itnewsbot, to random

Chinese state hackers infect critical infrastructure throughout the US and Guam - Enlarge (credit: peterschreiber.media | Getty Images)

A Chines... - https://arstechnica.com/?p=1942057

avoidthehack, to infosec

Google are getting worse, at your expense

They're also concerns... especially the search engine sponsored results (which are paid ads).

https://proton.me/blog/google-ads

heiseonline, to ChatGPT

is trained with data from the 's dark brother?

Researchers have developed an model trained with data from the Darknet – DarkBERT's source are hackers, cybercriminals, and the politically persecuted.

https://www.heise.de/news/DarkBERT-is-trained-with-data-from-the-Dark-Web-ChatGPT-s-dark-brother-9061407.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

jmamblat, to infosec

https://blog.thc.org/infecting-ssh-public-keys-with-backdoors Fun.

symfonystation, to Symfony
@symfonystation@phpc.social avatar

Our weekly Symfony, Drupal, PHP, Cybersecurity, and Fediverse newsletter is out.
https://mailchi.mp/b2fd199af99e/explore-this-weeks-symfony-drupal-php-cybersecurity-and-fediverse-news If you like what you see, you can subscribe via the button in the top left corner. And do us a solid by boosting this post.

zeljkazorz, to random

Free cybersecurity/privacy training/advice for whomever wants it.

image/png

aeveltstra, to ai
@aeveltstra@mastodon.social avatar

Wired reports on prompt injection vulnerabilities and risks: https://www.wired.com/story/chatgpt-prompt-injection-attack-security/

symfonystation, to Symfony
@symfonystation@phpc.social avatar

Explore the @symfonystation news communiqués archive for evergreen content. https://www.symfonystation.com/Communiques/ And please sign up for our newsletter to get the latest news communiqués and original content delivered to your inbox. #Symfony #PHP #Drupal #Cybersecurity #Fediverse :symfony: :drupal: :php: :fediverse:

5am, to linux
@5am@fosstodon.org avatar

Don't take the unnecessary risk of running as . Instead, create your capture file (.cap, .pcap) with (sudo tcpdump -i eth0 -w file.pcap), then open it for analysis in Wireshark as your regular non-root user. 👍

0xor0ne, to infosec

Nice blog post showing how to analyze and produce a PoC for CVE-2022-42475 (heap-based buffer overflow vulnerability in FortiOS SSL-VPN)

https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce/

image/jpeg
image/jpeg

aeveltstra, to random
@aeveltstra@mastodon.social avatar

Oh dear. https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

will attempt to hack your network by... using tools built into and intended to make back-ups. But Microsoft blames management tools sold by third-party vendors...

cybercareersblog, to infosec

ICYMI: Russian National charged with ransomware attacks against critical infrastructure https://www.cybercareers.blog/2023/05/russian-national-charged-with-ransomware-attacks-against-critical-infrastructure/?utm_source=dlvr.it&utm_medium=mastodon

mobileatom, to Symfony
@mobileatom@me.dm avatar

Explore today's @symfonystation Communiqué of Symfony, Drupal, PHP, Fediverse, and Cybersecurity news. https://www.symfonystation.com/Symfony-Station-Communique-26-May-2023 #Symfony #SymfonyCasts #PHP #Drupal #Cybersecurity #Fediverse #Mastodon #CSS :symfony: :elephpant_purple: :drupalicon: :fediverse: :php: 🇺🇦

ianRobinson, to random
@ianRobinson@mastodon.social avatar

Reshaping IT security budgets 2020 v 2025 - Renaissance IT Distributor

https://www.renaissance.ie/reshaping-it-security-budgets-2020-vs-2025/

cybercareersblog, to infosec

Google Pixel 7 Pro https://www.cybercareers.blog/2023/05/google-pixel-7-pro-review/?utm_source=dlvr.it&utm_medium=mastodon

gcluley, to random
@gcluley@mastodon.green avatar

Suzuki motorcycle plant shut down by cyber attack.

