See tagged statuses in the local BookWyrm community
NL. Horrible data breach.
The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.
A reminder that upgrading your server might shut down parts of the security related components and leave services unintentionally exposed.
Upgrading should not be done without proper filtering of unwanted incoming traffic (via for example a firewall in front of the server).
Here we can see some database passwords and cryptographic secrets exposed during #debian13 upgrade due to PHP being down while the httpd was not.
Social Engineering Hacking Systems, Nations, and Societies by Michael Erbschloe, 2019, CRC
This book analyzes of the use of social engineering as a tool to hack random systems and target specific systems in several dimensions of society. It shows how social engineering techniques are employed well beyond what hackers do to penetrate computer systems.
@bookstodon
#books
#nonfiction
#cybersecurity
#SocialEngineering
@Techcrunch recently discovered that scammers are impersonating the website’s reporters and event leads, using the TC’s reputation “to try to dupe unsuspecting business.” Rightly so, they’re infuriated. Here’s what’s going on: https://flip.it/UDj5-P
Thx @lina for exposing the #Copyrightmafia's #DNS-based #internetcensorship:
https://cuiiliste.de
As for circumvention: Just use #OpenNIC's DNS servers...
The sheer #Zensursula-Style bullshit is the #IllicitActivity! #ISP|s should have no right to interfere with any traffic (except to defend their own infrastructure from getting hacked) unless explicitly requested by customers to do so.
Thx @lina for exposing the #Copyrightmafia's #DNS-based #internetcensorship:
https://cuiiliste.de
As for circumvention: Just use #OpenNIC's DNS servers...
The sheer #Zensursula-Style bullshit is the #IllicitActivity! #ISP|s should have no right to interfere with any traffic (except to defend their own infrastructure from getting hacked) unless explicitly requested by customers to do so.
I do wish @ooni would take a look at the CUII blocklist and add that to their #OONIprobe to test for.
🚀 Cyber-News: Open-Source OSINT Tool for Infosec News!
Staying updated in cybersecurity just got easier! Cyber-News, a powerful open-source OSINT tool that aggregates the latest infosec news from a handpicked selection of trusted sources.
🔹 Features
✅ Real-time updates from a curated list of cybersecurity sources (OPML shared on GitHub)
✅ No registration needed—save custom filters as bookmarkable links
✅ Anonymous personal collections—build your own feed and share it with others
✅ RSS support—follow your tailored news stream anywhere
✅ Open-source & community-driven—contribute by adding new sources!
Perfect for researchers, analysts, and security pros who want a clean, customizable, and privacy-respecting way to track breaking infosec trends.
🔗 Try it now: https://cyber-news.it | Contribute on GitHub (https://github.com/ransomfeed/cyber-news)
#OSINT #CyberSecurity #InfoSec #OpenSource #Privacy #CyberNews
Would you use this tool? Let me know in the comments! 👇🔍
🎥 Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DevSecOps: More Than Just Pipelines”
📽️ https://twp.ai/4ioDxP
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims.
#Tech #PC #InfoSec #Security #CyberSecurityNews #Technology #News #Computing #CyberSecurity #Business #TechNews #Crypto #Bitcoin #BTC #Mozilla #FireFox #Hacking #SocialMedia #Mastodon #Fediverse
A coordinated cyberattack. 😲
We’ve just dropped the first draft agenda for @hack_lu ! The conference is taking place over 4 days (from Tuesday 21st October 2025 until the 24th October 2025)
This year’s edition is going to be wild, expect mind-blowing talks, hands-on workshops, extra CTF challenges during the conference, and plenty of fun activities.
Check it out and start planning your adventure!
🌐 https://2025.hack.lu/agenda/
#cybersecurity #conference #europe #luxembourg #hacklu #hacklu2025
I promised another shoe would fall... here is part one of the VexTrio origin story. It is just too big for one entry, so a few more will come in the next few weeks... and this is still a small fraction of what we know. The story of malicious adtech has long legs.
We had great reception at BlackHat. One of the most common questions was: why are you giving this talk? Simple. It's a story that needs to be told and one that is too big to carry alone. We are looking for message carriers in the media, champions in the government, partners in the industry.
Organized crime, predominantly Russian speaking, has a strong foothold in the advertising world - and they are ensuring the delivery of everything from dating scams to information stealers. Let's root them out together.
boosts for awareness appreciated.
I promised another shoe would fall... here is part one of the VexTrio origin story. It is just too big for one entry, so a few more will come in the next few weeks... and this is still a small fraction of what we know. The story of malicious adtech has long legs.
We had great reception at BlackHat. One of the most common questions was: why are you giving this talk? Simple. It's a story that needs to be told and one that is too big to carry alone. We are looking for message carriers in the media, champions in the government, partners in the industry.
Organized crime, predominantly Russian speaking, has a strong foothold in the advertising world - and they are ensuring the delivery of everything from dating scams to information stealers. Let's root them out together.
boosts for awareness appreciated.
#dns #threatintel #scam #malware #infosec #cybersecurity #cybercrime #infoblox
https://blogs.infoblox.com/threat-intelligence/vextrios-origin-story-from-spam-to-scam-to-adtech/
Heute hat das #BVerfG zum #Staatstrojaner-Einsatz entschieden und diesen für zulässig befunden.
Überraschend kam die Entscheidung nicht, denn die Rechtsprechung ist konservativer geworden. Auch wenn die Vorschriften daher nicht für nichtig erklärt wurden, sind die Abwägungskriterien zwischen #Cybersecurity, #Datenschutz und öffentlicher Sicherheit zumindest deutlich strenger geworden und der Eingriff in das #Computergrundrecht damit zukünftig schwieriger zu rechtfertigen:
https://www.zdfheute.de/politik/deutschland/staatstrojaner-strafverfolgung-bundesverfassungsgericht-100.html
Update in Sachen #KRITIS #Meldepflicht: Laut § 8a Abs. 3 BSIG haben Betreiber von Kritischen Infrastrukturen die Pflicht, die umgesetzten Maßnahmen zur #Cybersicherheit gegenüber dem #BSI nachzuweisen. Doch wie erfolgt der Nachweis im Einzelnen und welche Fristen muss man beachten?
Zu Antwort auf diese Frage hat das Bundesamt eine "Orientierungshilfe zu Nachweisen gemäß § 8a Absatz 3 BSIG" veröffentlicht, die jetzt vor Kurzem umfassend überarbeitet wurde:
https://www.bsi.bund.de/DE/Themen/Regulierte-Wirtschaft/Kritische-Infrastrukturen/KRITIS-Nachweise/OH_Nachweise/orientierungshilfe_node.html #cybersecurity
Finally I have a chance to read this one. For science, of course!
This also gave my old ipad from 2017 a purpose.
#Cybersecurity Alptraum #Hochschule: Öffentliche Hochschulen und Universitäten dürften so ziemlich die schlimmsten Organisationsformen für Cybersecurity Management sein - jeder Lehrstuhl will sich selbst verwalten und (fast) alle bringen ihre eigene IT unkontrolliert in das Netzwerk ein.
Da sie aber als öffentliche Körperschaft organisiert sind, können sich Personalschulungen als einer der sinnvollsten Wege zur flächendeckenden Verbesserung der Cyberresilienz erweisen:
https://www.mz.de/panorama/hochschulen-wollen-gemeinsam-cybersicherheit-verbessern-4089510
