Search

Items tagged with: infosec

Tek®
21 hours ago
What #InfoSec is really like.
infosec-handbook.eu
3 days ago
How to start your career in information security? Do you need a degree in Computer Science? Is it all about penetration testing and breaking codes?

We wrote a short article to address these questions:

https://infosec-handbook.eu/blog/infosec-career/

(The article isn't intended to be exhaustive.)

#infosec #cybersecurity #security #career
rysiek ✅
3 days ago
If anyone knows #Go and is looking for a project to help out with, Go-based #Signal protocol implementation library and a native #SailfishOS Signal client using it are in dire need of love:
https://github.com/RadicalApp/libsignal-protocol-go
https://github.com/aebruno/whisperfish

Yes, I also prefer truly decentralized protocols, but Signal is where it's at currently with a lot of people, and it's way better than other popular options... So, we need independent clients.

#InfoSec #FreeSoftware
wilkie
1 week ago
remember kids, library cards can open many doors. just slide them up the door frame at an upward angle. #infosec
Image/photo
Tinker
1 week ago
Got a chance to tell a story on #DarknetDiaries with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here: https://darknetdiaries.com/episode/36/

#Hacking #Infosec #SocialEngineering
Image/photo
!hcs :meowBox:
1 week ago
Interesting, my first time encountering a document by JPCERT CC and it's "Detecting Lateral Movement through Tracking Event Logs" https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf #infosec
Tarik
1 week ago
Ecuador Says Hit by 40 Million Cyber Attacks Since Assange Arrest | SecurityWeek.Com http://www.securityweek.com/ecuador-says-hit-40-million-cyber-attacks-assange-arrest #infosec
CONFIG_RANDOM_TRUST_CPU (NEW):

> Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or RDRAND, IBM for the S390 and Power PC architectures) is trustworthy for the purposes of initializing Linux's CRNG. Since this is not something that can be independently audited, this amounts to trusting that CPU manufacturer (perhaps with the insistence or mandate of a Nation State's intelligence or law enforcement agencies) has not installed a hidden back door to compromise the CPU's random number generation facilities. This can also be configured at boot with "random.trust_cpu=on/off".

#Linux #kernel #kernsec #infosec
Sheogorath 🦊
2 weeks ago
After Matrix has restored its major services, they noticed that the GPG keys used for signing packages where compromised.

The key IDs are:

AD0592FE47F0DF61 (synapse)
E019645248E8F4A1 (Riot/Web)

Please make sure to no longer use those keys.

#matrix #Riot #infosec #security
Hubert Chathi
2 weeks ago

We have discovered and addressed a security breach - Matrix


https://matrix.org/blog/2019/04/11/security-incident/

If you have ever had an account on the matrix.org server, please reset the password and also any other sites passwords if you used the same password elsewhere.

More details by the team to follow.

#security #infosec #matrix
Que Shu
silverwizard
2 weeks ago from ZoobopDeDoDop!
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix
Hong Kong or Sweden
https://todon.nl/@paulfree14/101909957892477960

'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix
'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix
Sheogorath 🦊
2 weeks ago
@matrix Turns out that there was a successful compromise of the Matrix infrastructure happening.

Details from Matrix on Twitter: https://twitter.com/matrixdotorg/status/1116388572922302466

You may ask how that could happen, but more important: It didn't stay unnoticed and that's a good sign.

#Matrix #Riot #matrixDown #infosec
April is the cruelest month.
It is also Supply Integrity Awareness Month.

#infosec
Image/photo
Borq
2 weeks ago
Yo #infosec peeps, any opinions on ossec and its fork Wazuh?

I just started looking into Wazuh and its kibana integration is pretty nice as a management ui perspective. You also get the benefit of Kibana :P

here's a little screengrab of some cluster log output as the nodes normalize. I have no agents deployed yet, this is all self sanity output :D

Perhaps some #libreops folks would be interested in vulnerability observability?
Image/photo
Image/photo
Image/photo
Tarik
2 weeks ago
Three Windows zero-days in three months: how we found them in the wild
https://www.brighttalk.com/webcast/15591/348704 #infosec
Tarik
2 weeks ago
😭
Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami Herald https://www.miamiherald.com/news/politics-government/article228963409.html #infosec #opsecFail
Tarik
3 weeks ago
The vulnerable code database (Vulncode-DB) is a database for vulnerabilities and their corresponding source code if available. https://github.com/google/vulncode-db (by google) #infosec
Since I just updated to ck-sources #Linux 5.0.0, I decided to revisit the Kernel Self Protection Project (KSSP) recommended settings for #kernel hardening.

