Masthash

#infosec

ISSA KHARI
22 minutes ago

It’s been a while… 🥷🏾
bio.site/issakhari

#pentesting #infosec

Black and White photo of a work desk with Tv displaying a logo shaped like a dragon.
Rob Thomas
26 minutes ago

(Please boost for visibility)

Today has not been a fun day for people using 3CX. Basically, anyone who has been using the desktop client on Windows (and potentially Mac) has has their machine hacked. Not JUST hacked, but quite probably all your stored login credentials have been stolen. This is about as bad as it gets.

Basically, if you have 3CX installed on your PC, consider EVERY PASSWORD and EVERY SINGLE THING you're logged into as compromised.

https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/amp/

#infosec #voip #3cx

InfoSecSherpa
1 hour ago

Just a shout out of love to our #Trans #InfoSec fam. You are appreciated. You belong. You inspire. Thank you. 🏳️‍⚧️

Dumb Password Rules
1 hour ago

This dumb password rule is from E-learning (Unipd).

Exactly 8 characters for password! There must be at least 1 lowercase
letter, at least 1 uppercase letter, at least 1 number and at least 1
*special* char ( \* , . $ # @ etc...).

https://dumbpasswordrules.com/sites/e-learning-unipd/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@arstechnica What if #GitHub can't comply since the #Twitter - #Leaker practised good #OpSec, #InfoSec, #ComSec & #ITsec?

Markus Peuhkuri
2 hours ago

This seems to be quite interesting #MicrosoftTeams #infosec bug: access to wrong set of files is resolved by clearing desktop client cache. Of course, as cloud services do not get assigned CVEs or other form of public disclosure it is not known if there was also an access vieolation too.
https://learn.microsoft.com/en-us/answers/questions/1193634/microsoft-teams-is-displaying-incorrect-file-data

cyberfeed
2 hours ago
RDP Snitch
4 hours ago

2023-03-29 RDP #Honeypot IOCs - 807 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.173.204.143 - 446
43.156.9.187 - 113
103.104.84.129 - 68

Top ASNs:
AS146940 - 446
AS132203 - 113
AS133933 - 68

Top Accounts:
hello - 757
Administr - 20
Domain - 19

Top ISPs:
Natsav - 446
Shenzhen Tencent Computer Systems Company Limited - 113
NetSat Private Limited - 68

Top Clients:
Unknown - 807

Top Software:
Unknown - 807

Top Keyboards:
Unknown - 807

Top IP Classification:
Unknown - 639
hosting - 163
proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/rPE0Y6WN

#CyberSec #SOC #Blueteam #SecOps #Security

cyberfeed
4 hours ago

CrowdStrike and SentinelOne are reporting that a version of the 3CX softphone app has been bundled with malware in a supply chain attack, similar to what happened with Solarwinds. CrowdStrike intelligence has attributed this activity to a North Korean APT group they track as LABYRINTH CHOLLIMA. The response from 3CX is arrogant as hell!

#InfoSec #3CX #SupplyChainAttack #CrowdStrike #SentinelOne #NorthKorea #DPRK #APT #LABYRINTHCHOLLIMA

A response from JohnS_3CX on the 3CX support forum that reads

While that would sound ideal, there's hundreds if not thousands of AV solutions out there and we can't always reach out to them whenever an event occurs. We use the Electron framework for our app, perhaps they are blocking some if its functionality?

As you probably understand, we have no control over their software and the decisions it makes so it's not exactly our place to comment on it. I think in this case at least, it makes more sense if the SentinelOne customers contact their security software provider and see why this happens. Feel free to post your findings here if you get a reply.
Zate 🦘🇦🇺
5 hours ago

Damn #wellsfargo The process I just went through to get some information from 2017 and 2019 that I need was super bonkers. I can't get that info in the "secure" portal, so I had to go on the phone to request it. No problem, was simpler to find and the person was great.

What was not great is that instead of sticking it in the secure portal for me, or emailing it to the email address I have used for 14 years with you all, I was able to give an international address to the person and they will mail it to me. This was after seeing if a fax was ok

What year is it? My advice is this:

Allow your people to make those documents securely available in your portal.
Allow your people to email a link, and separately a code, to access those documents through a secure service.
Allow those docs to be encrypted in a zip and sent.

