anderskahlke - Network

We are so lucky that the regreSSHion vulnerability (CVE-2024-6387) is a race condition vuln and not an instant exploitation. Imagine having...

We are so lucky that the regreSSHion vulnerability (CVE-2024-6387) is a race condition vuln and not an instant exploitation. Imagine having the Crowdstrike incident and low complexity SSH vulnerability in the same month.

#infosec

Commercial spyware (like Microsoft Recall) is a bigger data privacy threat than actual threat actors. It's crazy that this isn't even a...

Commercial spyware (like Microsoft Recall) is a bigger data privacy threat than actual threat actors. It's crazy that this isn't even a controversial take.

Currently doing a risk assessment of our companies use of GenAI and a thought popped up around the integrity of output data that has been...

Currently doing a risk assessment of our companies use of GenAI and a thought popped up around the integrity of output data that has been "altered" due to bias filters.

Consider a scenario where we're analyzing communications or documents with racist or sexual undertones as part of a legal investigation or something similar.

Could the AI's bias filters, designed to avoid generating or interacting with offensive content, inadvertently omit or alter crucial parts of these datasets?

Im curious to hear if this is a legitimate concern and if there are any way of checking if the output given by the models have been "altered" due to bias filters.

#infosec #ai #cybersecurity

I want to do a write up on interesting unconventional c2 channels. Right now i have: Google Calender, Twitter, Pinterest. Image Providers...

I want to do a write up on interesting unconventional c2 channels. Right now i have: Google Calender, Twitter, Pinterest. Image Providers (Imgflig).

Does anyone have examples of others? Doesn't have to be exploited in the wild.

#cybersecurity #infosec #threat_intelligence #threatintel

Listening to Dark Synthwave while doing GRC work to make me feel like i am actually the hacker-type-person that i wish i was.Song:...

Listening to Dark Synthwave while doing GRC work to make me feel like i am actually the hacker-type-person that i wish i was.

Song: https://open.spotify.com/track/7oxnK2wg8qFv8EXyyxKDJ4?si=b59bcf1b5f284a69

#cybersecurity

Vendors really out here saying "Security is our number one priority" and then charging big bucks for a core security requirement like SSO....

Vendors really out here saying "Security is our number one priority" and then charging big bucks for a core security requirement like SSO.

"SSO-integration" marketed as a tiered feature and not as a basic requirement should honestly be a red flag (when it comes to spending).

#cybersecurity #infosec

This might be one of the most creative channels for c2 traffic i have seen. Using Google Calender Event descriptions. Github link:...

This might be one of the most creative channels for c2 traffic i have seen. Using Google Calender Event descriptions.

Github link: https://github.com/MrSaighnal/GCR-Google-Calendar-RAT

#threatintel

For the businesses moving away from LastPast:Remember to delete (or otherwise secure) the export of LastPast data after it is imported in...

For the businesses moving away from LastPast:
Remember to delete (or otherwise secure) the export of LastPast data after it is imported in the new solution. This sounds obvious but in a busy everyday life it might be forgotten. #infosec

Merry Christmas everyone! Wishing for a "Silent Night" for the IR-teams 🤞​

Merry Christmas everyone! Wishing for a "Silent Night" for the IR-teams 🤞​

Any interesting blogs/whitepapers for 2023 cyber security preditions?

Any interesting blogs/whitepapers for 2023 cyber security preditions?

November: The Twitter MigrationDecember: The LastPass Migration

November: The Twitter Migration
December: The LastPass Migration

How should one use Mastodon when having several hobbies/interests? Should I create different users and switch between them? Or just use a...

How should one use Mastodon when having several hobbies/interests?

Should I create different users and switch between them? Or just use a single user for different hobbies?

I have been on Google for almost all my life - and have decided to de-google.Are their any good sources to make this an easier process?

I have been on Google for almost all my life - and have decided to de-google.

Are their any good sources to make this an easier process?

Anyone have some good sources for learning Kubernetes (and container) security?White papers, videos, books, articles...#kubernetes #infosec

Anyone have some good sources for learning Kubernetes (and container) security?

White papers, videos, books, articles...

#kubernetes #infosec

Tomorrow the OpenSSL release version 3.0.7 addressing the first critical CVE since 2016. The CVE only affects OpenSSL versions 3.0.0...

Tomorrow the OpenSSL release version 3.0.7 addressing the first critical CVE since 2016.

The CVE only affects OpenSSL versions 3.0.0 through 3.0.6.

You can check your version on Linux with: "openssl version"

Will this be the next HeartBleed?

#vulnerabilities

A reminder to activate MFA for new users.Preferences > Account > Two-factor Auth. #twittermigration

A reminder to activate MFA for new users.

Preferences > Account > Two-factor Auth.

#twittermigration

This is confusing and cool.

This is confusing and cool.