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

Feeling safer already! 🔒​

#kernsec #infosec
Shawn Webb
3 weeks ago
Today's important video about manipulating YouTube's algorithms to spread propaganda and misinformation: https://youtu.be/1PGm8LslEb4

#infosec #propaganda
Tarik
3 weeks ago
Network Security 101: Full Workshop

https://www.youtube.com/watch?v=E03gh1huvW4 #infosec
rysiek ✅
4 weeks ago
Hey #InfoSec #FLOSS and other wonderful #Fediverse peeps, anyone coming to #IFF2019?
Tarik
4 weeks ago
How to Purge Google and Start Over - Part 1 - Black Hills Information Security https://www.blackhillsinfosec.com/how-to-purge-google-and-start-over-part-1/ #infosec
SillyString
4 weeks ago
@crowd42

I'm calling BS on this article.

Over half of SMB's "breached"? Nonsense.

How about over half of #infosec articles are pure corporate marketing.
Tarik
1 month ago
Beagle : An incident response and digital forensics tool which transforms security logs and data into graphs https://github.com/yampelo/beagle #infosec
Ollivier Robert
1 month ago
"You can't spell IdIOT without IoT"
— George Neville-Neil

This is now my favourite #InfoSec quote.

#embedded #IoT
Tarik
1 month ago
Fully undetected backdoor with RSA Encrypted shell
https://github.com/stnby/TopHat/ #infosec
Tarik
1 month ago
The definitive guide to MongoDB security | Opensource.com https://opensource.com/article/19/1/mongodb-security?sc_cid=70160000001273HAAQ #infosec #mongdb
infosec-handbook.eu
1 month ago
Touching the Untouchables–36 new security vulnerabilities in LTE standard:

https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf (PDF file)

– attacks result in Denial of Service (no LTE available), spoofed SMS, or manipulated user traffic
– there are very likely more security vulnerabilities that remain unfixed in cellular networks

#lte #mobile #network #cellularnetwork #infosec #cybersecurity #security
Tarik
1 month ago
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years — Krebs on Security https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/ #infosec
sn0int
1 month ago
hello mastodon!

we now have an official mastodon account to keep you updated about the most recent development on sn0int, the only #osint framework that comes with a package manger.

https://github.com/kpcyrd/sn0int

We have some bigger features in the pipeline, stay tuned!

#introduction #infosec #security #privacy #opensource #rustlang
Image/photo
Shawn Webb
1 month ago
The assembly code differences between position-independent code that hasn't been hardened by #llvm 8.0.0's new Speculative Load Hardening (SpectreV1) feature and code that has:

https://gist.github.com/lattera/e639ef8160a86ab8fd50b03bae516d9c

#infosec
Good news is that DanielMicay is still continuing his previous work from before #CopperheadOS which he owns the copyright to and that is still open source.

"CopperheadOS was replaced by the AndroidHardening project (https://github.com/AndroidHardening), which is currently only available for the Pixel 2 (both variants) and Pixel 3 (both variants):

https://www.reddit.com/r/CopperheadOS/comments/axj47p/androidhardening_pq2a1903050022019030503_release/

-- source: https://www.reddit.com/r/CopperheadOS/comments/b16y1q/easy_to_install_copperhead_on_pixel_xl/eil4i99/

#Android #hardening #infosec
Apparently #CopperheadOS is still around.

Although their last blog post was from August 2017, they recently tweeted about a beta release of their OS based on Android 9. https://twitter.com/CopperheadOS/status/1104085384655396864

Since July 2018 they're hiring Android system engineers, but I see no "jobs" page on their website.

Confusingly, the GitHub link on their website (https://copperhead.co) points to the now-defunct account inactive since July 2018, but their "Source" link points to their new GH account (https://github.com/copperheados/) which was last updated this January. The new account is probably because the former CTO destroyed the keys, but it makes one wonder about the CEO's attention to detail.

It's still fishy af. I wish there was an alternative security-focused #Android distribution. #infosec
If I had a bitcoin for every high-profile organization protecting a veritable goldmine of data who *swears* they will never get infiltrated by bad actors... #infosec
Shawn Webb
1 month ago
Heads up: In #HardenedBSD Ports, we now perform sanity checks in the `check-plist` make target. More details can be found in this commit: https://github.com/HardenedBSD/hardenedbsd-ports/commit/10fcca72eb7f2322be05fdc50b31c8080a8a7cf1

#FreeBSD #infosec
Tarik
1 month ago
Gearbest security lapse exposed millions of shopping orders https://techcrunch.com/2019/03/14/gearbest-orders-exposed/ #infosec
Later posts Earlier posts