Every hacker should read this phrack article on repeat until they understand it.
https://phrack.org/issues/71/17.html#article
#phrack #finance #markets #crypto #stocks #infosec #cybersecurity
cybersecurity
JSR's law of data: if you collect it, they will come.
Investigators will eventually identify any consumer product that persistently records peoples' activities.
One day, they'll show up, requesting access.
If the data is consistently helpful, they'll stop asking & start demanding.
Once this happens enough the company will probably create a law enforcement portal to simplify access & save customers the trouble...
#infosec #police #cybersecurity #privacy #security #crime #surveillance
Edited 309d ago
This is very much for real!
The city of Columbus Ohio got hacked by a ransomware gang, they didn't pay the ransom so the gang released half of the stolen data which included secret police and prosecutor files. The leak exposed countless victims, witness and confidential informants personal info and communications with the city.
The city claimed NO info was leaked. A cyber security enthusiast went to the media and proved otherwise.
#China government #hackers penetrate #US #internet providers to #spy
Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says fmr top US #cybersecurity ofcl.
#Chinese govt-backed hackers have penetrated deep into US ISPs in recent months to spy on their #users.
The unusually aggressive & sophisticated attacks include access to ≥2 major providers w/millions of customers as well as several smaller providers.
#InfoSec #security #geopolitics
https://www.washingtonpost.com/technology/2024/08/27/chinese-government-hackers-penetrate-us-internet-providers-spy/
NEW: Details of people's therapy sessions—including reports, video and audio recordings—have been exposed by a healthcare company.
These included people mentioning sexual abuse and highly sensitive subjects. The exposed database has now been closed down
https://www.wired.com/story/confidant-health-therapy-records-database-exposure/ #cybersecurity #privacy #news #technology
@IST_org's #PrepareDontPay ⚠️ campaign wrapped last week, celebrating the anniversary of the #RansomwareTaskForce's Blueprint for Ransomware Defense by compiling helpful #cybersecurity resources for small- and medium-sized enterprises.
https://securityandtechnology.org/blog/prepare-dont-pay-a-quick-start-guide-to-defending-against-ransomware/
alguém conhece algum diretório brasileiro de zines?
acabei de tropeçar na zine dos safer nudes (daqui https://codingrights.org/biblioteca/) e fico me perguntando se existe mais gente fazendo esse tipo de trabalho aqui no br
edit: esse link aqui da ufscar tem várias maneiras https://www.e-zine.ufscar.br/e-zines
Edited 297d ago
We need to protect water supplies and other vulnerable infrastructure from cyber security related attacks
My book “PROPAGANDA: from disinformation and influence to operations and information warfare” treats the subject adequately, comprehensively, broadly, expertly. How does information influence work? Offence & defence. Expert arrangement of the subject.
#cybersecurity #propaganda #disinformation #book #books #security https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/
Edited 299d ago
Memory safety problems are a huge #cybersecurity problem for the Internet, but it doesn’t have to be.
Make a transition to memory safety part of your #CyberCivilDefense plan.
Read about orgs doing that today: https://www.memorysafety.org/blog/rustls-adoption-grows/
Some news...I’ll be spending $100M to make us safer online and to protect our infrastructure, like water and power supplies.
A big part will be a PSA campaign - online and in old-fashioned ways. We all got a role to play, like everyone did in WW2, including my Dad and Mom.
I’ll start by putting my money where my mouth is. Folks can check it out here: https://pausetake9.org.
#CyberCivilDefense #cybersecurity
Edited 290d ago
It's time for a re- #introduction since this instance has changed a lot since being launched.
This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.
I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.
In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc
Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.
I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.
I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.
All of my other links and socials can be found at https://linktr.ee/northantara
Collaborations between @hackclub and @girlswhocode leads to more opportunities for young women, in technology areas including
#CyberCivilDefense #cybersecurity like Reem featured here
https://www.instagram.com/reel/DBPKpcMSZY-/?igsh=bzhocWkxbDVjcTgy
pausetake9.org
The New Oil is not slowing down in 2025, and you can help us keep going!
