Tanawts

@[email protected]
363 Followers
124 Following
920 Posts

Things are not always what they seem

Redfin | Rent Head of Information Security

Former Ubisoft Director of Security Operations
Microsoft Alumni | Former Director of MSRC's Cloud Incident Response | He/Him/Hrm | Philosopher & Ninja

SANS:
GCIH #16353 - Cerified Incident Handler
GWAPT #3274- Web Application Pen Tester
GXPN #164 - Exploit Researcher and Advanced Penetration Tester

TanawtsDec 10
Mark SimosDec 10

If you reward technology teams to ignore cybersecurity, they will.

If you think security teams can magically stop criminals and spies while this is happening, you are fooling yourself.

TanawtsSep 18, 2025
TaggartSep 17, 2025

Asciicinema joins the crab army! https://blog.asciinema.org/post/three-point-o/

#RustLang

3.0 · asciinema blog

News about asciinema development and new releases

TanawtsSep 17, 2025
Show threadKevin BeaumontSep 17, 2025

That one is straight outta the UK LAPSUS playbook btw, eg they frequently get access to Azure and start spinning up VMs and using them to host data from other victims, they daisy chain them together like The Data Centerpede so every victim hosts other stolen data.

ReliaQuest may have been detailing the Prosper incident there, we’ll see.

TanawtsSep 17, 2025
Kevin BeaumontSep 17, 2025

Jimmy Kimmel show got cancelled by his network for saying:

“The MAGA Gang desperately trying to characterize this kid who murdered Charlie Kirk as anything other than one of them and doing everything they can to score political points from it.. In between the finger-pointing, there was grieving,”

Good thing everybody is so concerned about free speech.

https://www.cnbc.com/2025/09/17/charlie-kirk-jimmy-kimmel-abc-disney.html

ABC pulls Jimmy Kimmel show off air 'indefinitely' over Charlie Kirk comments

Jimmy Kimmel suggested that Tyler Robinson, the man accused of killing Charlie Kirk, was aligned with President Donald Trump's MAGA movement.

CNBC
TanawtsSep 16, 2025

RE: https://infosec.exchange/@Enigma/115137776715198675

It sure does look like additional indicators are manifesting

https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages

TanawtsSep 10, 2025
Davey Sep 10, 2025
i don't know who needs to hear this, but
TanawtsSep 8, 2025
Kevin BeaumontSep 8, 2025

That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.

Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.

The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.

Show threadTanawtsSep 8, 2025
Ok, fixed, github updated their advisory to reflect the affected debug version: 4.4.2
TanawtsSep 8, 2025
Show threadKevin BeaumontSep 8, 2025
Phishing email sent to maintainers, they basically targeted people with 2FA by getting them to.. reset their 2FA.
TanawtsSep 8, 2025

It would be nice if Github could be talked to about their preference for strong wording, especially since there is a known left goal post associated with the poluted version of debug...

Instead, their post reads:

Patched Versions: None
Affected versions: All?
Remediation steps, blanket rotate all creds in all things with dependencies on debug?

<sigh> come on folks...

https://github.com/advisories/GHSA-8mgj-vmr8-frr6