|
unrelated; the ANU hack analysis doesn't seem to add up for me. advanced threats just to exfiltrate some identities? turns out they got popped originally by a OLE attachment/embed and a weak pw so LOL
|
#
?
Oct 5, 2019 11:51
|
|
|
|
| # ? Apr 27, 2024 17:17 |
|
|
~Coxy posted:unrelated; the ANU hack analysis doesn't seem to add up for me. advanced threats just to exfiltrate some identities?
|
|
#
?
Oct 5, 2019 14:25
|
|
|
lol at uzbekistan dropping (and subsequently immediately burning) zero days via a PC with kaspersky antivirus! I bought this for a drat reason! 
|
|
#
?
Oct 6, 2019 01:55
|
|
|
Hmm, looks like Uzbeks have been drinking your battery fluid again.
|
|
#
?
Oct 7, 2019 14:56
|
|
|
Beccara posted:https://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=12273866 i don't know how new zealand specifically handles these things but if it's like every other country in the world everyone whose data was breached will get an email saying how very sorry they are, possibly also offering 12 FREE! months of credit monitoring
|
|
#
?
Oct 7, 2019 15:05
|
|
|
quote:Government Communications Security Bureau Director General Andrew Hampton said one of the 2016 attacks came from "sophisticated cyber actors". sophisticated cyber actors all i can imagine when reading that is some kind of VR production of Macbeth
|
|
#
?
Oct 7, 2019 15:08
|
|
|
I always just visualize those cyber warrior setups at the end of the Nod campaign in the original C&C.
|
|
#
?
Oct 7, 2019 17:29
|
|
|
Shame Boy posted:i don't know how new zealand specifically handles these things but if it's like every other country in the world everyone whose data was breached will get an email saying how very sorry they are, possibly also offering 12 FREE! months of credit monitoring nah, we don't do credit monitoring
|
|
#
?
Oct 7, 2019 20:14
|
|
|
Volmarias posted:I always just visualize those cyber warrior setups at the end of the Nod campaign in the original C&C. Peace through Power
|
|
#
?
Oct 7, 2019 21:51
|
|
|
https://twitter.com/laraseligman/status/1181306171417939970
|
|
#
?
Oct 7, 2019 21:58
|
|
|
A few others corroborated it seems https://twitter.com/jiveDurkey/status/1181310176504270854
|
|
#
?
Oct 7, 2019 22:11
|
|
|
NVM some folks are saying it froze on some promotion.
|
|
#
?
Oct 7, 2019 23:24
|
|
|
syntaxrigger posted:NVM some folks are saying it froze on some promotion. Hezbollah banner ads probably.
|
|
#
?
Oct 8, 2019 00:07
|
|
|
i keep getting mailers for the texas cyber summit and one of the bullet points on them is that i will save 50% compared to black hat which really seems like a bad comparison
|
|
#
?
Oct 8, 2019 00:59
|
|
|
syntaxrigger posted:NVM some folks are saying it froze on some promotion. I loving love engaging with terrorist brands
|
|
#
?
Oct 8, 2019 01:00
|
|
|
Is crowdstrike Good Anti Virus?
|
|
#
?
Oct 8, 2019 01:05
|
|
|
Apparently we are looking at getting Thycotic Privilege Manager. Does anyone here know anything about it? is it good, bad or a complete trash fire?
|
|
#
?
Oct 8, 2019 01:06
|
|
|
Methanar posted:Is crowdstrike Good Anti Virus? it’s not an antivirus product (a la mccafe), but it does check those boxes for audit purposes, it’s less signature based and more behavior based. more similar to Microsoft’s offerings, but works on win/mac/linux. i work at crowdstrike
|
|
#
?
Oct 8, 2019 03:13
|
|
|
ate poo poo on live tv posted:it’s not an antivirus product (a la mccafe), but it does check those boxes for audit purposes, it’s less signature based and more behavior based. Release the Ukranian server!
|
|
#
?
Oct 8, 2019 07:49
|
|
|
we use crowdstrike and it did trigger a suspicious activity alert or something when I was trying out some vendor binaries or whatever so that was kind of impressive and indicates it does what it says. shame it didn't do it until the third time I ran them tho
|
|
#
?
Oct 8, 2019 09:06
|
|
|
Chris Knight posted:Hmm, looks like Uzbeks have been drinking your battery fluid again. wouldn't have expected it with the whole landlocked nation thing
|
|
#
?
Oct 8, 2019 14:29
|
|
|
Methanar posted:Is crowdstrike Good Anti Virus? Seems OK, I'm holding on to carbon black until VMWare destroys it, then I'll probably move to falcon.
|
|
#
?
Oct 9, 2019 00:38
|
|
|
fritz posted:wouldn't have expected it with the whole landlocked nation thing don't give them money or matches. and don't encourage them to gamble or drink. they are the weak link in the great chain of socialism.
|
|
#
?
Oct 9, 2019 03:07
|
|
|
is Twitter facing some scary legal action or something? hard to believe they'd suddenly admit to dumping people's 2FA info into the ad database unless they were real nervous about a current lawsuit https://mobile.twitter.com/TwitterSupport/status/1181661080033955840
|
|
#
?
Oct 9, 2019 14:36
|
|
|
Main Paineframe posted:is Twitter facing some scary legal action or something?
|
|
#
?
