colinhay3s

@[email protected]
41 Followers
259 Following
241 Posts
Father, IT middle management, info-sec enthusiast, aspiring woodworker, enterprise software troublemaker, SQL nut. Any views expressed are my own.
TikTokhttps://www.tiktok.com/@makersganamake?lang=en
infosec.exchangehttps://infosec.exchange/@colinhay3s
colinhay3sJul 10, 2024
Matthew GreenJul 9, 2024
Very sophisticated attack against the RADIUS protocol that uses flaws in the protocol as well as a novel variant of the MD5 chosen prefix collision. Cryptography from the 90s never goes away! https://www.blastradius.fail/attack-details
BLAST RADIUS

colinhay3sJul 6, 2024
Jen GentlemanJul 6, 2024
When you neglect to put any stat points into sleath
colinhay3sJul 2, 2024
Pedro José Pereira VieitoJul 1, 2024

The OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in **plain-text** in a non-protected location:

~/Library/Application\ Support/com.openai.chat/conversations-{uuid}/

So basically any other running app / process / malware can read all your ChatGPT conversations without any permission prompt:

colinhay3sMay 1, 2024
Dare ObasanjoMay 1, 2024

Treating core IT infrastructure teams as a cost center you outsource cheaper countries is what you expect from IBM or a dying bricks and mortar business not a big tech that made $23.6 billion in profit last year.

What’s going on at Google?

colinhay3sApr 25, 2024
Slashdot Apr 25, 2024
Ubuntu 24.04 LTS 'Noble Numbat' Officially Released https://news.slashdot.org/story/24/04/25/2036234/ubuntu-2404-lts-noble-numbat-officially-released?utm_source=rss1.0mainlinkanon
Ubuntu 24.04 LTS 'Noble Numbat' Officially Released - Slashdot

prisoninmate shares a report from 9to5Linux: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software. Powered by Linux kernel 6.8, Ubuntu 24.04 LTS feature...

colinhay3sApr 24, 2024
Mr. BitternessApr 24, 2024
I get the impression that VPN endpoints are kind of important.
Attackers are exploiting Cisco ASA devices in the wild.
Cisco has fixed CVE-2024-20353 and CVE-2024-20359, but they have yet to discover the initial entry point vulnerability. 😬
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

Cisco Talos Blog
colinhay3sApr 15, 2024
BleepingComputerApr 15, 2024

Ciscos Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider.

https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-data-breach-exposed-sms-mfa-logs/

Cisco Duo warns third-party data breach exposed SMS MFA logs

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider.

BleepingComputer
colinhay3sApr 10, 2024
Ars TechnicaApr 10, 2024

Starting today, ISPs must display labels with price, speeds, and data caps

FCC's broadband labels now mandated for ISPs with at least 100,000 customers.

https://arstechnica.com/tech-policy/2024/04/starting-today-isps-must-display-labels-with-price-speeds-and-data-caps/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Starting today, ISPs must display labels with price, speeds, and data caps

ISPs comply with FCC rule after protesting requirement to list all fees.

Ars Technica
colinhay3sApr 9, 2024
BleepingComputerApr 9, 2024

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such.

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

Microsoft fixes two Windows zero-days exploited in malware attacks

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such.

BleepingComputer
colinhay3sMar 29, 2024
Ars TechnicaMar 29, 2024

OpenAI holds back wide release of voice-cloning tech due to misuse concerns

Voice Engine can clone voices with 15 seconds of audio, but OpenAI is warning of potential misuse.

https://arstechnica.com/information-technology/2024/03/openai-holds-back-wide-release-of-voice-cloning-tech-due-to-misuse-concerns/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

OpenAI holds back wide release of voice-cloning tech due to misuse concerns

Voice Engine can clone voices with 15 seconds of audio, but OpenAI is warning of potential harms.

Ars Technica