https://twitter.com/taviso/status/842215197116780544
|
|
# ¿ Mar 16, 2017 13:29 |
|
|
# ¿ May 2, 2024 14:28 |
Thanks Ants posted:Are these things accessible because they use UPnP or are people port forwarding? Mostly the former. Good luck explaining to the masses about port forwarding.
|
|
# ¿ Apr 7, 2017 22:23 |
EVIL Gibson posted:It's all about liability. And here's the actual writeup: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html quote:Now one thing that’s important to note is the actual registration of the domain was not on a whim. My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains. In fact I registered several thousand of such domains in the past year.
|
|
# ¿ May 15, 2017 12:45 |
Levitate posted:People using KeePass for password management, do you just open up the database and copy your password every time you need to login to a site or is there an easier method? On the desktop, if you're using Professional edition (still free) there is an autotype option. It gets setup based on the title of the window that has focus when you hit the keyboard shorty, ctrl+alt+a by default.
|
|
# ¿ May 19, 2017 21:12 |
Furism posted:My company decided to go ahead with Druva as a backup solution. Fine. Thing is, they configured the software so that every single file under the user profile is backed up. Being a systems engineer I have a lot of 4GB+ firmware files stored on my laptop for when I visit customers, need to connect to legacy systems to upgrade them, etc.. So overall I have around 400 GB worth of files, with only about 50 GB of files actually worth backing up (the rest being firmware files already on our CDN anyway). I complained about this (even with a 100 Mbps uplink at the office it's going to take forever to upload 400 GB - 5.2 years yesterday when I checked ; yeah I think Druva's side isn't super fast) and now IT tells me to store the files somewhere like C:\firmwares. I'm fairly sure that's against some recommended best practice from Microsoft and that the only place we should put files on a Windows systems is under C:\Users\<myUser>\. I'm not sure about the recommended stuff, but we use Druva too. Every time I extract some big logs files I have to remember to use something like c:/logfiles or deal with annoying out of space alerts and emails for a few days too.
|
|
# ¿ Jul 11, 2017 13:00 |
Shamelessly stolen from elsewhere
|
|
# ¿ Jul 27, 2017 13:39 |
https://www.theguardian.com/technology/2017/aug/03/researcher-who-stopped-wannacry-ransomware-detained-in-usquote:According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015.
|
|
# ¿ Aug 3, 2017 19:42 |
Boris Galerkin posted:I just bought the new IKEA smart light system as a impulse buy to play with before figuring out if I want to keep it or not. Never had another iot device before. This one comes with a hub that I plug into my network. If it's actually a router and not a switch, you would configure that unused port on its own network with an ACL preventing access to your other subnet. There's more around IoT security of course, but that segments it from your other devices. Note that that makes it trickier to control those lights from devices on your "trusted" network.
|
|
# ¿ Aug 26, 2017 18:21 |
What I saw was the fraud alert was for all three at once, you need to do the freeze individually.
|
|
# ¿ Sep 11, 2017 01:47 |
I'm anxiously waiting for our industry thoughtleaders to chime in.
|
|
# ¿ Jan 4, 2018 04:30 |
Dadbod Apocalypse posted:I remember some medical software company got busted a year ago or so for going on the road to demonstrate its software in public, pulling up patient records and poo poo. Using a hospital's actual patient database. Which was live. And the hospital had no idea the vendor was doing this. It was an infosec company, unless there was a similar story from an medical records company which wouldn't surprise me. https://www.theregister.co.uk/2017/04/20/tanium_hospital_it_demo/, which links to a WSJ article behind a paywall: https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287
|
|
# ¿ Apr 4, 2018 01:09 |
hackbunny posted:Heads up, two Linux kernel CVEs are about to drop, in the networking stack What were they?
