#infosec

psychmesu@diaspora.glasswings.com

https://infosec.exchange/@pixelnull/113454093869108122 pixelnull@infosec.exchange - if you're in infosec and haven't gotten a hold of any neighborhood-level or city-level non-profit orgs to try to get their IT and infosec infrastructures in order as a volunteer or maybe the library to have free courses people can take to learn how to protect themselves online.

*why the fuck not?*

make a plan now, it will take you 10 minutes. look for orgs that don't look like they have a lot of money. prioritize them. find out which org you want to help, get their number, and put it in your calendar for monday to call. if they don't need your help, ask them if they know of another place you can help. they probably know.

allow the fear and dread you have now to motivate you to actually act and make a promise you need to keep to another.

PARTICULARLY IF YOU ARE A WOMAN IN INFOSEC, FOCUS ON REPRODUCTIVE RIGHTS GROUPS AND AT RISK WOMEN'S SHELTERS, THEY WILL ONLY TYPICALLY DEAL WITH CIS WOMEN

also DO NOT chicken out just post some tutorials on your fucking feed or in some discord server nobody will see. that don't count. GO OUT INTO THE WORLD AND HELP HUMANS.

for example, i volunteer at a inner city non-profit that does after school programs for at risk youth. i teach basic compsci there, and mentor a few kids that want to go into infosec.

in infosec we are all EXTREMELY privileged...

FUCKING USE IT.

don't be a fucking poser leftist... this is where the fucking fist meets the Nazi's face

(and i swear to god, if you try to charge anybody, i will find you with my bike lock you fucking pig)

#volunteer #infosec #privacy #cybersecurity #mutualaid #cyberpunk #cypherpunk #elections #election2024 #anarchism #anarchist

psychmesu@diaspora.glasswings.com

https://infosec.exchange/@ceresbzns/113430694460165952 ceresbzns@infosec.exchange - Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498/14

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: https://delroth.net/posts/spoofed-mass-scan-abuse/

#tor #infosec #cybersecurity #threatintel #privacy

psychmesu@diaspora.glasswings.com

https://infosec.exchange/@screaminggoat/113390900486824005 screaminggoat@infosec.exchange - Operation Magnus Megatoot

EUROJUST: Malware targeting millions of people taken down by international coalition

U.S. Department of Justice: U.S. Joins International Action Against RedLine and META Infostealers

Netherlands Police: Internationale opsporingsdiensten ontmantelen infostealers (Dutch language)

ESET Research: ESET Online Scanner for Redline and META

Multiple press releases about Redline and Meta information stealers were published today after a 24 hour tease (see parent toot above). The European Union Agency for Criminal Justice Cooperation (EUROJUST) states that international law enforcement from the Netherlands, United States, Belgium, Portugal, the United Kingdom, and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium. The U.S. Department of Justice (DOJ) indicted Maxim Rudometov, one of the developers and administrators of RedLine Infostealer. "According to the complaint, Rudometov regularly accessed and managed the infrastructure of RedLine Infostealer, was associated with various cryptocurrency accounts used to receive and launder payments and was in possession of RedLine malware." The operation spun off of a tip from ESET last year that malware servers were hosted in the Netherlands. The Dutch press release mentions that a search and seizure was carried out at an infostealer customer's home, and multiple Telegram accounts advertising the infostealers were taken offline. ESET provides a free scanner to detect Redline or Meta infostealers. They provide useful instructions beyond running the scanner.

cc: @campuscodi @briankrebs

#operationmagnus #redline #metastealer #cybercrime #infosec #cybersecurity #cyberthreatintelligence #threatintel #CTI #pressrelease #doj #eurojust #politie

claralistensprechen3rd@friendica.myportal.social

Somebody needs to mention that Firefox has halted support for any Windows under 8, which stinks.