It's 2023, I should not have to wait for a physical version of old documents, which are already in a digital format, just because you can't work out how to securely provide digital copies of things to people.

*He says, already signed up to e-statements only.

#banking #infosec

signalblur 📡🛸:verified:
5 hours ago

Holy damn this is wild

“I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office365 accounts.

How did I do it? Well, it all started with a simple click in Azure… 👀

This is the story of #BingBang

https://nitter.net/hillai/status/1641146508639600646#m

#Microsoft #Azure #Bing #OpenAI #InformationSecurity #Cyber #Cloud #InfoSec #CyberSecurity #ThreatIntel

Super Troopers Wow GIF
cyberfeed
5 hours ago

Cybersecurity firms warn of 3CX desktop app supply chain attack https://cyberfeed.io/article/047ae29a2192f1e84c3ad7d3bb3a4582 #cybersec #security #infosec #cybersecurity

Taz Wake
6 hours ago

UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....

I have no words.

Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.

But even so, this is terrible.

Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.

And, yes, you will absolutely find a lot of exceptions to that. Well done.

But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.

It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.

But this is a significant problem. It really is.

If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.

For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.

I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.

Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.

That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.

Back to being a bluffer.

The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.

I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.

Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...

I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security

Job advert for Head of Cyber Security at HM Treasury, offering a salary of £50,500 - £57,500 per year.

@quinnanya

*phone buzzes*
SMS: Your one-time security code is 1234. It is only for logging in this time. No one will ask you for this.

Bank rep on phone: I just sent you a code, can you please read it back to me so I can confirm your identity?

#infosec #2fa

#infosec

Phishing emails were up by 569% in 2022 👀👇🏾

5 specific trends:

The number of credential phishing emails sent spiked by 478%;
Emotet and QakBot are the top malware families observed;
For the eighth consecutive year, business email compromise (BEC) ranked as the top cybercrime;
Web3 use jumped by 341%;
And there was an 800% increase in the use of Telegram bots for exfiltration.

Report by Cofense 👇🏾

https://cofense.com/blog/phishing-emails-increased-in-2022-according-to-annual-report-from-cofense/

The top 5 trends in the email security landscape for 2022 include
• Credential phishing is the top attack vector with a 478% increase in malicious emails identified
• Emotet & QakBot remain the top malware families
• Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row
• Web3 technologies used in phishing campaigns increased by 341%
• Telegram bots as exfiltration destinations increased by 800%
Research Network Digi-Oek.ch
7 hours ago

[de] E-Voting CH: Prof. A. Appel: "Von Hand" ist einzig sichere Methode

"Der aktuelle Stand der IT-Security-Wissenschaften lässt uns ... auf absehbare Zeit zum Schluss kommen, dass bei Wahlen Papierstimmzettel, die von Hand ausgefüllt ... nachgezählt ..., die einzig sichere Methode sind ..."

"... Eine Schwachstelle, die es Hackern ermöglicht, Schadsoftware auf Tausenden von Geräten von Wählern zu installieren."

https://www.inside-it.ch/e-voting-reihe-wie-sicher-ist-sicher-genug-20230328

#onlinevoting #evoting #ictsecurity #infosec #security

Pseudo Nym
7 hours ago

Qualys have a product called CyberSecurity Asset Management, and they are going with the unfortunate acronym "CSAM".

As my fellow CyberSecurity folks may well know, this is not an acronym you want your company associated with.

I really wonder about the marketing department not doing due diligence, or worse, not caring.

#infosec #qualys

Eodyne
7 hours ago

Really wild that my #pihole blocks 20% of DNS requests going out of my network.
Granted I start with overblocking and then whitelisting as I discover things that need to be.
But still 1/5th if all requests? And I haven't run into any major hiccups in usability at all.
#infosec

d0pp3l6ang3r :verified: :donor:
7 hours ago

This looks like pwned certificate >>build/upgrade system compromise>> signed binary release.

