@campuscodi@mastodon.social
@campuscodi@mastodon.social avatar

campuscodi

@campuscodi@mastodon.social

Cybersecurity reporter for Risky Business

#infosec #cybersecurity #security

This profile is from a federated server and may be incomplete. Browse more on the original instance.

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-germany-sues-microsoft-for-details-on-past-hack/
Podcast: https://risky.biz/RBNEWS290/

-Germany sues Microsoft for details on past hack
-VirusTotal releases a new YARA version rewritten in Rust
-SEC adopts stricter data breach notification rules
-First major deepfake hack incident confirmed
-China establishes Matrix Cup, a new hacking competition
-QNAP fails to patch major bugs, PoC released
-Microsoft out-of-band update
-Flutterwave hacked the 4th time
-Andrew Tate's site leaks user data, DMs

campuscodi,
@campuscodi@mastodon.social avatar

Also:

-Pink Drainer shuts down
-Three Israeli firms linked to major malvertising push
-Two pig-butchering scammers detained
-Microsoft cuts out Russian customers
-Nigeria suspends cybersecurity tax
-Slack to harvest DMs for our future AI overlords
-Pump[.]fun hacked for $2mil
-Grandoreiro malware gang returns
-Malware reports on STRRAT and Windows bootkits
-APT reports on Obstinate Mogwai and Andariel's DoraRAT
-Loads of disinformation campaigns going on (origin: Russia and Azerbaijan)

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-feds-seize-breachforums-again/
Podcast: https://risky.biz/RBNEWS289/

-Feds seize BreachForums (again)
-Microsoft to require MFA for all Azure accounts (maybe?)
-US arrests woman for running laptop farm for DPRK IT workers
-Major hack at Australian healthcare org
-Sonne Finance hacked for $20 mil
-Android adds anti-theft feature
-The Netherlands criminalizes cyber-espionage
-Independent sovereign Russia finally gets a GitHub clone (via China)
-Norway tells companies to dump SSL VPNs

campuscodi,
@campuscodi@mastodon.social avatar

Plus:

-NetBSD bans AI code
-Apple publishes App Store fraud numbers
-UK NCSC launches cyber protection service for election workers/candidates
-New NIST and CISA guides
-FCC proposes BGP reporting requirements
-Two MEV crypto bot hackers arrested
-Nigerian scammer sentenced
-LabHost-related arrests continue
-ViperSoftX malware adopts OCR
-Malware reports on Latrodectus, Darkgate, Metamorfo, Black Basta
-APT reports on Kimsuky, Bitter, Earth Hundun, Turla
-New WiFi SSID confusion attack

campuscodi,
@campuscodi@mastodon.social avatar

And:

-Swedish far-right party linked to troll farm
-Companies of two Moldavian brothers linked to Doppelganger, the RRN network, and NoName057
-Profile of a major Russian disinfo peddler
-ThroughTek platform vulnerabilities impact 100 mil devices
-Major bugs in GE ultrasound devices
-Cisco security updates
-HTTP/2 CONTINUATION Flood attack found to be pretty massive/efficient
-Third Chrome zero-day in a week
-Major moves on the SIEM market
-Doxbin goes down after videos of admin getting beat up

selenalarson, to random
@selenalarson@mastodon.social avatar

Did you know there’s not a single woman on the FBI’s most wanted cyber list

campuscodi,
@campuscodi@mastodon.social avatar

@selenalarson

"because they're in the kitchen"

~~ probably Harrison Butker :blobpeek:

campuscodi, to random
@campuscodi@mastodon.social avatar

NetBSD follows Gentoo and bans AI-generated code

"Code generated by a large language model or similar technology, such as GitHub/Microsoft's Copilot, OpenAI's ChatGPT, or Facebook/Meta's Code Llama, is presumed to be tainted code, and must not be committed without prior written approval by core."

https://www.netbsd.org/developers/commit-guidelines.html

campuscodi,
@campuscodi@mastodon.social avatar

@pixelistik an auto-complete will maybe fix a function or two... AI generated code will literally dump 400 lines of unvetted code

campuscodi, to random
@campuscodi@mastodon.social avatar

Twitter is full of idiots blaming the Fico assassination attempt on everything under the sun. From the WHO to Soros.

