Rachel Tobac just released a free security eBook!

Protect your company from cyber criminals

In this eBook, white hat hacker Rachel Tobac exposes the most prevalent cybersecurity threats of the day and shares actionable steps that your business (and employees) can take to protect against them.

Threat modeling

https://bitwarden.com/how-to-stop-hackers/

#cososec

I just got another "your password will expire in 8 days" notice from my district IT dept.

It's so frustrating that they continue to use such outdated security practices. NIST would like a word.

#cososec

Well this is sub-optimal. #cososec
Backdoored firmware lets China state hackers control routers with “magic packets”
The modified firmware used by BlackTech is hard to detect.

Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday.

https://arstechnica.com/security/2023/09/china-state-hackers-are-camping-out-in-cisco-routers-us-and-japan-warn/

#cososec ALERT 🚨
T-Mobile employee info has been breached. (Correction to previous post )

Inside ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players

https://www.404media.co/inside-shadowdragon-ice-babycenter-pregnancy-fortnite-black-planet/

#cososec

I seriously question whether LinkedIn is more effective for corporate networking or for providing attack vectors for social engineering.

#cososec

🚨🚨🚨 ALERT: Update all #Apple devices immediately.

The infamous Peagusus zero-click-delivery spyware from NSO is being actively spread.
#cososec #iOS #macos

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

I really feel for infosec pros and IT managers who get incredulous responses to simple requests for improving safety.

Below is a thread from a recording forum I belong to. I really tried to convince them that running a 12-year-old version of a known vulnerable torrent client was a bad idea. The pushback was disheartening. Chalk up an #InfosecFail on this one. #cososec

/nosanitize
https://taperssection.com/index.php?PHPSESSID=5561d6fa6439cd91b134cb7c34618cd8&topic=203259.0;all

Removing your information from these databases should be a priority. #cososec

https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

Anyone here at Hacker Summer Camp?
Maybe you might consider mentioning CoSo when social networks come up in discussion.

#BlackHat #cososec

People are losing more money to scammers than ever before.
Here's how to keep yourself safe.

https://apnews.com/article/scams-phishing-robocalls-facebook-marketplace-291255fc54f4bef161cb6155af562d96

#cososec

Looking for a great encrypted messenger that protects your privacy far better than Signal?

SimpleX Chat is what you're looking for. Several of us here have been using it for months. Highly recommended.

https://simplex.chat

#cososec

$5 billion Google lawsuit over ‘Incognito mode’ tracking moves a step closer to trial / Judge Yvonne Gonzalez Rogers denied Google’s push for a summary judgment in a lawsuit over the way it tracked internet activity even after users switched to ‘Incognito mode.’

https://www.theverge.com/2023/8/7/23823878/google-privacy-tracking-incognito-mode-lawsuit-summary-judgment-denied

#cososec

@rootsecdev
Welcome! It's good to see you here.
#cososec has a lot of content that may interest you.

Did you ever think about how posting current weather conditions could potentially reveal a lot about your location? This probably isn't a concern for most people, but if you are trying to remain anonymous online this could compromise you.

#cososec #osint

I posted earlier today (mistakenly) about Amazon being down. It turns out one of my network filter lists had updated and was causing my problem. Checked my #pi-hole logs, and it was blocking:

www.amazon.com
and
unagi-na.amazon.com

The first was obvious, but the second must be part of their regional CDN or something. Not sure why those domains were put on an ad filter list.

Anyway, lesson learned.
Always check your filters first, kids.

#InfosecFail
#cososec

Hackers manage to unlock Tesla software-locked features worth up to $15,000

A group of hackers have exposed an exploit that can unlock Tesla’s software-locked features worth up to $15,000.

Free heated seats and Full Self-Driving package, anyone?

https://electrek.co/2023/08/03/hackers-manage-unlock-tesla-software-locked-features/

#cososec

What's your hacker name? Reply below.
#cososec

MOVEit body count closes in on 400 orgs, 20M+ individuals
'One of the most significant hacks of recent years,' we're told

https://www.theregister.com/2023/07/20/moveit_victim_count/

#cososec

Serious question: Are there any legit reasons to be on darknets? Because I can't think of any reasons outside of doing illegal things and trying to catch the people doing those illegal things.

Just to be clear, I am not recommending all of you go test this theory for me. There's a lot of awful there, and you have to take certain steps to insulate yourself.

#cososec