#3cx #sectoot #infosec #supplychainattack

Credit to abvcti_brs for this VT graph
https://www.virustotal.com/graph/g84bdefba1cf143d9afd708c8ef30a5fb7e4daff007584671a5db0d7879b570dd

cyberfeed
7 hours ago

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App https://cyberfeed.io/article/acbf6fb9767d5573150d41b436ee32c8 #cybersec #security #infosec #cybersecurity

Quinn Dombrowski
7 hours ago

*phone buzzes*

SMS: Your one-time security code is 1234. It is only for logging in this time. No one will ask you for this.

*phone buzzes*

Husband on messenger app: What's the passcode?

#InfoSec #2FA

Heretyc
7 hours ago

Exciting time to be in #infosec - #AI and #DLNN tech is ripe for #exploit and while I am enjoying the world realizing collectively what people in #deeplearning have known for years. It will be bumpy ride while we develop policies and #governance as a framework around all this. Bumpy, but fun. https://www.reuters.com/technology/musk-experts-urge-pause-training-ai-systems-that-can-outperform-gpt-4-2023-03-29/

Research Network Digi-Oek.ch
7 hours ago

[en] Online voting provider paid for academic research in attempt to sway U.S. lawmakers

According to Cyberscoop, "Democracy Live [a voting technology company] directed academic research aimed at demonstrating its product's security and used that material in lobbying campaigns."

https://cyberscoop.com/democracy-live-research-online-voting/

#onlinevoting #evoting #ictsecurity #infosec #security #democracylive

Anonymous :anarchism: 🏴
8 hours ago

#Microsoft unveils Security Copilot in preview! Powered by #OpenAI's GPT-4, it offers end-to-end defense 🔒 at machine speed and scale.

https://thehackernews.com/2023/03/microsoft-introduces-gpt-4-ai-powered.html

#Microsoft #SecurityCopilot #InfoSec #GPT4 #Cybersecurity

Anonymous :anarchism: 🏴
8 hours ago

New Chinese-linked #malware, Mélofée, threatens #Linux servers!

Uncovered by ExaTrack, it enables remote control over servers and hides itself using kernel-mode rootkits.

https://thehackernews.com/2023/03/melofee-researchers-uncover-new-linux.html

#infosec #cybersecurity #informationsecurity

Anonymous :anarchism: 🏴
8 hours ago

#Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on #Android & iOS devices last year.

https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html

These highly targeted campaigns put dissidents, journalists, & human rights workers at risk.

#infosec #cybersecurity

cyberfeed
9 hours ago
Kim Crawley :verified:
9 hours ago

Today's episode of @hackerverse features @craigellrod and yours truly speaking with Dr. Lisa McKee.

She's a privacy expert with strong opinions about compliance and regulations!

#privacy #infosec
https://www.youtube.com/live/naUUWTxRlF4?feature=share

cyberfeed
9 hours ago

macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs https://cyberfeed.io/article/1c88049c587547bcdee5589aed07b071 #cybersec #security #infosec #cybersecurity

cyberfeed
9 hours ago

SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool https://cyberfeed.io/article/3a338033155f63afd11ba617a37324ac #cybersec #security #infosec #cybersecurity

Eddie.
9 hours ago

The problem could be me. I don't run to authority when people behave shitty, because I've learned authority won't punish them. That's been the status quo for 40+ ears, from grade school bullies to the people who stole my car.

Besides, #infosec lauds the misbehavers. Very common pattern.

Best most of us can do is keep our orgs safe, steer our own away from the charlatans, and keep taking it on the chin like we always do.

Happy Wednesday.

Astra Kernel :verified:
9 hours ago

🪲 VSCode hack shows how supply chain attacks can extend to other software development tools

👉 Extensions are developed in Node.js
👉 Malicious npm packages to extensions
👉 Infected extensions & Auto update

https://www.reversinglabs.com/blog/vs-code-ide-hack-how-supply-chain-attacks-can-proliferate-between-developer-ecosystems

#vscode #infosec #programming #nodejs #npm

demï7en 🎗
9 hours ago

All geeks who cherish or at least somewhat care about humanity and the supposely inalienable rights we humans deserve ought to read his story...

「For 12 years, Program Think, an anonymous Chinese blogger, mounted an open challenge to China’s tightening authoritarian grip and expanding surveillance state.

