securityskeptic

@securityskeptic@infosec.exchange

Greybeard cybersec guy who values ethics, trust, friendship, teamwork. I'm a partner at Interisle Consulting Group, board member at CAUCE and APWG, and was named to the team of experts at the Geneva Centre for Security Policy.

I'm keenly interested in measuring cybercrimes and the resources criminals use to perpetrate them and currently scratching this itch at the Cybercrime Information Center.

I'm a Golden Retriever lover and fantasy novel devotee. I love to cook: Italian, French, Chinese, Thai, Mediterranean and Low Country are staples. Married to the finest and loveliest person I've ever known.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

securityskeptic, to random

Java-based uses a Discord bot to exfiltrate data

If you have a folder named
"NS-<11-digit_random_number>" it likely contains data the malware intends to exfiltrate.

https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html

arstechnica, to random
@arstechnica@mastodon.social avatar

Artists may “poison” AI models before Copyright Office can issue guidance

Copyright Office to recommend protections for works used to train AI in 2024.

https://arstechnica.com/tech-policy/2023/11/artists-may-poison-ai-models-before-copyright-office-can-issue-guidance/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

securityskeptic,

@arstechnica

FTA: Stronger copyright laws could favor Big Tech

Surely no one will be surprised that Big Tech and generally the folks with lobbies and lawyers will end up with the most protections and artists, authors, and inventors will get the uknowhat end of the stick.

securityskeptic, to random

Good Monday all...

Today we've released a study,

Cybercrime Supply Chain 2023:
Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

https://interisle.net/CybercrimeSupplyChain2023.html

The major findings of the study are:

• 5M domains identified as serving as a resource for cybercrime.
• 1M domains reported for spam activity were registered in new gTLDs.
• 500,000 subdomain hostnames reported for serving as resources for cybercrime.
• 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
• Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
• The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

The study was sponsored by the , , and .

securityskeptic, to random

US hosting firm DediPath abruptly ceases operations with less than 24 hours notice to customers

They were frequent flyers in our quarterly rankings of hosters with most attacks reported.

https://www.datacenterdynamics.com/en/news/us-hosting-firm-dedipath-abruptly-ceases-operations-with-less-than-24-hours-notice-to-customers/

securityskeptic,

@jtk Reminds me a bit of the 3FN a while back.

Did you have any interactions with the operators?

malwaretech, to random

I’ve never worked a job where I have to wake up at a specific time and I’ve always wondered if it’s professionally acceptable to just be honest and tell someone their 9am meeting suggestion is too early. Currently I just tell everyone my schedule is book every day until 10 am (which is technically true because I have 2am - 9am scheduled for sleeping and 9am - 10am scheduled for drinking coffee and processing being alive).

securityskeptic,

@malwaretech It's more acceptable now than ever. And if your skill set is in demand, even more so. And being honest is IMO always the right call.

I began teleworking in 1989, shortly after my son was born. I was fortunate to have very progressive managers who not only accepted my remote worker request but tasked me with experimenting with secure remote access and this eventually led to some early adoption at my workplace (and my future career).

johnshirley2024, to random

Mug shots of Trump and other defendants including Mark Meadows and Giuliani. Trump really does look like a scared, trapped raccoon trying to bluff you into running away. Giuliani looks like a silent movies villain.

securityskeptic,

@johnshirley2024 I particularly liked the Jenna Ellis and David Schafer mug shots.

"Oh, how nice, a new DL photo!"

Viss, to random
@Viss@mastodon.social avatar

happy friday, internet

securityskeptic,

@Viss Otherwise known in the US as "the last work day before I work on Saturday".

danyork, to threads
@danyork@mastodon.social avatar

So my question is.. given that Instagram was originally a photo-sharing app (that evolved to video and stories), will IG users want to participate in a text-only system?

Or will users primarily be Twitter refugees?

securityskeptic,

@danyork Won't the success or failure of be dictated by whether Meta is able to convince advertisers and influencers that they'll have more success and reach?

securityskeptic, to twitter

"full-screen, sound-on video ads" coming to

This will certainly lure back the big advertisers who were concerned about "content moderation, erratic posts and unorthodox leadership style".

https://arstechnica.com/tech-policy/2023/06/linda-yaccarinos-vision-for-twitter-2-0-emerges/

hacks4pancakes, to random

This is not targeted at any one person, just running commentary that people’s posts are less frequent, more angry, more off-topic… it’s not an excuse to be a jerk but keep in mind that maybe around a rough quarter of US private sector cybersecurity people are dealing with impactful budget cuts, have been laid off, or had colleagues laid off and had to take over all their work, or had to actually lay off employees (or worse), and it’s definitely impacting mental health, burnout, and morale. Just my two cents. And we are privileged - it’s way worse in other IT niches and professions. Look out for one another. Be kind.

securityskeptic,

@hacks4pancakes

I was about to ask what's happened to the "surplus" of cybersecurity jobs reported in February 2023 and hit pause.

