Tootfinder

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
https://www.metacurity.com/p/best-infosecrelated-long-reads-week-51124-c8a1

My poor peers in Infosec. It never gets easier does it?
#OWASP #Infosec #AI #LLM

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn’t properly fit into our daily news crush.
This week's selection covers
--Hackers rescued a bricked Polish train,
--The double life of Incognito Market's founder,
--Tricking Wi-Fi networks into less secure connections,
--Cybercriminals are selling Indian police biometric data,
--AI fakes are used to recruit Indian voters,
--Indian fake news verification tools are a bust
#deepfakes #biometricdata #misinformation #hackers #databreach #infosec #cybersecurity
https://www.metacurity.com/p/best-infosecrelated-long-reads-week-51124-c8a1

Hey everyone. I'm promoting a new YouTube channel hosted by a friend and her family. I'm loving the content she's putting out there. Consider subscribing!
#infosec #training
https://www.youtube.com/@cyberchristy911

QR code SQL injection from popular biometric terminal
💥⁠#InfoSec #CyberSecurity

EDIT: on its way to @…. Thanks, all!
Please share to wireless hackers: Who in the community is doing hacking on fitness trackers, BTLE stuff, radio/wireless, etc? I have an Oura Ring that I had replaced by warranty because the battery life halved suddenly, but it works fine (if with 2-3 days of battery life instead of 5).
Who's the person who'd like this for their lab? I will send a charger as well as the ring because I have an extra one. #infosec #btle #wireless

Days without DATETIME / TIMESTAMP incident:
#infosec #mysql #development

When someone wants us to mitigate vulnerable devices by "putting it behind a firewall". Image stolen from @…
#infosec #firewall #meme

When someone wants us to mitigate vulnerable devices by "putting it behind a firewall". Image stolen from @…
#infosec #firewall #meme

#Tile has been breached according to @…. I'm disturbed to find out that they had a police query tool. I'm going to end up being a hermit just to have some god damn privacy from my government.
#breach #infosec
https://archive.is/NC1NI

#Infosec #Warning
Don't click on any link with "Google" or "Facebook" in the domain, it links to a terrible surveillance capitalist who will build a profile on you to try and help the capital manipulate you.
Be Safe: Never click on Google.

File under #deplorable
Hacker jailed for blackmailing therapy patients
#InfoSec

Found an interesting bug in #LittleSnitch, a connection gatekeeper for #macOS that I know many people in #InfoSec use and/or help others use.
If you have a program which is NOT a web browser (in my case, <…

It looks like #Dell have suffered a data breach. I bought a Dell laptop a few years ago and have just received this to the email address I used when purchasing it.
#Infosec #DataBreach

#ai #infosec #InfosecMemes

Great story of how good the scammers are getting. I suggest most folks read, even us #infosec folks.
https://threadreaderapp.com/thread/1796640601431027979.html

Great blog post going into how the author discovered they could reach any Cox account/modem remotely and change settings.
#infosec #vulnerability #cablemodem #coxcommunications

#infosecjobs #hiring Alert: I'm hiring a career transition, entry-level, or intern-level web developer in Rust/Python at @….
We help managed service providers get and keep their small biz clients safe and secure!
This would be a great role for someone mid-career looking to move into a more technical role or into infosec, or who just finished a bootcamp or similar education.
Remote, US-only. Read the JD carefully or you'll miss the subject line requirement when you email me.
#cybersecurity #compliance #infosec

Big #infosec news day...
https://www.theguardian.com/technology/article/2024/may/30/botnet-arrests-covid-insurance-fraud

The way you prevent big customers from being cranky about breaking SSO is to never give them *already broken SSO*
#Sysadminnery #InfoSec https:…

Some hard #infosec truths from the South African border agency

Shapps: "I can confirm to the House that we do have indications that this [data breach] was the suspected work of a malign actor."
So the personal and financial details of the UK Armed Forces has been stolen, and the Defence Secretary says it's "suspected" it was a "malign actor".
"Malign actor" is just another way of saying "the bad guys". And it was hardly someone working in the Army's best interests, was it!?
#Infosec #UKNews #DataSecurity

