Search
Items tagged with: cybersecurity
#followfriday is back (after I missed it last week). Once again, here's some cool #infosec / #cybersecurity accounts I've discovered and followed recently...
- @Omkhar
- @zh4ck
- @pietrushnic
- @freddy
- @zerotypic
- @jeFF0Falltrades
- @13reak
- @WPalant
Plus a few cool accounts I've discovered from fun instances around the #fediverse...
- @Shrigglepuss
- @tonicfunk
- @stephan
I've also updated my site's #blogroll with Fediverse handles for each site entry's author - https://shellsharks.com/blogroll
#LLM Agents can Autonomously #Exploit One-day Vulnerabilities
Source: https://arxiv.org/abs/2404.08144
To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).
#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity
LLM Agents can Autonomously Exploit One-day Vulnerabilities
LLMs have becoming increasingly powerful, both in their benign and malicious uses. With the increase in capabilities, researchers have been increasingly interested in their ability to exploit cybersecurity vulnerabilities.arXiv.org
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/cisco-duo-security-reports-third-party-data-breach-exposing-sms-mfa-logs-g-6-x-f-x/gD2P6Ple2L
Cisco Duo security reports third-party data breach exposing SMS MFA logs
Cisco has reported a security breach at a third-party service provider for its Duo multifactor authentication service, resulting from compromised employee credentials due to a phishing attack.BeyondMachines
Security folks, I need some help. My wife is looking for a job after taking a few years off to take care of the kids and she's having a hard time finding legit security opportunities. And the legit ones she does find don't like the gap in her resume.
If you have or know of any legit remote openings for someone with experience in identity and access management, can you please share?
She has her CISSP and while most of her experience is in IAM she's willing to branch out and learn a new specialty. She also happens to be both the faster learner and the smarter one of the two of us!
Boosts greatly appreciated!
#InformationSecurity #Cybersecurity #IAM #FediHired #GetFediHired #FediJobs #Jobs
π‘ HACKRF PORTAPACK H2: What's New Latest Mayhem Firmware v2.0.1
#radio #sdr #Signals #firmware #mayhem #portapack #HackRF #infosec #cybersecurity #privacy #hardware
https://tube.tchncs.de/w/xvj2ZwbFepkHVginNs4H7n
What's New #HackRF Mayhem #Portapack Firmware v2.0.1 / Upgrading
how to upgrade portapack mayhem firmware and showing first look at NEW APPS: Foxhunt / Wardriver Geotag log BLOG / SUPPORT: https://bmc.link/politictech http://righttoprovacy.i2p #hackrf #portapack...tchncs
Let's use @protonprivacy and @Tutanota products.
When will the two largest providers of secure encrypted email make it the default for messages sent between them to be securely encrypted? If even they can't manage it what hope is there for the rest of the email world?
I read some article about them being concerned about AI cyberattacks, and actually recommended 'fighting fire with fire'.
??
Um.. you can't just rely solely on AI systems when the main reason why cyberattacks keep on succeeding is mostly due to social engineering. People are being tricked into enabling attackers access their systems and data.
AI-based attacks are currently mainly driven by deception via fake messages, deepfakes, etc.
Apple has notified iPhone users in 92 countries about a mercenary spyware attack attempting to compromise their devices.
Apple says the attack is likely targeting the victims because of who they are or what they do.
Apple suggests having the latest software updates, enabling lockdown mode and seeking help from specialized experts.
Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.
https://www.wired.com/story/house-section-702-vote/
#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle
House Votes to Extendβand Expandβa Major US Spy Program
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americansβ information.Dell Cameron (WIRED)
Time for a #jobSearch post!
I'm looking for a #typeScript / #python / #RustLang 100% #remote #softwareDev position, both contract and permanent, GMT+2 timezone.
I previously worked as a Senior / Lead / Principal #fullStack developer with #cyberSecurity , #softwareArchitecture and #devOps experience.
I specialize in #react , #nodejs , #django , #fastAPI , #pandas , #postgresql , #docker , #kubernetes , #AWS and #digitalOcean .
The White House is apparently considering a full ban of Kaspersky software throughout the United States, citing national security concerns.
Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach:
Does Nevada state law provide them with a "Get Out of Jail Free" pass? It sounds like it may.
