After basically the whole #Microsoft#Azure cloud was hacked (see list of related sources on https://karl-voit.at/cloud/ ), the first follow-up incidents went public caused by missing containment actions:
If you didn't understand until now: basically EVERYTHING at Microsoft got hacked and Microsoft can't (or won't) get rid of the intruders. Everything authenticated by Microsoft is tainted. Even #Windows auth.
Die #Hochschulen begeben sich in eine selbstverschuldete Unmündigkeit, wenn ihre Öffentlichkeitsarbeiter:innen die Plattformen antidemokratischer Milliardäre bespielen, statt sich am Aufbau des Fediversums zu beteiligen – des selbstverwalteten, wirklich sozialen Netzwerks der Zukunft.
Accounts auf Mastodon-Instanzen wären ein guter 1. Schritt.
Im 2. Schritt sollten Hochschulen Fediverse-Instanzen selbst betreiben.
Ich arbeite an der #UniBielefeld in einem Team, das eine der größten wissenschaftlichen Suchmaschinen (@base) betreibt. Für einen Verein betreibe ich nebenher Fediverse-Instanzen (Mastodon und PeerTube). Gern würde ich das auch für meine Uni tun.
Auch das Rechenzentrum der Uni Bielefeld betreibt kaum Anwendungen selbst, sondern am liebsten nur leere virtuelle Maschinen. Unsere Matrix-Instanz wird von einer Fakultät für die ganze Uni betrieben. Unsere GitLab-Instanz von der Bibliothek (mir). Warum das so ist, weiß ich nicht. Aber mit etwas gutem Willen finden sich Lösungen.
Es gibt aber auch eine gegenläufige Tendenz an Hochschulen, und zwar alles Mögliche in die Cloud auszulagern, z.B. in die von Microsoft. Ich kann gar nicht sagen, wie schade ich das finde. So verlieren wir den letzten Rest digitaler Souveränität.
Part 3 of "A Guide to Implementing ActivityPub in a Static Site (or Any Website)" is just out the oven!
In this blog post, I explain how to make your blog discoverable in the Fediverse as an account, and also address some of the annoying pitfalls I encountered.
I must admit, this news about #Uranus and #Neptune has me shook:
"A fresh analysis of Voyager 2's images show both ice giants are in fact a similar shade of greenish blue, which is the 'most accurate representation yet' of the planets' colors, the new study finds."
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #45/2023 is out! It includes the following and much more:
➝ 🔓 ✈️ #Boeing breach: LockBit leaks 50 GB of data
➝ 🇨🇳 World’s largest commercial bank #ICBC confirms #ransomware attack
➝ 🔓 ☁️ Sumo Logic alerts customers about #securityincident; advises rotate Sumo Logic API access keys
➝ 🔓 🇮🇪 Electric Ireland admits data breach that could see customer financial data compromised
➝ 🔓 🇨🇦 #TransForm says ransomware data breach affects 267,000 patients
➝ 🔓 🇸🇬 #Singapore Marina Bay Sands reward members data breached, over 650k people exposed
➝ 🇮🇱 🇵🇸 🇮🇷 Cyber ops linked to #Israel-#Hamas conflict largely improvised, researchers say
➝ 🧨 🤖 #OpenAI confirms #DDoS attacks behind ongoing #ChatGPT outages
➝ 🛍️ 💸 Fake Ledger Live app in #Microsoft Store steals $768,000 in #crypto
➝ 🔓 🐰 ‘Looney Tunables’ #Glibc Vulnerability Exploited in #Cloud Attacks
➝ 🇺🇸 🇷🇺 US Sanctions Russian National for Helping Ransomware Groups Launder Money
➝ 🇮🇷 🇮🇱 Iranian Hackers Launch Destructive Cyber Attacks on Israeli #Tech and #Education Sectors
➝ 🇫🇷 🇬🇧 #France, #UK Seek Greater Regulation of Commercial #Spyware
➝ 🇪🇺 🤐 #Europe is trading security for digital #sovereignty
➝ 🇷🇺 🇺🇦 Russian Hackers Used #OT Attack to Disrupt Power in #Ukraine Amid Mass Missile Strikes
➝ 🦠 🚪 Highly invasive #backdoor snuck into #opensource packages targets developers
