Minnesota Spy ClubMar 25, 2025

#iinfosec #QRC #Signal

https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Russian threat actors exploit Signal’s linked devices feature using malicious QR codes to gain persistent access to victims' accounts, Google warns.

The Hacker News
der.hansFeb 7, 2025

What's it going to cost to audit and cleanup the mess Musk and his henchlings have done?

#USpol #IinfoSec #ElonMusk

der.hansFeb 6, 2025

How much treasury code has Musk's henchlings copied into copilot or other AI slurp machines?

Did they include passwords and other credentials?

#USpol #IinfoSec #ElonMusk

Eddie.Oct 9, 2023

Reminder. For #iinfosec cyber defenders, there’s only one thing you can find where you are required by law to notify the feds immediately, before even your employer.

US Code Title 18 s2251

https://www.law.cornell.edu/uscode/text/18/2251

Reporting requirements are s2258

https://www.law.cornell.edu/uscode/text/18/2258A

You report it to the National Center for Missing and Exploited Children here:

https://report.cybertip.org/

I am extremely fortunate I’ve never run into it, but I know #blueteam and #dfir people who have.

Always be the good guys. And leave these bad guys to the professionals. The amateur ‘catch a predator’ people have fubar’ed cases by not following legal procedure. Don’t give the villains an out.

18 U.S. Code § 2251 - Sexual exploitation of children

LII / Legal Information Institute
Show threadSean Whalen 👨🏼‍🦼🏳️‍🌈🇺🇦🕊️Jul 4, 2023

This is far from the first vulnerability found in the FortiGate/FortiOS SSL VPN. I don't recommend it.

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Fortios+VPN

#Fortinet #FortiGate #RCE #Exploit #Patching #VPN #Vulnerability #VulnerabilityManagement #IInfoSec

CVE - Search Results

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

⁢Ƥĥąɳʈȯɱ   🎸 🏳️‍🌈 ⁂Jan 23, 2023
Roaming Mantis utilise des modificateurs de DNS pour cibler les utilisateurs via des routeurs publics compromis https://www.undernews.fr/malwares-virus-antivirus/roaming-mantis-utilise-des-modificateurs-de-dns-pour-cibler-les-utilisateurs-via-des-routeurs-publics-compromis.html #IinfoSec
Roaming Mantis utilise des modificateurs de DNS pour cibler les utilisateurs via des routeurs publics compromis | UnderNews

Le 19 janvier, les chercheurs de Kaspersky ont découvert une nouvelle fonctionnalité permettant de modifier les systèmes de nom de domaine (DNS), utilisée dans la campagne Roaming Mantis. Désormais, les cybercriminels peuvent utiliser des routeurs Wi-Fi compromis dans les cafés, les aéroports, les hôtels et autres lieux publics pour pouvoir contaminer davantage de smartphones Android

UnderNews
FeohFeb 2, 2022

Dear #iinfosec fediverse friends - Is there any way at all to configure SOCKS proxy settings *in the browser* anymore?

Or are my choices SOCKS all the things (NOT gonna fly) or find some other way to flout ludicrous port blocking restrictions? :)

(I mean, I GET why they exist. People are stupid, and stupid people WILL leak critical information that needs to NOT leak if you give them half a chance, but I am not stupid and take great care to not do that :)