Search
Items tagged with: InfoSec
#infosec people, THIS is big and you need it in front of management RIGHT NOW.
MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure.
This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.
Inside #DOGE’s push to defy a #CourtOrder & access #SocialSecurity data
Reps of #ElonMusk’s US #DOGE Service have sought for weeks to get around a court order barring their access to sensitive #data & internal systems at the #SSA, prompting career staff to repeatedly resist their efforts, acc/to a half dozen people familiar w/the DOGE team’s actions & records obtained by The Washington Post.
#law #Trump #Musk #privacy #InfoSec #NationalSecurity #judiciary
washingtonpost.com/politics/20…
tHe eNd oF A LeGaCy?!?
Cyber-attacks are not only an existential threat to businesses, they can also hit underground message boards: the infamous website 4chan, known not only for being an endless source of memes, but also for doxxing and coordinating cyber-attacks, spreading hate and conspiracy theories, has itself been hit by hackers.
The site has been offline since early this morning and internal data, including emails from moderators and the admin and parts of the source code, have been leaked. Many users who used to post anonymously on the message board are now worried about the consequences of their online behaviour.
The details of the hack are still unknown, but an outdated PHP tech stack seems to be the reason why access to databases, source code etc. is now possible. Reading about outdated PHP and leaked source code, and possibly database takeover, we immediately think of an unpatched RCE vulnerability, but we will probably find out soon.
#Whistleblower details how #DOGE may have taken sensitive #NLRB data
In the first days of March, a team of advisers from #Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, DC, headquarters of the National Labor Relations Board.
The small, independent federal agency investigates & adjudicates complaints about unfair #labor practices.
#law #InfoSec #privacy #NationalSecurity #Musk
npr.org/2025/04/15/nx-s1-53558…
Risk. Risk is something the business can understand. If you can quantify risk, you get the business to listen. The business deals in numbers, $in vs $out. Quantify the risk of not having a given control. The talk needs to be about $$$, and how infosec controls prevent $out.
Unlocking secret ThinkPad functionality for emulating USB devices:
xairy.io/articles/thinkpad-xdc…
#reverseengineering #informationsecurity #hardware #hacking #infosec #cybersecurity
🤫 Unlocking secret ThinkPad functionality for emulating USB devices
Enabling and using xDCI controller on ThinkPad X1 Carbon 6th GenAndrey Konovalov
BusKill Tutorial: Self Destructing Laptop Storage
#buskill #encryption #crypto #storage #forensics #antiforensics #HDD #infosec #cybersecurity #datarecovery #luks #encrypted #harddrive #privacy #security #educational
Watch On #Peertube:
Freeradical.zone is a Mastodon server featuring infosec and privacy and technology and leftward politics and cats and dogs and…
You can find out more at freeradical.zone/about or contact the admin @tek
#FeaturedServer #Infosec #Privacy #Technology #Mastodon #Fediverse #FreeFediverse
Free Radical
Infosec and privacy and technology and leftward politics and cats and dogs and...Mastodon hosted on freeradical.zone
Oh here’s a good pentesting “self qa” tip:
Write the report, then, before the end of the test window, go back through each finding. Your job is to make sure that using ONLY the information in your report, it’s possible to reproduce that finding.
You aren’t allow to cheat yourself and use any other knowledge or your own techniques again to fill in the blanks - you can ONLY use what is in the report in front of you.
Can you reproduce the finding, without cheating? Yes? Excellent, ‘tis good to go. No? Add more detail.
The shitty AI-generated slop used as header/cover images for think pieces linked in #Infosec hashtag are such a great filter! 
Kinda like hexagonal profile pics of NFT bros back in the day (remember those?). 
The @EUCommission uses Microsoft applications for the everyday work of most its officials. This is puzzling:
* in conflict with the Union's strategic autonomy objective.
* a wasted opportunity to use procurement strategically, bringing business to European IT companies (even better if open-source based).
* disturbing securiy implications as US authorities have eyes and killswitches on all our executive's IT systems.
1/n
OpenSSH 10.0 released with hybrid post-quantum algorithm mlkem768x25519-sha256 as default key agreement, new cipher preference list, new options, bug fixes
#openssh #openbsd #infosec #secureshell #postquantumcryptography
TOMORROW (4/8) at 6:30 PM EST, legendary @defcon speaker @RenderMan will be talking about his #intetnrtofdongs project finding #vuln #0days & #infosec research into smart sex toys for #DESCI NYC!
RSVP Here: lu.ma/descinyc32
#fediverse #mastodon #Hacker #sextoys #dildos #sextech
DeSciNYC: The Internet Of Dongs Project
Is North Korea in bed with you? Internet connected dongs can be hacked, potentially exposing private habits, biometric details, and intimate data to sophisticated cyber threats.lu.ma
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(5/n)
... conventional weapons.
As in the 1930's, a #fascist movement has been siwing division where there should be unity.
We must never forget, as in any war, the war that's being fought against #Authoritarianism is a #hybrid one.
