<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018
🇬🇧 #CoSoSec
Looks like Vodaphone and Virgin may be loading on a root CA (a potential MitM attack vector) onto phones.
some reading for #CoSoSec
supply chain compromises
one of the more enlightening graphics I've seen reminds us, don't trust your trusted employees.
#CoSoSec, we've got to do better. Sharing passwords? Reusing passwords?
https://www.infosecurity-magazine.com/news/most-it-pros-share-and-reuse/
Multiple US .gov domains hit in serious DNS hijacking wave
If you're in charge of any cloud infrastructure.
protect.
your.
information!
51Gb of mortgage data found just sitting without so much as a password to protect it.
Can somebody with a FB account verify this?
The implications of this are staggering.
Facebook automatically weakens your passwords?
Wow, so much fail, so much f-up, so much word salad cover up.
https://www.ktva.com/story/39834995/state-sends-at-least-500000-letters-over-security-breach
The Trojan named in this article had been around since 2009, and they claim that "researchers" had yet to come up with a way to detect it for their virus scanner definitions. It as claims that there was almost no way that data was exfiltrated, but that's what this does.
Anyway, sorry, Alaskans, you're getting a "you've been breached" letter.
Take Google's phishing quiz, see how well you do!
#CoSoSec people,
My wife's W2 just showed up partially opened. Salary and SSN are visible with minimal effort.
Outside of a credit block, what can be done?
7 years of unencrypted but sensitive FBI and securities documents found just sitting exposed on the internet.
sigh - another nick in 2FA's armor.
an attacker can craft an email which will send you to a phishing server. This server will make you think you're entering your credentials and 2FA code, but in reality you're just entering it to the attacker.
listen, 2FA is still a good idea, but you need to make sure that you're actually going to the site you think you are. Check the link in emails, type it in manually.
This attack *doesn't* work on fob-based 2FA.
I just found out about this.
a free Day of SHEcurity event in Boston on February 22nd.
Remember that Town Of Salem breach earlier?
Yeah, well, if you were affected, then as if right now there is a 27% chance that your password is unhashed. (Now readable)
Devs.. don't use MD5 for hashing, but if you must, salt your passwords.
Everybody else... You don't know what kind of password security any given site is using so make sure that the password is unique and not guessable on another site.
Brilliant! Use Google's speech to text engine to defeat Google's recaptcha
and just like that Captcha's are broken again.
hey, everybody, I've told you before, and I'm sure I'm not the only one, but go to your router setup and disable uPnP.
There's at least 2 people scanning the internet and forcing chromecasts and smart TVs to play pewdipie videos.
BevMo checkout page compromised thousands of CC details sent to malicious actors
https://www.kcra.com/article/bevmo-warns-of-customer-credit-card-data-breach/25687810
Don't fall for this new Netflix flavored phishing scam.
https://mashable.com/article/netflix-phishing-scam-2018/#8xpMy9mGRkqR
San Diego school system SIS breached. Kids and faculty SSNs exposed.
https://www.tomsguide.com/us/san-diego-school-data-breach,news-28921.html
<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018