Avoid the Hack! :donor: - 2024-10-10 18:04:07 GMT

#Mozilla fixes #Firefox zero-day actively exploited in attacksTracked as CVE-2024-9680. A use-after-free vulnerability in part of Firefox’s Web Animations API, which could give the attacker code execution abilities.

Exploited in the wild, but not a lot of information on how users are targeted.

Mozilla has released a fix - users should update ASAP as upgrading is the best defense here against potential exploitation.

#cybersecurity #security #infosec #browsers

bleepingcomputer.com/news/secu…

anonymiss@despora.de

#Windows #Recall demands an extraordinary level of #trust that #Microsoft hasn’t earned

source: https://arstechnica.com/ai/2024/06/windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasnt-earned/

This, as many users in #infosec communities on social media immediately pointed out, sounds like a potential #security #nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a #PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

#bigdata #privacy #bigbrother #cybersecurity #software #os #surveillance #danger #warning #AI #fail #news

hackbyte@friendica.utzer.de

Things are really different in the #fediverse.

If i get a follow/connect/friendship request, it actually matters from _where_ that comes.

shitposter..club? GTFO, *delete*.

mastodon..social? Well, i need to see your profile and latest posts first.

infosec..exchange? Uh?? Well, tell me what you have to say ;)

On shitter, goggle plus, fuckbook and virtually _any_ other "social media" or "dating" site, it's completely irrelevant what your "domain" is.

And while still not using BS, i imagine it's virtually the same over there, cuz you can enter your own domain at will, but are not actually hosting shit at all.......

#infosec #mastodon #shitposter #follow #requests #RandomShit ;)

tresronours@parlote.facil.services

Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents

A group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.

The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.

Breach Announcement on BreachForums

The announcement was made on a forum known as BreachForums, where a user with the handle “IntelBroker” posted a message to the community.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The post, dated April 2, 2024, claims that the data was obtained by infiltrating Acuity Inc, a company alleged to work closely with the US government and its allies.

According to a recent tweet by HackManac, the alleged security breach at Acuity Inc has resulted in the exposure of highly sensitive intelligence documents belonging to the Five Eyes Intelligence Group (FVEY).

[

#DataBreach

](https://twitter.com/hashtag/DataBreach?src=hash&ref_src=twsrc%5Etfw)

Alert ⚠️

🇺🇸

[

#USA

](https://twitter.com/hashtag/USA?src=hash&ref_src=twsrc%5Etfw)

: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.

The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,…

[

pic.twitter.com/qGV8IUmkT7

](https://t.co/qGV8IUmkT7)

— HackManac (@H4ckManac)

[

April 3, 2024

](https://twitter.com/H4ckManac/status/1775402497768628236?ref_src=twsrc%5Etfw)

The hackers assert that the breach resulted in acquiring full names, emails, office numbers, personal cell numbers, and government, military, and Pentagon email addresses.

⚠️

[

#BREAKING

](https://twitter.com/hashtag/BREAKING?src=hash&ref_src=twsrc%5Etfw)

⚠️Allegedly, notorious threat actor IntelBroker, has released National Security Documents and data. Per IntelBroker below..

[

#Clearnet

](https://twitter.com/hashtag/Clearnet?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWebInformer

](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)

[

#Cyberattack

](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)

[

#Cybercrime

](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

#CTI

](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)

[

#NSA

](https://twitter.com/hashtag/NSA?src=hash&ref_src=twsrc%5Etfw)

Documents belonging to the Five Eyes Intelligence..

Compromised Data:…

[

pic.twitter.com/I5n41utQN9

](https://t.co/I5n41utQN9)

— Dark Web Informer (@DarkWebInformer)

[

April 2, 2024

](https://twitter.com/DarkWebInformer/status/1775295354910466200?ref_src=twsrc%5Etfw)

The compromised data also includes classified information and communications between the Five Eyes countries and their allies.

Implications of the Leak

If confirmed, the leak could have significant implications for national security and the operational integrity of the intelligence-sharing network.

