@GossiTheDog@cyberplace.social
@GossiTheDog@cyberplace.social avatar

GossiTheDog

@GossiTheDog@cyberplace.social

Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions.

I have Direct Messages disabled - you can send them, but I will never receive them.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Very big cyber incident playing out at Snowflake, who describe themselves as “AI Data Cloud”. They have a free trial where anybody can sign up and upload data… and they have.

Threat actors have been scraping customer data using a tool called rapeflake, for about a month.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

The tl;dr of the Snowflake thing is mass scraping has been happening, but nobody noticed.. and they're pointing at customers for having poor credentials. It appears a lot of data has gone walkies from a bunch of orgs.

Snowflake is a big AI data company with a conference in the US next week, chances of that going ahead are interesting.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

IOCs: https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information

Snowflake admin users need to check their Snowflake environment, not sec departments check their on prem.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

❓ 😅

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

Five orgs have told me they are running incidents for Snowflake, where their data has been copied.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

Snowflake: there is absolutely no cybersecurity incident.

Also Snowflake: Please run these commands and look for "threat activity" logins with the user agent "rapeflake" using this knowledge base article we haven't listed on our website.

https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

Live Nation said its stolen database was hosted on Snowflake, a cloud storage and analytics company.

https://techcrunch.com/2024/05/31/live-nation-confirms-ticketmaster-was-hacked-says-personal-information-stolen-in-data-breach/

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

I've now confirmed 6 major orgs running Snowflake cyber incidents, so I've made a theme song about Snowflake's response.

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/increased-cyber-threat-activity-targeting-snowflake-customers

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

On 10th May 2024, Keytronic filed an 8-K with the SEC for a data breach.

Turns out it was ransomware, Black Basta say they have 530gb of data. Keytronic haven’t informed customers.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

In my opinion - I think more people in the cyber industry and government should be speaking out against Copilot Recall being deployed in this manner.

I think most people will know what harm it will cause having a text database of everything the user has ever typed and viewed. Our parents will be using this.

I know it will drive business through incidents but.. surely there’s a line?

It feels so profoundly depressing, and like nobody cares about actually securing things for people.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Things I’ve been asked to produce over the years as a manager in security:

  • Blockchain strategy
  • Metaverse strategy
  • Generative AI strategy

Amount of times this has had any value: 0

Perhaps the reason businesses largely haven’t grown for a decade is because they have failed to concentrate on ensuring good operations and making products customers care about.. but instead they’ve rushed off the latest fad cliff like Lemmings.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Okay I knew Opera browser was bad but I had no idea how crazy the situation was until reading this.

https://www.spacebar.news/stop-using-opera-browser/

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Malware in 1992 https://www.bbc.com/videos/cq5n1plk4ljo

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Oh no, @ivory doesn’t support embedded music yet. You’re all missing out* on these

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    Senua’s Saga: Hellblade 2 on Xbox Series X is the best looking game I’ve ever played.

    image/png
    image/png
    image/png

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Hellblade 2 32:9 widescreen style on PC.

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Love these two.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

    From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

    Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

    video/mp4

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Managed to find out how BBC News printed in a headline story that it was not possible to steal Recall data without being physically at the device (which is false) - this is from the journalist:

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088

    Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.

    Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness

    I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

    My look at the feature, FAQs from the community etc

    https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.

    HT @tomwarren

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅

    What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.

    Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    Werewolves Group are a ransomware group who attack primarily Russian organisations, although orgs across Europe in total. They've been operating under the radar for a few months.

    There are many ransomware operators who aren't in Russia and aren't being tracked properly, so I imagine the odds are the problem is going to keep spiralling into other regions. Shout out to Kazakhstan.

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Reupping this thread about Werewolves Group attacking Russian orgs.

    GossiTheDog,
    @GossiTheDog@cyberplace.social avatar

    Russia is very very exposed in terms of cybersecurity and resiliency as attacking local orgs there will get the local feds to bash your door in.. so ransomware groups have left it untested. #threatintel

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • InstantRegret
  • mdbf
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • osvaldo12
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • ethstaker
  • modclub
  • cisconetworking
  • tester
  • GTA5RPClips
  • cubers
  • everett
  • megavids
  • provamag3
  • normalnudes
  • Leos
  • lostlight
  • All magazines
    •