X: "I need SSH access to your server to do make that configuration change."
Me: "OK, send me your public key."
X: "I don't have a public key of that server. You need to send me username and password."
Me: 🤦‍♀️
Nope, you're definitely not tech savvy enough that I would allow you with SSH on my server.
#infosec

„Two is one and one is none.“
Deswegen hab ich mir irgendwann gleich zwei YubiKeys bestellt.
Seitdem liegen sie ungenutzt in einer Schublade herum.
Thanks for coming to my security talk.
#YubiKey #ITSecurity

Deeply disappointed in the supposed “perimeter defense” tool which solicits CIDR blocks to be scanned but maxes out at 100 IPs, so anything /25 or larger is rejected.
So, I guess I won’t be having them scan our two /21s and various /24s.
#Sysadminnery #InfoSec

The threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/

Indeed, if you are doing things that are likely to lead to legal demands from law enforcement to your email provider that you want them to fight, you had best be your own email provider.
Proton, Tutanota, MS, Yahoo, Google, Apple, GMX, Fastmail, et al will not fight a valid legal demand for your data that they can fulfill.
Intrinsically, email security is extremely difficult. There's a reason Signal does not do email.

Echo 🦊 (@3kh0@defcon.social)
Attached: 1 image Be careful with your emails kids #tech #meme #Infosec #privacy #proton #tutanota #mail

The threat actor said he registered with several different names on a particular Dell portal as a “partner.” A partner, he said, refers to a company that resells #Dell products or services. After Dell approved his partner accounts, Menelik said he brute-forced customer service tags, which are made of seven digits of only numbers and consonants. He also said that “any kind of partner” could access the portal he was granted access to.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told #TechCrunch.
#infosec #breach
https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/

Indeed, if you are doing things that are likely to lead to legal demands from law enforcement to your email provider that you want them to fight, you had best be your own email provider.
Proton, Tutanota, MS, Yahoo, Google, Apple, GMX, Fastmail, et al will not fight a valid legal demand for your data that they can fulfill.
Intrinsically, email security is extremely difficult. There's a reason Signal does not do email.

Echo 🦊 (@3kh0@defcon.social)
Attached: 1 image Be careful with your emails kids #tech #meme #Infosec #privacy #proton #tutanota #mail

See thread context…
If you are actually facing an #InfoSec threat environment that credibly includes physical violence, you need MUCH more expertise than you can find in any online bullshitting forum. I can argue either side of the wipe vs. Potemkin Village UI issue for a durress password, because I AM A BOZO WHO KNOWS NOTHING OF THAT OF WHICH I SPEAK.
99.9% of people really do not …

SimpleX Chat is now available with private message routing, IP address protection for messages, files & media, new chat themes and more #simplex #privacy #infosec

7 million customers had their #DNA #data exposed in a hacker #InfoSec breach at 23andMe and #lawyers are feuding over will get the lion's share of

Leadership War Breaks Out in 23andMe Data Breach Case 'at the Crossroads' | The Recorder
Lawyers ramped up their fight over how to manage the 23andMe Inc. data breach litigation, disagreeing on everything from whether to immediately settle the cases to handling class members who are truly frightened.

I heard that the attackers were just trying to get Taylor Swift tickets.
#breakingnews #infosec #breach #ticketmaster
https://www.foxbusiness.com/technology/hackers-claim-ticketmaster-data-breach-offer-info-560-million-customers-sale

WHEEEE!
Once again I dodge a bullet entirely by accident.
I mean, #FluentBit would almost certainly be something I’d be using if $dayjob's expansion plans had not been blown up by Covid.
My condolences for all of the people who have to deal with this.
#InfoSec

Matthias Schulze (@percepticon@ioc.exchange)
Attached: 1 image ‘Linguistic Lumberjack’ Vulnerability Affects Major Cloud Services https://thecyberexpress.com/linguistic-lumberjack-major-cloud-services/?utm_source=dlvr.it&utm_medium=mastodon #cybersecurity #infosec

#Recall is the gift that keeps on giving. #infosec #microsoft_recall #microsoft

Oh look, the assholes calling themselves stretchoid.com have put some of their scanners on Azure UK. Easy enough to shun THAT /13…
#Infosec #scanners

#infosec #copilot #microsoft_recall
On the one hand #Microsoft has Windows Defender that blocks k…