CISA has asked organizations to install firmware updates or restrict access to pan-tilt-zoom security cameras from four vendors

Firmware updates are only available for PTZOptics camera models.

ValueHD, multiCAM, and SMTAV have failed to reply to security researchers

https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10

Interesting links of the week:

Strategy:

* https://www.security.gov.uk/policy-and-guidance/policy/cyber-incident-exercising/ - HMG standards on cyber exercises
* https://uktl.org.uk/ - UK telecoms lab opens
* https://openai.com/index/scaling-coordinated-vulnerability-disclosure/ - scaling disclosure
* https://www.gsma.com/solutions-and-impact/technologies/security/gsma_resources/fs-57-mobile-threat-intelligence-framework-motif-principles/ - the MoTIF framework for telecomms threats
* https://blogs.cisco.com/security/foundation-sec-8b-reasoning-worlds-first-security-reasoning-model - security reasoning with AI

Threats:

* https://www.europol.europa.eu/publication-events/main-reports/steal-deal-and-repeat-how-cybercriminals-trade-and-exploit-your-data - Europol's latest cyber crime threat assessment
* https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-june-2025/ - reported uses offensive AI

Detection:

* https://www.cisco.com/c/en/us/products/collateral/security/telco-siem-framework-wp.html - detecting telecomms threats
* https://blog.talosintelligence.com/compartmentalized-threat-modeling/ - bringing TM to traditional TI operations from @TalosSecurity

Exploitation:

* https://www.tenable.com/blog/abusing-client-side-extensions-cse-a-backdoor-into-your-ad-environment - abusing cient-side extensions
* https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/AI-Finance_Test-Criteria.html - test criteria for AI in FSI

Hardening:

* https://raesene.github.io/blog/2025/06/09/am-i-still-contained/ - am I still contained from @raesene
* https://www.joindns4.eu/for-public#resolver-options - protective DNS for EU
* https://www.rand.org/pubs/research_reports/RRA2849-1.html - hardening AI models against weighting manipulations

#security, #research

Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a ton of new stuff in this version, including:

• Proper DNS for the lab
• Lab PKI
• Automatic signed certificate retrieval
• New secrets management
• Proxmox clustering
• Network storage
• Cloud integration

And lots more. Now, with all this addition, plus the work to make it, I've had to increase the price to $29.99 USD. I know that's a lot. But for what THA is, I still think it's fair. But I'm also running a sale right now. Code OMGVERSIONTHREE gets you 50% off until the end of June.

And of course, if you've already purchased THA, you just got access to the new version. Thanks for being an early supporter!

I hope you love this new version of the book. I'm really happy with how it turned out.

And seriously: thank you to everyone who's supported @thetaggartinstitute over the years, and especially the folks who have purchased and enjoyed The Homelab Almanac. I had no idea what I was getting myself into writing this book, but it's been lovely to see folks build community around it.

https://taggart-tech.com/thav3/

Final-ish schedule for #bsdcan dropped: https://www.bsdcan.org/2025/timetable/timetable-all.html

You can stil register, see https://www.bsdcan.org/2025/registration.html

#conference #bsd #unix #development #freebsd #netbsd #openbsd #sysadmin #devops #freesoftware #libresoftware