@exchgr
Wonder if any #infosec weirdos have looked into that sites security practices

@sjvn Is this what the #infosec people refer to as an R.A.T.?

I asked for help here some months ago about one of the servers on this post that was hosted by Microsoft.

You can read about how that and other servers with infostealer logs ended up closed.

Hint: MSRC Portal is basically useless.

https://jltee.substack.com/p/billions-of-infostealer-logs-exposed

Many different mobile devices connected to Microsoft365, outlook.com, hotmail, live.com and other mail-domains of Microsoft had a token/cookie-reset from server-side in the past approx 36hours.

@Microsoft - What happend?

The NSA does not deny hacking into China's university. Great write-up and analysis by @inversecos

#infosec #cybersecurity

🇳🇿 I've had quite a few outrageous responses to my alerts, this is another one of those, sent by teammateapp.com CEO.

After my initial alert and follow up email, I get a reply lying about the severity of the exposure and telling me to stop harassing the company.

This CEO also didn't know what Proton is and thought I work for them and threatened to report me to them in case I didn't stop. :blobshrug:

Read about it here: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

Before I was fired tonight, I was in charge of information security for VA.gov, which has millions of users per month and stores and processes huge amounts of veterans' personal information. I've been told by people I've worked with that I'm the best at what I do of anyone they've ever worked with. Now there will be _no one_ in charge of information security for VA.gov.
Does this seem like improving government efficiency?
#politics #USPol #DOGE #USDS #VA #infosec
2/2

Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.

Mastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account.

We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users.

There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster.

For our fellow security nerds... this was #vidar malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d
and a c2 IP 78[.]47[.]227[.]68 from the instance.
there is still at least one more Mastodon instance impacted that we are trying to reach.

Since #infosec highly suggests this, I'm finally using Signal!
Don't know what this has to do with security, but my teeth have never been whiter.

Is it safe to use imagemagick with user originated images? Is that still a #infosec?

🇬🇧 Security company Assist Security exposed over 100,000 sensitive files publicly.

If you're curious what kind of wild excuses I get from companies, this one tried to claim only the file structure was exposed. Apparently I look at filenames and paths and figure what's there from the names only and report this to companies :blobwizard:

https://jltee.substack.com/p/security-company-assist-security-exposed-data

By me @Forbes: Insert your own double-entendre here.

UK Gov warns about dildo hacking risk. Is there an infosex hashtag?

#infosec

DomainTools DNSDB sensors recorded a massive, sustained spike in deduplicated and validated DNS observables early Christmas morning. Data analysis is forthcoming. But for the moment I'll just remind you that, like CSI Miami, we never close.

Hey #infosec people, what are you using to detect leaked #discord API keys and tokens, and detect programs trying to steal those? (Also, if there's a way to generate #canary #discord #tokens please share).

🇲🇽 Cargamos.com, a package delivery company was exposing over 6 million files for over a year.

I've always opted to keep trying some other way to get a server closed instead of going public about the issue until earlier this week.
I've contacted multiple GOV/CERT emails in Mexico over multiple issues and I never got a meaningful reply.
The company ignored my contact, so I either let it go and see it posted eventually by some "ransomware" group or I make enough noise publicly that the company will get alerted about it.

Today, 2 days after an article came out on a Mexican news website, the exposure was closed down.

Read the article, in Spanish, that made the company close the server down:

https://www.publimetro.com.mx/noticias/2024/12/16/start-up-mexicana-deja-a-merced-de-hackers-6-millones-de-archivos-de-clientes-y-repartidores/

OK, a huge thumbs up to Byte Federal for their breach notification letter. They frankly admit where they screwed up and what happened. I wish more notifications were as clear and straightforward as this one.

https://databreaches.net/2024/12/17/a-positive-example-of-forthright-breach-disclosure/

Periodic reminder to reboot your routers. 📶🛜✅

SAME STATS, DIFFERENT IMPROVEMENTS...

@programming

After 12 months of managing bugs developers A, B, and C changed their approach.

Whose change is an improvement❓ What's your answer❓

Boosts appreciated! :boost_no: 🙂

More generally, the problem is domain independent.

Sharing this post from earlier this week about NTLM. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/. You should NOT wait until you start moving to Server 2025 to start on this. The LDAP Channel Binding audit alert was back ported to all the way to Server 2019. Enable this, see what WILL break and start fixing!

Scattered Spider Hacking Gang Arrests Mount With Teen:

Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.

This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.

https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/

lol
lmao

Sauce: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

So, apparently Thames Water is still using IT systems from the 1980s, which doesn't seem very ideal or secure for a critical infrastructure operator in 2024.

“The software we use is older than me, and some of the hardware is older than my dad,” says Siddharth*. He is one of a team fighting a daily battle to sustain ancient IT infrastructure at Thames Water."

Then later...

"The use of Lotus Notes is a signal of how starved of investment technology at the company has been since it was privatised in the late 1980s. Other examples of obsolete or near obsolete technology include wide reliance on 2G technologies, arrays of meters that remain analogue and require manual checks, and hardware that is often more than 30 years old." #infosec