybersecurity
📢 #Google’s Threat Analysis Group (TAG) has uncovered "highly-targeted" mobile spyware campaigns using #0day exploits to deploy spyware against iOS and Android devices.
Read: https://www.hackread.com/google-spyware-attack-android-ios-chrome/
Cybersecurity firms warn of 3CX desktop app supply chain attack https://cyberfeed.io/article/047ae29a2192f1e84c3ad7d3bb3a4582 #cybersec #security #infosec #cybersecurity
UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....
I have no words.
Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.
But even so, this is terrible.
Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.
And, yes, you will absolutely find a lot of exceptions to that. Well done.
But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.
It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.
But this is a significant problem. It really is.
If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.
For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.
I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.
Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.
That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.
Back to being a bluffer.
The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.
I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.
Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...
I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security
Carl B. Wade (@SimCyberDefense) talks about the misconceptions surrounding #cybersecurity , the growing integration of #iot devices, and the resulting increase in threat vectors.
Listen and Watch it here:
Anchor - http://ow.ly/JWva50Nvk6M
YouTube - http://ow.ly/xIRk50NvjU2
picoCTF writeup: Decompilation of a simple Android Package https://mobileappcircular.com/picoctf-writeup-decompilation-of-a-simple-android-package-57608b7c5929 #picoCTF #infosec #hacking #reverseengineering #android #java #cybersecurity #cyber
Pause Giant AI Experiments: An Open Letter https://cyberfeed.io/article/49e38043bdbdb6e2b386bc067f5180b3 #tech #security #infosec #cybersecurity
#CyberSecurity #Spyware #Android #UAE: "In November 2022, Google revealed the existence of a then-unknown spyware vendor called Variston. Now, Google researchers say they have seen hackers use Variston’s tools in the United Arab Emirates.
In a report published on Wednesday, Google’s Threat Analysis Group (TAG) said it discovered hackers targeting people in the UAE who used Samsung’s native Android browser, which is a customized version of Chromium. The hackers used a set of vulnerabilities chained together and delivered via one-time web links sent to the targets by text message. Of the four vulnerabilities in the chain, two were zero-days at the time of the attack, meaning they had not been reported to the software maker and were unknown at that point, according to the new blog post by TAG."
https://techcrunch.com/2023/03/29/hackers-variston-spyware-uae-google/
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App https://cyberfeed.io/article/acbf6fb9767d5573150d41b436ee32c8 #cybersec #security #infosec #cybersecurity
ChatGPT and LLMs: what's the risk?
This is a good and high-level assessment of what #ChatGPT (and #LLMs more broadly) is and isn’t good for from the UK’s National Cyber Security Centre. Recommended if you want something short to cut through the hype that is pervading too many #cybersecurity conversations these days. https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk
@bleuenzian Ein 8stelliges Passwort dauert 39min zu hacken, ein 12stelliges 3000 Jahre, hab ich iwo gelesen 🔒
#itsicherheit #cybersecurity
500K Subscriber Celebration! https://cyberfeed.io/article/4fc3f32a75a00868ff8c5ad415c12edd #cybersec #security #infosec #cybersecurity
🎉 This Tuesday, April 4th 2023 🎉
I’ll be speaking at the upcoming SANS #NeurodiversitySummit! The agenda is loaded with content developed by and for ND cybersecurity professionals, but will also be valuable to anyone who manages, reports to, works with, or just wants to support ND colleagues and friends.
Whether you can attend virtually or in-person during the SANS 2023 Orlando event, I really hope you can make it!
Register for Free: https://sans.org/u/1ozF
-------------------HASHTAGS BELOW-------------------
#sansinstitute #neurodivergent #cyber #cybersecurity #neurodivergence #freeconference #freesummit #CyberSummit #cyberconference #NeurodiversitySummit #conference #summit #cybersec
Beware of 🦠 Trojanized TOR installers targeting Russia & Eastern Europe with clipper #malware designed to steal cryptocurrencies.
https://thehackernews.com/2023/03/trojanized-tor-browser-installers.html
#Microsoft unveils Security Copilot in preview! Powered by #OpenAI's GPT-4, it offers end-to-end defense 🔒 at machine speed and scale.
https://thehackernews.com/2023/03/microsoft-introduces-gpt-4-ai-powered.html
New Chinese-linked #malware, Mélofée, threatens #Linux servers!
