People keep saying 'you shouldn't do this', 'you shouldn't do that' and just scold you to try and get you to be better at securing your information and no matter what it doesn't seem like enough
I've got a password manager! Yubikeys! I browse the net using a mullvad VPN. Hell, I've replaced every damn gadget in my house with a smart equivalent! What more do you want me to do??
Scooplet: #Cybersecurity pioneer Kevin Mandia is stepping down from leading the famed company he founded 20 years ago, #Mandiant, which Google bought in Sept. 2022. He will remain an advisor. The onetime Air Force investigator all but created the deep "threat intelligence" part of the security private sector, developing and sometimes publishing detailed information tying specific breaches to non-U.S. governments or even individual foreign hackers. Mandia told the Post earlier this month that he would never retire. But he has spent more of his time in the past year investing in and advising other security companies, while Mandiant functions have been absorbed into Google's cloud business. "I will transition to an advisory role, effective May 31," Mandia said in an internal email Tuesday. "We will continue to move the mission forward-preventing and countering cyber attacks-and hopefully imposing greater risk to the criminals who hide behind anonymity and safe harbors." #infosec
Big fan of this: smart curtains company Slide is shutting down, but they offer one last update which enables its consumers to keep their curtains running through a local API. Great solution for an increasingly prevalent situation in which consumers are left with IoT devices that no longer function because the manufacturer stops existing (see VanMoof, Gigaset, and more).
🚨UNVERIFIED🚨A threat actor has allegedly leaked the database of #DOXBIN, which was leaked originally by the owner Arion Krutaj aka White aka Breachbase.
BTW there is some good password managers out there, that you and your teams should probably be using; 1Password, BitWarden, KeypassXC, to name a few. A Reddit user put together this good comparison sheet.
A recent report from Rapid7 highlights a malvertising campaign that has targeted IT professionals which, is some cases, led to ransomware deployment. In these attacks, WinSCP (a remote file transfer tool) and PuTTY (a secure SSH client) were abused. The adversary included a Malicious DLL with the legitimate copy of the applications and used the technique of DLL-Sideloading to infect the victim. Another tactic that was observed is the abuse of locations not commonly used by employees, the C:\Users\Public\Downloads directory. By dropping their tools and malware in this location the adversary has a better chance to hide. This is a great technical analysis of this campaign and I barely did it any justice! Go check out the rest of the details!
If you are on the hunt for #ransomware, check out this Cyborg Security Community hunt package to capture the evidence of files with common ransomware note file extensions. Enjoy and Happy Hunting!
🚨Database For Sale🚨A threat actor is allegedly selling access to a database that specializes in selling 3D printers and components mainly for companies. Most buyers are from 🇺🇸. 370MB full dump.
🚨MAJOR DATA BREACH🇪🇸🚨Notorious threat actor, Chucky, has allegedly breached the database of atSistemas aka knowmad mood. The leaked data is from their CRM system & includes various types of information.
⚠️Telegram⚠️Astounding from SecretForums has announced that they are giving ex BreachForums members a similar rank to what they had on site. secretsmt222qvdg6rcmgvx4dqqc2673yzyxjrrnabwklnn6qddyv5ad[.]onion
Passwords must be between 8 and 20 characters, and some special characters are allowed. Users with randomly-generated passwords may find it particularly annoying to generate a password that works for their password safe.