Search
Items tagged with: infosec
#followfriday is back (after I missed it last week). Once again, here's some cool #infosec / #cybersecurity accounts I've discovered and followed recently...
- @Omkhar
- @zh4ck
- @pietrushnic
- @freddy
- @zerotypic
- @jeFF0Falltrades
- @13reak
- @WPalant
Plus a few cool accounts I've discovered from fun instances around the #fediverse...
- @Shrigglepuss
- @tonicfunk
- @stephan
I've also updated my site's #blogroll with Fediverse handles for each site entry's author - https://shellsharks.com/blogroll
Login • Instagram
Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.www.instagram.com
Just finished setting up my router, DHCP server is not the best but it works!
#meme #shitpost #tech #networking #infosec
Friend: What do you play games on?
Me: I play games on a switch!
#meme #shitpost #networking #tech #infosec
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/cisco-duo-security-reports-third-party-data-breach-exposing-sms-mfa-logs-g-6-x-f-x/gD2P6Ple2L
Cisco Duo security reports third-party data breach exposing SMS MFA logs
Cisco has reported a security breach at a third-party service provider for its Duo multifactor authentication service, resulting from compromised employee credentials due to a phishing attack.BeyondMachines
ALL CLEAR for Fedora Rawhide and Fedora 40 Beta builds regarding the xz exploit. 👍
Things had stabilized soon after the initial security advisory, but we're now confirming that you can use Rawhide and Fedora 40 Beta safely as long as you have the latest updates or reinstall (which is not a bad idea to be safe).
Fedora 38 and 39 were never affected.
Learn more: https://fedoramagazine.org/cve-2024-3094-all-clear/
#Fedora #Security #Privacy #InfoSec #Linux #OpenSource
CVE-2024-3094: All Clear - Fedora Magazine
The XZ backdoor was foiled by Andres Freund.Matthew Miller (Fedora Project)
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
📡 HACKRF PORTAPACK H2: What's New Latest Mayhem Firmware v2.0.1
#radio #sdr #Signals #firmware #mayhem #portapack #HackRF #infosec #cybersecurity #privacy #hardware
https://tube.tchncs.de/w/xvj2ZwbFepkHVginNs4H7n
What's New #HackRF Mayhem #Portapack Firmware v2.0.1 / Upgrading
how to upgrade portapack mayhem firmware and showing first look at NEW APPS: Foxhunt / Wardriver Geotag log BLOG / SUPPORT: https://bmc.link/politictech http://righttoprovacy.i2p #hackrf #portapack...tchncs
I read some article about them being concerned about AI cyberattacks, and actually recommended 'fighting fire with fire'.
??
Um.. you can't just rely solely on AI systems when the main reason why cyberattacks keep on succeeding is mostly due to social engineering. People are being tricked into enabling attackers access their systems and data.
AI-based attacks are currently mainly driven by deception via fake messages, deepfakes, etc.
Well, at least the uni didn't try to minimize it:
"On or around November 28, 2023, Butler University’s third-party vendor, Athletic Trainer System ("ATS"), notified Butler University that an unknown actor gained access to ATS's computer systems in August 2020."
As part of steps taken in response, Butler writes: "Butler University is also reviewing the business necessity of sharing any sensitive data with third party vendors."
(SSN had been involved)
Butler University's notification letter sent to 1,871 people can be found linked from https://apps.web.maine.gov/online/aeviewer/ME/40/aebbc4f8-fbd7-4a2d-991b-f1ec97032e39.shtml
#EduSec #Vendor #infosec #hack #databreach
Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.
https://www.wired.com/story/house-section-702-vote/
#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle
House Votes to Extend—and Expand—a Major US Spy Program
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.Dell Cameron (WIRED)
Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach:
Does Nevada state law provide them with a "Get Out of Jail Free" pass? It sounds like it may.
@douglevin @funnymonkey @brett @mkeierleber
#databreach #EduSec #cybersecurity #edtech #accountability #infosec
Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach
A Clark County judge said she’s leaning toward granting the Clark County School District’s motion to dismiss a class action lawsuit related to a 2023 cyberattack.Rocio Hernandez (The Nevada Independent)
#Roblox #infosec #breached
https://www.google.com/search?hl=en&q=site%3A*.gov%20%22robux%22
It seems like it’s amateur hour at #Microsoft.
Microsoft left internal passwords exposed in latest security blunder
Microsoft reportedly locked down an Azure-hosted server last month that exposed passwords, keys, and credentials of Microsoft employees to the open internet.Jess Weatherbed (The Verge)
Leader Of Israel's Unit 8200 (equivalent to NSA) OPSEC Mistake Exposed Long Held Identity
#News #Privacy #OPSEC #Unit8200 #Israel #SIGINT #NSA #OSINT #intelligence #infosec #Cybersecurity
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google accountHarry Davies (The Guardian)
@endingwithali The Fediverse is certainly the place for #infosec and other #internet related topics!
