#followfriday! Here's some #infosec / #cybersecurity accounts I've discovered from the past week to check out!

- @an00brektn
- @dieg0

Plus! Here's some folks from across the Fediverse who's instance names are awesome.

- @pointlessone
- @prettygood
- @markiplier
- @split
- @kopper
- @nev
- @z
- @president
- @EmilyK

All previous follow friday posts: https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack#for-infosec-folks

Giant list of cool instance names (and those from said instances) here: https://shellsharks.com/notes/2024/03/29/the-whimsical-corners-of-the-fediverse

Mastodon starter pack

Cybersecurity Research and More

^shellsharks

📡 HackRF Portapack H2 Audio RX App: Listening / Browsing / Shortwave / Radio

#HackRF #FOSS #tutorial #hardware #SDR #Portapack #MayhemFirmware #firmware #shortwave #radio #gadgets #tech #infosec #cyber #RX

https://tube.tchncs.de/w/4RNT554SNRULBimPFxSPfK

📡 Shortwave Listening: HackRF Portapack H2 Audio RX App

Discover New Radio Stations Using Portapack H2 Mayhem RX Audio App. Sharing Tips For Getting Started Browsing For Shortwave Stations Using Audio RX Receive Application; We Start By Practicing With ...

^tchncs

Ticketmaster hacked. Breach affects more than ***half a billion*** users.

Emails, phone numbers, addresses, and even financial details have allegedly been exposed by a notorious hacker group. And they are offering the data for half a million bucks.

https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack

@404mediaco exposed Ticketmaster yesterday for its monopoly power in the concert industry, so its 500 million customers are now being revictimized by the hackers.

https://www.404media.co/the-monopoly-case-against-ticketmaster-explained/

#infosec

The Monopoly Case Against Ticketmaster, Explained

The antitrust suit against Live Nation is not about ticket scalping or ticket sales. It's about total domination over the entire concert industry.

^{Jason Koebler (404 Media)}

Any recommendations for moving away from #gmail? Preferably somewhere that isn’t gonna implement #AI for #email? Can’t use my ISP’s email cos we want to change away as soon as OpenReach do their thing

#infosec #infosecquestion

STORY: Police have a new cybercrime fighting tactic: getting into the heads of Russian hackers.

Recent law enforcement takedowns of cybercrime groups have increasingly used psychological tactics as part of their disruption.

https://www.wired.com/story/cop-cybercriminal-hacker-psyops/

#cybersecurity #cybercrime #hacking #infosec

"I'm going to #DEFCON32 this year. Maybe I should enter one of the contests, that should test my expensive #cybersecurity skills and winning will advance my #infosec career!"

The Contests At @defcon:

#nahamsec is still going strong!

Watch on the #DCG201 LIVE STREAM or on these direct links:

#Twitch: https://twitch.tv/namhamsec
#YouTube: https://www.youtube.com/live/76mNNVVBht0

#hacking #infosec #cybersecurity @defcon

NEW: second judge in #Poland reportedly confirmed as #Pegasus spyware victim.

Appeals court judge told reporter her responsibilities included classified cases where wiretapping was used.

Poland's spyware reckoning continues.

[PL, machine trans.]
Story: https://oko.press/wiemy-o-drugim-polskim-sedzi-inwigilowanym-pegasusem-to-sedzia-apelacyjna-z-krakowa-news-oko-press

#spyware #infosec #cybersecurity #polska #malware #security #intelligence #surveillance

FINALLY: a 🇺🇸US official speaks the truth security researchers keep warning about...

Americans' movements being tracked with well-known weaknesses that US telcos aren't fixing.

It's remarkable how bad the problem with #SS7 & #Diameter is.

Must-read story by @josephcox
https://www.404media.co/cyber-official-speaks-out-reveals-mobile-network-attacks-in-u-s/

#infosec #cybersecurity #hacking #intelligence #surveillance #espionage

I would have loved this in college.

#infosec #security #LaundryLaughs #laundry #lol

@zackwhittaker https://mastodon.social/@zackwhittaker/112457447298124340

Zack Whittaker

2024-05-17 16:47:46

New, by me: Two university students have uncovered a security bug that lets millions do their laundry for free.

CSC ServiceWorks provides internet-connected laundry machines to thousands of residential homes and universities around the U.S., Canada and Europe.

The students found that any security checks are done by the app on the user’s device and automatically trusted by CSC’s servers,

But CSC still hasn't fixed the isue — or acknowledged their findings.

More: https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines

TechCrunch is part of the Yahoo family of brands

^{techcrunch.com}

Purchased This Random X13 "Bug Detector" Demo "Signal Detection" Mode On Channel

Watch To See Demo Using HackRF Portapack H2 + Baofeng + Fan Remote

#Infosec #privacy #cybersecurity #hackrf #portapack #surveillance #HumanRights #X13 #baofeng #sdr #radio

https://tube.tchncs.de/w/uts6e3bEhGFLn6XBHzWaQf

X13 RF Signal Detection Demo: #HackRF #Portapack / #Baofeng /

Testing RF Signal Detection On X13 affordable bug detector device, sold on the internet. We use a baofeng, wireless remote, and HackRF + Portapack to test the sensitivity on the X13. This one claim...

^tchncs

"Palo Alto Networks is buying IBM’s QRadar cloud software assets and moving customers over to its own platform."

So the strategy Cortex XSIAM was successful at the end?

