Skip to main content

Search

Items tagged with: infosec

Una copia del libro Alice and Bob Learn Application Security sobre una mesa de cristal. El libro tiene una portada de color morado y en el centro se abre un círculo con una ilustración en el que una mujer con pelo largo sostiene una tablet con la que está interactuando un hombre con gafas con cara sonriente.
#libros #infosec #booktodon @SoyDelBierzo :verified_paw: @SheHacksPurple

In exciting news I appear to be part of one of the first data breaches of the fediverse era!

I got this email 20 minutes ago letting me know my data migration from mastodon.social was dumped in a breach.

I'm going to be honest, I've got some opinions on the fact that a public bucket is used to store archives, with just obfuscation to stop people from downloading them.

#mastodon #infosec #fediverse

Hello tedivm, Early morning Feb 24 we were indirectly made aware of a misconfiguration on our object storage domain (files.mastodon.social) that allowed anyone to see the list of all uploaded files. Within 30 minutes this mistake was corrected. However, we have reasons to believe that the issue has existed since Feb 2, when we began upgrading our infrastructure. Normally Mastodon relies on long, randomly generated file names with high entropy to ensure that certain files are accessed only by those who know the link. However, that misconfiguration allowed that measure to be bypassed. Most files in our object storage are public in nature—profile pictures, custom emojis, images and videos attached to public posts. But there is a type of file that should never be accessed by anyone but its owner, and it’s the user’s archive takeout. Unfortunately, your archive takeout was among those in the system when the incident occurred. We have immediately deleted all archive takeouts to prevent anyone from downloading them, but we have reasons to believe that at least some of them were downloaded by unauthorized parties. Archive takeouts contain the following information: * Your public profile * Your favorites * Your bookmarks * Your posts and media attachments (including followers-only and mention-only posts)
They DO NOT contain your e-mail address or any other Personal Identifiable Information from your account, excepting anything you've manually put in your public profile or shared in posts. No action is required on your part. We apologize sincerely for this mistake. We are changing the Mastodon software to not rely on high entropy links for access control to archive takeouts any longer, as well as adding an automated check into the admin dashboard to detect similar misconfigurations and notify other server operators about them. Security is important to us and we are continuously improving our processes as we scale our organization from one employee to multiple to ensure that mistakes like this do not happen in the future. Eugen Rochko | CEO Mastodon gGmbH joinmastodon.org | e: hello@joinmastodon.org
#fediverse #mastodon #infosec

While a few apps such as Signal, iMessages, WhatsApp, and Threema encrypt the payload of their push notifications end-to-end, many other apps don't encrypt the payload. This includes most email apps and most apps in the social networking and shopping categories.

#Privacy #infoSec #infosecurity

https://www.cnbc.com/2023/12/06/apple-and-google-phone-users-spied-on-through-phone-push-notifications.html


Governments are spying on Apple and Google users through phone notifications, U.S. senator says

U.S. Sen. Ron Wyden warned that foreign governments are spying on smartphone users by compelling Apple and Google to turn over push notification records
Ashley Capoot (CNBC)
#privacy #infosec #infosecurity

In my team we have openings for #developer focused on #offensive / #redteam development. You will help to make the research and education sector better (focused specially for #sweden) with your skills and write all #opensource tools.

https://vr.se/sidfot/arbeta-hos-oss/lediga-jobb.html?rmpage=job&rmjob=441&rmlang=SE #python #sverige #svenska #sunet #infosec

Ask me any question about the position or team and culture.

Please boost for more reach


Lediga jobb

Här ser du alla Vetenskapsrådets lediga jobb. Du kan också starta en prenumeration och få ett mejl när vi har lediga jobb att söka.
vr.se
#OpenSource #infosec #python #developer #Sweden #sverige #redteam #offensive #svenska #Sunet

American conservative think tank

Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)
#research #infosec #cybersecurity #infosecurity #osint #cybersec

Polish hackers figured out that a train manufacturer had programmed its trains to break down after certain dates, or if they were serviced at another company's workshop.

https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

attn @jon@echo_pbreyer

#trains #RighttoRepairEurope #InfoSec #railway #Poland #Polska


Dieselgate, but for trains – some heavyweight hardware hacking

[this is an English translation of the original article in Polish, we occasionally publish the best cyber stories from Poland in English] A train manufactured by a Polish company suddenly broke down during maintenance. The experts
BadCyber
#railway #infosec #Poland #trains #RighttoRepairEurope #polska @Patrick Breyer @Jon Worth