The freewheeling blog offered a mixture of technical cybersecurity advice and scathing political commentary – including tips on how to safely circumvent China’s Great Firewall of internet censorship, develop critical thinking and resist the increasingly totalitarian rule of the Chinese Communist Party.
...

Then, in May 2021, Program Think suddenly went silent. 」

「“Since June 2009, (Ruan) has used his computer to write more than a hundred seditious articles that spread rumors and slander, attack and smear the country’s current political system, incite subversion of state power, and intent to overthrow the socialist system,” the court verdict said.

It added that the articles, published on overseas platforms, attracted “a large number of internet users to read, comment and share, causing pernicious consequences.” 」

「Ruan never cared much about money or material comfort. Instead, he longed for what he called the “open source spirit” – freedom, openness, sharing and cooperation, Bei said.

“He thinks one must pursue spiritual values in life. For him, it is technology – that’s what he finds valuable. But only recently did I discover that his (quest) for freedom had also morphed into a (longing for) political freedom,” she said. 」

https://edition.cnn.com/2023/03/29/china/china-blogger-sentenced-program-think-intl-mic-hnk/index.html

#RuanXiaohuan #opensource #infosec #ethics #freedomfighter #dissident #CCP #PRC #china #dictatorship #authoritarianism #panopticon

Chad Loder
9 hours ago

Security cameras with encrypted cloud storage that is inaccessible to law enforcement and/or cloud service providers? #infosec #surveillance

[edit: cloud is preferred because burglary of local storage is a risk]

Panther Modern
10 hours ago

Yo, #threatintelligence peeps, be aware of an active campaign by LABYRINTH CHOLLIMA targeting 3CX PBX customers

EDIT:
#3CX is definitely popped.

https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

#infosec

lorddimwit
11 hours ago

You used a Redbox outside 7-11.

I used a red box outside 7-11.

We are not the same.

#infosec #phreaking

(Am I doing this meme right? I don’t actually know.)

PartHaircut
11 hours ago

Trying to define the scope of our OT security policy and standard.

“Maybe we can know what is in scope, because we know what isn’t? …..”

https://youtu.be/bZe5J8SVCYQ

#CyberSecurity #InfoSec #OTSecurity #OperationalTechnology #OT #Governance

Taggart: ~# :idle:
11 hours ago

Okay #BlueTeam, here's your weekly tip: never forget to check global prevalence!

Once you find something weird on one endpoint, or from one source, widen your lens to see how common it is across your entire environment. What may seem odd when zoomed in may become part of your baseline with wider perspective.

Or it doesn't, in which case you have further evidence that you found a live one.

#InfoSec #CyberSecurity

Melle Kramer
12 hours ago

Dit is zo’n cool verhaal! Hoe een 40 jaar oude ‘backdoor’ nog steeds relevant is. Echt smullen! #infosec #podcast #beveiliging https://podcasts.apple.com/nl/podcast/malicious-life/id1252417787?i=1000574653093

Stoat
12 hours ago

Could anyone verify if greyhound-data.com has their db up for sale on the darkweb? Lots of chat on the greyhound community sites today. The site hasn't said a thing about it but they've added Cloudflare and no-one can change their password. Bit sus.

#Infosec #Darkweb #Greyhounds

Marcus "MajorLinux" Summers
13 hours ago

For fear of blaming the people who would fall for this, please be careful when downloading apps.

MacStealer malware grabs iCloud passwords, files, and credit card details https://9to5mac.com/2023/03/28/macstealer-malware/

#Malware #iCloud #Passwords #Credentials #macOS #Apple #Vulnerabilities #InfoSec #TechNews

A MacBook sitting on a wooden table with an iPhone face down and dimly lit.

Big #Tech and #InfoSec has a hiring disorder. They over hire without constraint when the market says “good” and the moment there is any blip they purge. This is both a real problem and more than an analogy to a serious medical issue.

This has been a worsening trend over the last decade and it’s really become noticed. Seeing the impact of the humans who are affected by this behavior is heartbreaking. And it’s not the execs who do this that are impacted, they are incented to do this, their rewards are based on market performance, which is the driver of this behavior.

