Bozidar Spirovski

@[email protected]
61 Followers
70 Following
153 Posts
#Cybersecurity #SaaS #Fintech #Startup | Developing Great Teams | Mentoring | Amateur Cyclist | My own opinions | Photos on https://www.instagram.com/bspirovski_photos/
Websitehttps://www.beyondmachines.net
LinkedInhttps://www.linkedin.com/in/spirovskibozidar/
Show threadBozidar SpirovskiJun 8, 2023
@beyondmachines1
Teaching moment
1. Password reset without validation to gain access.
2.Sequential org IDs and IDOR to exfiltrate data.
3. #databreach
Bozidar SpirovskiJun 5, 2023

For all the fans of #cryptocurrency and all the fans of deploying directly to production without a blocking code review process.
A malicious code update stole millions...
#cybersecurity

https://beyondmachines.net/event_details/atomic-wallet-major-cybersecurity-breach-i-n-n-i-5

Atomic Wallet Major Cybersecurity Breach

Atomic Wallet, a popular multicurrency digital wallet provider, is investigating a significant breach resulting in the theft of hundreds of millions of dollars' worth of cryptocurrency from private wallets. Google has suspended downloads and updates for the Atomic Wallet app in Australia, and concerns have been raised about the security protocols and vulnerabilities in cryptocurrency platforms.

BeyondMachines
Bozidar SpirovskiJun 3, 2023
BeyondMachines Jun 3, 2023
"Operation Triangulation" - Details of Sophisticated Attack on Apple iOS
#cybersecurity #infosec #knowledge #awareness
https://beyondmachines.net/event_details/operation-triangulation-details-of-sophisticated-attack-on-apple-ios-g-j-o-z-m/gD2P6Ple2L
"Operation Triangulation" - Details of Sophisticated Attack on Apple iOS

Kaspersky's cybersecurity team is reporting an ongoing attack named "Operation Triangulation" targeting iOS devices through malicious iMessages. The attack exploits vulnerabilities in the system without user interaction, making it extremely dangerous. It is recommended to update iOS to the latest version and disable iMessage if unable to update to iOS 16.x.

BeyondMachines
Bozidar SpirovskiMay 29, 2023
BeyondMachines May 29, 2023
Swiss Cheese failure mode example - Google cloud database service critical vulnerability
#cybersecurity #infosec #knowledge #awareness
https://beyondmachines.net/event_details/google-cloud-database-service-patched-against-critical-vulnerability-itnews-c-d-v-n-b/gD2P6Ple2L
Swiss Cheese failure mode example - Google cloud database service critical vulnerability

Learning time - A critical vulnerability in the Google Cloud Platform (GCP) database service was patched by Google after a security researcher discovered a swiss cheese like combination of security gaps that allowed unauthorized access to sensitive files and privileges. The issue was addressed in April by Google before being publicly disclosed.

BeyondMachines
Bozidar SpirovskiMay 28, 2023
BeyondMachines May 28, 2023
Details of hacking campaign stelathy techniques targeting military and critical infrastructure
#cybersecurity #infosec #knowledge #Awareness
https://beyondmachines.net/event_details/details-of-alleged-chinese-hacking-campaign-spanning-from-small-businesses-to-military-j-g-1-y-e/gD2P6Ple2L
Details of hacking campaign stelathy techniques targeting military and critical infrastructure

Microsoft has detected a stealthy cyber attack by a Chinese state-sponsored group called Volt Typhoon, which focuses on espionage and information gathering. The campaign targets critical infrastructure organizations and aims to maintain long-term access to compromised networks, posing challenges for detection and mitigation. Microsoft has alerted affected customers and provided mitigation measures, including strong authentication and endpoint protection, while the National Security Agency (NSA) has released a hunting guide to counter the tactics employed by Volt Typhoon.

BeyondMachines
Bozidar SpirovskiMay 27, 2023
nixCraft 🐧May 27, 2023
who did this one? https://yourwife.zip/ lol
Bozidar SpirovskiMay 27, 2023
BeyondMachines May 27, 2023
A very messy fix - Emby remotely shuts down hacked user media servers, after not fixing a vulnerability for 3 years
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/emby-shuts-down-user-media-servers-hacked-in-recent-attack-bleeping-computer-n-r-y-o-v/gD2P6Ple2L
A very messy fix - Emby remotely shuts down hacked user media servers, after not fixing a vulnerability for 3 years

Emby has taken action to shut down user-hosted media server instances that were hacked due to a known vulnerability from 2020 and insecure admin account configuration. The attackers targeted vulnerable servers, exploited a flaw, and installed a malicious plugin to harvest user credentials. Emby has advised administrators to delete the malicious files, review server changes, and take additional security measures, while planning to release a comprehensive security update. The exact number of impacted servers remains undisclosed, but there are indications of a significant number being affected.

BeyondMachines
Bozidar SpirovskiMay 27, 2023
BeyondMachines May 27, 2023
#caturday #netcat
Bozidar SpirovskiMar 30, 2023
Name the band
Bozidar SpirovskiMar 27, 2023
CatHub Copilot