#infosec
ICYMI: Pwn2Own: Tesla Model 3 hacked, hackers win $250K and a Tesla Model 3 https://www.cybercareers.blog/2023/03/pwn2own-tesla-model-3-hacked-hackers-win-250k-and-a-tesla-model-3/?utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #cyber #infosec

(Please boost for visibility)
Today has not been a fun day for people using 3CX. Basically, anyone who has been using the desktop client on Windows (and potentially Mac) has has their machine hacked. Not JUST hacked, but quite probably all your stored login credentials have been stolen. This is about as bad as it gets.
Basically, if you have 3CX installed on your PC, consider EVERY PASSWORD and EVERY SINGLE THING you're logged into as compromised.
This dumb password rule is from E-learning (Unipd).
Exactly 8 characters for password! There must be at least 1 lowercase
letter, at least 1 uppercase letter, at least 1 number and at least 1
*special* char ( \* , . $ # @ etc...).
https://dumbpasswordrules.com/sites/e-learning-unipd/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Srsly Risky Biz: Army. Navy. Air Force. Cyber Force? https://cyberfeed.io/article/6928207f9491eabae9b7ca5f736edf55 #cybersec #security #infosec #cybersecurity
This seems to be quite interesting #MicrosoftTeams #infosec bug: access to wrong set of files is resolved by clearing desktop client cache. Of course, as cloud services do not get assigned CVEs or other form of public disclosure it is not known if there was also an access vieolation too.
https://learn.microsoft.com/en-us/answers/questions/1193634/microsoft-teams-is-displaying-incorrect-file-data
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT https://cyberfeed.io/article/b2efb95afc48c239cd94dd38b2d928cd #cybersec #security #infosec #cybersecurity

2023-03-29 RDP #Honeypot IOCs - 807 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.173.204.143 - 446
43.156.9.187 - 113
103.104.84.129 - 68
Top ASNs:
AS146940 - 446
AS132203 - 113
AS133933 - 68
Top Accounts:
hello - 757
Administr - 20
Domain - 19
Top ISPs:
Natsav - 446
Shenzhen Tencent Computer Systems Company Limited - 113
NetSat Private Limited - 68
Top Clients:
Unknown - 807
Top Software:
Unknown - 807
Top Keyboards:
Unknown - 807
Top IP Classification:
Unknown - 639
hosting - 163
proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/rPE0Y6WN
Hackers compromise 3CX desktop app in a supply chain attack https://cyberfeed.io/article/0d19b3e9dc3fe180731fc383a2cbcd09 #cybersec #security #infosec #cybersecurity
CrowdStrike and SentinelOne are reporting that a version of the 3CX softphone app has been bundled with malware in a supply chain attack, similar to what happened with Solarwinds. CrowdStrike intelligence has attributed this activity to a North Korean APT group they track as LABYRINTH CHOLLIMA. The response from 3CX is arrogant as hell!
#InfoSec #3CX #SupplyChainAttack #CrowdStrike #SentinelOne #NorthKorea #DPRK #APT #LABYRINTHCHOLLIMA

Restrict Act Can Ban So Much More Than Tiktok
As Broadly Worded As It Is: Could Threaten VPN's & Other Tech
#VPN #News #RestrictAct #restrictact #USA #civilliberties #FreeExpression #FreeSpeech #Constitution #Tiktok #Infosec #Cybersecurity #Journalism
https://www.vice.com/en/article/4a3ddb/restrict-act-insanely-broad-ban-tiktok-vpns
Damn #wellsfargo The process I just went through to get some information from 2017 and 2019 that I need was super bonkers. I can't get that info in the "secure" portal, so I had to go on the phone to request it. No problem, was simpler to find and the person was great.
What was not great is that instead of sticking it in the secure portal for me, or emailing it to the email address I have used for 14 years with you all, I was able to give an international address to the person and they will mail it to me. This was after seeing if a fax was ok
What year is it? My advice is this:
Allow your people to make those documents securely available in your portal.
Allow your people to email a link, and separately a code, to access those documents through a secure service.
Allow those docs to be encrypted in a zip and sent.
It's 2023, I should not have to wait for a physical version of old documents, which are already in a digital format, just because you can't work out how to securely provide digital copies of things to people.
*He says, already signed up to e-statements only.
Holy damn this is wild
“I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office365 accounts.
How did I do it? Well, it all started with a simple click in Azure… 👀
This is the story of #BingBang”
https://nitter.net/hillai/status/1641146508639600646#m
#Microsoft #Azure #Bing #OpenAI #InformationSecurity #Cyber #Cloud #InfoSec #CyberSecurity #ThreatIntel

