Let's try this again, hopefully no power outages. Doing #TryHackMe Advent of Cyber: Days 2 and 3 since last night's blackout interrupted the hackie. Playing Marbles on Stream afterwards!
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats https://thehackernews.com/2023/12/qakbot-takedown-aftermath-mitigations.html #cybersecurity #infosec #privacy
AlphV/Black Cat crime group extorting fintech Tipalti, threatening to leak client data
#cybersecurity #infosec #incident #ransomware
Features the World Oil article, "European Union adopts “world first” #cybersecurity legislation for manufacturers, including oil, gas industry."
Just finished upgrading my home #Security Onion to 2.4. Is anyone else doing monitoring like that of their home network? I actually have a hard time keeping up with all the data flowing. It really made me realize how tough this is at SMB or even Enterprise scale. Also digging into a bit more on the #Kibana side. #InfoSec #network
We Develop Useful Apps for Windows and Android that Increase the Daily Productivity of many People. (If you love "Simplicity, Functionality and Productivity", then our Apps are a Must for you!)
Official Web Page:
#windows11 #windows10 #Windows7
#Infosec #netsec #cybersec #CyberSecurity
#Data #Encryption #Decryption #Cryption #crypter #cypher
#passwordmanager #unicode #regex
Thanksgiving hack on North Carolina city caused leak of employee data https://therecord.media/hack-on-north-carolina-city-led-to-data-leak #cybersecurity #infosec #privacy
HIRING: Security Specialist / Remote, US
#InfoSec #infosecjobs #CyberSecurity #CyberCareer #cyber #security #jobs #cyberjobs #jobsearch #techjobs #hiring #threatassessment #crisisplanning #riskassessment #remotejob #remotework #remote #remotehiring
Update on the AlphV / Tipalti claims and listing:
DataBreaches has not received any reply as yet from Tipalti, but a reader kindly sent us a link to an Israeli news source that did obtain a statement from them:
מטיפלתי נמסר: "אנחנו מכירים את הטענה הזו וחוקרים אותה. אנחנו לוקחים בכל החומרה והחשיבות את בטחון מידע לקוחותינו. נכון לרגע זה לא זיהינו כל אובדן מידע או פריצה למערכות שלנו".
In Yandex translation:
A spokesman said: "We are aware of this allegation and are investigating it. We take the security of our customers' information with the utmost seriousness and importance. At this time, we have not detected any data loss or breach of our systems."
#AlphV claims an attack before even alerting the victim. How will that work out for them? #cybersecurity #infosec https://www.databreaches.net/alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them/ @PogoWasRight
This dumb password rule is from Vélib’ Métropole.
Your password must be at least 10 characters, with at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character (only from this list: @, $, €, #, %, *, ., ;, !, ?).
You're not allowed to paste passwords.
🌐 ✈️ GPS spoofing attacks are starting to cause navigation system failures in large aircraft. The data is "good enough" to corrupt the redundant GPS and Inertial Reference Systems leaving the flight crew blind to the aircraft's actual position.
Saying "nobody knows what to do" is incorrect but it's expensive and takes time to change certified avionics. Fix rollout will be slow and workarounds are limited.
Critical Splunk Enterprise Vulnerability reported, PoC already available
#cybersecurity #infosec #advisory #talkwalker
So AlphV (aka BlackCat) is trying something different again. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim's cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the victim's clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms and Twitch, all individually.
They even cite an academic reference on the potential benefit of paying ransom.
This listing is not the nasty approach that we've seen in some other listings on that leak site. But we'll see what happens if or when the victims don't respond.
I've sent an inquiry to Tipalti who is probably already swamped and running around trying to figure out what happened. AlphV claims to have been in multiple systems of theirs since September 8. Whether that's true or not remains to be seen.
