Brian Clark

@deepthoughts10@infosec.exchange
488 Followers
935 Following
3.9K Posts

#InfoSec #Cybersecurity #threatintel and Politics. I try my best.
Also @deepthoughts10@twitter.com

Searchable

Verified by Twittodonhttps://twittodon.com/share.php?t=Deepthoughts10&m=deepthoughts10@infosec.exchange
Find my tootsTootfinder
Brian Clark1d ago
Dissent Doe  4d ago

Heads up, folks:

Michael Kan reports that National Public Data is back under new owners: https://www.pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to

Here is the direct link to their opt-out page instructions:
https://nationalpublicdata.com/optout.html

I had opted out previously after their humongous #databreach last year. When I checked my name now, it did not find my profile, so if you opted out before, you may still be opted out, but better safe than sorry: check and opt-out if needed.

#NPD #NationalPublicData #OptOut #DataBroker #Privacy

Brian Clark2d ago
Cisco Talos3d ago
New Cyber Analyst course — now on YouTube! In eight episodes, learn key cybersecurity skills, from protocols and data protection to traffic monitoring and analysis, plus essential tools to boost your career: https://youtube.com/playlist?list=PLpPXZRVU-dX2iWgHkVUuZOemepnKVnb5k&si=q4eimAs4pshKOG-f
Brian Clark2d ago
Jason Stiff3d ago

When you're not sure what's happening, but it looks fun, and you want to be a part of it.

#dog #dogs #puppy #puppies #jumprope #soundon #funny #humor #cute #fun

Brian Clark3d ago
algernon's email address is safe to paste into a shell3d ago

PSA to people who've been using gzip bombs to deter crawlers: I was wrong. It works.

At least to some extent: I started noticing recently that some of the disguising bots set accept-encoding: identity, likely to avoid those gzip bombs, for every request, including HTML. You made them play catch up! CONGRATS, genuinely!

Sadly, contrary to my previous assumption, a header like this in itself is not a good indicator, because there are legit cases where a real browser will send it: such as when requesting a video, for example.

However, there's no good reason to set identity;q=1, *;q=0.

Brian Clark3d ago
Riker Googling4d ago
how do i stop holodeck programs from warning me that they use cookies
Show threadBrian Clark4d ago

@threatinsight
@BleepingComputer has a write-up on this too.

https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

BleepingComputer
Brian Clark4d ago
Pepijn4d ago

I'm on the server floor of a "highly secure data center with 24/7/365 surveillance, direct access control and robust perimeter security".

An actual duck just walked by. 🦆

The panic is absolutely glorious. I think this just became one of the highlights of my life.

Brian Clark4d ago
Dare Obasanjo4d ago
Epic series of tweets by Gavin Newsom. He nailed the style perfectly. Hilarious. 🤣🤣🤣
Brian Clark4d ago

Because FIDO-based authentication (Passkeys, YubiKeys, etc.) is so good the only way around it is to trick someone into not using it. That's essentially what a downgrade attack is. As a Microsoft #EntraID administrator you can prevent successful downgrade attack from affecting your users. Here's a few ways to mitigate the risk of downgrade attacks:

1) Have your users delete all MFA methods except for FIDO-based methods. That way there's no less secure method to downgrade to. Need redundancy? Register both a Passkey and a YubiKey.
2) Create Conditional Access policies requiring FIDO / Phishing-resistant MFA methods to access your important applications. Even if a user is successfully phished, the auth cookie they receive will not have the Phishing-resistant attribute, so it won't be able to be used to authenticate against apps that have these policies.
3) Create Conditional Access policies for important applications to require access from a managed device -- such as a EntraID-joined, Hybrid Joined or Intune-managed device. Similar to #2, if an auth cookie is stolen, it won't work from an attacker's system as that system won't be a managed device.

#cybersecurity

From: @threatinsight
https://infosec.exchange/@threatinsight/115017333270048604

Threat Insight (@threatinsight@infosec.exchange)

Proofpoint threat researchers have uncovered a way to sidestep FIDO-based authentication, a protection method used to block credential phishing and account takeover (ATO). Blog: https://www.proofpoint.com/us/blog/threat-insight/dont-phish-let-me-down-fido-authentication-downgrade While the tactic has not yet been observed in the wild, the discovery is a significant emerging threat and exposes targets to adversary-in-the-middle (AiTM) threats. Read our blog to understand how this potential threat questions the reliability of FIDO (Fast Identity Online) passkey implementations, an authentication method currently viewed as robust for verifying user identities and recommended for improving online security. #FIDO #authentication #ATO #MFA

Infosec Exchange
Brian Clark5d ago
Cisco Talos5d ago
The latest threat in the wild: A stealthy malvertising campaign spreading a powerful multi-stage malware Talos calls "PS1Bot." Find out what makes this campaign so dangerous and how it’s evolving: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/