I checked and the same 350% surplus was reported in October 2022.

And you can go back to 2017 and see countless articles on unfilled cybersecurity positions, desperate cries for talent, etc.

None of this reconciles with the ground truth you're sharing. WTF?

securityskeptic,

@hacks4pancakes

Understood. But how many of the alleged 600K jobs are senior role positions? (that number appears frequently)

My experience and observation:

Many orgs lament lack of cybersecurity staff.

These orgs hire someone to fill a senior role, expect them to perform miracles.

But few orgs adjust their security budget to hire more staff to assure success.

The senior role staff burn out, or are pilloried following an incident they could have prevented if they'd had the staff and remit.

I feel like I'm watching NBA teams throw supercap money at 2-3 stars, leaving nothing for their bench. Come playoff time, they don't have the depth to succeed.

briankrebs, to random

Long rant/observation....

You know what secretly holds much of the financially-oriented cybercrime world together? It's the relatively few evil code wizards who are really good at making malware look benign. They call them cryptors, or encryptors, and their services are known as "crypting."

Crypting is a core method by which malware purveyors try to evade antivirus and security tools, and virtually all serious malware that is deployed for use in data stealing at some point needs to be crypted. Because if you're not doing stuff to obfuscate your malware before sending it out, it's probably going to mostly get caught by antivirus. So, if you're not crypting it yourself (challenging), you probably need to pay someone else to do that.

There are countless cybercriminals who've hung out their shingles as crypting service providers, but most of these people are really not very good at what they do, and are soon out of business. Still, there are a fair number of crypting services that have been around for a while and do a passable job, with somewhat unreliable results.

However, it's crazy how many different big time cybercrime outfits turn to a fairly small number of super-scary crytpers who've been doing malware a LONG time (15-20+ years).

One thing I have discovered in all my lurking on the forums is that the best cryptors are independent contractors who tend to have arrangements with multiple, often competing cybercriminal operations.

In short, if you want to really kneecap a number of cybercrime enterprises all at once, go after the top crypting service providers, and take them off the board.

securityskeptic,

@synlogic @briankrebs I love posts that make me think. Thanks.

Taking cryptors off the board is absolutely worth pursuing.

IANAA so I'm curious what crime one would allege that cryptors committed, and you'd have to prove conspiracy or receipt of illegally obtained proceeds.

How would a prosecutor argue to effectively distinguish crypter code from other libraries and code bits that one finds in malware that are commonly available in repos or freeware sites?

securityskeptic,

@briankrebs @synlogic

If this is the typical case, then the prosecutor or a company filing a suit would probably add the cryptors (by name or even as John Doe) as defendants in the complaint, as Microsoft did with parties who wrote software in the Kelihos and Necurs takedowns in the past.

securityskeptic, to random

Gabon government takes GA TLD from Freenom

From the announcement,

Gabon's national infrastructure agency estimates that there are currently over 7M delegated domain names in .GA.

BUT.. several million domain names will be deleted as the
previous operator has not provided the data that concern them.

Most of these are likely spam or phishing domains.

One down. Four to go:-)

https://www.afnic.fr/wp-media/uploads/2023/05/ga-domain-names-soon-to-return-to-Gabonese-management-1.pdf

#freenom #dnsabuse #phishing

hacks4pancakes, to random

One of the reasons I really wish there were QTs on here is to make it not look like I am endorsing or criticizing something else someone else is endorsing or criticizing. Like, they share something interesting but they share their personal opinion about it and I disagree slightly with some nuance. That's not trolling, it's not a pile-on, it's just context that RTs are not endorsements.

securityskeptic,

@hacks4pancakes
Interesting. I never thought of RTs as endorsements but simply as "here's something you might find worth reading".

cloudguy, to random

deleted_by_author

    •
    securityskeptic,

    @cloudguy @sjvn @briankrebs

    I have to temper your good news with the sobering observation that the discussion of "how to protect your data" reminds us that few if any consumer devices have sufficient security features to provide a meaningful baseline.