@douglevin @funnymonkey @brett @mkeierleber
#databreach #EduSec #cybersecurity #edtech #accountability #infosec
Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach
A Clark County judge said sheβs leaning toward granting the Clark County School Districtβs motion to dismiss a class action lawsuit related to a 2023 cyberattack.Rocio Hernandez (The Nevada Independent)
###
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Γzfidan and Egemen KoΓ§hisarlΔ± with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoftβs #Azure #cloud service that was storing internal information relating to Microsoftβs #Bing search engine.
#Twitterβs Clumsy Pivot to X.com Is a Gift to Phishers
source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, βAre you serious, X Corp?β
#internet #fail #security #phishing #cybersecurity #twitter #news
Twitterβs Clumsy Pivot to X.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craftβ¦krebsonsecurity.com
Leader Of Israel's Unit 8200 (equivalent to NSA) OPSEC Mistake Exposed Long Held Identity
#News #Privacy #OPSEC #Unit8200 #Israel #SIGINT #NSA #OSINT #intelligence #infosec #Cybersecurity
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google accountHarry Davies (The Guardian)
When #security matters: working with #Qubes OS at the #Guardian
Configuring a Qubes workstation was a new challenge for the team as we abandoned years of experience writing Infrastructure as Code for the cloud and started learning how to write #Salt #configuration. Salt (also know as SaltStack) is a management engine available by default in Qubes.
#cybersecurity #news #journalism #linux #technology #software #securedrop
When security matters: working with Qubes OS at the Guardian
The latest version of the whistleblowing platform SecureDrop runs on the Qubes operating system. At the Guardian we used the Salt management engine to set up a Qubes environment where journalists could safely interrogate sensitive documents.Philip McMahon (The Guardian)
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/panera-bread-hit-by-ransomware-attack-systems-down-for-a-week-k-b-u-u-j/gD2P6Ple2L
Panera Bread hit by ransomware attack, systems down for a week
Panera Bread experienced a week-long IT outage due to a ransomware attack that encrypted numerous virtual machines, disrupting operations including internal IT systems, phone lines, POS systems, website, and mobile apps.BeyondMachines
Exclusive: #YossiSariel unmasked as head of #Unit8200 and architect of #AI #strategy after book written under pen name reveals his #Google account
The embarrassing #security lapse is linked to a book he published on #Amazon, which left a digital trail to a private Google account created in his name, along with his unique ID and links to the #accountβs maps and calendar profiles.
#Israel #internet #Anonymity #privacy #spy #military #CyberSecurity #news #online #leak #identity
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google accountHarry Davies (The Guardian)
π° XZ Utils Backdoor Attribution Analysis
#News #Linux #XZutils #backdoor #ssh #infosec #cybersecurity #privacy #video #peertube #APT
https://tube.tchncs.de/w/ca2iuxmdqfBE98PwZYY6wh
π° Linux XZ Utils Backdoor Attribution Analysis
π¨ ALERT: * Linux Backdoored XZ Utils (xz-utils)* How This Was Pulled Off, And Who May Have Done It? This Was A Backdoor In Layers - Many Changes Of Lesser Alarm, Together, Critical Remote Access, ...tchncs
ever hear of https://www.zangi.com?
ever hear of https://Simplex.Chat?
#encryption #communication #messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
π§¬Types of DNS Records
πΉA
πΉAAAA
πΉCNAME
πΉMX
πΉPTR
πΉNS
πΉSOA
πΉTXT
π#infosec #cybersecurity #hacking #pentesting #security
What #encryption do you use for your everyday #communication?
I'm not talking about your nerd friends, who can be counted on one hand and who know a thing or two about the subject. I'm talking about your normal friends, business partners and colleagues with whom you communicate both professionally and privately.
I was recently called by my support via Microsoft Teams because I had to enter some passwords. The support team proudly said that they were contacting me via Teams because it was more secure than the normal phone. He was then very surprised when I told him that Teams is unencrypted and can be intercepted much more easily.
#messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
#infosec #cybersecurity #email
![Screenshot from email bounce:
Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [elided]
Arrival-Date: Fri, 29 Mar 2024 00:36:36 -0700 (PDT)
X-Original-Message-ID: <bitwarden.com-1711697794@kamens.us>
Final-Recipient: rfc822; dmarc-reports@bitwarden.com
Action: failed
Status: 5.1.3
Diagnostic-Code: smtp; The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. For more information, go to https://support.google.com/mail/?p=NoSuchUser
Last-Attempt-Date: Fri, 29 Mar 2024 00:36:37 -0700 (PDT)](https://friendica.hellquist.eu/photo/preview/640/2435709 "Screenshot from email bounce:
Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [elided]
Arrival-Date: Fri, 29 Mar 2024 00:36:36 -0700 (PDT)
X-Original-Message-ID: <bitwarden.com-1711697794@kamens.us>
Final-Recipient: rfc822; dmarc-reports@bitwarden.com
Action: failed
Status: 5.1.3
Diagnostic-Code: smtp; The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. For more information, go to https://support.google.com/mail/?p=NoSuchUser
Last-Attempt-Date: Fri, 29 Mar 2024 00:36:37 -0700 (PDT)")
The Mystery of βJia Tan,β the XZ Backdoor Mastermind
https://www.wired.com/story/jia-tan-xz-backdoor/
The Mystery of βJia Tan,β the XZ Backdoor Mastermind
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.Andy Greenberg (WIRED)
Several popular messaging apps, including Messenger, Signal, Telegram and WhatsApp, use end-to-end encryption.
Hereβs how it protects you:
https://theconversation.com/are-private-conversations-truly-private-a-cybersecurity-expert-explains-how-end-to-end-encryption-protects-you-224477
#Cybersecurity
Are private conversations truly private? A cybersecurity expert explains how end-to-end encryption protects you
End-to-end encryption provides strong protection for keeping your communications private, but not every messaging app uses it, and even some of the ones that do donβt have it turned on by default.The Conversation
Great news! Amazon has got back to me about the Β£700 iPhone they failed to deliver (and wouldn't refund or replace) Bad news: what they told me...
Based on this experience, why would anyone buy anything expensive from Amazon ever again? Please share, like and comment if you agree.
Watch my #video.
#amazon #delivery #scam #jeffbezos #cybersecurity
A cybersecurity researcher finds that 20% of software packages recommended by GPT-4 are fake, so he builds one that 15,000 code bases already depend on, to prevent some hacker from writing a malware version.
Disaster averted in this case, but there aren't enough fingers to plug all the AI-generated holes π¬
#AIethics #Cybersecurity #GPT #OpenAI #LLM #GenAI #GenerativeAI #Python #NodeJS #Ruby #Golang
AI Hallucinated a Dependency. So a Cybersecurity Researcher Built It as Proof-of-Concept Malware - Slashdot
"Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI," the Register reported Thursday "Not only that but someone, having spotted this reoccurring hallucination, had turnedβ¦it.slashdot.org
βοΈ35 Top Cybersecurity Tools for 2024
1. Nmap
2. Metasploit
3. Wireshark
4. Invicti
5. John the Ripper
6. Nikto
7. Burp Suite
8. Tor
9. Tcpdump
10. Aircrack-ng
11. Splunk
12. Acunetix
13. Snort
14. Mimecast
15. Malwarebytes
16. OpenVAS
17. SecPod SanerNow
18. UnderDefense
19. Intruder
20. ManageEngine Vulnerability Manager Plus
21. ManageEngine Log360
22. SolarWinds Security Event Manager
23. Norton Security
24.McAfee
25. AVG
26. System Mechanic Ultimate Defense
27. Vipre
28. LifeLock
29. Bitdefender Total Security
30. NordLayer
31. Perimeter 81
32. CIS
33. Webroot
34. GnuPG
35. Sparta Antivirus
π#infosec #cybersecurity #hacking #pentesting #security
π€beacons.ai/cyberkid1987
π€t.me/VasileiadisAnastasis
π₯t.me/infosec101
Update Chrome now! Google patches possible drive-by vulnerability | Malwarebytes
Google has released an update for Chrome to fix seven security vulnerabilities.Pieter Arntz (Malwarebytes)
#infosec #Scam #cybersecurity
PancakesCon 5 (@pancakescon) is happening :D With talks including:
- MITRE ATT&CK mapping and the worldβs best muffins
- Stopping botnets with astrophysics
- Thrive or survive: What a life in the mosh pit taught me about cyber security
... and many more.
Here's the schedule: https://pancakescon.com/2024-conference-information/
#PancakesCon #security #CyberSecurity
2024 Conference Information
PancakesCon 5 will occur on March 24, 2024. To participate, join our Slack, linked at the top of this page. Streams are provided over YouTube, live on the day of the conference, and will be linked β¦PancakesCon 5 - Full Stack Hack
