https://xkcd.com/3103/
homepage | https://lukasz.bromirski.net |
homepage | https://lukasz.bromirski.net |
CISA has asked organizations to install firmware updates or restrict access to pan-tilt-zoom security cameras from four vendors
Firmware updates are only available for PTZOptics camera models.
ValueHD, multiCAM, and SMTAV have failed to reply to security researchers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
Bellingcat and our partners at Kenya’s Daily Nation have identified Kenyan-labelled crates of ammunition inside an alleged RSF depot close to the recently recaptured Sudanese capital Khartoum. Although we couldn’t independently verify the contents of every crate identified, tins with ammunition matching the labels on the crates were found nearby among the captured weapons displayed […]
Interesting links of the week:
Strategy:
* https://www.security.gov.uk/policy-and-guidance/policy/cyber-incident-exercising/ - HMG standards on cyber exercises
* https://uktl.org.uk/ - UK telecoms lab opens
* https://openai.com/index/scaling-coordinated-vulnerability-disclosure/ - scaling disclosure
* https://www.gsma.com/solutions-and-impact/technologies/security/gsma_resources/fs-57-mobile-threat-intelligence-framework-motif-principles/ - the MoTIF framework for telecomms threats
* https://blogs.cisco.com/security/foundation-sec-8b-reasoning-worlds-first-security-reasoning-model - security reasoning with AI
Threats:
* https://www.europol.europa.eu/publication-events/main-reports/steal-deal-and-repeat-how-cybercriminals-trade-and-exploit-your-data - Europol's latest cyber crime threat assessment
* https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-june-2025/ - reported uses offensive AI
Detection:
* https://www.cisco.com/c/en/us/products/collateral/security/telco-siem-framework-wp.html - detecting telecomms threats
* https://blog.talosintelligence.com/compartmentalized-threat-modeling/ - bringing TM to traditional TI operations from @TalosSecurity
Exploitation:
* https://www.tenable.com/blog/abusing-client-side-extensions-cse-a-backdoor-into-your-ad-environment - abusing cient-side extensions
* https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/AI-Finance_Test-Criteria.html - test criteria for AI in FSI
Hardening:
* https://raesene.github.io/blog/2025/06/09/am-i-still-contained/ - am I still contained from @raesene
* https://www.joindns4.eu/for-public#resolver-options - protective DNS for EU
* https://www.rand.org/pubs/research_reports/RRA2849-1.html - hardening AI models against weighting manipulations
Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a ton of new stuff in this version, including:
And lots more. Now, with all this addition, plus the work to make it, I've had to increase the price to $29.99 USD. I know that's a lot. But for what THA is, I still think it's fair. But I'm also running a sale right now. Code OMGVERSIONTHREE gets you 50% off until the end of June.
And of course, if you've already purchased THA, you just got access to the new version. Thanks for being an early supporter!
I hope you love this new version of the book. I'm really happy with how it turned out.
And seriously: thank you to everyone who's supported @thetaggartinstitute over the years, and especially the folks who have purchased and enjoyed The Homelab Almanac. I had no idea what I was getting myself into writing this book, but it's been lovely to see folks build community around it.
Final-ish schedule for #bsdcan dropped: https://www.bsdcan.org/2025/timetable/timetable-all.html
You can stil register, see https://www.bsdcan.org/2025/registration.html
#conference #bsd #unix #development #freebsd #netbsd #openbsd #sysadmin #devops #freesoftware #libresoftware