dantemercurio

JoeUchill, 4 months ago to random

Does anyone have a mac cloud backup service they really like that's suitable for a casual user?

Asking for a family member.

dantemercurio, 4 months ago to apple

Kaspersky has released details regarding the Apple iMessage attack. Apparently it involved four, yes four 0-day exploits in the 0-click exploit chain. I often say if you have to jump up and down, rub your belly, and tap your head for the exploit to work, it’s low risk as most exploits are opportunistic. This definitely looks like an exception.

https://9to5mac.com/2023/12/27/most-sophisticated-iphone-attack-chain-ever-seen/

#apple #cybersecurity #infosec #kaspersky #exploit

dantemercurio, 5 months ago to Ubiquiti

Ubiquiti misconfigured account associations allowed random people to access private video.

https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7

#ubiquiti #infosec #databreach

dantemercurio, 6 months ago to random

Pansy enjoying Charlie Brown Thanksgiving
#catsofmastadon #Thanksgiving

dantemercurio, 6 months ago to Cybersecurity

SEC going after Solarwinds and their CISO for misleading the public regarding their security controls. Like to know who the CISO reported to. In my experience, CISO’s are often constrained by the CFO who they often report to. Never met a CISO who got everything he asked for. Additionally CISO’s often don’t sit on executive executive meetings. Be interesting how this goes.

#cybersecurity #infosec

https://www.sec.gov/news/press-release/2023-227

dantemercurio, 6 months ago to Cats

Arwen considers hibernation.
#cats #catsofmastadon

GossiTheDog, 6 months ago to random

deleted_by_author

ErrataRob, 7 months ago to random

I've been putzing around with this textbook for several years now, explaining why the OSI Model is obsolete. It's not accurate practice, it's not theory, it's not even helpful, but people don't understand it well enough to understand what's wrong with it. In over 200 pages, I explain why it needs to be completely abandonned, except as a historical footnote.

https://docs.google.com/document/d/1iL0fYmMmariFoSvLd9U5nPVH1uFKC7bvVasUcYq78So/edit?usp=sharing

dantemercurio, 7 months ago to Cybersecurity

NSA employee pleads guilty to attempted espionage. Why attempted? He was actually communicating with an FBI covert agent. He was there less than a month.

https://www.justice.gov/opa/pr/former-nsa-employee-pleads-guilty-attempted-espionage

#cybersecurity #infosec

cloudguy, 7 months ago to random

deleted_by_author

bitsmith, 7 months ago to infosec

It's almost a year since I gave up on trusting cloud #password vault providers and moved back to a local KeepassXC (with LOCKSS backup strats). Very happy with that decision. #infosec

historyofpunkrock, 7 months ago to punk

42 years ago today
Black Flag at San Pedro High School on October 20, 1981 with new singer Henry Rollins at one of his first gig with the band.

#punk #punks #punkrock #hardcorepunk #blackflag #henryrollins #history #punkrockhistory

dantemercurio, 7 months ago to random

Pansy and her fall gourd.
#catsofmastadon #caturday

dantemercurio, 7 months ago to infosec

Very interesting findings in the latest Cisco Security Outcomes study. One quick highlight answers the question of which has more impact on security threat detection, mature people, processes, or technology. Spoiler, they’re all about equal in importance to a mature program.

Including the best graph from one of the authors @wade

Looking for ways to work the phrase Ravine of Reality into future discussions.

Shout out to @wendynather and her team as well.

#infosec #cybersecurity

dantemercurio, 8 months ago to animals

Leia’s on active bunny duty.

#dogsofmastodon #dogs #goldenretriever

dantemercurio, 8 months ago to random

Don’t mean to brag, but I’m somewhat of a computer wizard. Both my daughter’s game loading problem and my son’s photo sync problem were solved with me merely being present when they tried to show me the issue.

dantemercurio, 8 months ago to infosec

MGM now reporting that business systems are functional and back to normal. Seems like a quick turn around. Wonder if they paid the ransom. Even if they didn’t, given a $15M payday from Caesar’s, I expect a busy ransomware season for the immediate future.

#infosec #cybersecurity #ransomware #MGM

https://www.reviewjournal.com/business/casinos-gaming/mgm-operations-back-to-normal-employees-cite-residual-problems-2908069/

rodhilton, 8 months ago to random

Just added 2 pizzas to a doordash cart for pizza and movie night for my family of 4.

Between the price of the pizzas, delivery fees, taxes, convenience fees, and dasher tip, the total was $80.

80 bucks for 2 pizzas to be delivered. Pizza. The cheap food famous for delivery.

This is fucking crazy, I don't understand how people are surviving this bullshit.

malwaretech, 8 months ago to random

This is absolutely crazy stuff. Chinese hackers were able to get into a bunch of government email accounts by forging Microsoft access tokens, but how it happened is wild.

Apparently an internal Microsoft system responsible for signing consumer access tokens crashed, then a bug in the crash dump generator caused the secret key to be written to the crash dump. Microsoft's secondary system for detecting sensitive data in crash dumps also failed, allowing the crash dump to be moved from an isolated network to the corporate one. The Chinese hackers compromised a Microsoft engineer's account and were able to get a hold of the crash dump. They were not only able to find the key and figure out that it's responsible for signing consumer access tokens, but were also able to exploit a software bug to use it to sign enterprise access tokens too, basically giving them the keys to the kingdom.

So many security system had to fail for this to happen. Either the hackers were very lucky or extremely patient.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

dantemercurio, 8 months ago to animals

Enjoying the last days of summer.

#dogsofmastodon #dogs #goldenretriever

dantemercurio, 8 months ago to Cybersecurity

Microsoft discloses details on how their signing keys were stolen. Long story short, a crash dump contained the keys and an engineer’s corporate account was compromised and they had access to the environment where those dumps were stored. I commend the transparency and details on lessons learned and improvements.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

#cybersecurity #infosec #microsoft

thomasfuchs, 9 months ago to random

I’ll block anyone tooting about the Republican debate, unless it’s 100% made up

dangillmor, 9 months ago to random

I believe in trying to detect "AI"-generated content.

I vehemently do NOT believe in using the products people are peddling to universities to purportedly do this for professors in grading students.

Even if these things worked at a 99% correct-detection rate -- and they aren't even close -- that would mean potentially ruining the life of an innocent student based on a black-box algorithm.

I won't do that. Period.

https://dair-community.social/@timnitGebru/110930665056158940