The Five Eyes alliance is known for its collaborative intelligence gathering and analysis efforts, playing a pivotal role in global security operations.

At the time of reporting, there has been no official statement from any of the Five Eyes member countries or Acuity Inc. regarding the authenticity of the leaked documents or the extent of the breach.

The silence from official channels has led to speculation and concern among cybersecurity experts and government officials alike.

Cybersecurity agencies are likely to conduct thorough investigations to ascertain the validity of the claims made by the hackers.

The incident underscores the persistent threat cybercriminals pose to national and international security.

`Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide`

The post Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

tresronours@parlote.facil.services

Nemesis Market: Leading Darknet Market Seized

The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.

This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.

The Rise of Nemesis Market

Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today

  • Difference between CVSS-specific vulnerability vs risk-based vulnerability

  • Evaluating vulnerabilities based on the business impact/risk

  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.

The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.

The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.

The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.

Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.

The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.

According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.

🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.

[

#Nemesis

](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWebInformer

](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWeb

](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)

[

#Cybersecurity

](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)

[

#Cyberattack

](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)

[

#Cybercrime

](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

#CTI

](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)

[

#Darknet

](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)

[

pic.twitter.com/P22VDSo79v

](https://t.co/P22VDSo79v)

— Dark Web Informer (@DarkWebInformer)

[

March 21, 2024

](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)

The Impact on the Darknet Landscape

The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.

This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.

However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.

The dynamic nature of the darknet means that as one market falls, others rise to take its place.

Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.

The Future of Cyber Law Enforcement

The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.

Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.

As the digital landscape evolves, so do the strategies of those operating within it.

The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.

The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.

It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.

While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

tresronours@parlote.facil.services

Nemesis Market: Leading Darknet Market Seized

The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.

This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.

The Rise of Nemesis Market

Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today

  • Difference between CVSS-specific vulnerability vs risk-based vulnerability

  • Evaluating vulnerabilities based on the business impact/risk

  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.

The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.

The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.

The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.

Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.

The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.

According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.

🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.

[

#Nemesis

](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWebInformer

](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWeb

](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)

[

#Cybersecurity

](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)

[

#Cyberattack

](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)

[

#Cybercrime

](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

#CTI

](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)

[

#Darknet

](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)

[

pic.twitter.com/P22VDSo79v

](https://t.co/P22VDSo79v)

— Dark Web Informer (@DarkWebInformer)

[

March 21, 2024

](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)

The Impact on the Darknet Landscape

The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.

This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.

However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.

The dynamic nature of the darknet means that as one market falls, others rise to take its place.

Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.

The Future of Cyber Law Enforcement

The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.

Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.

As the digital landscape evolves, so do the strategies of those operating within it.

The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.

The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.

It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.

While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

tresronours@parlote.facil.services

PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability

A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer.

This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems.

Understanding the Vulnerability(CVE-2024-1403)

The vulnerability arises when the OpenEdge Authentication Gateway (OEAG) or the AdminServer is configured with an OpenEdge Domain that utilizes the OS local authentication provider.

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely

  • Set up virtual machine in Linux and all Windows OS versions

  • Work in a team

  • Get detailed reports with maximum data

If you want to test all these features now with completely free access to the sandbox:

Analyze malware in ANY.RUN for free

This configuration can lead to unauthorized access during login attempts due to a flaw in the authentication routines.

Specifically, the vulnerability allows authentication success to be incorrectly returned from an OE local domain under certain conditions, such as when unexpected content is present in the credentials passed during the login process.

Affected versions include OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.

The vulnerability has been addressed in the latest updates: OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.

Community Progress has addressed the issue and has Updates in OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.