|
|
# ¿ Aug 6, 2018 14:54 |
Truga posted:goddammit, this poo poo was bad enough when it was a figurative security theatre. is every lovely dos vuln gonna come with months of embargo and codenames now? if you're not trending on twitter what even is the point
|
|
# ¿ Aug 6, 2018 15:17 |
Biomute posted:What would be a reasonably secure way to do email that does not require much from the receiver (no PGP etc)? I want to send an email and not have it be easily traceable back to me as the the sender for a third party monitoring the receiver. I don't mind if the receiver knows who I am or anything. Public computer where you sign up for a free email account?
|
|
# ¿ Oct 26, 2018 23:30 |
Volguus posted:gently caress Trustwave. I'd like to hear more
|
|
# ¿ Oct 27, 2018 01:46 |
Cup Runneth Over posted:You're only opening yourself up to sidechannel MITM attacks on your trash compactor Actually, you are the man in the middle in this scenario
|
|
# ¿ Nov 5, 2018 14:48 |
Absurd Alhazred posted:https://twitter.com/mischmerz/status/1083891597534736384 One of the replies got a chuckle out of me: https://twitter.com/mrjhnsn/status/1083972010529632256 e: oh, you edited it with more
|
|
# ¿ Jan 12, 2019 23:43 |
What is the entry point for these scam popups? Is it a bad ad or actual malware on a machine? Windows Defender isn't showing any problems and windows updates are actually up to date. According to my mom, she had just done a yahoo search for weather and clicked on some of the results. Looking around in the browser history doesn't show anything objectionable.
|
|
# ¿ Sep 5, 2019 04:46 |
wolrah posted:There's your problem. I have a doctor (who of course has local admin on all his PCs because *reasons*) that I constantly have to clean up after because he decides he wants to install Firefox, goes to Yahoo, types in Firefox, and clicks on the first result that comes up. Inevitably the real link is the fifth or sixth one because Yahoo is horrible. Oh I know. I thought I had adblocker installed on her computer but who knows. At least she called me instead of the number on the screen.
|
|
# ¿ Sep 5, 2019 15:12 |
FYI if you have Palo Altos configured to use SAML authentication - https://security.paloaltonetworks.com/CVE-2020-2021
|
|
# ¿ Jun 29, 2020 16:23 |
https://thehackernews.com/2020/07/windows-dns-server-hacking.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
|
|
# ¿ Jul 14, 2020 19:46 |
So what kind of mitigation can be done on the slipstream attack besides disabling ALGs? I know I can disable the SIP ALG on my PAN FWs (and it usually is due to the aforementioned issues with it and VOIP), but it seems like the other ALGs are susceptible and I don't immediately see a way to disable those. In the details, one of the steps is "HTTP POST" to server on TCP port 5060 (SIP port) initiated, avoiding restricted browser ports Which is easy enough to restrict to only trusted destinations, but I assume this only applies if you're attacking the SIP ALG.
|
|
# ¿ Nov 2, 2020 14:49 |
Maneki Neko posted:I’m just going to say that I looked at 3 customer solarwinds servers yesterday and they all were running a version too old to be impacted so yeah. I checked in with a customer I knew using it last night and they were in the same boat. Hooray for not updating!
|
|
# ¿ Dec 14, 2020 16:27 |
https://www.reuters.com/article/global-cyber-microsoft-int-idUSKBN28R3BWquote:As with networking management software by SolarWinds, Microsoft’s own products were then used to further the attacks on others, the people said.
|
|
# ¿ Dec 18, 2020 00:56 |
Diva Cupcake posted:You mean like Azure or O365? That doesn’t necessarily indicate anything but a tenant compromise. Well, that's good at least.
|
|
# ¿ Dec 18, 2020 01:19 |
I remember someone linked an article or tutorial website about public key authentication and said it was what finally made it click for them. I had it saved on another phone but lost it in a move. That goon created site is also a good resource, but not the same one.