Data leak of student bursary amounts at Cambridge's Clare College
#cybersecurity #infosec #incident #databreach
Russian region launches chatbot to report ‘extremist’ neighbors https://therecord.media/russian-region-primorsky-krai-snitching-chatbot #cybersecurity #infosec #privacy
How to Not Get Hacked by a QR Code https://cyberfeed.io/article/7ee0b563c31b86e5d1e2bd7d0216ef4e #cybersec #security #infosec #cybersecurity
How legacy software will kill you - 20,000 legacy Microsoft Exchange servers are active globally
#cybersecurity #infosec #knowledge #bleeping_comp
Finally got around to migrating from Universal Analytics to GA4 (using GTM), even though I'm hugely no longer a fan of the Google/Alphabet business model.
Is it hypocritical not to look away when naked members of the public stop by my home, while personally, whenever I go out, I try not to forget to wear clothes? #privacy #ethics #tech #infosec #data #analytics
Excellent series for learning the basic of ELF file format internals
Do you either,
- Work in water/wastewater?
- Use Unitronics PLCs?
If yes, please familiarize yourself with this advisory from CISA:
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
TL;DR - Iranian threat group, CyberAv3ngers (i know, what a lame name) is targeting Unitronics PLCs with default credentials.
Features the Security Affairs piece, "Fortune-Telling Website WeMystic Exposes 13M+ User Records."
this year, I am participating in the #tryHackMe #AdventOfCyber2023 event. I have deided to make videos of me doing the tasks to document the #accessibility struggles I run into, as well as how I (fail to) get around them, for awareness, education, and basically because I felt like it. The fruits of my labor can be found here: https://www.youtube.com/playlist?list=PLoI1JGnSzOVKWI2fOpymnWcQtgxPLoW4X
Please note that the videos are still processing and therefore may not have subtitles yet. If the autogenerated ones are really bad, which wouldn't surprise me, I have infrastructure in place to do better, just let me know if it's a blocker for you and we'll sort it out. I really hope the #infoSec community as a whole can learn from this, and that it paves the way forward for better #accessibility for these kinds of challenges going forward. I'm not asking for too much here, it's about time this industry moves into the 21st century where this is concerned. Let's make it happen! :)
Nie śpi ktoś, by czytać mógł ktoś, zatem dzisiejsza publikacja typowo dla osób cierpiących na bezsenność. Miłego klikania!
looking back on my personal challenge for 2023: #AskAppSec | A Tester's Journey: AskAppSec - Finding Closure https://www.lisihocke.com/2023/12/askappsec-finding-closure.html #AskInfoSec #AppSec #InfoSec
I decided to offer a birthday weekend discount on the spicy pages. I'll be dropping an audio story for subscribers over the weekend. 😈
P.S. The story has nothing to do with tech, however, I do know a few people who do vocal narration for tech podcasts & spicy books, so there's your tech connection.
re: Hackers had “accessed multiple US-based” water facilities
Why are the water facilities leaving the internet-connected device passwords at the manufacturer default password?
Regardless who is doing the hacking, terrorists or others, blame squarely should be with the teams operating these with default passwords.
I'm positively impressed by the latest shame scam I just received. It even includes a password of mine that has been reported as part of a dump several years ago, and it makes the claim that they somehow installed a trojan virus on all my devices and caught me on camera masturbating way more impactful.
I wanted to congratulate them for the marginal ingenuity but unfortunately they do indicate it's useless to reply directly to the sender email address. 😞
Researchers find a new flaw that affects Bluetooth version 4.1 and higher. This flaw allows attackers the ability to perform man in the middle and device impersonation attacks.
#infosec #cybersecurity #Bluetooth #BLUFFS #vulnerability
💻 Computer Scientist Joy Buolamwini Warns Facial Recognition Technology Is Riddled w/Biases Of Its Creators
As Is Case w/All AI: including "Predictive Policing", w/can lead to harassment & worse - w/guilt by relative / association
The response I've seen from my disclosure of vulnerabilities in U.S. court platforms has been incredible. There have been articles in TechCrunch and Law360, an advisory from CISA, and a public statement from at least one court.
