Infosec

campuscodi,
@campuscodi@mastodon.social avatar

Last year, CrowdStrike published a report on a new crypto-mining operation that was targeting exposed Kubernetes systems with a miner for the Dero cryptocurrency token.

https://www.crowdstrike.com/blog/crowdstrike-discovers-first-ever-dero-cryptojacking-campaign-targeting-kubernetes/

This threat actor—no official name yet—is still active today, according to a new report from cloud security firm Wiz.

https://www.wiz.io/blog/dero-cryptojacking-campaign-adapts-to-evade-detection

#infosec #cybersecurity #security

rysiek, (edited )
@rysiek@mstdn.social avatar

Lukewarm take:

When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.

Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.

Today, almost all sites use HTTPS. Doesn't mean the risk is zero, but it's way lower.

*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.

steve,
@steve@mastodon.nexusuk.org avatar

@rysiek Also worth noting that several VPNs have been caught with their pants down collecting data from the traffic they have been routing - many ISPs and public wifi providers likely have better data protection practices than some VPN providers, so you may well be better off without the VPN.

rysiek, (edited )
@rysiek@mstdn.social avatar

Also, shout-out to @letsencrypt for dramatically changing the security landscape of the Web for the better over the years.

Rarely is there an example of a project so effective and so directly improving everyone's lives, while at the same time keeping the original engineering mindset and just Doing Stuff Right™ humbly in the background.

Next November it will have been exactly a decade since LE started. We all owe them a huge 10th birthday party.

chiefgyk3d,
@chiefgyk3d@social.chiefgyk3d.com avatar

So tomorrow is going to suck I need upgrade my PfSense firewall and apparently there is a bug that requires a reinstall to get it fixed as the partition was too small. Then I can get around to setting up @protonprivacy and @bitwarden but I am keeping @keepassxc for the TOTP MFA, because I don’t want to store those in the same password manager. Also rotating all passwords and setting up new Yubikeys then migrating from Ledger to Trezor
#infosec

endareth,
@endareth@disobey.net avatar
chiefgyk3d,
@chiefgyk3d@social.chiefgyk3d.com avatar

@endareth I don’t mind the migration, but I am a Yubico Ambassador so I am hitting up my rep with a content idea for my TikTok and Twitch

simplenomad,
@simplenomad@rigor-mortis.nmrc.org avatar

Sounds like a very cool project. The only problem with it is that there is no reference to Kuato (IYKYK).

https://github.com/xaitax/TotalRecall

#infosec #security

ohmu,
@ohmu@social.seattle.wa.us avatar


A large western Washington municipality that rhymes with "free cattle" is going to post an opportunity for a new OT manager in a few weeks.

For a variety of reasons, I am very invested in this position even though I'm just lowly water engineer.
Please stay tuned. I will post a link here when I have it myself.

Please spread the word wherever infosec folks gather.

My hope is that this will be an opportunity for some culture change.

popey,
@popey@mastodon.social avatar

NIST turns to IT consultants to clear National Vulnerability Database backlog

🤔

"According to the agency's statement last week, it hopes to reach its pre-February processing rate of CVEs within the next few months. NIST predicted it should be caught up and back to processing current CVEs by the end of the fiscal year."

💀

https://www.theregister.com/2024/06/03/nist_cve_backlog/

#infosec #security #cve

Linux_in_a_Bit,
@Linux_in_a_Bit@linuxrocks.online avatar

@popey
0-day vulnerability?
Not anymore! :ablobcatbongo:

eslerm, (edited )
@eslerm@mastodon.social avatar

@popey CISA has been positioning themselves to take over NVD's role 🤞
https://github.com/cisagov/vulnrichment

gcluley,
@gcluley@mastodon.green avatar

Hey everyone, how's your day going?

#InfoSec #infosec2024

coreysnipes,
@coreysnipes@fosstodon.org avatar

I don't recall which person inspired me to create a security/cyber policy page on our company website, and security.txt files on our apps, but I am glad we did.

We received our first vulnerability notification email last night and it was fixed today. Grateful for the white hats out there. 🙌

coreysnipes,
@coreysnipes@fosstodon.org avatar

@greg Oh, just found the reference I used when setting it up. This was really helpful. https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value

greg,
@greg@gregnewman.io avatar

@coreysnipes adding this one to my notes. Appreciate it. This is on my list for this year.

bane,
@bane@exploit.social avatar

I am currently still looking for a full-time job. Let's talk about what your team needs and how I can fill the role!