That site keeps digging its own grave of irrelevance

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-ebury-botnet-compromises-entire-isps-and-hosting-providers/
Podcast: https://risky.biz/RBNEWS288/

-Ebury gang compromises entire ISPs and hosting providers
-UK announces Share and Defend project
-UK advises against paying ransoms
-Helsinki discloses data breach
-New RFDoS attack takes down sites with their own firewall
-Apple, Google block unwanted Bluetooth trackers
-Firefox 126 will now track searches by US desktop users
-Tornado Cash developer sentenced
-Estate PhaaS leaks internal DB
-INC ransomware code sold online

campuscodi,
@campuscodi@mastodon.social avatar

Plus:

-History of the SolarMarker malware family
-Malware reports on Black Basta, CrealStealer
-Reports on campaigns abusing malvertising, FoxIT exploits, copyright violation notices, and more
-GitCaught campaign
-Mallox ransomware campaign hits MSSQL DBs
-Trik botnet spams loads of LockBit payloads
-APT reports on Lazarus, PhantomCore, CeranaKeeper
-Patch Tuesday is out
-2 MSFT zero-days, one Chrome one
-CYBERUK 2024 videos
-New tools—Fiddleitm, IconJector, wayback-keyword-search

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-black-basta-group-spam-bombs-victims-and-then-calls-to-help/
Podcast: https://risky.biz/RBNEWS287/

-Black Basta group spam-bombs victims and then calls to help
-Smart home wall pad hacker sentenced
-Another Europol data breach
-Google fixes a Chrome zero-day
-US Navy to build a unified cyber defense network
-UK NHS warns of attacks on Arcserve UDP servers
-Christie's hacked ahead of big auction
-Firefox to add Bounce Tracking Protection
-New US Project Fortress
-ICO crypto-scammers detained
-Hacker-for-hire suspect set free

campuscodi,
@campuscodi@mastodon.social avatar

Plus:

-US Coast Guard sends phishing alert
-Malicious Minecraft mod found
-New Activator macOS malware
-Malware reports on Cuckoo Stealer, Kinsing, HiddenShovel, and the Rhysida, BlackBasta, and Wormhole ransomware strains
-APT reports on Lazarus, Kimsuky, and MuddyWater
-Cinterion modem vulnerabilities impact IoT/ICS gear
-Big NextJS and PDF.js bugs
-New PressHammer attack
-New tools—HoneyTrail and HelloJackHunter
-RSA and UniCon conference videos

campuscodi, to random
@campuscodi@mastodon.social avatar

Is Gmail useless these days? I keep marking domains as spam, yet they're back the next day in my inbox with literally the same email/domain I marked as spam a few hours ago

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-68-tech-companies-pledge-to-cisas-secure-by-design-project/
Podcast: https://risky.biz/RBNEWS286/

-68 tech companies pledge to CISA's Secure by Design project
-European Parliament discloses data breach
-Another major US healthcare chain gets hacked;
-Scattered Spider returns
-F5 fixes some major bugs
-Dell data breach
-Zscaler denies breach
-Ukraine attacks Russian software company
-Kosovo sees DDoS attacks after showing support for Ukraine
-Russia's fake UA defacements
-800 solar power monitoring devices hijacked in Japan

campuscodi,
@campuscodi@mastodon.social avatar

Plus:

-Canada's British Columbia province suffers a breach
-WebDetetive/OwnSpy second hack
-Russian hackers hijack Balticom TV signals
-Boeing confirms $200mil ransom in 2023 ransomware incident
-StackOverflow AI bros turn on their users
-New Apple security guides
-First Cybersecurity Posture of the US report
-Skimmer gang detained
-BogusBazaar gang runs 75K fake online stores
-Reports on Tycoon 2FA PhaaS and Cerberus gangs
-NSO uses lawsuit to go after CitizenLab's methods

campuscodi,
@campuscodi@mastodon.social avatar

And:

-16 OAGs send a privacy letter to Congress
-New WordPress malware
-Malware reports on AsyncRAT, Mirai, Viper
-Summary of Russian APT activity in Ukraine
-Emerald Divide info ops
-CopyCop info ops
-Doppelganger and Havana Syndrome info ops
-Doppelganger and the campus protests info ops
-New APT28 attacks in Poland
-New covert channel attack uses CPU speeds
-NetNoiseCon 2024 videos
-New tools in PGDSAT, Misconfig Mapper, CISA Parsnip, CISA Vulnrichment, and CCTV

campuscodi, to random
@campuscodi@mastodon.social avatar

LockBitSupp doing the media tour with the same boring ass "you got the wrong guy" routine that all the previous ransomware dudes attempted and failed

campuscodi, to random
@campuscodi@mastodon.social avatar

This is just of the many tweets that are flooding Twitter these days praising Telegram and discouraging users from using Signal with stupid NSA and FBI conspiracy theories.

