0x58

0x58, 3 months ago to Cybersecurity

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2024 is out! It includes the following and much more:

➝ 🔓 #Juniper Support Portal Exposed Customer Device Info
➝ 🔓 🇹🇭 Major #DataBreach in #Thailand Exposes Personal Data of 20 Million Elderly Citizens
➝ 🔓 🇫🇷 Millions at risk of fraud after massive health data hack in #France
➝ 🔓 🇺🇸 #Verizon employee inadvertently leaks data of 63 thousand colleagues
➝ 🔓 🖥️ #AnyDesk Hacked: Revokes Passwords, Certificates in Response
➝ 🔓 🇺🇸 #Clorox says #cyberattack caused $49 million in expenses
➝ 💸 📈 #Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
➝ 🇺🇸 💰 US offers $10 million for tips on #Hive ransomware leadership
➝ 🇨🇳 🇺🇸 #China-backed Volt Typhoon hackers have lurked inside US #criticalinfrastructure for ‘at least five years’
➝ 🇨🇳 🇳🇱 Chinese Hackers Exploited #FortiGate Flaw to Breach Dutch #Military Network
➝ 🇮🇷 🇮🇱 #Iran accelerates cyber ops against #Israel from chaotic start
➝ 🇧🇾 🇺🇸 Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion #Crypto Money Laundering
➝ 🇭🇰 💸 #Finance worker pays out $25 million after video call with #deepfake ‘chief financial officer’
➝ 🇺🇦 #ukraine is Creating a ‘Cyber Diplomat’ Post
➝ 🇩🇰 #Denmark orders schools to stop sending student data to #Google
➝ 🇪🇺 ⚖️ #EU proposes criminalizing AI-generated child sexual abuse and deepfakes
➝ 🇳🇱 💰 #Uber Fined 10 Million Euros by Dutch Data Regulator
➝ 🇺🇸 🛂 US to Roll Out Visa Restrictions on People Who Misuse #Spyware to Target Journalists, Activists
➝ 🦠 💬 Raspberry Robin #Malware Upgrades with #Discord Spread and New Exploits
➝ 🦠 🍎 New #macOS Backdoor Linked to Prominent Ransomware Groups
🦠 🪥 Surprising 3 Million Hacked #Toothbrushes Story Goes Viral—Is It True?
➝ 🇨🇦 🐬 #Canada declares #FlipperZero public enemy No. 1 in car-theft crackdown
➝ 🩹 #Ivanti: Patch new Connect Secure auth bypass bug immediately
➝ 🐛 📍 Security flaw in a popular smart helmet allowed silent location tracking
➝ 🩹 Critical Patches Released for New Flaws in #Cisco, #Fortinet, #VMware Products
➝ 🐛 🐧 Critical Boot Loader #Vulnerability in Shim Impacts Nearly All #Linux Distros
➝ 🐛 ✈️ #Airbus App Vulnerability Introduced Aircraft Safety Risk
➝ 🩹 #QNAP Patches High-Severity Bugs in QTS, Qsync Central

--

📚 This week's recommended reading is: "x86 Software Reverse-Engineering, Cracking, and Counter-Measure" by Stephanie Domas & Christopher Domas

--

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-062024

0x58, 3 months ago to infosec

🆕 Added #HITBSeConf2024 to the list of #infosec events! See you in #Bangkok 🇹🇭 in August! 📆 ✈️

https://github.com/xsa/infosec-events

0x58, 3 months ago to Cybersecurity

📬 Your weekly #InfosecMASHUP was just sent out! Read it here if you missed it! 👇

#cybersecurity #infosec

https://open.substack.com/pub/0x58/p/infosec-mashup-week-062024?r=299go8&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

0x58, 3 months ago (edited 3 months ago) to superbowl

Who you r00ting for this week-end? 🏈 #superbowl

GossiTheDog, 3 months ago to random

deleted_by_author

0x58, 3 months ago to infosec

📆 Some of the recently added #infosec events to my list are: @bsidesboulder @rootedcon #NullconBerlin2024 #Zer0Con @typhooncon @BSidesLV

Thanks to @lcheylus for his many submissions! 🙏

#cybersecurity #travel

Go check the rest 👇

https://github.com/xsa/infosec-events

0x58, 3 months ago to opensource

#BSD lovers - Your opportunity to submit a paper for @bsdcan 2024! You have 3 days left! :freebsd:​ #opensource

https://www.bsdcan.org/2024/papers.php

0x58, 3 months ago to infosec

🇺🇸 New "Cybergang Bounty" - #infosec #cybersecurity

https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-tips-on-hive-ransomware-leadership/

krypt3ia, 3 months ago to random

So, I’ve been creating posts again, but, I think I’ve sussed something out. People aren’t reading anything anymore. Unless it’s 240 characters or less…

howelloneill, 3 months ago to random

i've seen literally 50x more people complaining about the toothbrush thing compared to actual blogs, which is funny to me but okay, I understand.

It's probably significant that all the places i've seen publish it are mass production reblog factories. all due respect, these are not well regarded news outlets. maybe that's not obvious to the general public or even the cyber expert public? There's a difference.

contrary to the viral outrage, this is absolutely not an example of "a dozen well-regarded news outlets" being tricked. It's still worth learning from as an example of the pitfalls of aggregation but you all could act a little less outraged, if I didn't know better I'd think this thing was just published on the front page of the washington post. everyone, drink a glass of water and get some air. This is not a big deal :)

0x58, 3 months ago to AWS

📺 One to watch today - Interesting @frichetten #BlackHat talk titled "Evading Logging in the Cloud: Bypassing AWS CloudTrail" :cloudcomputing:​

#aws #cloud #security #cloudtrail #iam #api #infosec #cloudsecurity

https://youtu.be/YP2XNAbB_Nw?si=mLK1z_fh8MZkgsVG

matthew_d_green, 3 months ago to random

I’m sad there are no malware-infested toothbrushes.

krypt3ia, 3 months ago to random

Mornin!

We doomed.

accidentalciso, 3 months ago to random

Me: I suppose I should make my breakfast.

Wife: Oh, I just cleaned up the kitchen. Sorry, I didn’t know you didn’t eat yet.

Me: No worries, I can make a mess again. I’m good at that.

0x58, 3 months ago to random

So, we've been talking about giving sh!t to #Ivanti recently (and rightfully).. Can we talk about #jetbrains? Like every other week they release security patches....

Weld, 3 months ago to random

Images of the Dental DoS attack are starting to trickle in

SecurityWriter, 3 months ago to random

Been in so many meetings today that I’m losing my voice. It’s been brutal.

0x58, 3 months ago to Cybersecurity

SQL injection and cross-site scripting (XSS) attacks still going strong 🚀

#cybersecurity #infosec #xss #sqlinjection

https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-2-million-in-sql-injection-xss-attacks/

molly0xfff, 3 months ago to random

just inventoried my bin of bulk/duplicate spices bc i need to make a penzey's order

FOUR bottles of smoked paprika

i use it in one (1) recipe

0x58, 3 months ago (edited 3 months ago) to random

Just to make sure people stay on their toes :flan_laugh:​

#infosec #fortinet #cybersecurity #cve

https://www.bleepingcomputer.com/news/security/fortinet-snafu-critical-fortisiem-cves-are-duplicates-issued-in-error/

joel, 3 months ago to IBM

I added #OmniOS and #illumos to my #LinkedIn profile. That would be great to get a job related to this technology.

BTW, I didn't add #IBM Cloud. Because... I'd rather not use that thing anymore :D

GossiTheDog, 3 months ago (edited 3 months ago) to random

The three million toothbrush botnet story isn’t true.

Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.