Senate Bill to Ban TikTok https://cyberfeed.io/article/68b362250e92da5a2d2f1deb9162cb97 #tech #security #infosec #cybersecurity
Cybersecurity firms warn of 3CX desktop app supply chain attack https://cyberfeed.io/article/047ae29a2192f1e84c3ad7d3bb3a4582 #cybersec #security #infosec #cybersecurity
UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....
I have no words.
Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.
But even so, this is terrible.
Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.
And, yes, you will absolutely find a lot of exceptions to that. Well done.
But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.
It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.
But this is a significant problem. It really is.
If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.
For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.
I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.
Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.
That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.
Back to being a bluffer.
The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.
I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.
Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...
I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security

picoCTF writeup: Decompilation of a simple Android Package https://mobileappcircular.com/picoctf-writeup-decompilation-of-a-simple-android-package-57608b7c5929 #picoCTF #infosec #hacking #reverseengineering #android #java #cybersecurity #cyber
Pause Giant AI Experiments: An Open Letter https://cyberfeed.io/article/49e38043bdbdb6e2b386bc067f5180b3 #tech #security #infosec #cybersecurity
*phone buzzes* SMS: Your one-time security code is 1234. It is only for logging in this time. No one will ask you for this. Bank rep on phone: I just sent you a code, can you please read it back to me so I can confirm your identity?
Phishing emails were up by 569% in 2022 👀👇🏾
5 specific trends:
The number of credential phishing emails sent spiked by 478%;
Emotet and QakBot are the top malware families observed;
For the eighth consecutive year, business email compromise (BEC) ranked as the top cybercrime;
Web3 use jumped by 341%;
And there was an 800% increase in the use of Telegram bots for exfiltration.
Report by Cofense 👇🏾
https://cofense.com/blog/phishing-emails-increased-in-2022-according-to-annual-report-from-cofense/