Uncovered by ExaTrack, it enables remote control over servers and hides itself using kernel-mode rootkits.
https://thehackernews.com/2023/03/melofee-researchers-uncover-new-linux.html
#Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on #Android & iOS devices last year.
https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html
These highly targeted campaigns put dissidents, journalists, & human rights workers at risk.
Steam will drop support for Windows 7 and 8 in January 2024 https://cyberfeed.io/article/41d98135b75ff251407be342c8e9888d #cybersec #security #infosec #cybersecurity
Once you have the MDTI Connector and Solution working, this will show the TI only from the MDTI connector https://rodtrent.com/w2w
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #MicrosoftDefender #MDTI #MustLearnKQL #KQL
macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs https://cyberfeed.io/article/1c88049c587547bcdee5589aed07b071 #cybersec #security #infosec #cybersecurity
SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool https://cyberfeed.io/article/3a338033155f63afd11ba617a37324ac #cybersec #security #infosec #cybersecurity
🔮 Cybersecurity Threats for 2030
If "prevention is better than cure", then what are the top #cybersecurity threats to emerge by 2030 and the probable actors, methods and impact.
The full #ENISA Foresight report is now available: https://europa.eu/!WPxQN6
🐦🔗: https://n.respublicae.eu/enisa_eu/status/1641047555772661760
"@Splunk releases #security & #observability platform to help build secure #digital #enterprise"
https://www.itopstimes.com/monitoring/splunk-releases-security-and-observability-platform-to-help-build-secure-digital-enterprises/ via @ITOpsTimes
Interesting to see $SPLK conflate #cybersecurity w/ #DevOps tech in one PR.
#DevSecOps anyone? Can they (finally) break Conway's Law?
Hrrm
Having trouble getting MDTI Solution working? Here's a step-by-step process of how to install the solution and then enable the MDTI data connector https://rodtrent.com/ffp
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
If you recall this incident, it's not that it wasn't expected. It's that the #ChatGPT hype has been more robust than the security around it. #cybersecurity #opensource
The breach was "caused by a bug in an open source library."
#OpenAI has confirmed a ChatGPT data breach https://www.securityweek.com/chatgpt-data-breach-confirmed-as-security-firm-warns-of-vulnerable-component-exploitation/ @SecurityWeek @ekovacs
#QNAP warns customers to patch #Linux Sudo flaw in NAS devices #cybersecurity https://www.bleepingcomputer.com/news/security/qnap-warns-customers-to-patch-linux-sudo-flaw-in-nas-devices/ @BleepingComputer @serghei
Tja, voor #cybersecurity moet je niet bij de @EU_Commission zijn (toch? @bert_hubert )
What's New: MDTI Microsoft Sentinel Playbooks https://rodtrent.com/7oz
#MicrosoftSentinel #MicrosoftDefender #Cybersecurity #MicrosoftSecurity #Security
Multi-cloud Cyberattack Response | How Microsoft's SIEM & XDR work together https://rodtrent.com/sdu
#MicrosoftSentinel #MicrosoftDefender #Cybersecurity #MicrosoftSecurity #Security
Get Ahead of Cyberattacks with Microsoft Defender Threat Intelligence https://rodtrent.com/v3u
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
What's New: Intel Profiles Deliver Crucial Information, Context About Threats https://rodtrent.com/m2c
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
Power BI Activity Workbook for Microsoft Sentinel https://rodtrent.com/my2
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #PowerBI
Microsoft Sentinel — Azure OpenAI Incident Response Playbook https://rodtrent.com/721
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #OpenAI #AI
This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet
Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
https://open.spotify.com/episode/2r62rHzaDjlsKHEEM95sqc?si=8ab5c1bf60894f3a
Okay #BlueTeam, here's your weekly tip: never forget to check global prevalence!