Impact and Affected Components

The vulnerability has a broad impact, potentially affecting various components of the OpenEdge platform, including:

  • OpenEdge Database access through OEAG

  • AdminServer logins via OpenEdge Explorer (OEE) and OpenEdge Management (OEM)

  • Database Servers accepting OEAG-generated tokens

  • Secure Token Service Utilities

  • Pro2 web application utility for Pro2 management

Ptrace SecurityGmbH recently tweeted about a security vulnerability, CVE-2024-1403, that affects Progress OpenEdge software.

The vulnerability allows for authentication bypass, potentially putting sensitive information at risk.

CVE-2024-1403 Progress OpenEdge Authentication Bypass

[

https://t.co/unaXvH5iIV

](https://t.co/unaXvH5iIV)

[

#Pentesting

](https://twitter.com/hashtag/Pentesting?src=hash&ref_src=twsrc%5Etfw)

[

#CyberSecurity

](https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

pic.twitter.com/ZlcONLkCWh

](https://t.co/ZlcONLkCWh)

— Ptrace Security GmbH (@ptracesecurity)

[

March 8, 2024

](https://twitter.com/ptracesecurity/status/1766048766702809288?ref_src=twsrc%5Etfw)

Mitigation and Upgrade Instructions

A Proof of Concept (PoC) exploit has been made available for a significant vulnerability identified in the OpenEdge Authentication Gateway and AdminServer.

This flaw can potentially be exploited by attackers to gain unauthorized

For users running vulnerable versions of OpenEdge, upgrading to the fixed versions is crucial.

The fixed versions are:

  • Vulnerable Version: OpenEdge Release 11.7.18 and earlier

Fixed Version: OpenEdge LTS Update 11.7.19

  • Vulnerable Version: OpenEdge Release 12.2.13 and earlier

Fixed Version: OpenEdge LTS Update 12.2.14

  • Vulnerable Version: OpenEdge Release 12.8.0

Fixed Version: OpenEdge LTS Update 12.8.1

For those unable to upgrade immediately, temporary mitigation steps include library replacement and domain replacement mitigation for OEAG and AdminServer mitigation strategies, such as using AdminServer Group controls and disabling the AdminService.

The release of the PoC exploit for CVE-2024-1403 underscores the importance of maintaining up-to-date security measures in software systems.

OpenEdge users are urged to review their systems, apply the necessary updates or mitigations, and remain vigilant against potential unauthorized access attempts.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

me@social.jlamothe.net

Sitting in a waiting room in a medical imaging place and they have an ad for their app to get your results on a mobile device. Among other things, it reads:
"Permanently store them with bank level encryption" (emphasis theirs)

In my experience, if banks are their gold standard of #infosec, I really don't want my medical data anywhere near this system. Just sayin'.

harald@hub.volse.no
Date: Wed, 10 Jan 2024 06:34:14 -0600
From: BnkIDNorge <bnkidnorge\@gmail.com>
To: *******@*******.***
Subject: Valider dataene dine

Ja, den går vi på...

Er forøvrig ekstremt mye av denne typen phishing svindler nå. Får du epost som utgir seg for å være fra BankID, Vipps, Spotify, Netflix, OnePark eller andre som ikke vanligvis sender deg epost, så vær på vakt. Det er i alle tilfeller bedre å slette enn å gå i fella!

#phishing #svindel #norsk #infosec

harald@hub.volse.no

Image/photoBleepingComputer wrote the following post Mon, 27 Nov 2023 19:38:49 +0100

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.

https://www.bleepingcomputer.com/news/google/google-drive-users-angry-over-losing-months-of-stored-data/


Perhaps we can finally dismiss the notion that storing things "in the cloud" is safe now? It's never been true, even though it's rarely as bad as this. You need backups, and you need to have multiple vendors if you do want to use cloud as your storage model.

Also this:

A notable aspect of the situation is that Google's support forums are backed by volunteers with limited insight or understanding of the cloud service (...)

Why would anyone work for free for one of the worlds most profitable companies? And one as shitty as Google on top of that. That really baffles me.

#cloud #OtherPeoplesComputers #google #infosec