Tanawts

@[email protected]
369 Followers
123 Following
937 Posts

Things are not always what they seem

Redfin | Rent Head of Information Security

Former Ubisoft Director of Security Operations
Microsoft Alumni | Former Director of MSRC's Cloud Incident Response | He/Him/Hrm | Philosopher & Ninja

SANS:
GCIH #16353 - Cerified Incident Handler
GWAPT #3274- Web Application Pen Tester
GXPN #164 - Exploit Researcher and Advanced Penetration Tester

TanawtsMay 28
Kevin BeaumontMay 28
Wrote a thing on Microsoft’s stance that not following their “responsible disclosure” process is criminal activity https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4?postPublishedType=repub
Microsoft’s stance on zero day exploits is a dumpster fire of their own making

Nightmare Eclipse vs Microsoft risks turning into a wildfire of corporate protection over cyber defence.

Medium
Show threadTanawtsMay 28
@GossiTheDog , can we get a signal boost? Cooldown enforcement on Extensions, Packages, and Plugins are Table stakes and should not be optional or missing features from MS.
TanawtsMay 28
Taggart May 27

Threat intel and Cybersecurity research firms: if you're not providing RSS feeds to your blog, you're hurting your brand.

Whatever traffic you think you're driving to the site by preventing analysts from ingesting feeds is outweighed by the reputational damage of not providing a service we expect and rely on.

And if your reason is because it's hard behind Cloudflare, well, you're telling on yourself twice.

TanawtsMay 27

If you are a GitHub Enterprise Server customer, you will need to take action. GitHub announced that one of the keys compromised by the threat actor breach was a signing key.

https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/

Investigating unauthorized access to GitHub-owned repositories

If any impact is discovered, customers will be notified via established incident response and notification channels.

The GitHub Blog
Show threadTanawtsMay 27

@briankrebs can we get a piece on the state of package/plugin/extensions Marketplaces being unconscionably behind on hygiene controls that have resulted in these supply chain worms?

Lack of MFA for publishers, lack of hygiene control on 3rd party submitted content, lack of cool down timers on packages/clients to protect themselves from rapidly spreading infections.

The whole framework has been ripe for exploitation. The garden has been left poorly tended we are now subject to the invasion of the worms as a result.

TanawtsMay 27

Visual Studio Code Extensions lack a means of enforcing a minimum age to protect against updates that spread worms. There is a feature request to compel Microsoft to add this festure functionality, it only has 212 likes today.
Please help give it a BIG signal boost!

https://github.com/Microsoft/vscode/issues/316867

Security: minimumReleaseAge setting for mitigating supply chain attacks on extensions · Issue #316867 · microsoft/vscode

In the last years, supply chain attacks have increased dramatically. A few examples in the VS Code extension ecosystem: AI-Slop ransomware test sneaks on to VS Code marketplace - BleepingComputer M...

GitHub
TanawtsMay 23

Very prudent slides from Blue Hat 2026 a few weeks ago.

"A compromised dev workstation is NOT a user endpoint compromise -- it is potentially a compromise of every service the workstations tokens can reach.

TanawtsMay 22

RE: https://flipboard.com/@techradar/gemini-siri-co-pilot-and-alexa-the-ai-wars-commence-kfgucor8z/-/a-OflcEtQKSR-yO5cRNZeTIA%3Aa%3A2416536031-%2F0

Yaaa, you will want Incident Reports to be certified organic...

Templates and style-guides are highly recommended though

Show threadTanawtsMay 22
This post aged well...
TanawtsMay 22

If you're keeping score, it's been a very big week

https://cybersecuritynews.com/megalodon-malware-github-repos/