Zum Inhalt der Seite gehen

Suche

Beiträge, die mit infosec getaggt sind


New by me:

Hackers Teaching Hackers 2024, a brief retrospective.

https://sempf.net/post/hackers-teaching-hackers-2024

#infosec #conference #blog


with the possibility of street action picking up again in the coming months, here's a guide i wrote to help ppl prepare for what to expect when there's a possibility of getting arrested (and maybe why they want to avoid it whenever possible)

https://howtogetarrested.puter.site

#election #election2024 #harris #trump #protest #protestSafety #movementSecurity #mobilizing #organizing #harmReduction #resistance #activism #postElectionPrep #infosec #privacy #PreparednessNotParanoia


In this increasingly repressive climate, I'm surprised more activists haven't caught on to the fact that being able to have your #socialmedia server in any country you want can be a huge asset, and that the #fediverse is the only platform providing that ability.

But apparently that's the kind of galaxy-brain thinking that only I can come up with. 🙄

#mastodon #activism #infosec #opsec #tech #ActivityPub


“It's infinitely safer to convince 500 people to withdraw their money from Wells Fargo and Chase so they can't fund a defense contractor or the next pipeline than it is to redecorate a few of their branches. (It leaves a bigger dent too.)”

https://kolektiva.social/@tothedaring/113460078355087435

#civilDisobedience #massNoncooperation #directAction #organizing #protest #resistance #activism #MovementSecurity #MoSec #privacy #infosec #movementorganizing #harmreduction #safety #protestSafety #harris #trump #election #election2024 #democrats


WIRTE APT Targets Israel with Wiper Malware

Pulse ID: 6734783599d63a48c4802abe
Pulse Link: https://otx.alienvault.com/pulse/6734783599d63a48c4802abe
Pulse Author: cryptocti
Created: 2024-11-13 09:58:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Israel #Malware #OTX #OpenThreatExchange #bot #cryptocti


Check Point Research (CPR): Hamas-Affiliated Threat Actor Wirte Continues Its Middle East Operations And Moves To Disruptive Activity
Hamas-affiliated threat actor WIRTE continues to leverage recent events in the region in their espionage operations, likely targeting entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia. CPR assesses that WIRTE group has expanded beyond espionage to conduct disruptive attacks, identifying clear links between the custom malware used by the group and te wiper malware SameCoin (used against Israel entities in February and October 2024). Indicators of compromise provided.

#hamas #wirte #gazacybergang #cyberespionage #wiper #IOC #threatintel #infosec #cyberesecurity #cyberthreatintelligence #CTI


I just wanted to contact a security researcher about something he found a while ago, because I found new details (a regression) and wanted to collaborate. But I can't, because the only contact provided is an X profile and I do not have an account there anymore.

If you are *only* reachable via X, you are missing out. Update your public profiles to include other ways to contact you privately. Tell your friends.

#infosec


What a mess.

We’re all looking at the insecure finances, ownership & security of 23 & Me.

Meanwhile, DNA report company Atlas Biomed took money & DNA, then simply went dark & vanished…

And now appears to have been a Russian front company based in Moscow.

#23andme #dna #dnatesting #atlasbiomed #moscow #russia #infosec #privacy #informationsecurity #medtech

https://www.bbc.co.uk/news/articles/cz7wl7rpndjo


A massive hacking scandal that has engulfed Italy is now threatening to spill beyond its borders, sucking in Israel, the Vatican, the United Kingdom and Lithuania. https://www.politico.eu/article/vatican-israel-italian-hacking-scandal-uk-lithuania-equalize/ #italy #vatican #israel #hacking #infosec


So ...let's face it. A LOT of folks in tech circles are somewhat amazed a fully #blind person can even find the power button on a computer, let alone operate it professionally. I am such a person, and I'd like to bust that myth.
It's also true that many #hacking tools, platforms, courses etc. could use some help in the #accessibility department. It's a neverending vicious circle.
Enter my new twitch channel, IC_null. On this channel, I will be streaming #programming and #hacking content including THM, HTB and who knows what else, from the perspective of a #screenReader user.
What I need, is an audience. If this is something you reckon you or anybody you know might be interested in, drop the channel a follow or share this post. Gimme that #infoSec Mastodon sense of comradery and help me out to make this idea an actual thing :) https://twitch.tv/ic_null #tryHackMe #streamer #selfPromo


"Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice"

https://dys2p.com/en/2021-12-tamper-evident-protection.html#random-mosaic-rm

1) put device in bag 2) put bagged device in another bag 3) pour in a mixture of different colored beans, forming a visual mosaic 4) send picture of mosaic to recipient

EDIT: author is on fedi @dys2p

#lowtech #infosec #opsec #compostable #edible
A vacuum sealed bag, half-filled with red lentils and black beans. An electronic device is presumably hidden within the lentil-bean mixture within another plastic bag.


I genuinely forgot my phone pin for ~12 hours.

A pseudo-pattern, because #grapheneOS doesn't allow actual patterns on the basis they are less secure 🙃

Managed to shift the 2 starting numbers to one side. After ~60 brute-force attempts from this incorrect starting position, my intuition/desperation lead me to the correct start position -> success 👴

Super insecurity-inducing episode. (And what about accident induced memory loss? Dementia? Perhaps biometric #passkeys solve it all /s) #infosec


"For years, the antivirus software company harvested information from users’ web browsers without their consent." #infosec #privacy

Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting


Big news in Australia, which has named and shamed an alleged cybercriminal (I think for the first time?). Australia says a Russian man, Aleksandr Ermakov, is responsible for the data breach and extortion attempt against health insurer Medibank in 2022. Ermakov, who was ID’d by the Australian Signals Directorate and the Australian Federal Police, has been sanctioned under a cyber-related sanctions framework, which is the first time Australia has applied the framework.

A few thoughts on this. In Nov. 2022 AFP Commissioner Reece Kershaw said that AFP had a good idea who was behind the Medibank attack. If they already knew Aleksandr Ermakov's name then, that's remarkably fast attribution of in-real-life IDs, which is terrific. Fighting organised cybercriminal groups residing in safe haven countries is difficult. But naming-and-shaming and sanctioning makes it difficult for these actors to live normal lives or travel. It's an important tool, and it's great to see Australia do this. The U.S often takes it a step further, convening grand juries to secure indictments that are often kept under seal unless the suspect is caught. I'd be interested in knowing if Ermakov is now on an international watch list. The Medibank breach was awful for our country. But it's important to note that 1) Ermakov didn't get paid 2) This stigma will follow him around for the rest of his days and 3) It shows other ransomware actors they could be doxxed as well, which is a deterrent. #infosec https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976


Genetic testing firm 23andMe has suffered a data breach.

1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.

It appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles

@lhn's story has all the details we know so far:
https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ #cybersecurity #news #tech #23andme #infosec


I'm planning to do more digital privacy/security skillshares at some point.

Does anyone know of a nice 'ladder' of steps? Simpler steps with higher payoffs at the beginning kind of thing... essay or infographic.

Would be nice to have some orientation in the huge field of #infosec #privacy #cryptoparty #crypto