Once you find something weird on one endpoint, or from one source, widen your lens to see how common it is across your entire environment. What may seem odd when zoomed in may become part of your baseline with wider perspective.
Or it doesn't, in which case you have further evidence that you found a live one.
Malicious links still on EU Commission website as hackers change tactics https://www.euractiv.com/section/cybersecurity/news/malicious-links-still-on-eu-commission-website-as-hackers-change-tactics/?utm_source=dlvr.it&utm_medium=mastodon #CyberAttack #cyberdiplomacy #cybersecurity #CybersecurityEU
We should move beyond a combat-oriented mindset and language. Here's why and how: https://zeltser.com/shift-your-mindset-from-conflict-to-collaboration-to-succeed-in-security/
Stream Google Cloud Platform logs into Microsoft Sentinel https://rodtrent.com/5sx
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
Neuer NSA-Leitfaden für sichere Heimnetzwerke zusammengefasst von
ikarussecurity
https://www.ikarussecurity.com/security-news/nsa-leitfaden-fuer-ein-sicheres-heim-netzwerk/
Microsoft Sentinel Pricing and Monitoring https://rodtrent.com/4ca
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
📬 The third opus of my series on "A Jump into a Cybersecurity Career" hit your mailbox earlier today!
#cybersecurity #infosec #jobs #career #mentoring
Rest assured, you can also check it below 👇
https://0x58.substack.com/p/a-jump-into-a-cybersecurity-career-d80
The Cybersecurity 202: Inside North Korean hackers’ unusual money laundering technique
Via @timstarks @ddimolfetta
#CyberCivilDefense #cybersecurity
https://www.washingtonpost.com/politics/2023/03/29/inside-north-korean-hackers-unusual-money-laundering-technique/
Azure OpenAI Sentinel Use Cases - Incident Enrichment with AI-generated KQL queries https://rodtrent.com/x30
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
«Crooks Spread Rogue #ChatGPT Chrome Extension to Hijack #Facebook Accounts» #FacebookHacking #RogueExtensions #Cybersecurity
We at Red Queen Dynamics have an opening for a #Django/#Python web application #developer (full time, contract, 100% #remote/flexible, emphasis on front end and SaaS applications). https://rqdn.io/web-application-developer. Reports directly to me, and you get to work with a great and fun team! Either respond to the JD as requested in the URL or email me at tarah@rqdn.io with the 18th and 34th post-decimal digits of #pi as the first two characters in the subject line and I'll review your resume/#Github first 😉
#DPRK hackers posing as NY Times and VOA journalists. https://www.bloomberg.com/news/articles/2023-03-28/north-korean-hackers-posed-as-ny-times-voice-of-america-staff #cybersecurity #Korea #nuclear
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector.
#Ciberdelincuencia contra la #Mujer
Créditos: asianlaws.org
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #bugbounty #bugbountytips
#vtc #volgatc #volgatechconsulting
There is a flaw in Wifi protocol, some hardware are vulnerable, disable power save feature on AP (if you can) and use WPA3 (if you can) to reduce the possibility of being taken.
#security #cybersecurity #cyberdefence #wifi #wpa3 #powersave
Get Ahead of Attacks | Microsoft Defender Threat Intelligence https://rodtrent.com/om8
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
Finally getting a chance to test my hypothesis that Twine makes an amazing TTX platform.
"The most dangerous phrase in #cybersecurity is, 'We've always done it this way.'" – Anonymous
According to #ChatGPT this is a famous #quote used in the #infosec community.
Do we agree on what this Anonymous person said? 🤔
Unsurprisingly, HHS-OIG replied, "Thank you for contacting HHS-OIG. We are not able to provide further
information regarding this case." to my inquiries about their role in the "disruption" of BreachForums.
I have written back that they should be able to explain their regulatory or statutory authority to engage in "disruption" activities, even if they do not want to discuss the specifics of the case at hand. We'll see if they answer substantively to that or not.