Looking for help in crowdsourcing "high quality" cyber security related sources. Criteria for inclusion can be found in repository.
To get started I've added 88 sources I believe fulfill stipulated inclusion criteria. Please fork and send PR with other sources you believe should be included.
Aiming to create a reasonably authoritative list with sources not only parroting what others have already written/said.
https://github.com/cstromblad/cybersecurity_sources/tree/main
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:
🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 👇
Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!
> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!
So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.
So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498/14
Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).
@delroth did an amazing writeup of the whole thing here: https://delroth.net/posts/spoofed-mass-scan-abuse/
This is now my third, hopefully last, new instance on the fedi - so new #intro I suppose.
I'm Steve, a gay man living/working in Chicago USA with my queer family. I'm a former biker, Queer Nation member, and HIV activist.
In my past life, I worked in #theater as a stage manager, master electrician, and technical director. But the past ~20 yrs, I've worked in technology as network architect and engineer and now as a #cybersecurity tech leader - and am known as the grumpy guy at conferences who calls out dissembling acronyms and tech magic BS.
I have cats - I regular post picts of.
I have sat of the BoD of various gay/queer organizations, including theaters, Leather and BDSM clubs.
I regularly volunteer for various organizations fighting for bodily autonomy and freedom for women, trans, and other, queer folk. So terf rhetoric will not be tolerated.
I'm Steve, a gay man living/working in Chicago USA with my queer family. I'm a former biker, Queer Nation member, and HIV activist.
In my past life, I worked in #theater as a stage manager, master electrician, and technical director. But the past ~20 yrs, I've worked in technology as network architect and engineer and now as a #cybersecurity tech leader - and am known as the grumpy guy at conferences who calls out dissembling acronyms and tech magic BS.
I have cats - I regular post picts of.
I have sat of the BoD of various gay/queer organizations, including theaters, Leather and BDSM clubs.
I regularly volunteer for various organizations fighting for bodily autonomy and freedom for women, trans, and other, queer folk. So terf rhetoric will not be tolerated.
Hi there! Another article for Dark Reading, this one focused on how to help avoid burnout. There was so much to cover and so much interesting work being done that I could only scratch the surface. My biggest takeaway is that work-related burnout is in WHO's book of disorders. That's real legitimacy, and I expect more scholarly work to come. Thanks endlessly to @neurovagrant and @Edent for providing their experiences and strategies. #DarkReading #cybersecurity #journalism #burnout #JobRelatedBurnout #selfPromotion
https://www.darkreading.com/vulnerabilities-threats/defining-defying-cybersecurity-staff-burnout
This is why we must always validate all user input
#cybersecurity #awareness
Hi, I'm new to Mastodon. Interested in privacy and security, US Healthcare reform and SciFi. Cheers.
Since the newest update to @surf, links to feeds can be opened directly in the app.
I have created a #Cybersecurity feed on #Surf for anyone on the beta. The feed includes posts, etc., regarding Cybersecurity information. You can even contribute to the feed using the hashtag #CyberSecBrief.
https://surf.social/feed/surf%2Fcustom%2F01jfjvb3ntxvjtaze9xf08vb3f
If you have any recommendations for a source that I can add to the feed, just let me know.
If you are not in the Surf beta, I have an invite code that can get you in. Just DM me, and I will share it with you. This is all due to the huge thanks of @marci, @mike, and all of the @surf team. They are such great people.
You can learn more about Surf by is from this great article from The Verge.
https://www.theverge.com/2024/12/18/24323903/flipboard-surf-fediverse-social-web-app
U.S. lawmakers have introduced a bill to ban DeepSeek AI on federal devices, citing national security risks over its Chinese origins and data-sharing concerns #AI #Cybersecurity #DeepSeek #GenAI #DataPrivacy #AIRegulation #China #NationalSecurity #CyberThreats