Under no scenario you should have Telegram installed on your phone. It's basically the Hulk Hogan of E2EE apps

campuscodi,
@campuscodi@mastodon.social avatar

Other people are now seeing the same Twitter spam.

Many of these spammy accounts are post Feb 2022 accounts, suggesting a Russian nexus.

campuscodi, (edited )
@campuscodi@mastodon.social avatar

@noodlejetski That's exactly why I'm not taking that clown seriously. There's actual cryptographers calling his app out and his response was that "whataboutism"

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-lockbit-leader-unmasked-charged-and-sanctioned/
Podcast: https://risky.biz/RBNEWS285/

-LockBit leader unmasked, charged, and sanctioned
-UK accuses China of hacking Ministry of Defense
-New TunnelVision attack leaks VPN traffic
-MITRE links hack to UNC5221 (UTA0178)
-Crypto whale user loses $71mil
-New SecureDrop crypto protocol
-CSRB adds 4 new members
-New CyberCom #3
-New US international cyberspace strategy goes live
-Ransomware payments go down
-Russia links MorLock ransomware to Ukraine

campuscodi,
@campuscodi@mastodon.social avatar

Also:

-Microsoft teases new secure ZTDNS client
-FBI warns of STORM-0539
-New tool—Okta Terrify
-Black Hat Asia 2024 slides
-RIOT OS investigates why vulnerabilities took weeks to patch
-Malware reports on Matanbuchus, HijackLoader, Formbook, zEus Stealer, Guntior
-GNUSai loses $1.27mil
-DDoS attacks hit more than 50 Moldovan govt sites since March
-All LockBit affiliates have been identified, per NCA
-Apple releases M4 chip
-FTC fines BetterHelp $7.8mil

campuscodi, (edited ) to random
@campuscodi@mastodon.social avatar

US charges Russian national with developing and operating the LockBit ransomware

https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware

US sanctions here: https://home.treasury.gov/news/press-releases/jy2326

UK sanctions here: https://www.gov.uk/government/news/uk-and-allies-sanction-prolific-cyber-hacker

AU sanctions here: https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanction-imposed-russian-citizen-ransomware-activity

NCA statement here: https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned

Europol statement here: https://www.europol.europa.eu/media-press/newsroom/news/new-measures-issued-against-lockbit

"KHOROSHEV, Dmitry Yuryevich (a.k.a. KHOROSHEV, Dmitrii Yuryevich; a.k.a. KHOROSHEV, Dmitriy Yurevich; a.k.a. YURIEVICH, Dmitry; a.k.a. "LOCKBITSUPP")"

campuscodi, to random
@campuscodi@mastodon.social avatar

Newsletter: https://news.risky.biz/risky-biz-news-microsoft-ties-security-goals-to-exec-compensation/
Podcast: https://risky.biz/RBNEWS284/

-Microsoft ties security goals to exec compensation
-EU countries condemn Russia over APT28 hacks
-Hacker-for-hire suspect detained in London
-SiegedSec campaign targets far-right groups
-Another Webex leak in Germany
-City of Wichita suffers ransomware attack
-Ukraine cyberattacks Russia's Tatarstan region
-Microsoft bans LEA from using AI for facial recognition
-New US international cyberspace strategy coming at RSA

campuscodi,
@campuscodi@mastodon.social avatar

Plus:

-New EU cyber rules for electricity providers
-EU guide for PQC transition
-NATO Locked Shields 2024 concludes
-Operation PANDORA disrupts 12 scam call centers
-BTC-e boss pleads guilty
-Law enforcement teases LockBitSupp dox again
-New Android click fraud trojan
-Mal.metrica, FIN7, and Gootloader campaigns
-APT reports on HideBear and Sandworm's Kapeka
-Vuln reports in Microsoft's PlayReady DRM, the Jitsi Meet video conferencing tool
-Unpatched bug and PoC in Tinyproxy servers

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • cubers
  • thenastyranch
  • InstantRegret
  • Youngstown
  • rosin
  • slotface
  • Durango
  • ngwrru68w68
  • khanakhh
  • kavyap
  • everett
  • DreamBathrooms
  • anitta
  • magazineikmin
  • cisconetworking
  • GTA5RPClips
  • osvaldo12
  • tacticalgear
  • ethstaker
  • modclub
  • tester
  • Leos
  • normalnudes
  • provamag3
  • megavids
  • lostlight
  • All magazines
    •