If that doesn't work, formal FOIA next step, I think.
Original post at https://www.databreaches.net/the-breachforums-case-the-hhs-oig-did-what-why/
#cybersecurity #FBI #disruption #BreachForums #cybercrime #transparency
My late nite summary of the Cyber EO: “only buy cyber tools that aren’t also being used against us, from suppliers we can trust not to also back door us through the tools we buy.”
take this with plenty of salt, I was only half awake when I read it… #cybersecurity
New #cybersecurity roundup:
-Newest Tesla hacked twice
-City of Oakland *already* facing ransomware identity theft lawsuits from city workers
-CISA releases Untitled Goose Tool
-Neurodiversity and National Security
-Sneak peek at #Covid roundup 😷
More: https://www.patreon.com/posts/cybersecurity-28-80653386
Interesting way to hide payloads in plain site!
#cybersecurity #payload #cloud
https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud/
Hey, Tampa Bay cybersecurity practitioners and aspiring cybersecurity people: the “Bsides Tampa” security conference is happening this Saturday, and it’s *very* affordable! I’ll be there — come say hi!
#security #cyber #cybersecurity #conference #conferences #Tampa #TampaBay #BSides
https://www.globalnerdy.com/2023/02/16/bsides-tampa-it-security-conference-saturday-april-1/
I'm thrilled to share that I've been accepted into the NYU Tandon MS Cybersecurity program! Starting in the fall of 2023, I'll dive headfirst into cybersecurity and expand my knowledge in this ever-changing field.
As someone passionate about technology and cybersecurity, I'm excited to gain new skills and insights through this program. Staying on top of the latest tech and strategies is crucial to keeping our institutions secure and citizens safe.
I can't wait to see where this journey takes me and how I can use my newfound expertise to make a positive impact.
Microsoft Puts ChatGPT to Work on Automating Cybersecurity https://cyberfeed.io/article/682c290adafd74b13eaf9f2c68a24ec8 #cybersec #security #infosec #cybersecurity
Well that sounds... disturbing.
Ultrasound Attack Can Secretly Hijack Phones and Smart Speakers, Researchers Find
https://gizmodo.com/ultrasound-attack-hacks-phones-siri-alexa-usenix-1850273055
What's New at Microsoft Secure for Microsoft Defender Threat Intelligence https://rodtrent.com/xxb
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity
Hacking Websites Built With ChatGPT
https://www.youtube.com/watch?v=S6_AkuPgLjw
#cybersecurity #infosec #hacking
Security Vulnerabilities in Snipping Tools
Both Google’s Pixel’s Markup Tool and the <a href="https://www.bleepingcomputer.com/news/microsoft/windows-11-s... https://www.schneier.com/blog/archives/2023/03/security-vulnerabilities-in-snipping-tools.html
Writeup by Chris Leech on Xiongmai DVRs devices exploitation (buffer overflow)
https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/
Beware of #MacStealer, a new info-stealing malware targeting Mac users! It steals iCloud KeyChain credentials, browser data, and crypto wallets, and is sold as Malware-as-a-Service for $100. Stay vigilant and avoid untrustworthy downloads.
#Cybersecurity https://www.bleepingcomputer.com/news/security/new-macstealer-macos-malware-steals-passwords-from-icloud-keychain/
If you've ever been curious about immutable OSes like #NixOS or #Fedora Silverblue, you won't want to miss last Saturday's stream, where we examined 3 immutable OSes and their utility for security work.
https://www.youtube.com/watch?v=hDJ0OsxWLb8
Every bubble in the chart below is a data breach that put Australians at likely risk of “serious harm” #DataPrivacy #DataSecurity #CyberSecurity
https://www.abc.net.au/news/2023-03-28/detailed-portrait-data-breaches-oaic-disclosures/102131586
A US, more expensive, version of the Tuckers monetary penalty notice in the UK, about law firm #cybersecurity?