#fedihired #infosec

chiefgyk3d,
@chiefgyk3d@social.chiefgyk3d.com avatar

is dead, why do people still insist on being on that platform? It's lost its relevance, and all the best people in Infosec have moved here to or another app.

I feel like most of those still on Twitter are more worried about appearances and keeping their follower numbers than keeping and growing a great community.

That's just my $0.02

3dcandy,
@3dcandy@mastodon.social avatar

@chiefgyk3d had a couple of meetings today though and in general here in the UK the numbers are down hugely in 2024 across all the platforms including youtube, twitch, tik tok. Everything is harder, and prices are up and rewards are down. The big tinternet bubble of great numbers and easy money seems to have gone very quickly

chiefgyk3d,
@chiefgyk3d@social.chiefgyk3d.com avatar

@3dcandy I think overall a lot of people had a lot of free time to use the internet more during the pandemic, and not that is starting to decline as people have to get back to regular routines.

I know that free time and being bored in a house is what led me to make Tiktok and other content.

jik,
@jik@federate.social avatar

I just received a moderately interesting #scam call.
The phone rings.
It's a New York Number (I'm in NYC) with "New York NY" as its CID.
I answer and say hello, and hear a couple seconds of silence and then the blip sound indicating I've been transferred from the bulk dialer to a live person.
The person who says hello has a strong Indian accent and I can hear other people talking in the background.
#infosec #privacy #telemarketing
1/4

jik,
@jik@federate.social avatar

"I'm calling from the diabetes supply team, and we're sending you an [unintelligible] glucose meter. Are you a diabetic?"
Me: "Why?"
The guy repeats exactly the same sentence.
Me: "I heard you. Why are you sending me a meter. Did someone tell you to do that?"
He repeats the same sentence.
Me: "I heard you. I'm asking why you're sending me a meter."
He hangs up.
2/4

jik,
@jik@federate.social avatar

There are three types of scam this could be:

  1. He's trying to get me to say "Yes" so he can record that and use it to fraudulently claim I verbally agreed to buy something.
  2. If I'd played ball he would have collected personal / payment information about me and used it to harm or scam me.
  3. It's possible that there really is a glucose meter that they want to send me as a loss leader to make money off of the needed supplies.
    I'm thinking it was probably (1), but not certain.
    3/4
dan613,
@dan613@ottawa.place avatar

My spouse works in healthcare, and her IT department can't figure out how to permanently turn off the MS Recall feature. There is always a risk of an overworked person hitting a wrong button and suddenly breaching patient privacy laws. https://mastodon.social/@detective/112513529733646088

TheMp3Genious,

The Genious Wave Mp3

If you have a look at the lives of successful human beings, you’ll see they have a common issue – they all arise early, generally around four am. That’s due to the fact the brain is within the theta state at this time of day, and it shall we those human beings preserve that country for the relaxation of their day, making their fact around them as they undergo their surroundings.

OFFICIAL WEBSITE:
https://besthealthtopic.com/genius-wave-audio-mp3/

FACEBOOK:
https://www.facebook.com/TheGeniusWaveAudioMP3/
https://www.facebook.com/GeniusWaveCanada/
https://www.facebook.com/TheGeniusWavemp3Canada/
https://www.facebook.com/GeniusWaveAudioMP3UnitedKingdom/
https://www.facebook.com/GeniusWaveSouthAfrica/
https://www.facebook.com/GeniusWaveAustralia/

davidaugust,
@davidaugust@mastodon.online avatar
skry,
@skry@mastodon.social avatar

Ticketmaster hacked. Breach affects more than half a billion users.

Emails, phone numbers, addresses, and even financial details have allegedly been exposed by a notorious hacker group. And they are offering the data for half a million bucks.

https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack

@404mediaco exposed Ticketmaster yesterday for its monopoly power in the concert industry, so its 500 million customers are now being revictimized by the hackers.

https://www.404media.co/the-monopoly-case-against-ticketmaster-explained/

#infosec

  • All
  • Subscribed
  • Moderated
  • Favorites
  • infosec
  • DreamBathrooms
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • InstantRegret
  • slotface
  • osvaldo12
  • kavyap
  • khanakhh
  • Durango
  • megavids
  • everett
  • cisconetworking
  • normalnudes
  • tester
  • ngwrru68w68
  • cubers
  • modclub
  • tacticalgear
  • provamag3
  • Leos
  • anitta
  • JUstTest
  • lostlight
  • All magazines