#InfoSec picks of the day:

➡️ @haveibeenpwned - Site which lets you check if you are victim of security breaches

➡️ @smashingsecurity - Award-winning humorous podcast about computer security

➡️ @gcluley - Computer security expert, blogger, co-host of Smashing Security podcast

➡️ @rysiek - IT expert, dev, good guy hacker

➡️ @adminmagazine - Technical journal for system administrators

➡️ @kalilinux - Linux distro for computer security tasks such as digital forensics, penetration testing etc

1/4

#infosec @Michał "rysiek" Woźniak · 🇺🇦 @Graham Cluley @Smashing Security podcast @Kali Linux @Have I Been Pwned @ADMIN magazine

I quit a high-paying #infosec job a couple of weeks ago because of bad managers and trash industry. Cold turkey. Nothing lined up, no backup plan, nothing. It was the money or my sanity. Now that I have to look for something else, I am seriously considering leaving the industry altogether.
#infosec

CVE-2023-49103 is a vulnerability in #ownCloud that exposes the PHP environment. In containerized deployments, this includes the ownCloud admin password, mail server credentials, and license key.

Patch before your ownCloud instance becomes an ownedCloud instance :blobcatphoto:

#CVE202349103 #Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE

#hacking #infosec #cybersecurity #pentesting #BugBounty #AppSec #owncloud #cve #cve202349103

Well, I'm kind of back to Mastodon. I took a long break from all social media and deleted every single one of my accounts... Mastodon, LinkedIn, Twitter/X, etc.

I guess I'm going to try it out again. I do miss the #InfoSec community and haven't been keeping up with the news and happenings as I should have been.

I hope to re-kindle some online friendships, so if you find me here, please say hello!

#infosec

The average user of https://cvecrowd.com sends about 9 HTTP requests to the web server.

On November 2nd, TWO MILLION requests were sent from three IP addresses in two hours.

The Anatomy of an Attack 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #BlueTeam #CveCrowd

cvecrowd.com

cvecrowd.com
#hacking #infosec #cybersecurity #pentesting #BugBounty #AppSec #blueteam #cvecrowd

The latest #Intel processor vulnerability (CVE-2023-23583) leading to information disclosure, denial of service, or privilege escalation has been patched today for #Debian 12 and Debian 11 users through an intel-microcode #security update. Update your systems now!

#Linux #infosec #infosecurity

#linux #Debian #security #infosec #intel #infosecurity

YET another example in people having no problem in making colors and saying "hackers" erroneously to call #cybercriminals when hackers are in reality for most part the good guys but then
have no issue neither 2 actually become #cybercriminals in the name
of fucking $ is why that even do I work in #infosec for 24
years now still like when people call me a #hacker rather than
a #infosec because 4 me that is just a job not a way of thinking or a culture
#HackingIsNotACrime https://www.theregister.com/2023/11/20/former_infosec_coo_pleads_guilty/

Former infosec COO pleads guilty to attacking hospitals to drum up business

Admits to taking phones used for 'code blue' emergencies offline and more
Connor Jones (The Register)
#Hacker #infosec #HackingIsNotACrime #cybercriminals

This dumb password rule is from Movistar.

Min 7 and max 8 characters for password! Also to be different than the
username: the user name is automatically generated and is based on the
surname of the user with some characters replaced by digits 😀
Has been that way for more than 10 years.

https://dumbpasswordrules.com/sites/movistar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules


Movistar - Dumb Password Rules

Min 7 and max 8 characters for password! Also to be different than the username: the user name is automatically generated and is based on the surname of the user with some characters replaced by digits :) Has been that way for more than 10 years.
dumbpasswordrules.com
#infosec #password #cybersecurity #passwords #dumbpasswordrules

Whoever has my passwords, can steal my identity and spend my money.

Whoever can read my email, can reset (almost) all my passwords.

Whoever controls my MX record, can receive my email.

Once again, DNS is the linchpin. At least I have DNSSEC to make poisoning attacks and other DNS lies harder.