So we have leaders who are rewarded for creating and continuing this model. People are our greatest asset my ass. You’ve lost the right to say that.

There will be an upswing. Again. That’s what markets do. The question will be whether people remember this and choose not to participate. There is now a much bigger set of opportunities outside these Big Tech orgs that are both as rewarding (in money and satisfaction) and way more fun without all the baggage and tax you pay to be in those environments.

To all those impacted, I say again, you did nothing wrong, it’s not you, there’s a whole world out here that is amazing, and what you have learned working in those places is valuable, really valuable. Just navigating the complexities, rallying people behind an idea, Influencing without control … all incredibly impactful skills. Not to mention the technology knowledge you have.

There are many people on LI and other places offering to chat and help, take a breath, and then use your time to chat to them, you will gain both some confidence and some nuggets of advice that will get you going again.

I will always have time on #TheIntersection for people to book a slot to talk. I will make the time.

Kia Kaha.

Adrian Offerman
14 hours ago

now also available in English:
"Survey of DMARC mail security on Mastodon servers makes disappointing findings" -- Users should take security into account when choosing a Mastodon server
https://www.sidn.nl/en/news-and-blogs/survey-of-dmarc-mail-security-on-mastodon-servers-makes-disappointing-findings

"A phishing mail campaign targeting users of the masto.ai server prompted network security specialist Sean Whalen to check whether the domain names of the top 1000 Mastodon servers had DMARC e-mail security protection."

#SPF #DKIM #DMARC #DNSSEC #Mastodon #InfoSec
@seanthegeek

Daniel Bretschneider
14 hours ago

Neuer NSA-Leitfaden für sichere Heimnetzwerke zusammengefasst von
ikarussecurity

https://www.ikarussecurity.com/security-news/nsa-leitfaden-fuer-ein-sicheres-heim-netzwerk/

#infosec #cybersecurity #homeoffice

Marcus "MajorLinux" Summers
14 hours ago

Please don't wait to update!

iOS 16.4 and macOS Ventura 13.3 fix more than 30 security exploits https://9to5mac.com/2023/03/27/ios-16-4-macos-13-3-fix-security-exploits/

#iOS #macOS #Ventura #Exploits #Updates #Apple #InfoSec #TechNews

An iPhone 14 Pro with an image of chains crossing each other and a padlock made of the iOS 16 logo.
Eric McCorkle
15 hours ago

I'm registered for BSidesCharm (BSides Baltimore). Who else is going?

#BSides #InfoSec

Lockdownyourlife
15 hours ago

I'm looking for additional contract work, and would consider FT remote. If you know anyone hiring for a particular skillset: OSINT, investigations, global security, policy/analysis, please lmk.

#job #jobhunting #safety #privacy #infosec #OSINT

Mark Carter
15 hours ago

👍🏻 Spera raises $10M for its identity security posture management platform

https://techcrunch.com/2023/03/29/spera-raises-10m-for-its-identity-security-posture-management-platform/ #ciso #infosec #sox

Mark Carter
16 hours ago

🤔 Why Your Website Is Failing With ERR_CERTIFICATE_TRANSPARENCY_REQUIRED (March 2023 Edition) - SSLMate Blog

https://sslmate.com/blog/post/march_2023_ct_blunders #infosec

📬 The third opus of my series on "A Jump into a Cybersecurity Career" hit your mailbox earlier today!

#cybersecurity #infosec #jobs #career #mentoring

Rest assured, you can also check it below 👇

https://0x58.substack.com/p/a-jump-into-a-cybersecurity-career-d80

JM ☠️
17 hours ago

“fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.”
#network #security #wifi #wireless #infosec #cybersecurity

https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/

Tarah Wheeler :donor:
17 hours ago

We at Red Queen Dynamics have an opening for a #Django/#Python web application #developer (full time, contract, 100% #remote/flexible, emphasis on front end and SaaS applications). https://rqdn.io/web-application-developer. Reports directly to me, and you get to work with a great and fun team! Either respond to the JD as requested in the URL or email me at tarah@rqdn.io with the 18th and 34th post-decimal digits of #pi as the first two characters in the subject line and I'll review your resume/#Github first 😉

