David Shipley (he/him)

@[email protected]
241 Followers
171 Following
220 Posts
Pack lead at Beauceron Security. Passionate about putting people in control of technology. #cybersecurity. Ex-journalist. Canadian Veteran. Opinions my own. He/him.
Twitter@davidshipley
Websitewww.beauceronsecurity.com
David Shipley (he/him)Apr 19, 2025
Show threadKevin BeaumontApr 19, 2025

Here's another Recall issue I see.

I have the sensitive information filter option enabled, highlighted. If I update my credit card on Microsoft's website, it captures the card number, CVV and details, and indexes it into the text database too and stores it under 'credit card', accessible in search.

The only details obscured are by me altering the screenshot to remove some PII.

(If anybody is wondering, I also tried it with a real card number)

David Shipley (he/him)Apr 13, 2025

Chilling. Worth a read.

https://www.ctvnews.ca/world/article/via-porn-gore-and-ultra-violence-extremist-groups-are-sinking-hooks-online-into-the-very-young/

Via porn, gore and ultra-violence, extremist groups are sinking hooks online into the very young

Across Europe and further afield, the picture is similar: Counterterrorism agencies are grappling with a new generation of attackers, plotters and acolytes of extremism who are younger than ever and have fed on ultraviolent and potentially radicalizing content largely behind their screens.

CTVNews
David Shipley (he/him)Apr 12, 2025
Kevin BeaumontApr 12, 2025
Unsurprisingly many people getting the ‘you must leave the US now’ emails think they’re phishing. They’re being sent by DOGE. https://www.politico.com/news/2025/04/11/doge-immigration-taskforce-00287327
David Shipley (he/him)Apr 12, 2025
BleepingComputerApr 12, 2025

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities.

https://www.bleepingcomputer.com/news/security/tycoon2fa-phishing-kit-targets-microsoft-365-with-new-tricks/

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities.

BleepingComputer
David Shipley (he/him)Mar 28, 2025
Ars TechnicaMar 28, 2025
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini
Hacking LLMs has always been more art than science. A new attack on Gemini could change that.
https://arstechnica.com/security/2025/03/gemini-hackers-can-deliver-more-potent-attacks-with-a-helping-hand-from-gemini/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini

Hacking LLMs has always been more art than science. A new attack on Gemini could change that.

Ars Technica
David Shipley (he/him)Mar 27, 2025
BleepingComputerMar 27, 2025

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems.

https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/

Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems.

BleepingComputer
David Shipley (he/him)Mar 27, 2025
Ars TechnicaMar 27, 2025
Study of Lyft rideshare data confirms minorities get more tickets
Researchers ascribe it to "animus or prejudice against minority drivers."
https://arstechnica.com/science/2025/03/study-of-lyft-rideshare-data-confirms-minorities-get-more-tickets/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Study of Lyft rideshare data confirms minorities get more tickets

Researchers ascribe it to “animus or prejudice against minority drivers.”…

Ars Technica
David Shipley (he/him)Mar 26, 2025
Love this.
David Shipley (he/him)Mar 20, 2025
Ars TechnicaMar 19, 2025
Bird flu continues spread as Trump’s pandemic experts are MIA
Vacancies in a key office of pandemic preparedness raise concern.
https://arstechnica.com/health/2025/03/bird-flu-continues-spread-as-trumps-pandemic-experts-are-mia/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Bird flu continues to spread as Trump’s pandemic experts are MIA

Vacancies in a key office of pandemic preparedness raise concern.

Ars Technica
David Shipley (he/him)Mar 11, 2025
Show threadKevin BeaumontMar 11, 2025
Why it was good CISA had an internal red team, example 7537 of 419472385 - they once got into a federal org using a webshell left by a commercial red team on a prior engagement.