This whole process has been a pretty wild ride. I've been given so much great advice from so many people, beginning with @Kirkman during the first several days and @eff after the first week, and I can't thank those people enough.
I'm slightly disappointed that none of the four journalists, four federal agents, three state CISOs, one city CISO, eight vendors, two lawyers, or two cybersecurity experts said a single word about what is quite possibly my favorite part of the disclosure. The acknowledgements section includes a dedication to our furry friends on the Fediverse. Some of their antics after my Bluesky disclosure gave me immense joy. I don't know very much about their communities or their fursonas, but they and their whimsical natures hold a special place in my heart. I take solace in the fact that the website for a federal agency (CISA) now contains a direct link to a document that shouts out the furries.
Most vendors have been extremely difficult to work with. They either didn't respond at all (e.g. Henschen & Associates), only begrudgingly responded after contacting their CEO (e.g. Catalis), or required playing a game of telephone (e.g. Florida). The final vendor (e.g. Tyler Technologies) was prompt and forthcoming with details, which is a nice change from how they handled their a previous vulnerability; trying to avoid a second class action lawsuit was probably a big motivator.
As of today, Sarasota County, FL is the only vendor to put any public statement on their website. It's refreshing to see them be open about it, but their statement has some falsehoods that I need to correct. I have receipts. 1) There was a second vulnerability, which they fixed on or slightly before October 26th. 2) Logs will show that at least one restricted document was viewed a minimum of five times. If their logs don't show that specific document -- a sealed mental health evaluation from a psychiatrist --, then their logging is insufficient. 3) Beginning on September 15th, I have personally viewed public information on more than their stated ten instances. Again, if their logs don't show these accesses, they are insufficient.
One vendor, Lee County, FL, made veiled threats through the media, telling TechCrunch and Law360 that "[w]e interpret any unauthorized access, intentional or unintentional, as a potential violation of Florida Statute Chapter 815, and may also result in civil litigation by our office". I've always expected some form of legal blowback and I'm prepared for the possibility. If any vendor, court, or other government agency would like to give this another news cycle and give researchers some better case law, I'd be more than happy to accommodate.
The total number of courts that were taken offline after being notified is...zero. This includes the one platform that was fixed after the disclosure was released and the one that is still vulnerable at this very moment.
So now what? I am far from done.
I intend to push courts and other vendors to have very serious discussions about security.
There are vulnerabilities in two other court platforms that I need to prepare for disclosure. One of those vendors didn't respond until a city CISO and a state CISO called to (presumably) yell at their CEO on a Friday evening. The other vendor is one that I know won't be responding.
I also need to finish probing a number of other courts that I was pointed to. It isn't looking good.
Future disclosures will of course be posted here and at https://github.com/qwell/disclosures/
 https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/ -- from @zackwhittaker
 https://www.law360.com/pulse/articles/1771766 -- paywalled
Got an email from the (outsourced) security response team: "We have detected nmap malware". Apparently a Win32.Trojan.Generic rule has been triggered by the IDS, which scanned a VM I had just spun up.
Me: This is a Debian Linux VM provisioned by Google. Nmap is an established security tool. This a false positive. However to placate the tool I'll run 'apt remove nmap-common'.
Vendor: thank you, I can confirm the malware is removed. (Closes case).
Just straight up #Infosec theater. Good job! 👏
Hello, new followers! Here's a bit of an #introduction so you'll know what you're in for.
I'm Taggart, and I've been in IT for over 15 years. For the last 5 or so, that's been focused on #CyberSecurity / #InfoSec. Before that, I was a K-12 educator/administrator, and I haven't stopped teaching.
I run a school of sorts. I also maintain a threat intel/cyber news feed, and some other projects.
I love writing code, especially in #Rust these days.
This account is mostly infosec analysis/boosts, with occasional forays into things like policy. Kindness, inclusion, and allyship are the default settings.
