#followfriday is back (after I missed it last week). Once again, here's some cool #infosec / #cybersecurity accounts I've discovered and followed recently...

- @Omkhar
- @zh4ck
- @pietrushnic
- @freddy
- @zerotypic
- @jeFF0Falltrades
- @13reak
- @WPalant

Plus a few cool accounts I've discovered from fun instances around the #fediverse...

- @Shrigglepuss
- @tonicfunk
- @stephan

I've also updated my site's #blogroll with Fediverse handles for each site entry's author - https://shellsharks.com/blogroll

Blogroll

A list of blogs I read and recommend.

^shellsharks

Just finished setting up my router, DHCP server is not the best but it works!

#meme #shitpost #tech #networking #infosec

Friend: What do you play games on?
Me: I play games on a switch!

#meme #shitpost #networking #tech #infosec

ALL CLEAR for Fedora Rawhide and Fedora 40 Beta builds regarding the xz exploit. 👍

Things had stabilized soon after the initial security advisory, but we're now confirming that you can use Rawhide and Fedora 40 Beta safely as long as you have the latest updates or reinstall (which is not a bad idea to be safe).

Fedora 38 and 39 were never affected.

Learn more: https://fedoramagazine.org/cve-2024-3094-all-clear/

#Fedora #Security #Privacy #InfoSec #Linux #OpenSource

CVE-2024-3094: All Clear - Fedora Magazine

The XZ backdoor was foiled by Andres Freund.

^{Matthew Miller (Fedora Project)}

So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.

How can you push a tool that siphons data to a third party onto a security-critical system?

What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?

#infosec #security #openai #microsoft #windowsserver #copilot

📡 HACKRF PORTAPACK H2: What's New Latest Mayhem Firmware v2.0.1

#radio #sdr #Signals #firmware #mayhem #portapack #HackRF #infosec #cybersecurity #privacy #hardware

https://tube.tchncs.de/w/xvj2ZwbFepkHVginNs4H7n

What's New #HackRF Mayhem #Portapack Firmware v2.0.1 / Upgrading

how to upgrade portapack mayhem firmware and showing first look at NEW APPS: Foxhunt / Wardriver Geotag log BLOG / SUPPORT: https://bmc.link/politictech http://righttoprovacy.i2p #hackrf #portapack...

^tchncs

I read some article about them being concerned about AI cyberattacks, and actually recommended 'fighting fire with fire'.

??

Um.. you can't just rely solely on AI systems when the main reason why cyberattacks keep on succeeding is mostly due to social engineering. People are being tricked into enabling attackers access their systems and data.
AI-based attacks are currently mainly driven by deception via fake messages, deepfakes, etc.

#cybersecurity #infosec #socialengineering #AI

Well, at least the uni didn't try to minimize it:

"On or around November 28, 2023, Butler University’s third-party vendor, Athletic Trainer System ("ATS"), notified Butler University that an unknown actor gained access to ATS's computer systems in August 2020."

As part of steps taken in response, Butler writes: "Butler University is also reviewing the business necessity of sharing any sensitive data with third party vendors."

(SSN had been involved)

Butler University's notification letter sent to 1,871 people can be found linked from https://apps.web.maine.gov/online/aeviewer/ME/40/aebbc4f8-fbd7-4a2d-991b-f1ec97032e39.shtml

#EduSec #Vendor #infosec #hack #databreach

@douglevin @funnymonkey @brett

Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.

https://www.wired.com/story/house-section-702-vote/

#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle

House Votes to Extend—and Expand—a Major US Spy Program

The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

^{Dell Cameron (WIRED)}

Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach:

https://thenevadaindependent.com/article/judge-clark-county-schools-may-have-immunity-in-lawsuit-over-2023-cybersecurity-breach

Does Nevada state law provide them with a "Get Out of Jail Free" pass? It sounds like it may.

@douglevin @funnymonkey @brett @mkeierleber

#databreach #EduSec #cybersecurity #edtech #accountability #infosec

Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach

A Clark County judge said she’s leaning toward granting the Clark County School District’s motion to dismiss a class action lawsuit related to a 2023 cyberattack.

^{Rocio Hernandez (The Nevada Independent)}

It seems like it’s amateur hour at #Microsoft.

https://www.theverge.com/2024/4/10/24126057/microsoft-azure-server-internal-passwords-exposed-cybersecurity

#infosec

Leader Of Israel's Unit 8200 (equivalent to NSA) OPSEC Mistake Exposed Long Held Identity

#News #Privacy #OPSEC #Unit8200 #Israel #SIGINT #NSA #OSINT #intelligence #infosec #Cybersecurity

https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse

Top Israeli spy chief exposes his true identity in online security lapse

Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google account

^{Harry Davies (The Guardian)}

Passwords are important.

