Show more
<invalid character>  

I know I haven't posted one lately, but some might want a refresher, some might be new to it.

Use a password manager.

Most account compromises occur because a username/password combination was lifted off one breach and tried (successfully) on another site.

A pwd manager mitigates this because it can generate a unique password for each site and stores it so you don't have to remember hundreds of passwords: just 2. One for your computer, one for your pwd manager.


1+
<invalid character>  

New type of supply chain attack:

Compromise a subcontractor, forcing a very expensive entire re-write of software.

theregister.com/2020/11/12/chi

1
<invalid character>  

Old and busted: ransomware
New Hotness: ransomware gangs taking out facebook ads attempting to shame victims into paying

gizmodo.com/ransomware-hackers

0
<invalid character>  

Well, this is scary.

I had [incorrectly] assumed to get a blue check, you had to have 2FA turned on.

volkskrant.nl/nieuws-achtergro

Apparently, The president had neither a strong password or 2FA.


1+
<invalid character>  

@BlackRabbit - This is one of your simulated phishing emails isn't it?

1
<invalid character>  

Phone camera isn't working.

everything I read points to a hard reset as the probable fix.

But that means I have to go through and transfer a whole bunch of 2FA codes.

I was using Google Authenticator.... What's a good OTP app that survives resets?

1+
<invalid character>  

I like these

challenges.openideo.com/challe

0
<invalid character>  

so.,.. Barnes & Noble fell to a cybersecurity attack and it reads like it was a ransomware attack.

For the love of everything you hold dear.... just don't open emails these days.

or slack messages from ppl you don't know.

or links in text messages even if you do know them.

1
<invalid character>  

Any Indonesians 🇮🇩 on CoSo?

twitter.com/haveibeenpwned/sta

0
<invalid character>  

Iranian APT: "We'll hack all the things!"
"Let's record us doing it too!"
"Where are going going to put the recording?"
"Put it on the AWS server with the stuff we hacked."
"BTW, did you ever password protect that server?"
"..."
"..."

wired.com/story/iran-apt35-hac

0
<invalid character>  

"wormable" Windows DNS Server vulnerability found.

theverge.com/2020/7/14/2132435

1+
<invalid character>  

so uh... network peeps...

patch your F5s if you have any.

(you can do the research yourself for why, but the exploit is under 280 characters)

1+
<invalid character>  

other things have had connectivity pasted on:

Printers are a prime example. They have an unpatched apache browser baked in.

These make it nice and easy to set up, but they should not be allowed to accept connections from outside your home.

Please consult your device manuals and make sure you limit your home's internet footprint to only what you need.

1
<invalid character>  

This... this is horrible

nymag.com/intelligencer/2020/0

And if I can use this as an example of why you need to stay safe online: Make sure you know what you're posting publicly, and better yet, make sure it can't be traced back to you, even if you aren't in danger normally or aren't doing anything wrong. Internet trolls and vigilantes don't bother checking facts before attacking.

I know @BlackRabbit has posted about similar situations, so listen to him.

1
<invalid character>  

When you terminate employees, make sure you also rotate the passwords if the access to infrastructure cannot be locked behind a firewall or active directory SSO.

gizmodo.com/workers-at-hollywo

0
<invalid character>  

popping in quickly and leaving just as quick

If anybody wants to hone or learn some skills, you may want to sign up for OWASP virtual training:

appsecdays.org/

kthnxby
IC signing back off.

0
<invalid character>  

Just a reminder, if you get a link that was "mistakenly" sent to you about a "secret" stash, or "completing your order" of PPE that you can get by clicking a link/going somewhere....

it's a trap.

1+
<invalid character>  

Sorry if this is a duplicate but...

The CDC does NOT go door to door to conduct tests, surveys, or investigations.

Nor does the CDC call you on the phone randomly.

If this happens to you, do not give out your personal information, and contact authorities as soon as you can.

0
<invalid character>  

nbcnews.com/news/us-news/googl

“If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit,” McCoy said.

0
<invalid character>  

Just like everything that captures the attention of a large percentage of the world, criminals are using the Covid news to phish and spread malware.

blog.checkpoint.com/2020/03/05

(via @Kronykal on twitter)

1
Show more

<invalid character>
@[email protected]

cososec

314

securityhygiene

60

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…