#infosec #infosecjobs #cybersecurity #hiring

Julian Oliver
20 hours ago

This research & PoC attack on the 802.11 WiFi stack is neat, with plausible pathways for hijacking or injection at the transport layer. It cunningly leverages the unmanaged sec state of queued power saving frames:

"the attacker can change the security context of the [power saving] frames by sending authentication and association frames to the access point, thus forcing it to transmit the frames in plaintext form or encrypt them with an attacker-provided key."

https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/ #infosec

Julian
20 hours ago

I installed Postfix and through it I sent an email to a Gmail account as "admin@hostname". My expectation was that the email would not arrive at all or end up in spam. Instead it ended up in the normal inbox. Is this normal? :D

#infosec

While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector.

#data #privacy #cybersecurity #infosec

https://www.engage.hoganlovells.com/knowledgeservices/news/french-cnil-is-setting-the-tone-for-2023-patients-data-and-medical-research-on-its-radar

Elias Mårtenson
22 hours ago

I don't know if this is a controversial opinion, but I will state it anyway:

I believe that the CVE system has some serious deficiencies. In particular, using the same system for both user-facing products and third-party libraries is problematic to the point of actually reducing overall security in the industry.

Let me give an example: Let's say you run a self-hosted piece of server-software written in Java. Let's call the product "Foo". You use something like Sonatype to monitor vulnerabilities in the software you use.

You happily run Foo for a few months and CVE-2023-0001 is reported on product Foo with a CVSS score of 9.9. In this case the system works great because you can now patch Foo as soon as possible, and in the meantime you can look at the remediation procedure documented in the CVE report to determine how much of a hurry you are in.

But that's unfortunately not what happens. What you are actually going to see is hundreds of vulnerabilities of varying severity reported not just on Foo as a product, but on every single third-party library that the product Foo happens to use.

Let's say that Foo generates SVG from a template and then uses a library to convert said SVG into images before sending them to the client (never mind that seems like a stupid solution, just go with it). And then a CVSS 10.0 appears because there is an RCE when passing specially crafted SVG data to the library.

Now you have Sonatype reporting that you have a severity 10 issue with the workaround static "upgrade this library". This information would be useful for the developer of Foo, but not for the user.

In fact, the developer may already have investigated this and downgraded the score since the library is never used to process untrusted input.

What this means is that as a user of some piece of software you will feel a lot of pressure internally to pursue CVE reports that are in fact not relevant, but since it shows up in your scan you have an obligation to do this, and check with the vendor to ask about the root cause of these results. This takes time and energy away from your real job: To keep your infrastructure secure.

I lay the blame for this happening squarely on the bad organisation of the CVE database, and I really wish there was a better way. Unfortunately right now it's all we have.

#cve #infosec #cvss

infosec.exchange really needs the :lolsob: emoji

it's the single best symbol characterizing our industry

#infosec

#infosec

WiFi protocol flaw allows attackers to hijack network traffic 👇🏾

"Cisco, admitting that the attacks outlined in the paper may be successful against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.

However, Cisco believes says that the retrieved frames are unlikely to jeopardize the overall security of a properly secured network."

https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/

"Our attacks have a widespread impact as they affect various devices and operating systems (Linux, FreeBSD, iOS, and Android) and because they can be used to hijack TCP connections or intercept client and web traffic," reads the technical paper published yesterday by Domien Schepers and Aanjhan Ranganathan of Northeastern University, and Mathy Vanhoef of imec-DistriNet, KU
Leuven.
Mark Carter
1 day ago

🤔 Prediction: following #microsoft security copilot announcement, every #security vendor will be launching gpt4 integration by end of 2023. We are in the era of ML infused security https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning

Taggart: ~# :idle:
1 day ago

Finally getting a chance to test my hypothesis that Twine makes an amazing TTX platform.

https://twinery.org

#InfoSec #CyberSecurity

Graph of Twine interactive story components. The tree includes:

SOC Alert
Network Investigation
The alert is a False Positive
Endpoint Investigation
System Services
Process Executions
Network Connections
The SOC Alert