➝ 🦠 🇰🇵 N. Korea's #BlueNoroff Blamed for Hacking #macOS Machines with ObjCShellz #Malware
➝ 🫣 #Signal tests usernames that keep your phone number private
➝ 🔐 Microsoft Authenticator now blocks suspicious #MFA alerts by default
➝ ☁️ 💰 Researchers Uncover Undetectable #CryptoMining Technique on #Azure Automation
➝ 👥 💰 Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
➝ 🩹 Microsoft Says Exchange ‘Zero Days’ Disclosed by #ZDI Already Patched or Not Urgent
➝ 🐛 Veeam warns of critical bugs in #Veeam ONE monitoring platform
📚 This week's recommended reading is: "How the F*ck Did This Happen?: A guide for executives who need to understand Cyber Security in plain, actionable language" by Dr Darryl Carlton
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Any software companies with #microsoft#dotnet#azure tech stack hiring #remote out there? I’m content where I’m at - but as a Lead developer wanting to jump to the #architect track I’m pretty stagnant in my current position.
I worked for the Federal Reserve for a bit before jumping into consulting. I’ve lead geolocated teams - 12 hr time difference - for over half of it.
Part 6 of "A Guide to Implementing ActivityPub in a Static Site (or Any Website)" is now out.
Sorry about the delay, this is the part that not many people will like, I assume. I try to explain how to implement the inbox, which by nature is dynamic non-static.
Good Monday morning, Fediverse! I'm looking for my next role, hoping to get #FediHired.
Right now I'm a principal engineer and team lead for certificate infrastructure at a major US company. My day-to-day work focuses on PKI infrastructure/operations, Windows, and Active Directory. I get to help developers understand both the Why and How of the best practices for using certificates, along with keeping the certificate infrastructure humming along.
Working with Information Security, we've implemented company-wide multi-factor authentication for ~30,000 people. I've designed and executed migrating from on-prem PKI (Microsoft ADCS) to Certificates-As-A-Service, which reduced our total operating costs by about half. The includes dropping our datacenter footprint from multiple physical devices down to a couple of VMs.
Outside of the technical responsibilities, I'm mentoring and training junior/new teammates to build their skills and their confidence. Feedback from the management of our development and applications teams is that I've reinvigorated relationships and made certificate discussions something folks look forward to. And while nobody enjoys an outage, both managers and fellow individual contributors have told me that my calm, confident, and methodical presence is critical to both morale and quick resolution.
My current position doesn't offer much in the way of Azure exposure, but in my previous role I built out a Windows Virtual Desktop (now Azure Virtual Desktop, AVD) ecosystem from scratch when the pandemic first began and we had to send everyone to work from home on super-short notice. Nobody missed a day of work for lack of technical resources.
What I want from my next role is either a similar technical lead/principal level infrastructure/operations IC position or moving into management of a similar team.
If you're looking for a technical leader (with or without management responsibilities) to help shape and maintain your Windows/Active Directory environment, someone who can build relationships across a large organization, let's chat. DM me for email or Signal.
