Rob Ricci
| web | https://whyli.me |
mle✨
- 746 Followers
- 319 Following
- 617 Posts
👽 security research ✨data science 👟 runner 💁🏻♀️ she/her
#infosec / #ml / #cti / #threatIntelligence / #threatResearch / #python / #psychology / #cognitiveScience / #running / #coffee
Push your boundaries or they will become your limits. ⛰️ If I ever go missing, please don’t let the news call me a jogger.
In honor of #WorldPasswordDay, I looked at the Internet exposure of 5 different password manager products with web-accessible vaults.
Vaultwarden was the most popular by far (62% of instances observed), followed by Passbolt and Bitwarden.
I did a deeper dive on Vaultwarden and Bitwarden and was surprised to see how relatively current these instances were:
+ 64% of Bitwarden instances appear to be running a version ~6 months old or newer
+ 65% of Vaultwarden instances appear to be ~5 months old or newer
Read more:
some days, you just go ahead and make the second espresso shot at the same time as the first. why even pretend you aren't going to need it?
The R Foundation 
Today marks 50 years since John Chambers and Rick Becker presented a new project to colleagues at Bell Labs - an interactive environment that became the S language.
For more details, see the #RStats blog entry "S at 50":
"One of the biggest concerns is that people often view power issues – such as unexplained physical damage, safety system failures, and mysterious outages – as glitches, but not necessarily a potential cyberattack."
Maybe I'm living in a cyber echo chamber, but I feel like people immediately press the "it's a cyberattack" button anytime there's literally anything going on with utilities these days?
https://www.darkreading.com/cyber-risk/electricity-growing-area-cyber-risk
Last summer I looked at the Internet exposure of a few #ICS devices that have historically been the subject of attacks by Iranian threat actors. Given continued activity in the region, I refreshed that data and took another look at exposures.
Good news: all four device/software types showed at least a slight decrease in exposures since last June, even if we aren't entirely sure why.
More details + graphs here: https://censys.com/blog/ics-iran-part-2-revisiting-exposure-of-previously-targeted-ics-devices/
Last summer I looked at the Internet exposure of a few #ICS devices that have historically been the subject of attacks by Iranian threat actors. Given continued activity in the region, I refreshed that data and took another look at exposures.
Good news: all four device/software types showed at least a slight decrease in exposures since last June, even if we aren't entirely sure why.
More details + graphs here: https://censys.com/blog/ics-iran-part-2-revisiting-exposure-of-previously-targeted-ics-devices/