[de] E-Voting CH: Prof. A. Appel: "Von Hand" ist einzig sichere Methode
"Der aktuelle Stand der IT-Security-Wissenschaften lässt uns ... auf absehbare Zeit zum Schluss kommen, dass bei Wahlen Papierstimmzettel, die von Hand ausgefüllt ... nachgezählt ..., die einzig sichere Methode sind ..."
"... Eine Schwachstelle, die es Hackern ermöglicht, Schadsoftware auf Tausenden von Geräten von Wählern zu installieren."
https://www.inside-it.ch/e-voting-reihe-wie-sicher-ist-sicher-genug-20230328
Qualys have a product called CyberSecurity Asset Management, and they are going with the unfortunate acronym "CSAM".
As my fellow CyberSecurity folks may well know, this is not an acronym you want your company associated with.
I really wonder about the marketing department not doing due diligence, or worse, not caring.
This looks like pwned certificate >>build/upgrade system compromise>> signed binary release.
#3cx #sectoot #infosec #supplychainattack
Credit to abvcti_brs for this VT graph
https://www.virustotal.com/graph/g84bdefba1cf143d9afd708c8ef30a5fb7e4daff007584671a5db0d7879b570dd
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App https://cyberfeed.io/article/acbf6fb9767d5573150d41b436ee32c8 #cybersec #security #infosec #cybersecurity
Exciting time to be in #infosec - #AI and #DLNN tech is ripe for #exploit and while I am enjoying the world realizing collectively what people in #deeplearning have known for years. It will be bumpy ride while we develop policies and #governance as a framework around all this. Bumpy, but fun. https://www.reuters.com/technology/musk-experts-urge-pause-training-ai-systems-that-can-outperform-gpt-4-2023-03-29/
[en] Online voting provider paid for academic research in attempt to sway U.S. lawmakers
According to Cyberscoop, "Democracy Live [a voting technology company] directed academic research aimed at demonstrating its product's security and used that material in lobbying campaigns."
https://cyberscoop.com/democracy-live-research-online-voting/
#onlinevoting #evoting #ictsecurity #infosec #security #democracylive
500K Subscriber Celebration! https://cyberfeed.io/article/4fc3f32a75a00868ff8c5ad415c12edd #cybersec #security #infosec #cybersecurity
#Microsoft unveils Security Copilot in preview! Powered by #OpenAI's GPT-4, it offers end-to-end defense 🔒 at machine speed and scale.
https://thehackernews.com/2023/03/microsoft-introduces-gpt-4-ai-powered.html
New Chinese-linked #malware, Mélofée, threatens #Linux servers!
Uncovered by ExaTrack, it enables remote control over servers and hides itself using kernel-mode rootkits.
https://thehackernews.com/2023/03/melofee-researchers-uncover-new-linux.html
#Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on #Android & iOS devices last year.
https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html
These highly targeted campaigns put dissidents, journalists, & human rights workers at risk.
Steam will drop support for Windows 7 and 8 in January 2024 https://cyberfeed.io/article/41d98135b75ff251407be342c8e9888d #cybersec #security #infosec #cybersecurity
Today's episode of @hackerverse features @craigellrod and yours truly speaking with Dr. Lisa McKee.
She's a privacy expert with strong opinions about compliance and regulations!
#privacy #infosec
https://www.youtube.com/live/naUUWTxRlF4?feature=share
macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs https://cyberfeed.io/article/1c88049c587547bcdee5589aed07b071 #cybersec #security #infosec #cybersecurity
SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool https://cyberfeed.io/article/3a338033155f63afd11ba617a37324ac #cybersec #security #infosec #cybersecurity
The problem could be me. I don't run to authority when people behave shitty, because I've learned authority won't punish them. That's been the status quo for 40+ ears, from grade school bullies to the people who stole my car.
Besides, #infosec lauds the misbehavers. Very common pattern.
Best most of us can do is keep our orgs safe, steer our own away from the charlatans, and keep taking it on the chin like we always do.
Happy Wednesday.
🪲 VSCode hack shows how supply chain attacks can extend to other software development tools
👉 Extensions are developed in Node.js
👉 Malicious npm packages to extensions
👉 Infected extensions & Auto update
All geeks who cherish or at least somewhat care about humanity and the supposely inalienable rights we humans deserve ought to read his story...
「For 12 years, Program Think, an anonymous Chinese blogger, mounted an open challenge to China’s tightening authoritarian grip and expanding surveillance state.
The freewheeling blog offered a mixture of technical cybersecurity advice and scathing political commentary – including tips on how to safely circumvent China’s Great Firewall of internet censorship, develop critical thinking and resist the increasingly totalitarian rule of the Chinese Communist Party.
...
Then, in May 2021, Program Think suddenly went silent. 」
「“Since June 2009, (Ruan) has used his computer to write more than a hundred seditious articles that spread rumors and slander, attack and smear the country’s current political system, incite subversion of state power, and intent to overthrow the socialist system,” the court verdict said.
It added that the articles, published on overseas platforms, attracted “a large number of internet users to read, comment and share, causing pernicious consequences.” 」
「Ruan never cared much about money or material comfort. Instead, he longed for what he called the “open source spirit” – freedom, openness, sharing and cooperation, Bei said.
“He thinks one must pursue spiritual values in life. For him, it is technology – that’s what he finds valuable. But only recently did I discover that his (quest) for freedom had also morphed into a (longing for) political freedom,” she said. 」
#RuanXiaohuan #opensource #infosec #ethics #freedomfighter #dissident #CCP #PRC #china #dictatorship #authoritarianism #panopticon
Security cameras with encrypted cloud storage that is inaccessible to law enforcement and/or cloud service providers? #infosec #surveillance
[edit: cloud is preferred because burglary of local storage is a risk]
Yo, #threatintelligence peeps, be aware of an active campaign by LABYRINTH CHOLLIMA targeting 3CX PBX customers
EDIT:
#3CX is definitely popped.
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

