Search
Items tagged with: infosec
Meta defies FBI opposition to encryption, brings E2EE to Facebook, Messenger
Default E2EE rolling out now but will take months to reach all 1 billion users.Ars Technica
In exciting news I appear to be part of one of the first data breaches of the fediverse era!
I got this email 20 minutes ago letting me know my data migration from mastodon.social was dumped in a breach.
I'm going to be honest, I've got some opinions on the fact that a public bucket is used to store archives, with just obfuscation to stop people from downloading them.
While a few apps such as Signal, iMessages, WhatsApp, and Threema encrypt the payload of their push notifications end-to-end, many other apps don't encrypt the payload. This includes most email apps and most apps in the social networking and shopping categories.
#Privacy #infoSec #infosecurity
Governments are spying on Apple and Google users through phone notifications, U.S. senator says
U.S. Sen. Ron Wyden warned that foreign governments are spying on smartphone users by compelling Apple and Google to turn over push notification recordsAshley Capoot (CNBC)
In my team we have openings for #developer focused on #offensive / #redteam development. You will help to make the research and education sector better (focused specially for #sweden) with your skills and write all #opensource tools.
https://vr.se/sidfot/arbeta-hos-oss/lediga-jobb.html?rmpage=job&rmjob=441&rmlang=SE #python #sverige #svenska #sunet #infosec
Ask me any question about the position or team and culture.
Please boost for more reach
Lediga jobb
Här ser du alla Vetenskapsrådets lediga jobb. Du kan också starta en prenumeration och få ett mejl när vi har lediga jobb att söka.vr.se
Polish hackers figured out that a train manufacturer had programmed its trains to break down after certain dates, or if they were serviced at another company's workshop.
https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
attn @jon@echo_pbreyer
#trains #RighttoRepairEurope #InfoSec #railway #Poland #Polska
Dieselgate, but for trains – some heavyweight hardware hacking
[this is an English translation of the original article in Polish, we occasionally publish the best cyber stories from Poland in English] A train manufactured by a Polish company suddenly broke down during maintenance. The expertsBadCyber
#InfoSec picks of the day:
➡️ @haveibeenpwned - Site which lets you check if you are victim of security breaches
➡️ @smashingsecurity - Award-winning humorous podcast about computer security
➡️ @gcluley - Computer security expert, blogger, co-host of Smashing Security podcast
➡️ @rysiek - IT expert, dev, good guy hacker
➡️ @adminmagazine - Technical journal for system administrators
➡️ @kalilinux - Linux distro for computer security tasks such as digital forensics, penetration testing etc
1/4
FranceConnect #bugbounty for #hackers but not for #cybercriminals
https://yeswehack.com/programs/franceconnect-agentconnect-public
CVE-2023-49103 is a vulnerability in #ownCloud that exposes the PHP environment. In containerized deployments, this includes the ownCloud admin password, mail server credentials, and license key.
Patch before your ownCloud instance becomes an ownedCloud instance
#CVE202349103 #Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE
Well, I'm kind of back to Mastodon. I took a long break from all social media and deleted every single one of my accounts... Mastodon, LinkedIn, Twitter/X, etc.
I guess I'm going to try it out again. I do miss the #InfoSec community and haven't been keeping up with the news and happenings as I should have been.
I hope to re-kindle some online friendships, so if you find me here, please say hello!
The average user of https://cvecrowd.com sends about 9 HTTP requests to the web server.
On November 2nd, TWO MILLION requests were sent from three IP addresses in two hours.
The Anatomy of an Attack 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #BlueTeam #CveCrowd
Today at #ThrowbackThursday / #tbt: "Hacking Android & iOS apps with Deep Links and XSS" by Abraham Aranguren / 7asecurity, from our 2020 Hackfest Holidays edition!