Another Friday after another busy week. Just as you're about to close out and log off for the day, you decide just in case to check the SOC alerts one more time.
Of course, there's a new Low Priority alert.
What the heck? you think. Shouldn't take long.
You click on the alert.
Mark Carter
1 day ago

Game changer 👍🏻 Microsoft today announced #Security Copilot, a new #ChatGPT-like assistant powered by AI that takes advantage of Microsoft's threat intelligence footprint to make faster decisions during incident response and to help with threat hunting and security reporting. Copilot answers defenders' security questions via a ChatGPT-like interface and continuously learns to adapt to each environment to advise on the best course of action. https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning

"The most dangerous phrase in #cybersecurity is, 'We've always done it this way.'" – Anonymous

According to #ChatGPT this is a famous #quote used in the #infosec community.

Do we agree on what this Anonymous person said? 🤔

#technology #business #infosecurity #quotes #tech

CitraBenzoet
1 day ago

that feeling when you throw a little bit of regex into the mix of a powershell query and it works so instead of 30k results its down to 25k
#iam #infosec #itsthelittlethings

Its Always Sunny In Philadelphia The Gang GIF
cyberfeed
1 day ago
Tae'lur Alexis :verified:
1 day ago

#100DaysOfHacking
Finished the SSRF labs on Portswigger, that was intense lol 😂 no joke
#infosec

@leigh That seems accurate and in-line with what I see, mostly about #security and #FOSS peeps. Although, #infosec peeps I was following on the other site, who had 6 figures number of followers seem to have a hard time interacting over here. Public figure syndrome? :thinking_fire:​

0xor0ne
2 days ago

Writeup by Chris Leech on Xiongmai DVRs devices exploitation (buffer overflow)

https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/

#iot #embedded #infosec #cybersecurity

Astra Kernel :verified:
2 days ago

🦀 NIST(National Institute of Standards and Technology) added Rust to list of Safer languages list

https://www.nist.gov/itl/ssd/software-quality-group/safer-languages

#rustlang #rust #infosec #appsec #cpp #programming

"Rust has an ownership model that guarantees both memory safety and thread safety, at compile-time, without requiring a garbage collector. This allows users to write high-performance code while eliminating many bug classes. Though Rust does have an unsafe mode, its use is explicit, and only a narrow scope of actions is allowed. (14 Mar 2023)"
Taggart: ~# :idle:
2 days ago

If you've ever been curious about immutable OSes like #NixOS or #Fedora Silverblue, you won't want to miss last Saturday's stream, where we examined 3 immutable OSes and their utility for security work.
https://www.youtube.com/watch?v=hDJ0OsxWLb8

#InfoSec #CyberSecurity

Tae'lur Alexis :verified:
2 days ago

#100DaysOfHacking So far I’ve completed 4 SSRF labs on Portswigger & wow I’ve learned a lot! I find this vulnerability to be the most fascinating. I’m taking Rana Khalil’s Web Security course. What I do is do the labs on my own & then go back & see her technique & how she crafts her python exploits

What I’ve learned:
- There’s ways to bypass black list filters for local host such as double encoding the URL for /admin, using http://127.1 or the decimal version to reference local host
#infosec

The Fake file is hosted by Media Fire

hXXps://www.mediafire[.]com/file/fur2qc7wdm6pi6k/OBSStudioSetup.zip/file

#OBS #OBSStudio #streaming #twitch #infosec #threatIntel #DFIR

A noticeable difference in the file that gets downloaded as well

The ZIP came from the fake site.

#OBS #OBSStudio #streaming #twitch #infosec #threatIntel #DFIR

2 different files downloaded, .zip is fake, .exe is real.

As compared to the ACTUAL OBS page.

#obs #streaming #twitch #infosec #threatIntel #DFIR

obs-download[.]net looks like this, and apparently has a release from the future

#obs #streaming #twitch #infosec #threatIntel #DFIR

fake OBS download page

I'm sure these first 2 Sponsored links on Google are totally legit

(That's sarcasm)

obs-download[.]net
obs-download[.]org

#obs #streaming #twitch #infosec #threatIntel #DFIR

First 2 hits on google when you search obs, both sponsored ads
obs-download[.]org registration date is today according to whois
obs-download[.]net registration date is today according to whois
Dissent Doe :cupofcoffee:
3 days ago

NEW: No need to hack when 682,000 medical records are leaking, Monday edition:

https://www.databreaches.net/no-need-to-hack-when-682000-medical-records-are-leaking-monday-edition/

When, oh when, will covered entities learn to purge old data or at least secure it properly?