You used a Redbox outside 7-11.
I used a red box outside 7-11.
We are not the same.
(Am I doing this meme right? I don’t actually know.)
Trying to define the scope of our OT security policy and standard.
“Maybe we can know what is in scope, because we know what isn’t? …..”
#CyberSecurity #InfoSec #OTSecurity #OperationalTechnology #OT #Governance
Okay #BlueTeam, here's your weekly tip: never forget to check global prevalence!
Once you find something weird on one endpoint, or from one source, widen your lens to see how common it is across your entire environment. What may seem odd when zoomed in may become part of your baseline with wider perspective.
Or it doesn't, in which case you have further evidence that you found a live one.
Dit is zo’n cool verhaal! Hoe een 40 jaar oude ‘backdoor’ nog steeds relevant is. Echt smullen! #infosec #podcast #beveiliging https://podcasts.apple.com/nl/podcast/malicious-life/id1252417787?i=1000574653093
Could anyone verify if greyhound-data.com has their db up for sale on the darkweb? Lots of chat on the greyhound community sites today. The site hasn't said a thing about it but they've added Cloudflare and no-one can change their password. Bit sus.
For fear of blaming the people who would fall for this, please be careful when downloading apps.
MacStealer malware grabs iCloud passwords, files, and credit card details https://9to5mac.com/2023/03/28/macstealer-malware/
#Malware #iCloud #Passwords #Credentials #macOS #Apple #Vulnerabilities #InfoSec #TechNews

Big #Tech and #InfoSec has a hiring disorder. They over hire without constraint when the market says “good” and the moment there is any blip they purge. This is both a real problem and more than an analogy to a serious medical issue.
This has been a worsening trend over the last decade and it’s really become noticed. Seeing the impact of the humans who are affected by this behavior is heartbreaking. And it’s not the execs who do this that are impacted, they are incented to do this, their rewards are based on market performance, which is the driver of this behavior.
So we have leaders who are rewarded for creating and continuing this model. People are our greatest asset my ass. You’ve lost the right to say that.
There will be an upswing. Again. That’s what markets do. The question will be whether people remember this and choose not to participate. There is now a much bigger set of opportunities outside these Big Tech orgs that are both as rewarding (in money and satisfaction) and way more fun without all the baggage and tax you pay to be in those environments.
To all those impacted, I say again, you did nothing wrong, it’s not you, there’s a whole world out here that is amazing, and what you have learned working in those places is valuable, really valuable. Just navigating the complexities, rallying people behind an idea, Influencing without control … all incredibly impactful skills. Not to mention the technology knowledge you have.
There are many people on LI and other places offering to chat and help, take a breath, and then use your time to chat to them, you will gain both some confidence and some nuggets of advice that will get you going again.
I will always have time on #TheIntersection for people to book a slot to talk. I will make the time.
Kia Kaha.
now also available in English:
"Survey of DMARC mail security on Mastodon servers makes disappointing findings" -- Users should take security into account when choosing a Mastodon server
https://www.sidn.nl/en/news-and-blogs/survey-of-dmarc-mail-security-on-mastodon-servers-makes-disappointing-findings
"A phishing mail campaign targeting users of the masto.ai server prompted network security specialist Sean Whalen to check whether the domain names of the top 1000 Mastodon servers had DMARC e-mail security protection."