If you like a list of some popular accounts, this will help a loot!
https://fedidb.org/popular-fediverse-accounts
Made by our very own @dansup
FediDB, Fediverse Network Statistics
FediDB is a cutting-edge service providing detailed statistics and insights into the Fediverse network.fedidb.org
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/panera-bread-hit-by-ransomware-attack-systems-down-for-a-week-k-b-u-u-j/gD2P6Ple2L
Panera Bread hit by ransomware attack, systems down for a week
Panera Bread experienced a week-long IT outage due to a ransomware attack that encrypted numerous virtual machines, disrupting operations including internal IT systems, phone lines, POS systems, website, and mobile apps.BeyondMachines
This, in fact, has substantial benefits for #Putler's Regime: his future "cannon fodder" has a hard time running away before being drafted. Also, limiting face-to-face encounters (someone from the #InfoSec community once told can be the only safe way of communication) makes surveillance and "narrative control" in the media much easier.
📰 XZ Utils Backdoor Attribution Analysis
#News #Linux #XZutils #backdoor #ssh #infosec #cybersecurity #privacy #video #peertube #APT
https://tube.tchncs.de/w/ca2iuxmdqfBE98PwZYY6wh
📰 Linux XZ Utils Backdoor Attribution Analysis
🚨 ALERT: * Linux Backdoored XZ Utils (xz-utils)* How This Was Pulled Off, And Who May Have Done It? This Was A Backdoor In Layers - Many Changes Of Lesser Alarm, Together, Critical Remote Access, ...tchncs
🧬Types of DNS Records
🔹A
🔹AAAA
🔹CNAME
🔹MX
🔹PTR
🔹NS
🔹SOA
🔹TXT
🔖#infosec #cybersecurity #hacking #pentesting #security
#infosec #cybersecurity #email
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
https://www.wired.com/story/jia-tan-xz-backdoor/
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.Andy Greenberg (WIRED)
Google fesses up to spying on people's browsing habits in Chrome's not-so-Incognito mode, promising to destroy billions of records tracking U.S. citizens. Sadly it was not out of the goodness of their electric hearts - it took a formidable class action lawsuit (that they'd probably already prepared for):
https://apnews.com/article/google-chrome-privacy-lawsuit-settlement-203cc5063f1a1d4013de1900d9376814 #infosec #privacy
Google will purge billions of files containing personal data in settlement of Chrome privacy case
Google has agreed to purge billions of records containing personal information collected from more than 136 million people in the U.S. surfing the internet through its Chrome web browser.MICHAEL LIEDTKE (AP News)
Nice! @amlw wrote a PoC exploit and a honeypot for the xz backdoor.
https://github.com/amlweems/xzbot
#xz #liblzma #cve20243094 #infosec
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbotGitHub
Magic Wormhole 0.14.0 is released
https://mail.python.org/pipermail/python-list/2024-April/912199.html
Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian #Linux 12/11/10 appears safe. Taken from https://lists.debian.org/debian-security-announce/2024/msg00057.html #infosec #security
Someone invested a lot of money in the #xz / #liblzma backdoor.
Good read in https://boehs.org/node/everything-i-know-about-the-xz-backdoor #infosec
Everything I know about the XZ backdoor
Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveriesboehs.org
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access., (Red Hat)
Uhhh heads up everyone:
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/
> After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:
> The upstream xz repository and the xz tarballs have been backdoored.
As far as Debian is concerned, seems like only Sid was affected (fixed):
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Generally, XZ Utils versions 5.6.0 and 5.6.1.
⚒️35 Top Cybersecurity Tools for 2024
1. Nmap
2. Metasploit
3. Wireshark
4. Invicti
5. John the Ripper
6. Nikto
7. Burp Suite
8. Tor
9. Tcpdump
10. Aircrack-ng
11. Splunk
12. Acunetix
13. Snort
14. Mimecast
15. Malwarebytes
16. OpenVAS
17. SecPod SanerNow
18. UnderDefense
19. Intruder
20. ManageEngine Vulnerability Manager Plus
21. ManageEngine Log360
22. SolarWinds Security Event Manager
23. Norton Security
24.McAfee
25. AVG
26. System Mechanic Ultimate Defense
27. Vipre
28. LifeLock
29. Bitdefender Total Security
30. NordLayer
31. Perimeter 81
32. CIS
33. Webroot
34. GnuPG
35. Sparta Antivirus
🔖#infosec #cybersecurity #hacking #pentesting #security
👤beacons.ai/cyberkid1987
👤t.me/VasileiadisAnastasis
👥t.me/infosec101
Update Chrome now! Google patches possible drive-by vulnerability | Malwarebytes
Google has released an update for Chrome to fix seven security vulnerabilities.Pieter Arntz (Malwarebytes)
NEW: Despite Elon Musk's criticism of gov surveillance...
X has been selling data for government surveillance.
By Sam Biddle, LINK: https://theintercept.com/2024/03/25/elon-musk-x-dataminr-surveillance-privacy/
#surveillance #infosec #twitter #X #elonmusk #Musk #espionage #Twitter #police #protest
Elon Musk Fought Government Surveillance — While Profiting Off Government Surveillance
Elon Musk and X postured as defenders against government surveillance but sold user data to Dataminr, which facilitates such surveillance.Sam Biddle (The Intercept)