    Consumer security features for WiFi, routers, devices rely on authentication - passwords - but have no concept of authorization (granular access controls). Granted, most consumers haven't a clue what authorization means, so perhaps give them a set of roles or restrictions that are "consumer meaningful".

    Same applies to auditing. Most consumers have become familiar with fraud notifications from credit card companies. Are we really incapable of creating an intrusion framework for consumers?

    Privacy advocacy needs to be more than fines for misuse of personal data.

    securityskeptic, to random

    Looking at the February-April 2023 phishing activity, one trend stands out. The story...

    In March, @briankrebs reported that Meta had filed a lawsuit against Freenom, see https://krebsonsecurity.com/2023/03/sued-by-meta-freenom-halts-domain-registrations/

    We’ve observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs in months surrounding the lawsuit.

    Responsible for over 60% of phishing domains reported in November 2022, Freenom’s percentage has dropped to under 15%.

    Do you wonder how many targeted organizations could collect a strong case of cybersquatting and infringement against their brands, and why more aren't taking similar actions against TLD operators and registrars?

    hacks4pancakes, to random
    securityskeptic,

    @hacks4pancakes
    Good look for you.
    Nice that they offered you a lanyard tp match your attire.

    hacks4pancakes, to random

    I’m mobile lock pick village, come find me in VIP

    securityskeptic,

    @hacks4pancakes
    Alternative for folks with arthritis
    https://www.allhandsfire.com/product-images/FHU-LS-Axe_1.jpg

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    deleted_by_author

    •
    securityskeptic,

    @GossiTheDog
    Agree. Are there enough incentives for this to occur uniformly across all industries or do we need something other than self-determined reporting (regs).

    securityskeptic,

    @avuko @GossiTheDog

    Agree.

    Self-regulation is not working in many areas. While I think that carrots/incentives are valuable, they don't work when the reality on the ground is that the incentives (as you say) lie in concealment, evasion, denial.

    internetsociety, to random
    @internetsociety@techpolicy.social avatar

    Do you know often you use ? 🤔

    You may not notice all the daily encrypted interactions you have, but you surely would notice if your private data was accessed because of a lack of strong encryption.

    Take a look at a day with encryption 🔒👇
    https://www.internetsociety.org/blog/2019/10/your-day-with-encryption/

    securityskeptic,

    @internetsociety

    You asked "Do you know how often you use encryption?"

    An important but commonly overlooked question:

    Do you know how often you use encryption and implicitly trust the key holder when no meaningful verification has been performed?

    (Free) SSL certs ensure confidentiality only. It tells you nothing about the trustworthiness of the party to whom the cert was issued. So... in many phishing cases, you're simply keeping your communications with a cybercriminal private.

    DNSSEC ensures that the DNS data is exactly what the domain registrant intended. The domain registrant can be a cybercriminal and you can't know from signing.

    We applaud adoption of encryption but confidentiality alone is hardly the end game.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    I recently took a look at Mandiant's yearly M-Trends report (link https://cyberplace.social/@GossiTheDog/110220117253124508 ), so I decided to have a look at Sophos' yearly Sophos X-Ops Incident Response report.

    Thread time!

    The results are very similar to Mandiant's finding at a top line. E.g. dwell time is down, and your data will get stolen by ransomware groups.

    https://news.sophos.com/en-us/2023/04/25/2023-active-adversary-report-for-business-leaders/

    securityskeptic,

    @GossiTheDog Where's that quote from?

    Also... don't believe that ransomware is the only threat because it garners the most headlines. Phishing keeps growing and growing and growing, and financial fraud phishing is growing the fastest.

    debcha, to random
    @debcha@mastodon.social avatar

    TIL: lace cards

    It’s a computer punch card with every possible spot punched out, so what remains is a flimsy filamentous net of paper that instantly tears and jams up the card reader.

    Old-school denial of service attack.

    https://en.m.wikipedia.org/wiki/Lace_card

    securityskeptic,

    @debcha More old school: send a stack of sheets of black paper to numbers that spammed your fax machine.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • rosin
  • thenastyranch
  • Durango
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • cubers
  • Youngstown
  • mdbf
  • slotface
  • osvaldo12
  • GTA5RPClips
  • kavyap
  • megavids
  • InstantRegret
  • everett
  • tacticalgear
  • vwfavf
  • tester
  • normalnudes
  • modclub
  • ethstaker
  • khanakhh
  • cisconetworking
  • anitta
  • Leos
  • JUstTest
  • All magazines
    •