Neuer NSA-Leitfaden für sichere Heimnetzwerke zusammengefasst von
ikarussecurity
https://www.ikarussecurity.com/security-news/nsa-leitfaden-fuer-ein-sicheres-heim-netzwerk/

👍🏻 Spera raises $10M for its identity security posture management platform
https://techcrunch.com/2023/03/29/spera-raises-10m-for-its-identity-security-posture-management-platform/ #ciso #infosec #sox
🤔 Why Your Website Is Failing With ERR_CERTIFICATE_TRANSPARENCY_REQUIRED (March 2023 Edition) - SSLMate Blog
https://sslmate.com/blog/post/march_2023_ct_blunders #infosec
📬 The third opus of my series on "A Jump into a Cybersecurity Career" hit your mailbox earlier today!
#cybersecurity #infosec #jobs #career #mentoring
Rest assured, you can also check it below 👇
https://0x58.substack.com/p/a-jump-into-a-cybersecurity-career-d80
It's #Masstodon #POLL time!
In your #production #server
What #OS do you use?
Leave a comment detailing the distro or if it's SUSE.
#debian #rhel #ubuntu #fedora #almalinux #rockylinux #centos #windowsserver #windows #linuxmint #suse #opensuse #polltime #webserver #emailserver #syadmin #webdev #devops #infosec
We at Red Queen Dynamics have an opening for a #Django/#Python web application #developer (full time, contract, 100% #remote/flexible, emphasis on front end and SaaS applications). https://rqdn.io/web-application-developer. Reports directly to me, and you get to work with a great and fun team! Either respond to the JD as requested in the URL or email me at tarah@rqdn.io with the 18th and 34th post-decimal digits of #pi as the first two characters in the subject line and I'll review your resume/#Github first 😉
This research & PoC attack on the 802.11 WiFi stack is neat, with plausible pathways for hijacking or injection at the transport layer. It cunningly leverages the unmanaged sec state of queued power saving frames:
"the attacker can change the security context of the [power saving] frames by sending authentication and association frames to the access point, thus forcing it to transmit the frames in plaintext form or encrypt them with an attacker-provided key."
https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/ #infosec
I installed Postfix and through it I sent an email to a Gmail account as "admin@hostname". My expectation was that the email would not arrive at all or end up in spam. Instead it ended up in the normal inbox. Is this normal? :D
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector.
I don't know if this is a controversial opinion, but I will state it anyway:
I believe that the CVE system has some serious deficiencies. In particular, using the same system for both user-facing products and third-party libraries is problematic to the point of actually reducing overall security in the industry.
Let me give an example: Let's say you run a self-hosted piece of server-software written in Java. Let's call the product "Foo". You use something like Sonatype to monitor vulnerabilities in the software you use.
You happily run Foo for a few months and CVE-2023-0001 is reported on product Foo with a CVSS score of 9.9. In this case the system works great because you can now patch Foo as soon as possible, and in the meantime you can look at the remediation procedure documented in the CVE report to determine how much of a hurry you are in.
But that's unfortunately not what happens. What you are actually going to see is hundreds of vulnerabilities of varying severity reported not just on Foo as a product, but on every single third-party library that the product Foo happens to use.
Let's say that Foo generates SVG from a template and then uses a library to convert said SVG into images before sending them to the client (never mind that seems like a stupid solution, just go with it). And then a CVSS 10.0 appears because there is an RCE when passing specially crafted SVG data to the library.
Now you have Sonatype reporting that you have a severity 10 issue with the workaround static "upgrade this library". This information would be useful for the developer of Foo, but not for the user.
In fact, the developer may already have investigated this and downgraded the score since the library is never used to process untrusted input.
What this means is that as a user of some piece of software you will feel a lot of pressure internally to pursue CVE reports that are in fact not relevant, but since it shows up in your scan you have an obligation to do this, and check with the vendor to ask about the root cause of these results. This takes time and energy away from your real job: To keep your infrastructure secure.
I lay the blame for this happening squarely on the bad organisation of the CVE database, and I really wish there was a better way. Unfortunately right now it's all we have.
#Ciberdelincuencia contra la #Mujer
Créditos: asianlaws.org
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #bugbounty #bugbountytips
#vtc #volgatc #volgatechconsulting