Buying and selling second-hand devices https://www.ncsc.gov.uk/guidance/buying-selling-second-hand-devices #cybersecurity #infosec #privacy
Earlier this year @baileybercik and I presented at SANS #Cloud #Security summit on what we've learned from the last 18 or so months of deploying #CIEM as part of that broader #CNAPP strategy. We focused mostly on #Microsoft #Entra Permissions Management. The talk is now posted, https://www.youtube.com/watch?v=q2pdf_8aorg. If you want to learn more about #CNAPP see this post, https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-new-cnapp-capabilities-in-defender-for-cloud/ba-p/3981941. We also recently released an operations guide which has been very helpful for customers. Give it a read. https://learn.microsoft.com/en-us/entra/architecture/permissions-manage-ops-guide-intro. #InfoSec #Azure #AWS #GCP
#InfoSec Douglas Adams on HTTP:
And so the problem remained; lots of requests were broken, and most of them violated one or another RFC, even the ones using fancy streams.
People were increasingly of the opinion that they'd all made a big mistake in stuffing absolutely everything into a simple request-response protocol in the first place. And some said that even TCP had been a bad move, and that no one should ever have connected two computers.
#Google will not win this stupid fight. Ad-blockers are no longer about invasive ads. They protect users against malicious pop-ups and other nefarious activities. No wonder Google Ads are a security nightmare. #cybersecurity #infosec
Inside the 'arms race' between YouTube and ad blockers https://www.engadget.com/inside-the-arms-race-between-youtube-and-ad-blockers-140031824.html @engadget
Physical security is as important as network security. Also don't unplug your CCTV cameras.
Since I have grey hair, when I hear the word "cyber" used by itself my 12 year old inner self has a giggle. You see, it has a bit of history...
A perfect example of a poor phishing email.
Notice the spelling, phrases not making sense and (not shown) the email it was sent from and to.
The link sends you to a Google Forms link, where they will try and get your details.
Watch out for these always, but especially at this time of year. Who *wouldn't* want $44101 this time of year?
Heads up for my security nerd friends: Wordfence are running a "holiday bug extravaganza" with their normal bounty reward rates multiplied by 6.25 - so up to $10k for a valid vuln. https://www.wordfence.com/blog/2023/12/earn-up-to-10000-for-vulnerabilities-in-wordpress-software-6x-rewards-in-the-wordfence-holiday-bug-extravaganza/
WhatsApp has further tightened user messaging security with a feature that allows you to keep your chats private – from anyone who might have access to your phone.
#WhatsApp #app #messaging #privacy #cybersecurity #infosec
Another round of Apple #iOS #macOS #webkit zero-day emergency security updates today https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/
This dumb password rule is from AmeriHealth.
Their site says "*All information is kept safe and secure.*" Just not as
secure as you'd like.
User Password must be between 6 and 14 characters and contain 1
Who wants to critique my little webpage resume I'm working on? Don't shit on me to hard though.
Edit: dm me for link. I don't want the savages of the fediverse on it 😂🤣
Richland One employees' personal information exposed in data conversion mishap. Vendor isn't named in this news report:
This is a simple loader that uses indirect syscalls via the Tartarus' Gate method. This loader executes shellcode with an known WINAPI
CreateThreadPoolWaitbut I have changed things a little bit and instead, I call the underlying
All Okta customer support users confirmed to be impacted by the September/October breach, not just the 134 previously stated...
#Infosec picks of the day:
➡️ @haveibeenpwned - Site which lets you check if you are victim of security breaches
➡️ @smashingsecurity - Award-winning humorous podcast about computer security
➡️ @gcluley - Computer security expert, blogger, co-host of Smashing Security podcast
➡️ @rysiek - IT expert, dev, good guy hacker
➡️ @adminmagazine - Technical journal for system administrators
➡️ @kalilinux - Linux distro for computer security tasks such as digital forensics, penetration testing etc
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 2 new zero-days that may have been actively exploited.
