Any #infosec folks recommend the best #cyber contractor hiring in vicinity of Ft. Eisenhower? (Ft. Gordon). A friend is looking for an established contractor with good benefits hiring people at GS-13 equivalent level to staff CYBERCOM, TRADOC or other major commands. #USArmy
I've been helping to investigate a few LLVM and Rust bugs recently, and I keep running into pet peeves with how these bugs are reported, so I'm going to put together some #RulesForBugFiling
I don't want to discourage anyone from filing a bug, please do! But... be aware with how you represent the issue that you're seeing.
I also know that there are folks on here who are vastly more knowledgeable than I am, so feel free to suggest corrections, perhaps by filing some sort of report...
If you're going to claim something is a security issue, please explain what the attacker has gained by exploiting the bug. That is, what they can now do they couldn't before.
Just as we got a conviction in the #Vastaamo case, now #Helsinki primary education IT has been breached and 120k students', parents' and teachers' info has been stolen.
Details are sparse, but parts of what has been revealed sound like a #Office365#breach to me. Not confirmed though.
"Possibly the largest data breach affecting [Finland's] municipal sector"
i have been reworking some security bits and a friend got swept up in my sand traps. he's on iOS, isn't a techie, doesn't think he's using a VPN or using special security/privacy settings — but his traffic is coming from CDN addresses (akamai, cloudflare). something's going on that i didn't know about. can anyone point me to learning links? #infosec
Introducing entropyscan-rs, a #RustLang entropy scanner for analyzing files and directories during incident response. Used carefully, this can quickly identify likely malware when not all stages of an attack have been discovered, such as during a web server compromise without adequate logging. Enjoy!
North Korean hackers crack DMARC to spoof emails from trusted sources
North Korean state-sponsored threat actors are abusing misconfigurations in DMARC to send convincing phishing emails and gather vital intelligence from Western targets~impersonating journalists, officials have warned.
#AskInfoSec I'm trying to wrap my head around security aspects of IPv6 protocol.
From what I've learned that now my networking devices have a public IP address (unlike with IPv4 which would have to be port translated at the router).
In order to talk to a service I still will need a port next to the IP address.
Does that mean that every device in the network should have a firewall? Or can I still have one at the router level handle everything?
My fear is that a router could be easily bypassed.