infosec.exchange really needs the :lolsob: emoji
it's the single best symbol characterizing our industry
WiFi protocol flaw allows attackers to hijack network traffic 👇🏾
"Cisco, admitting that the attacks outlined in the paper may be successful against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.
However, Cisco believes says that the retrieved frames are unlikely to jeopardize the overall security of a properly secured network."

🤔 Prediction: following #microsoft security copilot announcement, every #security vendor will be launching gpt4 integration by end of 2023. We are in the era of ML infused security https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning
Finally getting a chance to test my hypothesis that Twine makes an amazing TTX platform.


Game changer 👍🏻 Microsoft today announced #Security Copilot, a new #ChatGPT-like assistant powered by AI that takes advantage of Microsoft's threat intelligence footprint to make faster decisions during incident response and to help with threat hunting and security reporting. Copilot answers defenders' security questions via a ChatGPT-like interface and continuously learns to adapt to each environment to advise on the best course of action. https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning
"The most dangerous phrase in #cybersecurity is, 'We've always done it this way.'" – Anonymous
According to #ChatGPT this is a famous #quote used in the #infosec community.
Do we agree on what this Anonymous person said? 🤔
that feeling when you throw a little bit of regex into the mix of a powershell query and it works so instead of 30k results its down to 25k
#iam #infosec #itsthelittlethings

Microsoft Puts ChatGPT to Work on Automating Cybersecurity https://cyberfeed.io/article/682c290adafd74b13eaf9f2c68a24ec8 #cybersec #security #infosec #cybersecurity
#100DaysOfHacking
Finished the SSRF labs on Portswigger, that was intense lol 😂 no joke
#infosec

Hacking Websites Built With ChatGPT
https://www.youtube.com/watch?v=S6_AkuPgLjw
#cybersecurity #infosec #hacking
Writeup by Chris Leech on Xiongmai DVRs devices exploitation (buffer overflow)
https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/




🦀 NIST(National Institute of Standards and Technology) added Rust to list of Safer languages list
https://www.nist.gov/itl/ssd/software-quality-group/safer-languages

If you've ever been curious about immutable OSes like #NixOS or #Fedora Silverblue, you won't want to miss last Saturday's stream, where we examined 3 immutable OSes and their utility for security work.
https://www.youtube.com/watch?v=hDJ0OsxWLb8
#100DaysOfHacking So far I’ve completed 4 SSRF labs on Portswigger & wow I’ve learned a lot! I find this vulnerability to be the most fascinating. I’m taking Rana Khalil’s Web Security course. What I do is do the labs on my own & then go back & see her technique & how she crafts her python exploits
What I’ve learned:
- There’s ways to bypass black list filters for local host such as double encoding the URL for /admin, using http://127.1 or the decimal version to reference local host
#infosec

Happy Hunting, if that's your thing
#OBS #OBSStudio #streaming #twitch #infosec #threatIntel #DFIR #ThreatHunting
The Fake file is hosted by Media Fire
hXXps://www.mediafire[.]com/file/fur2qc7wdm6pi6k/OBSStudioSetup.zip/file
#OBS #OBSStudio #streaming #twitch #infosec #threatIntel #DFIR
A noticeable difference in the file that gets downloaded as well
The ZIP came from the fake site.
#OBS #OBSStudio #streaming #twitch #infosec #threatIntel #DFIR

As compared to the ACTUAL OBS page.