🐛 CVE-2023-42916 (WebKit):
- iOS and iPadOS 17.1.2
- macOS Sonoma 14.1.2
- Safari 17.1.2
🐛 CVE-2023-42917 (WebKit):
- iOS and iPadOS 17.1.2
- macOS Sonoma 14.1.2
- Safari 17.1.2
Associated Press, ESPN, CBS among top sites serving fake #virus alerts
Malvertising on top news sites.
Connected with threat actor "ScamClub." A large portion of this campaign targets mobile users.
-Insert my spiel about using an adblocker- Ads can be blocked in browsers, on devices, and on networks.
Disorder in the Court
Insufficient permission check vulnerabilities in public court record platforms from multiple vendors allowed unauthorized public access to sealed, confidential, unredacted, and/or otherwise restricted case documents. Affected documents include witness lists and testimony, mental health evaluations, child custody agreements, detailed allegations of abuse, corporate trade secrets, jury forms, and much more.
Catalis - CMS360 is used in Georgia, Mississippi, Ohio, and Tennessee. Catalis is a "government solutions" company that provides a wide array of public record, payment, and regulatory/compliance platforms.
Henschen & Associates - CaseLook is used in Ohio. Henschen & Associates did not respond after multiple reports.
Tyler Technologies - Court Case Management Plus is used in Georgia. In February 2022, a different Tyler Technologies court records platform had a similar vulnerability that allowed the website judyrecords.com to accidentally scrape sensitive data.
Five platforms used by individual courts in Florida -- Brevard County, Hillsborough County, Lee County, Monroe County, and Sarasota County -- are each presumed to be developed "in-house" by the county court.
While all of the platforms allowed unintended public access to restricted documents, the severity varied based on the levels of restrictions that could be bypassed and the discoverability of document IDs. The methods used to exploit each of the vulnerabilities also varied, but could all be performed by an unauthenticated attacker using only a browser's developer tools.
CVE-2023-6341, CVE-2023-6342, CVE-2023-6343, CVE-2023-6344, CVE-2023-6352, CVE-2023-6353, CVE-2023-6354, CVE-2023-6375, CVE-2023-6376
Note: Additional platforms from other vendors that are known to be vulnerable will be included in future disclosures.
After 8 Years of Development: NetHSM 1.0 is Available! The First Open Source Hardware Security Module https://www.nitrokey.com/news/2023/after-8-years-development-nethsm-10-available-first-open-source-hardware-security-module #crypto #infosec
But to all the people on https://news.ycombinator.com/item?id=38454908 thinking they can run their own system, or that a competitor would do better, think again carefully.
Okta is going up against nation state elite hackers who do this as a day job. Okta needs to lift its game but don’t be naive and assume switching vendors will fix this.
Dear #Fediverse #InfoSec #Privacy folks, if anybody knows of any peer reviewed papers, official reports, etc., on how ad networks are or have been used by malicious actors to target specific people or groups — with malware, but also with targeted surveillance — I would love to hear.
I'm talking beyond "mere" surveillance capitalism. Surveillance capitalism is bad enough, of course, but in this particular case I am looking specifically for stuff that goes beyond "just" targeting ads.
Join us this Friday for our first DEFENDER FRIDAYS series session hosted by @eric_capuano who will be demonstrating a basic attack and defend lab environment for honing detection engineering skills.
Each week, different expert hosts will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. DEFENDER FRIDAYS is informal and interactive by nature, allowing for an engaging dialogue between our guests, hosts, and you!
Register now: https://limacharlie.io/defender-fridays
If you're having fun trying to map security requirements from one standard to another, then OpenCRE might be of help. For example, you might have used OWASP SAMM to try to under what maturity levels your org is at, but need to map to NIST 800-53 v5 as that's what your org's policies are based around.
Also, you have my best wishes for what seems to be a vertically uphill task to do with consistency!
Working in #infosec is really about selling Hope.
When we say ”risk-based approach”, what we’re really saying is ”hope-filled thinking”. This is not a bad thing, Hope is what makes us all go on.
But be careful about how you use facts and metrics to crush Risk - you don’t want Hope to be collateral damage.
Identity services provider #Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.