Infosec

woodpunk, 1 year ago

I laughed so much, a bit of wee came out! #infosec

megan, 1 year ago

Last night my co-authors and I turned in the final chapter's first draft for our book, Practical Detection Engineering: A hands-on guide to planning, developing, and validating threat detections. Still got a few rounds of technical reviews and copy edits but definitely a big milestone for us.

When performing competitor analysis we found that despite the numerous amazing blog posts from industry experts, there wasn't a complete book focused solely on detection engineering, so hopefully we can fill that gap for the field! The book is scheduled to release in early August and is available for pre-order on Amazon now:
https://www.amazon.com/Practical-Detection-Engineering-Confidently-detections/dp/1801076715

If you have a Packt subscription, it'll be in the eBook library too.

Thanks in advance for anyone who decides to invest in our work and check it out!

#detectionengineering #detections #threatdetection #threatintelligence #threatintel #infosec #engineering #cybersecurity #book #ebook #preorder

paulasadoorian, 1 year ago

Evading detection can be as simple as using "Jurassic Malware." Check out our full interview with Rob "Mubix" Fuller here: https://www.scmagazine.com/podcast-episode/psw-783-rob-fuller #infosec #cybersecurity #hacking

video/mp4

0xor0ne, 1 year ago

Beginners introduction to stack buffer overflows by Stefano Lanaro

https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/

#infosec #cybersecurity #beginners #learning

image/jpeg
image/jpeg

0xor0ne, 1 year ago

Nice quick writeup on CVE-2023-24749: WAN-side command injection (RCE) in Netgear RAX routers

https://mahaloz.re/2023/02/25/pwnagent-netgear.html

#cybersecurity #infosec #netgear

image/jpeg
image/jpeg

alis, 1 year ago

Web fingerprinting is more invasive than you think it is and “private browsing” is basically a scam.

#infosec #privacy #tech

AstraKernel, 1 year ago

🦠 Malicious #VSCode extensions steal passwords, open remote shells

👉 Theme Darcula dark: gathers sysnfo

👉 python-vscode: C# shell injector executes malicious code

👉 prettiest java: stole credentials from Discord and browsers

https://www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-steal-passwords-open-remote-shells/

#infosec #programming

thetaggartinstitute, 1 year ago

#Cybersecurity is a social justice issue.

When organizations do not have the requisite skills on board to protect themselves from attacks, their constituents—be they customers, students, or patients—are harmed. The nature of the harm could be financial, but not always. The patient whose care is deferred due to nonfunctional medical systems is experiencing more than just financial impacts. Poor cybersecurity makes the world that much harder to live in.

On the other side, we know that these organizations struggle to find people with the appropriate security skills. Some of that is poor hiring practices, but some of that is availability of candidates at the right place and time. The solution? Let a thousand resumes bloom.

The more people who have access to #InfoSec / #CyberSecurity skills, the more opportunities people have to improve their own lives through this discipline. And in turn, the lives of the people they protect are improved.

It's not about computers. It was never about computers.

We're in this to help people on both sides of the equation. That's why we believe this knowledge should not come with financial burdens.

weopentech, 1 year ago

Flatiron School, an educational organization, is looking for a Fixed Term Instructor (Cybersecurity) - responsible for coordinating, preparing for and delivering key components of a student’s course structure, to include lectures, labs, one-on-one instruction and study groups. More details of the role here: https://boards.greenhouse.io/theflatironschool/jobs/4880681004
#InfoSec #TechJobs #CyberCareer #US #Remote #GetFediHired

downey, 1 year ago

:google: BREAKING: #Google to start deleting unused #email accounts so other people can use them, because of course impersonation is not a thing.

🤔 What could possibly go wrong?

🤦‍♂️ Techbros are (still) idiots.

#Gmail #privacy #infosec

https://blog.google/technology/safety-security/updating-our-inactive-account-policies/

cybercareersblog, 1 year ago

U.S. Transportation Department Data Breach Exposes Personal Information of 237,000 Employees https://www.cybercareers.blog/2023/05/u-s-transportation-department-data-breach-exposes-personal-information-of-237000-employees/?utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #cyber #infosec

SecureOwl, 1 year ago

Chatted with Tab at Caliber recently about forensics, my books, and the risks to organizations created by the inevitable mountain of dormant credentials left behind after mass layoffs.

Also, I wore a collared shirt, so you know it’s serious.

https://www.youtube.com/watch?v=GCi1pgmy5uo

#infosec #podcast #DFIR #blueteam

jimcarroll, 1 year ago

Going through some web traffic and saw this type of thing hitting my site; I didn't realize I had Wordfence off, so I'm now 503'ing.

But #infosec folks - just curious what they are trying to find here. Tons of these hitting with random strings.

62ch, 1 year ago

Bukannya bayar tebusan malah ngerahin buzzer untuk menjaga nama baik bank tersbut, Grup ransomware LockBit telah meretas bank BSI dalam 2 bulan terakhir..

Twitter :
https://twitter.com/darktracer_int/status/1658341177685573632?t=5Q4hp_ViAeXcR9kUxCFWVg&s=19

Link (gunakan tor browser) :
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion/post/zcrrG5l18LHHt2Ym64629612ac716

Link (Archive) :
https://archive.ph/wip/JPn7r
https://archive.ph/BHD16

#infosec #indonesia @Indonesia @indonesia

image/jpeg

michael, 1 year ago

Hm. Bitbucket rotating their SSH host keys is interesting for all kinds of reasons, but maybe primarily because GitHub just rotated theirs a couple of months ago.

Strange coincidence!

https://bitbucket.org/blog/ssh-host-key-changes

#ssh #infosec #bitbucket