Attorney General James Secures $200,000 from Law Firm for Failing to Protect New Yorkers’ Personal Data | New York State Attorney General
https://ag.ny.gov/press-release/2023/attorney-general-james-secures-200000-law-firm-failing-protect-new-yorkers
Tuckers: https://ico.org.uk/action-weve-taken/enforcement/tuckers-solicitors-llp-mpn/
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals.
Read more in my article on the Bitdefender blog:
NEW: No need to hack when 682,000 medical records are leaking, Monday edition:
https://www.databreaches.net/no-need-to-hack-when-682000-medical-records-are-leaking-monday-edition/
When, oh when, will covered entities learn to purge old data or at least secure it properly?
@carlypage @brett @allan @campuscodi
#HIPAA #databreach #dataprotection #HealthSec #infosec #cybersecurity #PHI #IncidentResponse #ResponsibleDisclosure
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident https://thehackernews.com/2023/03/openai-reveals-redis-bug-behind-chatgpt.html #cybersecurity #ChatGPT #Redis #opensource #vulnerability #exposed
I published it! A detailed walkthrough of the updated OWASP Top 10 room where I explain how to solve each challenge as well as explain each vulnerability and how to prevent them in your next web application. Hope you enjoy this lengthy read 🙃
#cybersecurity #infosec
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #12/2023 is out!
It includes, but not only:
--Beloved hacking veteran Kelly @aloria Lum passes away at 41 😢
--Procter & Gamble confirms data theft via #GoAnywhere zero-day
--US Charges 20-Year-Old Head of Hacker Site #BreachForums
--UK creates fake #DDoS-for-hire sites to identify cybercriminals
--Exploit released for #Veeam bug allowing cleartext credential theft
--Five brutal hours for #TikTok: CEO raked over coals amid privacy, security concerns
-- #PWN2OWN VANCOUVER 2023
--Cloud Security Podcast: EP113 Love it or Hate it, Network Security is Coming to the Cloud
--Nexus: a new Android botnet?
-- #Facebook accounts hijacked by new malicious ChatGPT Chrome extension
-- #McDonald's Korea fined 696 mln won for breach of customers' personal data
-- #LockBit ransomware gang now also claims City of Oakland breach
--Journalist opens USB letter bomb in newsroom
--Ferrari Says #Ransomware Attack Exposed Customer Data
-- #WomeninCyber: Stories Uncut, Uncensored and Unbelievable
-- #Adobe Acrobat Sign Abused to Distribute Malware
--Largest #Crypto ATM manufacturer hacked over security hitch- Over $1.5 bitcoin (BTC) Stolen
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️
#15yrsago New US #CyberSecurity Czar has no cyber-security experience https://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031903125.html
#15yrsago How #CBC torrented a TV show https://www.last100.com/2008/03/26/inside-story-the-making-of-a-legal-tv-torrent/
#15yrsago #Mugabe opponents forced to eat campaign posters https://www.theguardian.com/world/2008/mar/26/zimbabwe1
#10yrsago Why architects should stop drawing trees on top of skyscrapers https://www.archdaily.com/346374/can-we-please-stop-drawing-trees-on-top-of-skyscrapers
#10yrsago Your WiFi-enabled camera might be spying on you https://www.helpnetsecurity.com/2013/03/25/digital-cameras-easily-turned-into-spying-devices-researchers-prove/
5/
UK's National Crime Agency has revealed that it set up fake #DDoS-for-hire websites as a trap to catch cybercriminals.
https://thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html
Cool introduction on how to build a MacOS Mach-O in-memory loader
Restoring Dyld Memory Loading: https://blog.xpnsec.com/restoring-dyld-memory-loading/
Building a Custom Mach-O Memory Loader: https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/
Some #ChatGPT Plus users may have had partial payment info leaked this week
Malware 'vaccine' generator licensed for #cybersecurity platform https://techxplore.com/news/2023-03-malware-vaccine-generator-cybersecurity-platform.html
CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections https://cyberfeed.io/article/ade057f39971832dbcd679e314b7e509 #cybersec #security #infosec #cybersecurity
Wieso bin ich trotz allem auf die Phishing-E-Mail hereingefallen? Was lösen diese Trainings und was nicht? Welche negativen Folgen haben sie, wenn man sie falsch angeht?
