Mastodawn

Kitkat Jun 1, 2023

David Amador May 31, 2023

Gigabyte been selling motherboard with hidden backdoors that can download and execute software, more than 270 models affected https://www.wired.com/story/gigabyte-motherboard-firmware-backdoor/

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

WIRED

Kitkat Jan 9, 2023

Pete H

CISSP/ISO27K Jan 9, 2023

Some Amazing FREE Cyber Security Courses to start a new year.

— Cyber Foundations —
ISC(2) Certified in Cyber - https://lnkd.in/e6jB_6af
Cyber Security - https://lnkd.in/eueCSF6A
Cisco Cyber Induction - https://lnkd.in/e8C3jacc
Cisco Cyber Essentials - https://lnkd.in/eTQNsbyF
Fortinet NSE - https://lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - https://lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - https://lnkd.in/eJbyZp_9
RedTeaming - https://lnkd.in/et_T2DEa

— Vulnerability Management —
Qualys - https://lnkd.in/eDWu2zyT

— SOC —
Splunk - https://lnkd.in/et5bkjeY

— Engineering —
Secure Software Development - https://lnkd.in/ebGpA4wG
Maryland Software Security - https://lnkd.in/e3z4zFmJ
Stanford Cyber Resiliency - https://lnkd.in/eg9BM5Bv

— Core Skills —
Cisco Network Essentials - https://lnkd.in/eJQFjmcA
AWS Cloud - https://lnkd.in/e_auX7VE
Azure Cloud - https://lnkd.in/e4UacMGK
GCP Cloud - https://lnkd.in/eDNWnVsD
#cybersecurity #cybersecuritynews #cybertraining #hacking #freecourses #infosec

Certified in Cybersecurity Certification | (ISC)²

Certified in Cybersecurity from (ISC)² — the new entry-level certification from world’s leading cybersecurity professional organization known for the CISSP.

Kitkat Jan 9, 2023

yawnbox Jan 9, 2023

"We (winterdeaf kientuong114 and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at https://breakingthe3ma.app/; mini-thread follows. #threema"

https://twitter.com/kennyog/status/1612335529558777862

Three Lessons from Threema: Analysis of a Secure Messenger

Kitkat Jan 8, 2023

0xor0ne Jan 3, 2023

Heap exploit series by @ch0pin

#exploit #infosec #heap

The toddler’s introduction to Heap exploitation (Part 1)

In my introductory post I talked about dynamic memory allocation and I referenced various implementations that are used to tackle this problem. In this post I am going to focus on the GNU C library’s…

Medium

Kitkat Dec 30, 2022

Nick Selby

Dec 30, 2022

Read the BBC story about the guy suing Hershey for high levels of lead and cadmium and thought, “They should be able to keep the lead and cadmium out of the chocolate”. Then I read the Consumer Reports piece on the problem. Wow. You should, too. https://www.consumerreports.org/health/food-safety/lead-and-cadmium-in-dark-chocolate-a8480295550/

Lead and Cadmium Could Be in Your Dark Chocolate

Consumer Reports tested 28 dark chocolate bars and found cadmium and lead in all of them. Here's how to limit your heavy metal exposure.

Consumer Reports

Kitkat Dec 27, 2022

mc.fly Dec 27, 2022

In 3 minutes there's the talk "perimeter security is dead get over it" in the main room. #HIP22

We're just waiting for the maintenance on the network to be finished

Kitkat Dec 23, 2022

Graham Cluley Dec 23, 2022

LastPass hacker accessed backup of customer vault data including unencrypted website URLs and *encrypted*website usernames and passwords, secure notes, and form-filled data.

Thank goodness LastPass doesn’t know its users’ master passwords.

I’m sure LastPass wanted to be as transparent as possible about this, and get the news out quickly to users.

It’s just unfortunate some might not see it due to proximity to Christmas.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog

Kitkat Dec 11, 2022

Simon Elvery Dec 10, 2022

Your regular reminder that #MachineLearning models (or #AI, if you insist on ignoring the meaning of 'intelligence') will repeat and reinforce any #bias that already exists in society.