Do posłuchania wieczorem: jak bezpiecznie kupować i sprzedawać w internecie - w podcaście „Nowe życie rzeczy” opowiada @adamhaertle z serwisu @zaufanatrzeciastrona
Minor tweaks to mail (I run a mail server) during my week off last week. Sadly, I receive less spam/scam email on my nmrc.org mail than on the couple of gmail accounts I have. I mean, good for me, sad for those that use gmail.
Greylisting, blackholes, SPF, DKIM, DMARC, and even pi-hole/unbound in recursive mode (as the mail server's DNS server) are the secret.
Early in my career I discovered the art of passive social engineering.
In active social engineering, you try to get someone with access to a system to give that access to you.
Passive social engineering, by contrast, relies on the fact that someone has already (unknowingly) given you access, and you need only discover who it is, and what the nature of the access is.
U.S. officials hold their breath for Iranian cyberattacks
Critical infrastructure owners and operators are stepping up security, as the U.S. government keeps a close eye on evolving threats from Tehran in cyberspace.
Na Ciemnej Stronie można znaleźć kolejny wpis o internetowej inwigilacji - tym razem wyjaśniający w zrozumiały dla laika sposób, jak wyglądają wycieki przez WebRTC
The largest dental distributor was compromised Henry Schein and also hilarious is I warned them years ago about their issues. Anyway now I got a bunch of other companies hollering at me asking how to secure their stuff #infosec#cybersecurity#IT
The only thing I miss about Twitter is when someone posts a link to a thread there, and I only can view the first message as my account is long gone, and the thread has links to the details that are not in the first message. So I have to do some often creative googling to find the details I am wanting. For infosec it functioned as a great TL;DR method to get news (largely duplicated here). Pity some of those sources of info only exist there and not here.
Other than that, I couldn’t give a bright blue fuck about that dumpster fire platform.
Oh lovely (not). Hunters International claims that they have attacked a service that provides emergency medical transport and emergency security transport for travelers. It's a private for-fee membership service, but Hunters allegedly locked their files.
There's nothing on Medjet's website to suggest any disruption or anything amiss and Hunters provides no proof of claims.
DataBreaches has reached out via email to Medjet to ask about Hunters' claims.
As I told other journalists and others to expect: Daixin has already now leaked the third part of the data from the TranForm/Bluewater attack that impacts five hospitals in southwest Ontario, Canada.
I'm just starting to skim the tranche now, but as before, it's a mix of internal hospital documents and patient-related files.
Keep in mind Daixin hasn't dumped the databases yet. If they are true to form, those will be dumped within a day or a few days.
It might sound like lolz, but there could be serious consequences. Some clown used the iPhone DoS via BLE advertising packets thing (remember that post-Def Con?) on a train.