Und welche anderen Lösungen für mehr IT-Sicherheit werden vor lauter Awareness-Trainings übersehen? Darüber habe ich mit Sicherheitsforscher:innen, Hacker:innen und einer Arbeitspsychologin gesprochen - und nebenbei in einem Cybervorfall ermittelt:
Ihr könntet jetzt natürlich spotten, dass ich mein Trauma, auf eine Phishing-E-Mail reingefallen zu sein, in einem Radiobeitrag verarbeite. Tatsächlich kam diese E-Mail aber mitten in der Recherche. Ich war also höchst "aware", wie die Branche der Awarenesstrainings sagt, und ich recherchiere seit Jahren über Cybersecurity.
Und trotzdem bin ich reingefallen. Glücklicherweise war es eine Test-Phishing-Email - was weitere Fragen und Probleme aufwirft:
(1/3)
As I just found the #SECWEREWOLF #SecurityGame
https://infosec.exchange/@realn2s/110071853623448036
Let me write some more about Security Games.
First:
Why do I consider them so important?
#InfoSec / #Cybersecurity is a topic which is often experienced as
* obstructive (the department of NO),
* unrealistic (they want WHAT? I can't work that way)
* complex (yesterday you told me it's ok),
* boring (SO many details),
and attached to fear (everybody does some stuff they either don't know if it is compliant or are aware that it is noncompliant).
At the same time security can't impose security and security is everyone's job.
Game help to address these issues.
If something is prohibited in a game it's no problem. Either it's part of the game rule or you don't have to fear being noncompliant.
Games don't need to be realistic. Actually, being unrealistic at least on some dimensions is probably a core trait of a game.
As they don't need to be realistic you can reduce the complexity as needed.
A good game is fun and not boring :-).
And you don't need to fear the consequences. If I open attachment, execute everything, use my last name as password on all accounts, the whole infrastructure gets owned because of me,
I won't get fired.
#TikTok’s CEO got grilled in Congress today – where many would like to ban the Chinese-owned app entirely. Could they? A #cybersecurity researcher looks at that possibility and the #privacy risks
TikTok: Verfassungsschutz hat Bedenken, Chef bei US-Anhörung unter Druck
Der Druck auf die Kurzvideo-App TikTok steigt im Westen. In Washington geriet eine Befragung im US-Kongress für den TikTok-Chef zum Spießrutenlauf.
#Cybersecurity #Datenschutz #Jugendschutz #Security #SocialMedia #TikTok #news
I spoke with @Forbes about #TikTok and the weird combination of moral panics, political posturing, and genuine #DataPrivacy and #cybersecurity concerns swirling around calls to ban the app. https://www.forbes.com/sites/petersuciu/2023/03/23/tiktok-ban-isnt-targeting-youth-culture--but-it-kinda-is/?sh=488ecc582f21
Danger USB! Journalists sent exploding flash drives.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/danger-usb-journalists-sent-exploding-flash-drives/
#ecuador #cybersecurity #usbdrive #flashdrive #police #journalism #usbstick
In the latest @smashingsecurity podcast the irrepresible @ThomLangford joined me and Carole Theriault, as we discussed a possible aCropalypse for Google Pixel users, house buying scams, and just why TikTok is being singled out for attack by... well, everyone.
Find "Smashing Security" in your favourite podcast app such as Apple Podcasts or Spotify, or listen at
https://www.smashingsecurity.com/314
#cybersecurity #podcast #tiktok #android #vulnerability #scam
Europe's transport sector terrorised by ransomware, data theft, and denial-of-service attacks.
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/europes-transport-sector-terrorised-ransomware-data-theft-and-denial-service
#cybersecurity #transport #malware #ransomware #databreach #datatheft #denialofservice #ddos
