Tootfinder

Defensive #infosec blog editor Lari Huttunen:
"[...] the Public Exposure blog has been temporarily taken offline. This action is in response to a legal challenge over the blog’s ownership initiated by its founding sponsor [...]"
https://

How is this still happening?
We all knew that hard-coded credentials were BAD and WRONG 35ya.
#InfoSec https://infosec.exchange/@offseq/115528481041007501

Offensive Sequence (@offseq@infosec.exchange)
Attached: 1 image ⚠️ CRITICAL: CVE-2025-42890 in SAP SQL Anywhere Monitor 17.0 (Non-GUI) — hard-coded credentials let attackers bypass auth remotely for RCE & full system takeover. Audit & restrict access now. Await SAP patches. https://radar.offseq.com/threat/cve-2025-42890-cwe-798-use-of-hard-coded-credentia-91b98cfd #OffSeq #SAP #Infosec #CVE202542890

Moin #Infosec-Community in #Hamburg: Ich werde am 9.12. beim #OWASP Stammtisch Hamburg (zu Gast beim #CCC …

Was man so findet im Netz / Absicherung von Keycloak, Tue, Dec 9, 2025, 6:30 PM | Meetup
Moin Hamburg etc. ! Das Jahr geht leider manchmal schneller zu Ende als man denkt, und es war höchste Zeit für ein Treffen . Wir haben diesmal wieder zwei spannende Vortr

Also my #infosec friends could learn a thing or two here from disaster prep if this isn't already a familiar idea.
Do you have a MISL for a large scale cvss 9 0-Day that's being exploited in the wild? Have you run a table top? You fucking should. Especially since we've all been through that shit several times now. You should absolutely have a clear plan of what's gonna happen, and your whole team should be able to respond.

The most obvious tell of this sort of incident is the phone call.
The only IT or #infosec folks who will proactively call you about an attempt at hijacking an account are those of your employer or *maybe* your access provider.
Google, Microsoft,Apple, etc. are not calling everyone with suspicious activity on their accounts. There are not enough support agents on the planet to do that…

So... vacation is over. First day at work since 2 weeks. Forgot my glasses at home. This will be an interesting day with a lot of fog.
#dfir #infosec #forensics
"why are all im…

#NIST have issued updated #password guidelines for businesses. Interestingly they now say that requiring special characters is no longer a recommendation, but longer passwords / passphrases (using spaces) is a better idea.
I say "interesting" because that's something I've been doing for many years, long before I discovered password managers to remember things for me.
#infosec

Why use a URL shortener when you can use a phishy URL extender?
#infosec

I'm using #Anubis to protect our Forgejo instance from scrapper #bots, but it doesn't seem to be enough for "classic" malicious scanners that try thousands of paths looking for vulnerabilities.
Granted, presenting a challenge increases the cost for the malicious scanners, but at some point I'd like a smarter tool that detects what's happening and blocks any further attempt.
Does anyone know about good solutions for this? I'm sure there must be something out there, I'm just ignorant about it.
#infosec #WebSecurity

The moment when you want to take a picture of an evidence for documentation and you don't know if the autofocus of the cam is not getting it or if it's the glasses you forgot at home this morning...
#dfir #forensics

In case you had not yet seen this elsewhere.
#gmail #ai #privacy #infosec

Oh #ShadowServer, now you're just being silly...
#InfoSec #Scanners