Oct 9, 2019 15:06
|
|
|
Telling people you're collecting their phone numbers for the purpose of providing 2-factor authentication, and then doing literally anything with them that isn't about providing 2-factor authentication, is a pretty straight-up GDPR violation. You're only allowed to use personal data for the reasons you stated when collecting it. Oh, and if you find out your company is doing more than that, and you try to sit on that info instead of shouting it from the rooftops, that's an easy ticket to fined-4%-of-global-revenuetown, population you.
|
|
#
?
Oct 9, 2019 15:17
|
|
|
i can’t wait for the first 4% fine to happen
|
|
#
?
Oct 9, 2019 15:28
|
|
|
geonetix posted:i can’t wait for the first 4% fine to happen Extremely same but I'm not holding my breath.
|
|
#
?
Oct 9, 2019 15:54
|
|
|
https://twitter.com/digitallawyer/status/1181348689756864513 Unfortunately companies will really call you and then ask you to verify who you are with stuff like PINs and there's often nothing you can do except insist on calling them back which will make them indignant and waste 30 minutes of your time. They need to have a way for you to verify that the call is legitimate, but considering that most banks have only just started to move toward telling people "log in and do X" rather than "click on this link that may not even be to our normal domain" in emails so I have no hopes that this situation will improve any time soon. mystes fucked around with this message at 17:09 on Oct 9, 2019 |
|
#
?
Oct 9, 2019 17:06
|
|
|
Volmarias posted:Extremely same but I'm not holding my breath. didn't BA get hit with 1.8% (or was it 2.8%?) of revenue for being magecarted? nice last in-eu-move by the ICO
|
|
#
?
Oct 9, 2019 17:33
|
|
|
mystes posted:https://twitter.com/digitallawyer/status/1181348689756864513 i've never been asked for my member number to confirm a transaction wasn't mine before so that might be something to look out for. what are they going to do, let the fraudulent transaction go through if you can't prove your identity?
|
|
#
?
Oct 9, 2019 18:12
|
|
|
answering the phone was the op's first and only mistake
|
|
#
?
Oct 9, 2019 18:35
|
|
|
Shame Boy posted:i've never been asked for my member number to confirm a transaction wasn't mine before so that might be something to look out for. what are they going to do, let the fraudulent transaction go through if you can't prove your identity? For one of my father's credit cards they literally did call and started asking for all sorts of personal information to verify his identity when there was fraudulent activity. I think they did automatically reject the charges, but they also deactivated his card and he wouldn't have been able to use it without talking to them. He did end up telling them he was going to call them back for security reasons and they seemed confused as to why he would do that but it worked ok. Ideally nobody should trust caller id now considering that everyone gets like 500 calls a day where the caller id is obviously fake, but who knows. There's probably overlap between people who answer their phones and people who are likely to fall for scams anyway. mystes fucked around with this message at 18:42 on Oct 9, 2019 |
|
#
?
Oct 9, 2019 18:37
|
|
|
mystes posted:https://twitter.com/digitallawyer/status/1181348689756864513 I had the exact same thing happen to me a couple months ago and I balked at giving out my PIN as well. Fortunately my (very local) bank issued me a new card, changed my user ID and made me come into a branch location to verify my identity before they would unlock any kind of remote access to my account.
|
|
#
?
Oct 9, 2019 18:44
|
|
|
I think supposedly someone knowing your pin is also considered proof that a transaction was authorized in a lot of places, so for the banks to train people to give it out over the phone is completely loving insane. You're not legally the one on the hook when it's fraudulent charges to your credit card, but if you get phished and give out your pin, god even knows. The bank will probably say it's your fault. mystes fucked around with this message at 18:54 on Oct 9, 2019 |
|
#
?
Oct 9, 2019 18:51
|
|
|
mystes posted:I haven't had that exact experience, but I basically never answer phone calls now. yeah that's the other thing, never answer your phone unless you personally recognize who's calling or you're expecting it (like you triggered the fraud check yourself by traveling or whatever)
|
|
#
?
Oct 9, 2019 19:02
|
|
|
in what hosed up world would your bank even be able to see your pin to do that? that's like the easiest vector to ever possibly leave open because having any scenarios where they might ask voids the "we will never ask for your pin" stuff that should be printed on every card i think last time I got a call from my bank it was "did you just order a jacket from this shop?" and I was like "yeah and you fuckers blocked it" and they apologised and it went through i still own the jacket 4 years later so it was a good purchase
|
|
#
?
Oct 9, 2019 19:26
|
|
|
Powerful Two-Hander posted:in what hosed up world would your bank even be able to see your pin to do that? that's like the easiest vector to ever possibly leave open because having any scenarios where they might ask voids the "we will never ask for your pin" stuff that should be printed on every card They don't and that's what finally tripped my sluggish mind that the call I got wasn't legit. I hung up and called the fraud department just like the in the tweets above. Even though I *know* better, they initially sucked me in because they spoofed the caller ID to show up as my bank on my phone.
|
|
#
?
Oct 9, 2019 19:32
|
|
|
Oh you were talking about a scam call? It totally wouldn't surprise me if some lovely bank asked for a pin over the phone, unfortunately.
|
|
#
?
Oct 9, 2019 20:09
|
|
|
|
| # ? Apr 27, 2024 17:17 |
|
|
Proteus Jones posted:They don't and that's what finally tripped my sluggish mind that the call I got wasn't legit. I hung up and called the fraud department just like the in the tweets above. oh got it I sort of confused your post and another about pin as verification
|
|
#
?
Oct 9, 2019 20:12
|
|