🔗 https://www.cnbc.com/2024/05/15/palo-alto-networks-will-buy-ibm-qradar-cloud-security-software-assets.html

#siem #qradar #infosec

Palo Alto Networks is buying security assets from IBM to expand customer base

Palo Alto Networks is buying IBM's QRadar as part of a bigger partnership between the two companies.

^{Jordan Novet (CNBC)}

This is intended for store shelves to inform customers before they buy. And hopefully, it will spur negligent manufacturers to do better. #cybersecurity #infosec

White House: Cyber trust label could be in place by end of the year https://therecord.media/cyber-trust-label-coming-this-year @therecord_media

Cyber trust label could be in place by end of the year, White House says

The Biden administration hopes to have consumer devices that have been approved by a voluntary cybersecurity labeling program on store shelves soon.

^{therecord.media}

New Tor Browser Download With Firefox Security Updates

#Tor #privacy #anonymous #infosec #cybersecurity #Firefox

https://blog.torproject.org/new-release-tor-browser-13015/

New Release: Tor Browser 13.0.15 | Tor Project

Tor Browser 13.0.15 is now available from the Tor Browser download page and also from our distribution directory.

^{blog.torproject.org}

#Apple and #Google agree on standard to alert people when unknown #Bluetooth devices may be tracking them

This is a move in the right direction, hopefully it will expand to “unknown device connected” via Bluetooth.

#InfoSec #OpSec #Tech

https://techcrunch.com/2024/05/13/apple-and-google-agree-on-standard-to-alert-people-when-unknown-bluetooth-devices-may-be-tracking-them/

If you're using GNU/Linux. Please use opensnitch, it's criminally underrated. It notifies you of network requests made in real time, and you can choose to allow them or not (it comes with a lot of filtering options as well): https://github.com/evilsocket/opensnitch

#privacy #infosec #linux #foss #security

GitHub - evilsocket/opensnitch: OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch. - evilsocket/opensnitch

^GitHub

Do you want to learn how to setup an air-gapped #Nextcloud for maximum privacy and data protection?

Join me on May 22nd at 9 am EDT / 3 pm CEST on a free webinar to learn about air-gapped Nextcloud:

🔍 Critical factors to consider
🛡️ Four customizable air-gapped setups
🔧 Setting up air-gapped Nextcloud instances
💼 Best practices for Nextcloud maintenance

Register for free:
https://bit.ly/3QB2dlv

#OpenSource #GovTech #Security #CyberSecurity #infosec #privacy #sysadmin #datasecurity

[Webinar] Beyond Secure: Air-gapped Nextcloud for highly confidential data

Join us to learn how you can set up air-gapped Nextcloud for highly confidential data ideal for military, government, and large enterprises.

^Nextcloud

I'm hosting a webinar about air-gapped #Nextcloud for organizations with highly confidential data storage and sharing needs.

If that interests you, join me on May 22nd at 9 am EDT / 3 pm CEST to learn about:

🔍 Critical factors to consider
🛡️ Four customizable air-gapped setups
🔧 Setting up air-gapped Nextcloud instances
💼 Best practices for Nextcloud maintenance

Register for free:
https://bit.ly/3QB2dlv

Boosts appreciated 🙏

#OpenSource #infosec #Data #DataProtection #DataSecurity #FOSS

I'm looking to borrow (it's $200 and I'm not buying it) a copy of an extremely niche book from a law school library for a week or so. It's called "Cybersecurity and the Courthouse: Safeguarding the Judicial Process".

It should be very useful for all of my recent #cybersecurity work in that area (see https://github.com/qwell/disclosures/).

If you, dear reader, have access to such things, I'd like to have a chat to see what we can figure out.

Boosts highly appreciated.

#infosec #law #library

GitHub - qwell/disclosures: List of vulnerability disclosures

List of vulnerability disclosures. Contribute to qwell/disclosures development by creating an account on GitHub.

^GitHub

Years later, #Marriott admits data were not encrypted before its 2018 #databreach. Now what?

Did they get insurance reimbursement because their claim said the data had been encrypted? Will #SEC find they made a material misrepresentation to consumers and investors?

Will people who didn't try to sue them claim they had relied on Marriott's statement and they now want to sue them?

Lots of questions, including when did they first find out that the data had not been encrypted and why didn't they find out and disclose it sooner?

Great reporting by Evan Schuman:
https://www.csoonline.com/article/2096365/marriott-admits-it-falsely-claimed-for-five-years-it-was-using-encryption-during-2018-breach.html

#infosec #cybersecurity

Marriott admits it falsely claimed for five years it was using encryption during 2018 breach

Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.

^{Evan Schuman (CSO Online)}

From a friend's discord

#infosec #starWars

yeah this is pissing me off as I’m one of the larger cybersecurity creators on TikTok at 368,000 followers. It’s still how everyone finds my mastodon, twitch, and soon YouTube. It’s still also 80% of my revenue for my content creation LLC between shop and content payouts.

I’ve been on the platform since the pandemic started and any concerns we have about TikTok were already said about Meta and others

#tiktok #tiktokban #cybersecurity #infosec

BREAKING: #Israeli private investigator arrested for cyberespionage on behalf of American PR firm.

Caught by UK under #RedNotice from 🇺🇸US while boarding a flight.

BIG TWIST in a wild case that began w/our @citizenlab investigation into indian hack-for-hire group #belltrox

Sound familiar?

Because Amit Forlit is the *second* PI from #Israel arrested in similar way for this case.

First = convicted.

https://www.reuters.com/world/israeli-private-eye-arrested-uk-over-alleged-hacking-us-pr-firm-2024-05-02/

#hacking #cybersecurity #infosec #malware #espionage #intelligence