Potato Salad posted:how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? He answered that question in the blog post. He wants to actually be able to take time off, not have to worry about growing a business with VC funding or anything right now.
|
|
# ¿ Jun 12, 2019 18:47 |
|
|
# ¿ Apr 25, 2024 05:05 |
capital one
|
|
# ¿ Jul 30, 2019 00:57 |
Capital One data breach compromises tens of millions of credit card applications, FBI says https://wapo.st/2Kpklw7
|
|
# ¿ Jul 30, 2019 01:01 |
Pretty sure he means ping federation lol possible
|
|
# ¿ Nov 4, 2019 16:55 |
is it really a 0-day when it's right in the documentation tho
|
|
# ¿ Dec 6, 2019 19:30 |
oops https://gizmodo.com/amazon-engineer-leaked-private-encryption-keys-outside-1841160934?utm_medium=sharefromsite&utm_source=_twitter
|
|
# ¿ Jan 24, 2020 19:53 |
Media Bloodbath posted:it's a common misconception of normal players to think of whales as players who spend a few hundos a month. In big league games this is still considered pocket change. I was familiar with the scale of how much they're spending, but not the special access stuff. Got any articles I can read about it?
|
|
# ¿ Jul 8, 2020 15:49 |
https://www.websiteplanet.com/blog/prestige-soft-breach-report/
|
|
# ¿ Nov 8, 2020 22:49 |
lol more solardwinds fun - https://www.trustwave.com/en-us/res...ulnerabilities/
|
|
# ¿ Feb 3, 2021 14:48 |
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
|
|
# ¿ Mar 30, 2021 19:57 |
ewiley posted:Supposedly a ransomware gang got some Accenture data, but their dump site is DoS’d from all the security researchers and people trying to view it… Security through overactive interest? I was looking through it earlier this afternoon, there were about 2500 PDFs, docx, and xlsx files. I downloaded a few at random and didn’t see anything particularly interesting or even identifiable as Accenture specifically.
|
|
# ¿ Aug 12, 2021 00:41 |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/crypkey-license-service-allows-privilege-escalation/ https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29486 quote:06/11/2021 - Initial email to vendor lol
|
|
# ¿ Nov 4, 2021 16:02 |
spankmeister posted:We've seen the jdni:dns and jndi:ldap being used, but what about RMI and CORBA? Any exploit potential there? I would think so? I saw some write ups saying yes. *jndi:dns* *jndi:ldap* *jndi:rmi* *jndi:nis* *jndi:nds* *jndi:corba* *jndi:iiop* is the list I saw
|
|
# ¿ Dec 14, 2021 00:25 |
ymgve posted:print the exploit onto a page, fax it to yourself and see which country the pingback comes from our vulnerability scanner caused the exploit string to be spit out of a printer next to some dude’s desk. he googled it trying to figure out wtf it was, which tripped some of our alerting. it was an amusing exercise trying to figure out why some random plant technician would be googling it, then calling him and him being deeply confused about what all this “log4j” and “jndi” stuff we were talking about was. finally sorted it out and just laughed once again about vuln scanners and printers.
|
|
# ¿ Dec 25, 2021 15:27 |
hobbesmaster posted:seems like it would only affect linux desktop users, wouldn't it? What makes this only affect desktops?
|
|
# ¿ Jan 25, 2022 23:41 |
HELLOMYNAMEIS___ posted:https://www.cyberkendra.com/2022/03/rce-0-day-exploit-found-in-spring-cloud.html So, the actual CVE is listed as medium sev - https://tanzu.vmware.com/security/cve-2022-22963. Anyone got some more insight into how painful this really is?