The #FourthEstate...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(4/n)
.. taking a wrecking ball towards the #West.
If the rest of the 🌍 globe, in particular #CEUM, work much stronger together, there is a good chance that the #TrumpeanTariffs'-induced #GlobalDepression2.0 might yet be averted.
However, this is not only a war of trade and...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(3/n)
... They will seek to eliminate conflict in their international economic policies and will encourage economic collaboration between any or all of them.👈"
The #TrumpTariffs that will result in #TrumpeanTradeWars, if this collision course is maintained, are the complete opposite of what the founding fathers had in mind.
#tRump is...
@LoranJohn
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(2/n)
... way before the much cited Art. 5.:
"Article 2
The Parties will contribute toward the further development of peaceful and friendly international relations by strengthening their free institutions, by bringing about a better understanding of the principles upon which these institutions are founded, 👉and by promoting conditions of stability and well-being...
#CdnPol #CANpol #USpol
#CETA #InfoSec #Democracy #NationalSecurity
#CEUM
(1/2)
And #SigmarGabriel is right!
#Canada and #Mexico, while having a lot of indigenous roots, AS well as Asian and African, the majority of people have ancestral roots on the European continent and speak one of its languages.
But things should not be hastened, the #EuropeanUnion did not start as such.
mastodon.social/@HistoPol/1142…
IMO, starting with a fast-track implementation of a free-trade area...
HistoPol (#HP) 🏴 🇺🇸 🏴 (@HistoPol@mastodon.social)
@Snowshadow #CEUM #CdnPol #CANpol #USpol #CETA #InfoSec #Democracy #NationalSecurity #Mercantilism (2/n) ...Mastodon
“Unless you are using #GPG, email is not end-to-end encrypted, & the contents of a message can be intercepted & read at many points, including on Google’s email servers,” said Eva Galperin, director of #cybersecurity at the Electronic Frontier Foundation.
#NationalSecurity experts have expressed alarm over the #Trump admin’s denial that the leaked #Signal chat contained #classified information.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #idiocracy #kakistocracy
Data #security experts have expressed alarm that US #NationalSecurity professionals are not…[just]…using the govt’s suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.
Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.
#Gmail #Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
The use of personal email, even for unclassified materials, is risky given the premium value foreign #intelligence services place on the communications & schedules of senior govt ofcls, such as the #NationalSecurity adviser, experts say.
…Waltz has also created & hosted other #Signal chats w/Cabinet members on sensitive topics, including on #Somalia & #Russia’s war in #Ukraine, said a senior #Trump admin official.
#Gmail #Signalgate #OpSec #InfoSec #military #idiocracy #kakistocracy
#MikeWaltz has had less sensitive, but potentially exploitable information sent to his #Gmail, such as his schedule & other work documents, said ofcls, who, like others, spoke on the condition of anonymity to describe what they viewed as problematic handling of information. The ofcls said Waltz would sometimes copy & paste from his schedule into #Signal to coordinate meetings & discussions.
#Signalgate #NationalSecurity #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
A snr #MikeWaltz aide used the commercial email service for highly technical conversations w/colleagues at other govt agencies involving sensitive #military positions & powerful #weapons systems relating to an ongoing conflict, acc/to emails reviewed by WaPo. While the #NSC official used his #Gmail account, his interagency colleagues used govt-issued accounts, headers from the email correspondence show.
#Gmail #Signalgate #Signal #NationalSecurity #OpSec #InfoSec #Trump #idiocracy #kakistocracy
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
#Signalgate #Signal #OpSec #InfoSec #military #Trump #idiocracy #kakistocracy
Maybe I’m just paranoid, but what could possibly go wrong with this idea? Grimace.
“Based on the analysis of this data, Microsoft can remotely apply fixes such as removing problematic drivers or updates and changing configuration settings.”
An ok overview of security considerations & mitigating controls to protect privacy and reduce risk of harm when crossing the US border.
The author misses some utterly crucial details however.
1) When your encrypted device is on, it is in an *unlocked* state. Only by powering off such a device is it in an encrypted state. Further, MicroSD cards are often unencrypted. Check before you fly, and power off before the border.
2) (next post)
theguardian.com/technology/202…
How to protect your phone and data privacy at the US border
With reports of people being turned away at airports over messages found on devices, here’s what to do to minimize risksJohana Bhuiyan (The Guardian)
#EdwardCoristine is among the most visible members of the #DOGE effort that has been given sweeping access to official networks as it attempts to radically downsize the U.S. government.
Past reporting had focused on his youth - he is 19 - and his chosen nickname of "#BigBalls," which became a pop culture punchline. #Musk has championed the teen on his social media site X, telling his followers last month that "Big Balls is awesome."
Exclusive: #DOGE staffer, '#BigBalls', provided tech support to #cybercrime ring, records show
The best-known member of Elon #Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data & #cyberstalking an #FBI agent, according to digital records reviewed by Reuters.
#USpol #InfoSec #NationalSecurity #Trump
reuters.com/world/us/doge-staf…