obs-download[.]net looks like this, and apparently has a release from the future

I'm sure these first 2 Sponsored links on Google are totally legit
(That's sarcasm)
obs-download[.]net
obs-download[.]org

![obs-download[.]org registration date is today according to whois](https://cdn.masto.host/frontendsocial/cache/media_attachments/files/110/098/244/621/072/389/small/0ec0709c42cf6afc.png)
![obs-download[.]net registration date is today according to whois](https://cdn.masto.host/frontendsocial/cache/media_attachments/files/110/098/244/691/616/010/small/a1722098833aea76.png)
NEW: No need to hack when 682,000 medical records are leaking, Monday edition:
https://www.databreaches.net/no-need-to-hack-when-682000-medical-records-are-leaking-monday-edition/
When, oh when, will covered entities learn to purge old data or at least secure it properly?
@carlypage @brett @allan @campuscodi
#HIPAA #databreach #dataprotection #HealthSec #infosec #cybersecurity #PHI #IncidentResponse #ResponsibleDisclosure
A friend found a WEIRD!!! computer on their network....
So here's a Hacking / Windows Systems Admin question:
From the network, I can log in to this weird host via SMB with any username and any password (e.g.: NotaRealUser / NotaRealPass) and get ADMIN level rights.
Kinda... if I log in with the local Administrator, I have to put the correct password that is stored in the SAM. But anything else, it accepts it as a full admin.
Does anyone know why a Windows host (Server 2008 in this instance) would do that? Like, what configuration would allow a person to have full read/write admin level access to a box with any username and password?
(To be clear... I don't THINK it's a honeypot? Even if it is, how would you configure / misconfigure a windows host to allow this kind of behavior?)
Okay, now I'm curious... What is the worst resume you have ever come across?
I published it! A detailed walkthrough of the updated OWASP Top 10 room where I explain how to solve each challenge as well as explain each vulnerability and how to prevent them in your next web application. Hope you enjoy this lengthy read 🙃
#cybersecurity #infosec
Okay, so honest question for people that are a part of the tech hiring process. How many pages is the norm for an experienced InfoSec resume? I have a lot of knowledge and experience that I have to trim out to keep it 2 pages and it pains me to do so.
I've worked as Tech Support, IT Repair, Customer Support, Web Dev (fullstack), DB Admin, Sys Ops, Sec Ops, Net Admin, App Sec, IT Architecture, IT Auditing, GRC, and Enterprise Sec in several different industries to name a few.
I'm sure I am getting auto filtered out of some of these job applications because of lack of keyword hits. Is a 3 page resume really too much, or have I been feed some bad resume advice over the years? :boost_ok:
op SIDN.nl:
"Inventarisatie van DMARC mailbeveiliging bij Mastodon-servers teleurstellend" -- Gebruikers zouden de beveiliging mee moeten nemen bij hun keuze voor een Mastodon-server
https://www.sidn.nl/nieuws-en-blogs/inventarisatie-van-dmarc-mailbeveiliging-bij-mastodon-servers-teleurstellend
"Een 'phishing mail'-campagne naar de gebruikers van masto.ai was voor netwerkbeveiligingsspecialist Sean Whalen aanleiding om de domeinnamen van de top-1000 Mastodon-servers te controleren op het gebruik van de DMARC-beveiliging voor e-mail."

Number of certificates compromised because the client sent me their private key along with it: +1
One of the most absurd surveillance schemes I've seen for a while. Germany is using an AI to scan thousands of web pages, social posts, and messaging apps to detect porn.
They're then reporting people to the police for not having age verification measures in place. (Even where it is literally impossible to do so). More than 100 people in recent months have been reported to the police in Berlin.
I spoke with some of those facing criminal prosecutions, fines, and potential jail sentences for posting porn to Twitter.
https://www.wired.com/story/germany-twitter-porn-police/
#surveillance #infosec #twitter #news #ai #tech #germany
cc @Techmeme