#infosec

#infosec

I have a free 1 year subscription for #Norton360 #antivirus.
I already have AV for all our work computers* so my question for all you #infosec people out there... what should I do with this please?

*We currently have Eset/Nod32 but I'm evaluating Bitdefender as our contract renews soon. If anyone can share good/bad experience about these two I'd appreciate it. There seem to be a lot more buzzwords in AV than I remember and it's hard to see that one product is any better or worse than another.

  • Give it away (suggestions by reply please) (0%, 0 votes)
  • Give it someone you hate (50%, 1 vote)
  • Bin it! (50%, 1 vote)
  • Something else (suggest in comments) (0%, 0 votes)
2 voters. Poll end: 2 weeks ago

#infosec #antivirus #norton360

Anyone trying to break into #infosec or #getfedihired and struggling to get a foot in the door should be talking to @Lemniscate - she's the real deal.
#infosec #getfedihired @Lemniscate

Dec 7
FXBG Hackers - 0x10 - December 2023
Thu 12:00 AM - 2:00 AM
FXBG Hackers

FXBG Hackers - Fredericksburg, VA


1st Wednesday of Every Month!

(Note: not everyone RSVPs or clicks "Participate" in Mobilizon, so if it says no one is participating, it's lying. We have a couple hundred members with 20 to 30 folks that come out each month.)

White Hat, Black Hat, Gray Hat - N00b, 1337, Obso1337 Hacktivist, Corporate, Fed, Govt, Mil, Hobbyist - All are welcome.

AGENDA


  • 7:00 - Soft start / Socializing
  • 7:15 - Meeting begins
    • Intro
    • Guidelines
    • Community News


  • 7:30 - Firetalks
    • 10-minute presentation
    • 5-minute discussion
    • Slides, media, and demos are encouraged but not required.
    • We'll have a large display and a display laptop running Ubuntu available if need be; otherwise, bring your laptop or speak without slides.
    • Note: No vendor pitches, no recruiter pitches.


  • 8:45 - Who's Hiring / Who's Looking for Work
    • Those that are hiring can give a quick announcement.
    • Those who are looking for work can give a quick pitch.


  • 9:00 - Formal End of Meetup
  • 9:00+ - Socializing, Eating, Hanging Out, Hacking
    • The brewery closes at 9:00, but the night owls typically migrate to another venue after the meetup.


Note on FireTalks: If it's your first time here - chill, relax, enjoy and hang out. Otherwise, hop up and give a fire talk. Fire talks are short talks around a topic generally related to hacking. Talks last roughly 10 minutes or less, with 5 minutes of discussion afterward. Be as formal or informal as you like. Slides, demos, and media are encouraged but not required. If you're unsure what to talk about or have worries about presenting, ask one of the organizers for help. We're here for you. We apply a very broad definition of hacking - taking something and utilizing it beyond its intended means.

Note: We do not advocate illegal activities. If you're discussing bypassing computer security, you have permission to do so or are utilizing your equipment in a lab environment.

CODE OF CONDUCT & RULES


  1. Don't hack the venue!
  2. Don't hack other attendees without consent.
  3. Don't talk about anything illegal.
  4. Don't harass other attendees.
  5. Follow venue rules.
  6. Treat venue staff well.
  7. Do participate. Do Have Fun.
  8. Don't hack the venue!

All are welcome regardless of race, age, experience, gender identity, sexual orientation, ethnicity, disability, national origin, religion, or creed.

The Paradox of Tolerance Addressed: We do NOT tolerate intolerance. You will be banned if you advocate ostracizing, oppressing, or hurting others.

#Hacker #hacking #infosec #hackers #FXBG #Information Security

My new keycaps came in and I put them on. I like it. Double shot pbt. The artisan keycap is for the key that changes the backlight. Blank one is technically a macro, but is by default for cortana/siri. Couldn't be bothered to change it.

#hardware #infosec #infosecurity #cybersecurity #cybersec #cyber #mechanicalkeyboard

#infosec #cybersecurity #hardware #Cyber #infosecurity #cybersec #mechanicalkeyboard

#ekoparty #infosec #conf #timetable #agenda #text Aqui les regalo el cronograma de ekoparty 2023 de manera legible y accesible. La verdad pésima la página de la organización, una basura. https://pastebin.com/3JQC3Zsw

De nada.