#infosec #passwords

@endingwithali The Fediverse is certainly the place for #infosec and other #internet related topics!

If you like a list of some popular accounts, this will help a loot!
https://fedidb.org/popular-fediverse-accounts

Made by our very own @dansup

FediDB, Fediverse Network Statistics

FediDB is a cutting-edge service providing detailed statistics and insights into the Fediverse network.

^fedidb.org

📰 XZ Utils Backdoor Attribution Analysis

#News #Linux #XZutils #backdoor #ssh #infosec #cybersecurity #privacy #video #peertube #APT

https://tube.tchncs.de/w/ca2iuxmdqfBE98PwZYY6wh

📰 Linux XZ Utils Backdoor Attribution Analysis

🚨 ALERT: * Linux Backdoored XZ Utils (xz-utils)* How This Was Pulled Off, And Who May Have Done It? This Was A Backdoor In Layers - Many Changes Of Lesser Alarm, Together, Critical Remote Access, ...

^tchncs

🧬Types of DNS Records

🔹A
🔹AAAA
🔹CNAME
🔹MX
🔹PTR
🔹NS
🔹SOA
🔹TXT

🔖#infosec #cybersecurity #hacking #pentesting #security

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

https://www.wired.com/story/jia-tan-xz-backdoor/

#infosec #cybersecurity

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

^{Andy Greenberg (WIRED)}

Google fesses up to spying on people's browsing habits in Chrome's not-so-Incognito mode, promising to destroy billions of records tracking U.S. citizens. Sadly it was not out of the goodness of their electric hearts - it took a formidable class action lawsuit (that they'd probably already prepared for):

https://apnews.com/article/google-chrome-privacy-lawsuit-settlement-203cc5063f1a1d4013de1900d9376814 #infosec #privacy

Google will purge billions of files containing personal data in settlement of Chrome privacy case

Google has agreed to purge billions of records containing personal information collected from more than 136 million people in the U.S. surfing the internet through its Chrome web browser.

^{MICHAEL LIEDTKE (AP News)}

Nice! @amlw wrote a PoC exploit and a honeypot for the xz backdoor.

https://github.com/amlweems/xzbot

#xz #liblzma #cve20243094 #infosec

Magic Wormhole 0.14.0 is released

https://mail.python.org/pipermail/python-list/2024-April/912199.html

https://pypi.org/project/magic-wormhole/

#python #infosec

magic-wormhole

Securely transfer data between computers

^PyPI

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Someone invested a lot of money in the #xz / #liblzma backdoor.

Good read in https://boehs.org/node/everything-i-know-about-the-xz-backdoor #infosec

Uhhh heads up everyone:
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

> After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:

> The upstream xz repository and the xz tarballs have been backdoored.

As far as Debian is concerned, seems like only Sid was affected (fixed):
https://lists.debian.org/debian-security-announce/2024/msg00057.html

Generally, XZ Utils versions 5.6.0 and 5.6.1.

#InfoSec #Linux #Debian

⚒️35 Top Cybersecurity Tools for 2024

1. Nmap
2. Metasploit
3. Wireshark
4. Invicti
5. John the Ripper
6. Nikto
7. Burp Suite
8. Tor
9. Tcpdump
10. Aircrack-ng
11. Splunk
12. Acunetix
13. Snort
14. Mimecast
15. Malwarebytes
16. OpenVAS
17. SecPod SanerNow
18. UnderDefense
19. Intruder
20. ManageEngine Vulnerability Manager Plus
21. ManageEngine Log360
22. SolarWinds Security Event Manager
23. Norton Security
24.McAfee
25. AVG
26. System Mechanic Ultimate Defense
27. Vipre
28. LifeLock
29. Bitdefender Total Security
30. NordLayer
31. Perimeter 81
32. CIS
33. Webroot
34. GnuPG
35. Sparta Antivirus

🔖#infosec #cybersecurity #hacking #pentesting #security

👤beacons.ai/cyberkid1987
👤t.me/VasileiadisAnastasis
👥t.me/infosec101

NEW: Despite Elon Musk's criticism of gov surveillance...

X has been selling data for government surveillance.

By Sam Biddle, LINK: https://theintercept.com/2024/03/25/elon-musk-x-dataminr-surveillance-privacy/

#surveillance #infosec #twitter #X #elonmusk #Musk #espionage #Twitter #police #protest