|
|
# ¿ Dec 18, 2020 04:40 |
Other than the age old "OT is a secfuck nightmare" advice, are there are good resources I can start following about industrial/manufacturing specific infosec concerns? Doing some work for a customer in that space and anything I could start following with topical news would be appreciated.
|
|
# ¿ Feb 2, 2021 19:09 |
That's helpful, thanks! I have a subscription to the CISA industrial control systems advisories as well. Any recommendations for news sites/blogs/twitter accounts or whatever that I can follow for topical updates? Active campaigns targeting this sector, that sort of thing.
|
|
# ¿ Feb 2, 2021 21:54 |
Head Bee Guy posted:Is there a preferred multi factor authentication app? I moved mine into 1Password
|
|
# ¿ Feb 27, 2021 23:07 |
This was an interesting read https://igor-blue.github.io/2021/03/24/apt1.html
|
|
# ¿ Mar 25, 2021 13:39 |
BaseballPCHiker posted:Would be curious to know as well. I saw one shady site that claimed to be checking numbers but that was it - https://www.thenewseachday.com/facebook-phone-numbers-us Troy has been discussing on Twitter whether or not to add the phone numbers, don’t think he’s decided yet.
|
|
# ¿ Apr 5, 2021 15:20 |
denereal visease posted:Did they (Troy Hunt?) pill the plug on selling haveibeenpwned? I recall hearing a couple years ago that they were looking to offload that... Yes https://www.troyhunt.com/project-svalbard-have-i-been-pwned-and-its-ongoing-independence/
|
|
# ¿ Apr 6, 2021 13:08 |
Anyone seen any IOCs for the new exchange vulns floating around yet?
|
|
# ¿ Apr 13, 2021 21:41 |
Naw, the ones just released. If it's not being actively exploited yet, probably not going to be much unless MS decides to share more info I suppose.
|
|
# ¿ Apr 13, 2021 22:00 |
Biowarfare posted:vmware vuln? It came out a week or two ago. Starting to be exploited now though. https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/
|
|
# ¿ Jun 4, 2021 21:41 |
I really struggle trying to learn Python too. I know it will be super helpful, but I keep bouncing off it after a few lessons. I’ve tried a couple of udemy courses and automate the boring stuff, but just can’t seem to power through it.
|
|
# ¿ Aug 29, 2021 22:20 |
Lets Get Patchy posted:Dang, I was going to recommend Automate the Boring Stuff. I found that writing something and actually getting it to work kinda reinvigorated me with the Python brush-ups. That said, my generalist IT Bachelors was heavy handed with the language so I had to learn to like it. I really should pick it back up. It’s not a matter of difficulty, just me being a lazy fucker
|
|
# ¿ Aug 29, 2021 23:06 |
Defenestrategy posted:Am I having a seizure? ARGs and seizures can be hard to tell apart. Check their post history
|
|
# ¿ Sep 4, 2021 00:37 |
I've been at my current place (a MSSP) for 6 years now and starting to feel like I should move on, especially with how hot the job market apparently is. I've done a lot of firewall management work with a steady progression in job titles over the years, and more recently a TAM sort of role that includes some light threat hunting and IR. Trouble is, I'm having a failure of imagination in what sort of roles I should look for now. Sometimes I think I'd like to do sales engineering since I enjoy talking to customers, have a decent technical background and the potential income of commission sounds appealing, and other times I feel like I should move more into some sort of more cloud focused role since that seems to be future. Happy to share my resume if anyone would be willing to take a look at it.
|
|
# ¿ Sep 28, 2021 19:38 |
|
|
# ¿ May 2, 2024 14:28 |
Ynglaur posted:Are you interested in cloud architecture of any kind? Quite possibly! I did some AWS training and labbing about two years ago and I found it clicked pretty well although I haven't had much chance to use it recently other than a project to implement PAN firewalls with transit gateways last year. I've done a little bit with Azure but for some reason it didn't click as readily as AWS did for me.
|
|
# ¿ Sep 29, 2021 00:46 |