Cyber Security @cyber@m.futex.au

Concerning CrowdStrike:

We are now at t+26h. Please compare how much we knew about the xz-attack after less than a day with what we know about the chain of events of giant outage yesterday.

If something similar had been caused by an OSS component, we would see congress discussing a ban on open software in critical infrastructure already.

Thank you Crowdstrike for helping to illustrate that Open Source is not the problem.

I see the infosec industry has finally achieved security once and for all by shutting down every workstation connected to the internet

#sars2 is an airborne neurotrophic vasculitis.

Beyond breathing: How COVID-19 affects your heart, brain and other organs

https://www.heart.org/en/news/2024/01/16/how-covid-19-affects-your-heart-brain-and-other-organs

> "I would argue that COVID-19 is not a disease of the lungs at all," she said. "It seems most likely that it is what we call a vascular and neurologic infection, affecting both nerve endings and our cardiovascular system."

#Covid19 #sarsCov2 #covidIsNotOver #WearARespirator

Cisco CVE-2023-20198 exploitation activity: We see over 32.8K Cisco IOS XE IPs compromised with implants based on the check published by Cisco in https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/

IP data on implants shared out daily in: https://shadowserver.org/what-we-do/network-reporting/compromised-website-report/ tagged 'device-implant'.

..and the next sweet EOP issue!
EX682041 #incident #microsoft #exchange #facepalm

can i get uhh

a mcbios

please

Geometrical. #comics #math #geometry #moose

All existing #curl CVEs are now available as #JSON: https://curl.se/docs/vuln.json

All individual issues are also available as JSON, like for example CVE-2023-27538 like this: https://curl.se/docs/CVE-2023-27538.json

Enjoy!

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now https://nakedsecurity.sophos.com/2023/04/26/google-leaking-2fa-secrets-researchers-advise-against-new-account-sync-feature-for-now/

#infosec

WiFi protocol flaw allows attackers to hijack network traffic 👇🏾

"Cisco, admitting that the attacks outlined in the paper may be successful against Cisco Wireless Access Point products and Cisco Meraki products with wireless capabilities.

However, Cisco believes says that the retrieved frames are unlikely to jeopardize the overall security of a properly secured network."

https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/

Okta Post-Exploitation Method Exposes User Passwords https://www.darkreading.com/endpoint/okta-post-exploit-method-exposes-user-passwords

#hugops to #ghcr. Also, shipping changes around 5pm on a Friday?

Australian police arrest four BEC actors who stole $1.7 million

https://www.bleepingcomputer.com/news/security/australian-police-arrest-four-bec-actors-who-stole-17-million/

#Security

#TikTok

LOLLLLLL...(Look at the dates on the articles)

This is great - Google providing 100,000 free security keys through 2023 to high-risk users. (Though I am still disappointed that - after all of the joint early work Google did with Yubico - they went with Feitian instead of Yubico to provide the raw hardware for the current Titan Security Key series.)

https://blog.google/technology/safety-security/new-partnerships-and-100000-security-keys-to-protect-high-risk-individuals/

#securitykeys #google #yubico #yubikey

Holy shit this is going to be devastating #pixel #issue #security #vulnerability #infosec #android

https://acropalypse.app/

WHOA...Leave USB flash drives alone 👀👀

Journalist opens USB letter bomb in newsroom👇🏾

https://www.bbc.com/news/world-latin-america-65026522

Now patched Outlook zero-day gains PoC and growing concerns

https://www.scmagazine.com/news/email-security/outlook-zero-day-poc-concerns

"John Hogan told reporters today that advice from security experts prevents him from saying whether the province paid the group a ransom." #Hive #ransomware #newfoundlandandlabrador

https://www.thestar.com/news/canada/2023/03/14/ransomware-group-behind-2021-cyberattack-on-newfoundland-and-labrador-health-network.html