Happy (re-)watching!
https://www.youtube.com/watch?v=fU5U3d5IGog&list=PLaXanmjyAPzHu5m16TQ8ClmjiC4hHb83p
#hacking #infosec #hackfest #hf2020 #cybersecurity #HFHolidays
🔎 🕵️♂️ MALTEGO OSINT TUTORIAL FOR BEGINNERS:
Adding All 100% Free Transforms
This Will Be Fun! 😎 ⌨️ :terminal:
#OSINT #Maltego #investigate #investigation #tools #linux #tutorial #peertube #infosec #cybersecurity #video #privacy
https://tube.tchncs.de/w/3dPsgaxCGTf5z1n8UMK6r3 https://fosstodon.org/@RTP/111452351009231155
🔎 🕵️♂️ MALTEGO OSINT TUTORIAL FOR BEGINNERS:
Adding All 100% Free Transforms
This Will Be Fun! 😎 ⌨️
#OSINT #Maltego #investigate #investigation #tools #linux #tutorial #peertube #infosec #cybersecurity #video #privacy
have no issue neither 2 actually become #cybercriminals in the name
of fucking $ is why that even do I work in #infosec for 24
years now still like when people call me a #hacker rather than
a #infosec because 4 me that is just a job not a way of thinking or a culture
#HackingIsNotACrime https://www.theregister.com/2023/11/20/former_infosec_coo_pleads_guilty/
Former infosec COO pleads guilty to attacking hospitals to drum up business
Admits to taking phones used for 'code blue' emergencies offline and moreConnor Jones (The Register)
This dumb password rule is from Movistar.
Min 7 and max 8 characters for password! Also to be different than the
username: the user name is automatically generated and is based on the
surname of the user with some characters replaced by digits 😀
Has been that way for more than 10 years.
https://dumbpasswordrules.com/sites/movistar/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Movistar - Dumb Password Rules
Min 7 and max 8 characters for password! Also to be different than the username: the user name is automatically generated and is based on the surname of the user with some characters replaced by digits :) Has been that way for more than 10 years.dumbpasswordrules.com
Whoever has my passwords, can steal my identity and spend my money.
Whoever can read my email, can reset (almost) all my passwords.
Whoever controls my MX record, can receive my email.
Once again, DNS is the linchpin. At least I have DNSSEC to make poisoning attacks and other DNS lies harder.
I have a free 1 year subscription for #Norton360 #antivirus.
I already have AV for all our work computers* so my question for all you #infosec people out there... what should I do with this please?
*We currently have Eset/Nod32 but I'm evaluating Bitdefender as our contract renews soon. If anyone can share good/bad experience about these two I'd appreciate it. There seem to be a lot more buzzwords in AV than I remember and it's hard to see that one product is any better or worse than another.
- Give it away (suggestions by reply please) (0%, 0 votes)
- Give it someone you hate (50%, 1 vote)
- Bin it! (50%, 1 vote)
- Something else (suggest in comments) (0%, 0 votes)
Retired civil servant interested in: #natsec #military #science #bioscience #biology #pandemics #EmergingTechnology #infosec #InfectiousDisease #virology #BiologicalWeapons #intelligence #space #DoD #history #nature #maker #sporespondence #mosstodon #frogs #hiking #antifascist
FXBG Hackers - Fredericksburg, VA
1st Wednesday of Every Month!
(Note: not everyone RSVPs or clicks "Participate" in Mobilizon, so if it says no one is participating, it's lying. We have a couple hundred members with 20 to 30 folks that come out each month.)
White Hat, Black Hat, Gray Hat - N00b, 1337, Obso1337 Hacktivist, Corporate, Fed, Govt, Mil, Hobbyist - All are welcome.
AGENDA
- 7:00 - Soft start / Socializing
- 7:15 - Meeting begins
- Intro
- Guidelines
- Community News
- 7:30 - Firetalks
- 10-minute presentation
- 5-minute discussion
- Slides, media, and demos are encouraged but not required.
- We'll have a large display and a display laptop running Ubuntu available if need be; otherwise, bring your laptop or speak without slides.
- Note: No vendor pitches, no recruiter pitches.
- 8:45 - Who's Hiring / Who's Looking for Work
- Those that are hiring can give a quick announcement.
- Those who are looking for work can give a quick pitch.
- 9:00 - Formal End of Meetup
- 9:00+ - Socializing, Eating, Hanging Out, Hacking
- The brewery closes at 9:00, but the night owls typically migrate to another venue after the meetup.