Current residence is in Syracuse, NY, but I'm open to relocation.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:
➝ 🔓 ❌ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ 🔓 ⚖️ Hackers breached International Criminal Court’s systems last week
➝ 🔓 🤖 #Microsoft#AI researchers accidentally exposed terabytes of internal sensitive data
➝ 🦠 💸 #BlackCat#ransomware hits #Azure Storage with #Sphynx encryptor
➝ 🇮🇷 🇮🇱 Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ 🇮🇳 #India's biggest tech centers named as #cybercrime hotspots
➝ 🇫🇮 💊 Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ 🇨🇦 🇷🇺 Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ 🇨🇳 🇺🇸 #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ 🇺🇸 🇨🇳 China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ 🇨🇳 🦠 New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ 🇬🇧 🔐 UK Minister Warns #Meta Over End-to-End Encryption
➝ 🇺🇸 🇷🇺 One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ 🦠 🥸 Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ 🦠 📈 #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ 🦠 📡 Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ 🦠 🐝 #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ 🔐 #GitHub launches #passkey support into general availability
➝ ☑️ 🐧 Free Download Manager releases script to check for #Linux malware
➝ 💬 🔐 #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ 🍏 🔐 #iOS 17 includes these new security and #privacy features
➝ 🩹 High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ 🩹 😡 Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ 🍏 🩹 Apple emergency updates fix 3 new zero-days exploited in attacks
➝ 🩹 #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ 🩹 #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ 🔓 Nearly 12,000 #Juniper#Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
📚 This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
I took this in Chefchaouen in 2019. The mesmerizing azure hue that adorns the ancient architecture is undeniably beautiful. This is definitely on the list of places I want to see twice.
Anyone up for reviewing a resume? Had it professionally ... done up ... but it looks and feels off to me. Been debating seeing what's our there in the #dotnet, #csharp, and #azure world and want to have a good jumping off point.
Hello 👋 We'll be sharing updates from the #PostgreSQL team 🐘 at Microsoft here, including our open source contributions to the Postgres database core—plus our work on the Azure Database for PostgreSQL managed service. And more!
✅ If you missed this 📝 blog post on what's new with Postgres at Microsoft by @clairegiordano, it's still quite current & gives a good overview
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #24/2023 is out! It includes, but not only:
→ 🇺🇸 🇨🇳 The US Navy, NATO, and #NASA are using a shady Chinese company’s #encryption chips
→ 🦠 🏢 #Ransomware Group Starts Naming Victims of #MOVEit Zero-Day Attacks
→ ☁️ 🪣 New Supply Chain Attack Exploits Abandoned #S3Buckets to Distribute Malicious Binaries
→ ☁️ #XSS Vulnerabilities in #Azure Led to Unauthorized Access to User Sessions
→ 🇨🇳 🦠 #Barracuda ESG zero-day attacks linked to suspected Chinese hackers
→ 🇷🇺 🇺🇸 Russian national arrested in Arizona, charged for alleged role in #LockBit ransomware attacks
→ 🇷🇺 🇺🇦 Russia-backed hackers unleash new USB-based malware on #Ukraine’s military
→ 🇺🇸 💰 LockBit Ransomware Extorts $91 Million from U.S. Companies
→ 🇷🇺 🇺🇦 #Microsoft identifies new hacking unit within Russian military intelligence
→ 🦠 Fake Researcher Profiles Spread #Malware through #GitHub Repositories as PoC Exploits
→ 🎣 👟 Massive #phishing campaign uses 6,000 sites to impersonate 100 brands
→ 🇨🇳 Chinese Cyberspies Caught Exploiting #VMware ESXi #ZeroDay
→ 🩹 Microsoft #PatchTuesday, June 2023 Edition
→ ☁️ Microsoft: Azure Portal #outage was caused by traffic “spike”
→ 🇨🇳 🇺🇸 #China's cyber now aimed at infrastructure, warns CISA boss
→ 🇰🇷 🇨🇳 Ex-Samsung executive alleged to have stolen tech to recreate chip plant in China
→ 🇨🇭 🗄️ Swiss Fear Government Data Stolen in Cyberattack
→ 🩹 🔐 #Fortinet fixes critical RCE flaw in #Fortigate SSL-VPN devices, patch now
📚 This week's recommended reading is: "The Cyber Effect: An Expert in Cyberpsychology Explains How Technology Is Shaping Our Children, Our Behavior, and Our Values — and What We Can Do About It" by Prof Mary Aiken
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️