T-1 day to @pancakescon 4! The Taggart Institute is thrilled to be running the Mock Incident Response Village during the con. Come join us to participate in a simulated website compromise designed to look and feel just like the real thing! We hope to see you there!

https://pancakescon.com

#pancakescon

RT @ravenben
It's a big day.
Glaze, our tool for protecting artists against AI art mimicry, is now available for download/use at https://glaze.cs.uchicago.edu

Glaze analyzes your art, and generates a modified version (with barely visible changes). This "cloaked" image disrupts AI mimicry process.

Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians.

https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/

As a board member for @BlueTeamCon and @CircleCityCon I'm always looking for ways to make our cons more welcoming. Can you help by sharing your feedback, either here or privately?

- Did you submit a CFP to either? Why or why not?

- Do you plan to attend either? Why or why not?

Truly appreciate you and anything shared privately will stay between you and I (I promise). 💜​

I would like to do a #FollowFriday sort of thing during #WomensHistoryMonth; who are some rad #makers on #Mastodon that I should include? (yes, you can and should suggest yourself!!) 💙✨

(please boost and share and let me know any other ideas you have to celebrate/recognize/support/lift 💗)

You definitely want to update Microsoft Office.

MDSec beat me to it on CVE-2023-23397, it's supppper easy to exploit + works with remote images disabled - turns out the spec (which is open) has a function to specify a sound when an Outlook email arrives - which loads via UNC and sends NTML password hash for AD account to internet = no click cred theft, PoC in wild.

#CVE202323397 https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/

This copied direct from Bird Site as I really cba writing again

Safe to say if you got a phish from the [@]namecheap
email the other day you will be getting more, possibly even today, I've had two reports already. I would assume they took the whole contact list Karma is a bitch eh [@]NamecheapCEO

The box for dropping samples, I did share on Mosto but forgot to share on here is https://mega.nz/filerequest/ZzjqDG7dIiw throw em in raw or give them a quick edit to get your email and infra out it doesn't matter.

*Masto

Also if anyone has ever used the following services

[@]iterable
- their domain appears in the unsubscribe link
http://crowdskout.com - This is the sender domain

Sample I've seen so far comes through Amazon SES