Note on FireTalks: If it's your first time here - chill, relax, enjoy and hang out. Otherwise, hop up and give a fire talk. Fire talks are short talks around a topic generally related to hacking. Talks last roughly 10 minutes or less, with 5 minutes of discussion afterward. Be as formal or informal as you like. Slides, demos, and media are encouraged but not required. If you're unsure what to talk about or have worries about presenting, ask one of the organizers for help. We're here for you. We apply a very broad definition of hacking - taking something and utilizing it beyond its intended means.
Note: We do not advocate illegal activities. If you're discussing bypassing computer security, you have permission to do so or are utilizing your equipment in a lab environment.
CODE OF CONDUCT & RULES
- Don't hack the venue!
- Don't hack other attendees without consent.
- Don't talk about anything illegal.
- Don't harass other attendees.
- Follow venue rules.
- Treat venue staff well.
- Do participate. Do Have Fun.
- Don't hack the venue!
All are welcome regardless of race, age, experience, gender identity, sexual orientation, ethnicity, disability, national origin, religion, or creed.
The Paradox of Tolerance Addressed: We do NOT tolerate intolerance. You will be banned if you advocate ostracizing, oppressing, or hurting others.
My new keycaps came in and I put them on. I like it. Double shot pbt. The artisan keycap is for the key that changes the backlight. Blank one is technically a macro, but is by default for cortana/siri. Couldn't be bothered to change it.
#hardware #infosec #infosecurity #cybersecurity #cybersec #cyber #mechanicalkeyboard
#ekoparty #infosec #conf #timetable #agenda #text Aqui les regalo el cronograma de ekoparty 2023 de manera legible y accesible. La verdad pésima la página de la organización, una basura. https://pastebin.com/3JQC3Zsw
De nada.
Suckless Ekoparty Timetable 2023 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.Pastebin
STMicroelectronics STM32F1 Bypass read-out protection (RDP) .
Interesting blogpost for anyone into microcontrollers hacking.
(credits Marc Schink and Johannes Obermaier)
https://blog.zapb.de/stm32f1-exceptional-failure/
#stm #hacking #microcontroller #infosec #cybersecurity #iot #embedded
Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material. In order to protect the confidentiality of these assets,blog.zapb.de
Tor Project Needs Our Help
📉 Donations Down This Year
Tor: Not Only A Browser For Privacy Online:
It's Also An Essential Tool #Journalists / Vulnerable Populations Around The World Use To Access Internet / Bypass Censorship.
💡 ❤️ Tor is FREE. So worth it.
(I donated)
#TorBrowser #nonprofit #charity #donate #proxy #encryption #crypto #infosec #cybersecurity #censorship #internet #GreatFireWall #Snowflake #privacy
🔗 Tor Project Donation Page: https://donate.torproject.org
Wondering what CVEs are being discussed on Mastodon right now?
I've just launched https://cvecrowd.com, a website that shows you exactly that!
Learn more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
#privacy #privacymatters #security #infosec #cybersecurity #cybersec #amazon #amazonecho #surveillance
I'm hoping for someone to help with some PRs for the following metadata:
zoho assist
splashtop
ScreenConnect
Remote Utilities
AnyConnect
Chrome Remote Desktop
This project is early stages but it's definitely needed, so if you have ideas, feedback, or want to be involved, let me know! #cybersecurity #infosec
I'm putting together a project to monitor RMMs and their metadata with the goal of auto building alerting mechanisms such as carbon black watch lists and sigma alerts.
https://github.com/LivingInSyn/RMML
GitHub - LivingInSyn/RMML: A list of RMMs for security pros
A list of RMMs for security pros. Contribute to LivingInSyn/RMML development by creating an account on GitHub.GitHub
EU Governments Set To Approve End Of Secure Messaging
People Don't Have A Right To Basic Security... For Their Own Devices?
(don't think it won't spread)
#News #e2ee #encryption #crypto #EU #ChatControl #MassSurveillance #privacy #SurveillanceCapitalism #Governance #infosec #cybersecurity
Reclaiming our digital future – Shedding light on Big Tech lobbying in the European Parliament
With the EP\'s mandate coming to an end in 2024, many crucial digital policy files are currently in their finishing stages. Many of them have an impact on our democracies. …\nPatrick Breyer