Read more in my article on the Bitdefender blog:

https://www.bitdefender.com/blog/hotforsecurity/suzuki-motorcycle-plant-shut-down-by-cyber-attack/

cybercareersblog, to infosec

RA Group steals 2.5TB of data in under a month in ransomware attacks https://www.cybercareers.blog/2023/05/ra-group-steals-2-5tb-of-data-in-under-a-month-in-ransomware-attacks/?utm_source=dlvr.it&utm_medium=mastodon

fifonetworks, to random

Cybersecurity professionals who promote fear are doing harm to overall cybersecurity awareness training efforts.

As an example, I received this inquiry from a person who was unnecessarily afraid to use a legitimate payment system. Read their question and my reply below:

"Hi Bob, I have a tech question for you. I just had my car serviced at the dealer. They offered a pickup and return service (of the car) which I used, so I did not physically have to go there. When they were done they texted me a copy of the bill and there was a link to make the payment. Since I wasn’t sure how safe that was I called and made the payment, but for future reference I thought I’d ask you if it is a safe/secure way to pay.
Thanks"

My reply:
"Yes! It's safe and secure to use a link in a text message, or QR code, given to you directly by a local business. That business is paying a transaction fee to use an online credit card payment services provider."

Instead of fostering fear, teach people how to distinguish between legitimate payment links and payment links from scammers.

Empower them.
Don't intimidate them.

tristan, to random

For anyone even vaguely interested in infosec, I highly recommend the Darknet Diaries podcast. Even if you're not deep in the weeds of security, there's lots to learn for people that like to know about the darker side of the internet.

dantemercurio, to infosec
@dantemercurio@ioc.exchange avatar

Interesting analysis on Medusa ransomware by SecurityScoreCard.

https://resources.securityscorecard.com/research/a-deep-dive-into-medusa-ransomware#page=1

0xor0ne, to infosec

Excellent writeup on obtaining root command execution on Netatalk daemon on Western Digital MyCloudHom NAS.
credits: Etienne Helluy-Lafont and Luca Moro

https://synacktiv.com/en/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack.html

image/jpeg
image/jpeg

kpwn, to javascript

#Pentesting web apps requires you to analyze their #JavaScript.

Benefit from my experience of 5 years of pentests!

👈 The last thread covered how to work with local overrides.

👉 This Saturday's thread shows you how to bypass code protection measures.

➡️ Follow me to not miss a bit!

#Infosec #CyberSecurity #BugBounty

rw, to infosec

ICYMI: Russian National charged with ransomware attacks against critical infrastructure https://www.cybercareers.blog/2023/05/russian-national-charged-with-ransomware-attacks-against-critical-infrastructure/?utm_source=dlvr.it&utm_medium=mastodon

PogoWasRight, to infosec

It looks like Royal also hit Westside Community Services in SF. Their website is not working now, but their Twitter account describes them as "Serving SF's community since 1967. Providing free mental health, substance abuse, recovery, and housing services in the city. Visit our website for more!"

Royal provides no data at this point as proof.

PogoWasRight, to infosec

Nokowaya also has some listings I have not seen elsewhere, including a data dump with sensitive info allegedly from Wyoming County Community Health System in New York. They claim to have exfiltrated 150 GB of files.

There is no notice on the health system's site. I have reached out to them and will update when I find out more.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • thenastyranch
  • magazineikmin
  • cisconetworking
  • tacticalgear
  • mdbf
  • rosin
  • Youngstown
  • slotface
  • khanakhh
  • GTA5RPClips
  • kavyap
  • ngwrru68w68
  • DreamBathrooms
  • megavids
  • everett
  • ethstaker
  • modclub
  • cubers
  • love
  • normalnudes
  • Durango
  • InstantRegret
  • provamag3
  • tester
  • Leos
  • osvaldo12
  • JUstTest
  • All magazines
    •