|
|
# ¿ Mar 30, 2022 21:58 |
rafikki posted:So, the actual CVE is listed as medium sev - https://tanzu.vmware.com/security/cve-2022-22963. Anyone got some more insight into how painful this really is? Or maybe that CVE is unrelated - https://www.flashpoint-intel.com/blog/what-is-springshell-what-we-know-about-the-springshell-vulnerability/
|
|
# ¿ Mar 30, 2022 22:23 |
yeah, I’m trying to sift through the noise to figure out how seriously to take all this
|
|
# ¿ Mar 31, 2022 01:00 |
https://venturebeat.com/2022/03/30/spring-core-vulnerability-doesnt-seem-to-be-log4shell-all-over-again/
|
|
# ¿ Mar 31, 2022 01:02 |
Doom Mathematic posted:See, "principle" is a noun, and "principal" is an adjective. So, the principal of a school, for example. they’re your princiPAL
|
|
# ¿ Apr 23, 2022 16:35 |
ur clipboard might be hacked
|
|
# ¿ May 8, 2022 02:15 |
the follow up is good too https://twitter.com/briankrebs/status/1526374598236856323
|
|
# ¿ May 17, 2022 04:04 |
This is my lack of knowledge about old switching and ESS but why did all of the cables have to be physically cut before that guy towards the end of the video could throw the switch?
|
|
# ¿ Aug 9, 2022 15:25 |
fisting by many posted:https://twitter.com/ReneReh1/status/1564349884106477573 https://twitter.com/NamecheapCEO/status/1564410500271800320
|
|
# ¿ Aug 30, 2022 11:55 |
https://arstechnica.com/information-technology/2022/09/breach-of-software-maker-used-to-backdoor-as-many-as-200000-servers/
|
|
# ¿ Sep 14, 2022 14:34 |
https://twitter.com/gf_256/status/1570657959256166400
|
|
# ¿ Sep 16, 2022 16:51 |
https://twitter.com/hacks4pancakes/status/1570964942064582656 https://twitter.com/danielkennedy74/status/1570967177045618690
|
|
# ¿ Sep 17, 2022 04:03 |
Carbon dioxide posted:People are having real fun with this AI. https://twitter.com/IanColdwater/status/1570835712970493952 a whole thread of these
|
|
# ¿ Sep 17, 2022 17:31 |
Quackles posted:What do you even do against that? a guy patrolling with a net gun?
|
|
# ¿ Oct 11, 2022 01:25 |
uninterrupted posted:so uh, yeah what's going on w openssl? from what I’ve seen, it’s unlikely to be too major since it’s a very recent version of OpenSSL that’s not too widespread. definitely need to check if it’s in your environment though.
|
|
# ¿ Oct 28, 2022 22:59 |
Patch your fortis: Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Exploitation status: Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise: https://www.fortiguard.com/psirt/FG-IR-22-398
|
|
# ¿ Dec 12, 2022 19:53 |
The other thing about password books and the like are that they don’t necessarily discourage reusing passwords which is the bigger issue than whether or not the book could be stolen.
|
|
# ¿ Jan 10, 2023 18:41 |
Dr_0ctag0n posted:I spent an hour or two, I don't have a ton of privileged passwords. We aren't some mega corp or MSP, just a small team for a single org. https://infosec.exchange/@epixoip/109585049354200263
|
|
# ¿ Jan 19, 2023 02:44 |
Oops https://techcrunch.com/2023/01/24/goto-customer-backups-stolen-lastpass/
|
|
# ¿ Jan 24, 2023 15:40 |
quote:GoTo said the intruders exfiltrated customers’ encrypted backups from these services — as well as the company’s encryption key for securing the data.
|
|
# ¿ Jan 24, 2023 15:55 |
I woke up and saw like 70 posts in the thread and wondered what fresh hell was waiting for us this morning, turns out it came from inside the thread.
|
|
# ¿ Feb 20, 2023 14:53 |
haha https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
|
|
# ¿ Feb 28, 2023 03:17 |
like at what point do you just give up as a security company
|
|
# ¿ Feb 28, 2023 03:37 |
|
|
# ¿ Apr 25, 2024 05:05 |
incoming secfuck https://arstechnica.com/information-technology/2023/04/gpt-4-will-hunt-for-trends-in-medical-records-thanks-to-microsoft-and-epic/
|
|
# ¿ Apr 18, 2023 21:51 |