@carlypage @brett @allan @campuscodi

#HIPAA #databreach #dataprotection #HealthSec #infosec #cybersecurity #PHI #IncidentResponse #ResponsibleDisclosure

Tinker ☀️
3 days ago

A friend found a WEIRD!!! computer on their network....

So here's a Hacking / Windows Systems Admin question:

From the network, I can log in to this weird host via SMB with any username and any password (e.g.: NotaRealUser / NotaRealPass) and get ADMIN level rights.

Kinda... if I log in with the local Administrator, I have to put the correct password that is stored in the SAM. But anything else, it accepts it as a full admin.

Does anyone know why a Windows host (Server 2008 in this instance) would do that? Like, what configuration would allow a person to have full read/write admin level access to a box with any username and password?

(To be clear... I don't THINK it's a honeypot? Even if it is, how would you configure / misconfigure a windows host to allow this kind of behavior?)

#hacking #infosec #windows #sysadmin

Okay, now I'm curious... What is the worst resume you have ever come across?

#Resume #GetFediFired #InfoSec

Tae'lur Alexis :verified:
3 days ago

I published it! A detailed walkthrough of the updated OWASP Top 10 room where I explain how to solve each challenge as well as explain each vulnerability and how to prevent them in your next web application. Hope you enjoy this lengthy read 🙃
#cybersecurity #infosec

https://medium.com/@taeluralexis/a-hands-on-introduction-to-owasp-top-10-2021-with-tryhackme-933b4eedbeca

Okay, so honest question for people that are a part of the tech hiring process. How many pages is the norm for an experienced InfoSec resume? I have a lot of knowledge and experience that I have to trim out to keep it 2 pages and it pains me to do so.

I've worked as Tech Support, IT Repair, Customer Support, Web Dev (fullstack), DB Admin, Sys Ops, Sec Ops, Net Admin, App Sec, IT Architecture, IT Auditing, GRC, and Enterprise Sec in several different industries to name a few.

I'm sure I am getting auto filtered out of some of these job applications because of lack of keyword hits. Is a 3 page resume really too much, or have I been feed some bad resume advice over the years? :boost_ok:

https://infosec.exchange/@catsalad/110034238022931363

#Resume #GetFediHired #InfoSec #AdviceNeeded

Adrian Offerman
3 days ago

op SIDN.nl:
"Inventarisatie van DMARC mailbeveiliging bij Mastodon-servers teleurstellend" -- Gebruikers zouden de beveiliging mee moeten nemen bij hun keuze voor een Mastodon-server
https://www.sidn.nl/nieuws-en-blogs/inventarisatie-van-dmarc-mailbeveiliging-bij-mastodon-servers-teleurstellend

"Een 'phishing mail'-campagne naar de gebruikers van masto.ai was voor netwerkbeveiligingsspecialist Sean Whalen aanleiding om de domeinnamen van de top-1000 Mastodon-servers te controleren op het gebruik van de DMARC-beveiliging voor e-mail."

#SPF #DKIM #DMARC #DNSSEC #Mastodon #InfoSec

Benjamin
3 days ago

Number of certificates compromised because the client sent me their private key along with it: +1

#InfoSec #Certificates #Fail

Matt Burgess
3 days ago

One of the most absurd surveillance schemes I've seen for a while. Germany is using an AI to scan thousands of web pages, social posts, and messaging apps to detect porn.

They're then reporting people to the police for not having age verification measures in place. (Even where it is literally impossible to do so). More than 100 people in recent months have been reported to the police in Berlin.

I spoke with some of those facing criminal prosecutions, fines, and potential jail sentences for posting porn to Twitter.

https://www.wired.com/story/germany-twitter-porn-police/

#surveillance #infosec #twitter #news #ai #tech #germany
cc @Techmeme