Suckless Ekoparty Timetable 2023 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Pastebin
#infosec #text #agenda #ekoparty #conf #timetable

STMicroelectronics STM32F1 Bypass read-out protection (RDP) .
Interesting blogpost for anyone into microcontrollers hacking.
(credits Marc Schink and Johannes Obermaier)

https://blog.zapb.de/stm32f1-exceptional-failure/

#stm #hacking #microcontroller #infosec #cybersecurity #iot #embedded

Exception(al) Failure - Breaking the STM32F1 Read-Out Protection

The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material. In order to protect the confidentiality of these assets,
blog.zapb.de
#hacking #infosec #cybersecurity #iot #embedded #stm #microcontroller

:tor: Tor Project Needs Our Help

📉 Donations Down This Year

:tor: Tor: Not Only A Browser For Privacy Online:

It's Also An Essential Tool #Journalists / Vulnerable Populations Around The World Use To Access Internet / Bypass Censorship.

💡 ❤️ Tor is FREE. So worth it.

(I donated)

#TorBrowser #nonprofit #charity #donate #proxy #encryption #crypto #infosec #cybersecurity #censorship #internet #GreatFireWall #Snowflake #privacy

🔗 :tor: Tor Project Donation Page: https://donate.torproject.org


Donate to the Tor Project

If you value privacy, support Tor
donate.torproject.org
#privacy #encryption #Internet #torbrowser #infosec #proxy #cybersecurity #Censorship #crypto #donate #snowflake #nonprofit #greatfirewall #journalists #charity

Wondering what CVEs are being discussed on Mastodon right now?

I've just launched https://cvecrowd.com, a website that shows you exactly that!

Learn more below 🧵

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd

Screenshot of https://cvecrowd.com. In it's current size, there are 5 columns, each for one CVE that is currently discussed. The first in the screenshot is CVE-2023-4966. The column displays information from MITRE and NVD like the dates when the CVE was published and modified, the CVSS v3.1 vector and the CVE description. There is a line graph showing that the CVE was mentioned 4 times with 34 interactions in the last 24 hours. Beneath the description are the posts of fellow Mastodon users regarding that CVE, sorted by popularity. The other columsn are structured alike.

cvecrowd.com

cvecrowd.com
#hacking #infosec #cybersecurity #pentesting #BugBounty #AppSec #cve #cvecrowd

I'm hoping for someone to help with some PRs for the following metadata:

zoho assist
splashtop
ScreenConnect
Remote Utilities
AnyConnect
Chrome Remote Desktop

This project is early stages but it's definitely needed, so if you have ideas, feedback, or want to be involved, let me know! #cybersecurity #infosec

#infosec #cybersecurity

I'm putting together a project to monitor RMMs and their metadata with the goal of auto building alerting mechanisms such as carbon black watch lists and sigma alerts.

https://github.com/LivingInSyn/RMML

#cybersecurity #infosec


GitHub - LivingInSyn/RMML: A list of RMMs for security pros

A list of RMMs for security pros. Contribute to LivingInSyn/RMML development by creating an account on GitHub.
GitHub
#infosec #cybersecurity

Manufactured image depicting IRC channel takeover.
#infosec #irc #oldschool #exploits #internethistory #goodolddays #mirc

EU Governments Set To Approve End Of Secure Messaging

People Don't Have A Right To Basic Security... For Their Own Devices?

(don't think it won't spread)

#News #e2ee #encryption #crypto #EU #ChatControl #MassSurveillance #privacy #SurveillanceCapitalism #Governance #infosec #cybersecurity

https://www.patrick-breyer.de/en/chat-control-2-0-eu-governments-set-to-approve-the-end-of-private-messaging-and-secure-encryption/


Reclaiming our digital future – Shedding light on Big Tech lobbying in the European Parliament

With the EP\'s mandate coming to an end in 2024, many crucial digital policy files are currently in their finishing stages. Many of them have an impact on our democracies. …\n
Patrick Breyer
#EU #privacy #encryption #SurveillanceCapitalism #infosec #news #cybersecurity #e2ee #masssurveillance #crypto #chatcontrol #governance

Este sitio web utiliza cookies. Si continúa navegando por este sitio web, usted acepta el uso de las cookies.