Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
Highly recommend you do so, or at least read the executive summary its 🔥
"The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul..."
The xz issue highlights once again that we can't just hope that private sector corporations invest in the #opensource that makes their business (and profits) possible.
Perhaps we need public sector investment in carefully selected open source - and by that I don't mean the big fancy stuff, but the tiny tools that most people don't even know is there - like xz.
After all - how much of the world around us would collapse if all open source vanished at midnight?
Der Bündnis Sahra Wagenknecht Verein (BSW - Für Vernunft und Gerechtigkeit e.V.) wurde vermeintlich gehackt und Daten über Spender:Innen wurden im Rahmen einer noch nicht veröffentlichten Spiegel-Investigation erlangt.
Alle Menschen welche an das BSW bis einschließlich dem 13.01.2024 gespendet haben sind nun Teil eines Datenleaks welcher den Vornamen, Namen, die E-Mail-Adresse und teilweise die Spendenhöhe beinhaltet.
Alle Newsletter-Abonnenten müssen sich lediglich um ihre E-Mail Adresse Gedanken machen.
Der Spiegel wusste davon vor dem 11.03.2024, Das BSW wurde an diesem Tag davon informiert, und obwohl die E-Mail datiert ist auf den 14.03. wurden die vom Leak betroffenen Personen erst am 15.03.2024 um 03:15 benachrichtigt. Ich bin mir unsicher ob nur Spender:Innen oder auch Newsletter-Abonnent:Innen benachrichtigt wurden.
Mal gucken was dabei rauskommt — Ich warte gespannt auf die Spiegel Investigation!
Avons nous, en France et en français, une plate-forme éthique de divulgation de faille cyber à but non lucratif ?
Type openbugbounty ?
Si oui, laquelle ?
The Canada Air AI chatbot bereavement refund Court finding is such an interesting canary in the coal mine. If you thought individual people hiding bad behavior behind the shield of being anonymous online was a problem, wait until for profit companies increasingly weasel out of the consequences of their actions by saying it was AI that made the decision, and not an employee.
What worries me most after 5 years as leader of the #NSA
by Gen Paul Nakasone commander of the [#UnitedStates#Cyber Command, dir of the #NationalSecurity Agency & chief of #CSS until Feb 2]
“Approaching the end of my 5+ yrs as director of the NSA, I have heard the same question again & again: What’s your greatest worry as you conclude decades of #service to your nation?
@hacks4pancakes@dko
I didn't find out until it was over, but currently listening to it. Appreciate you sharing your knowledge with everyone!
In the people I've talked/listened to about moving into cybersecurity, you're alone in stating out loud that it's 'not an entry level role'. Thinking about how everyone talks about getting experience, or going into an adjacent field as a helper to get into the industry, that does seem to be propping up the advice many give.
Also thanks for the VetSec name drop. I've literally never heard of it until now.
#hackers of the #Ukrainian military intelligence conducted the next #cyber attack on the Russian #military forces by disabling functionality of all Russian DJI #drones they use on the frontline. Starting from 13:00 Moscow time, Russian troops complain that drones became useless. #hacking#cybersecurity#Russia
Made it from #Brussels to #Berlin by train. A few minutes of relaxing before I head out to meet fellow Hatters for a business dinner. Just like in London, the view from the hotel room doesn’t disappoint!
Ich würde sehr gerne einen Thread schreiben, aber der Text hat 25.000 Zeichen und seine Stärke (behaupte ich) liegt in der Differenziertheit. Ich habe jedes Wort abgewogen, und ihn nun kurz zusammenzufassen, würde ihm nicht gerecht werden. Die Essenz ist im Prinzip die Überschrift: Spitzer überspitzt - in weiten Teilen auf unzulässige Weise, wie ich finde. Dabei geht wichtiges unter.