noodlemancer

@[email protected]
64 Followers
307 Following
249 Posts

He/Him. IT Engineer since forever ago. I have many a skill that is no longer relevant. Moved to infosec because it moves even faster than IT and I need to keep my ADHD brain occupied. Currently consulting with small businesses and start-ups on their cloud security.

I also make balms and salves and have an Etsy shop.

Makerhttps://www.etsy.com/shop/CHAPSmallBatchLLC
LinkedInhttps://www.linkedin.com/in/danbacon-cybersecurity
noodlemancerDec 4, 2024
Brian ClarkDec 4, 2024

Things from Cloudflare you should block because they are so frequently abused:

*.pages.dev (web page hosting)
*.workers.dev (serverless compute)
*.r2.dev (cloud storage service)
cloudflare-ipfs.com (ipfs gateway)
*.cfargotunnel.com (Argo tunnel service - original domain name)
*.trycloudflare.com (free quick tunnels service)

Block access via DNS, web security gateway and/or your NGFW

#cybersecurity #cloudflare #infosec

From: @BleepingComputer
https://infosec.exchange/@BleepingComputer/113590904434020750

BleepingComputer (@[email protected])

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. https://www.bleepingcomputer.com/news/security/cloudflares-developer-domains-increasingly-abused-by-threat-actors/

Infosec Exchange
noodlemancerOct 15, 2024
Em Oct 15, 2024

Tiny Privacy Tip for Organizations 🔘🔒:

1. If you are not absolutely required to be able to contact people by phone, do not make a phone number field mandatory in your forms ☎️🚫

2. If you are not absolutely required to be able to mail/ship something, or visit someone in-person, do not make a home address field mandatory in your forms 📪🚫

3. Do not make mandatory (or even request) any data in a form that you do not *absolutely require* to fulfill the purpose of this form 🚫

4. If you use a third-party vendor for your forms, make sure to remove any piece of data you do not actually absolutely need to collect. If you can't, select a different vendor that will allow you to 🔒👍

Yes, this mandatory by law.

#TinyPrivacyTip #Privacy #DataMinimization

noodlemancerOct 12, 2024
Mt Vernon, WA. #Sunset tonight.
noodlemancerOct 10, 2024
CySec FeedsOct 10, 2024
Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails
#cybersecurity #cso #cysec
https://www.csoonline.com/article/3557585/attackers-are-using-qr-codes-sneakily-crafted-in-ascii-and-blob-urls-in-phishing-emails.html
Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails

New phishing campaigns attempt to evade detection by constructing rogue QR codes with special ASCII characters and load phishing pages locally using the local blob URL feature in browsers.

CSO Online
noodlemancerOct 9, 2024
Evan B🥥ehsOct 9, 2024
An innovative idea: voluntary taxation with a leaderboard. Billionaires will begin competing on who has the most money to throw away
noodlemancerOct 9, 2024
Show threadChilly  🛡️ Oct 9, 2024

#TEAL72 has it's transponder on still but it's on the ground. #TEAL73 is on it's way. Still a different plane just using same callsign.

And we got a special treat, #NOAA42! It's one of the two NOAA WP-3D Orion's.

#Milton #weatherplanes #WP3D #WC130J

noodlemancerOct 8, 2024
RMerlinOct 8, 2024
People should do yearly account cleanup in their password manager. I'm doing some cleanup myself, and just found a 20+ years old Cnet account that had a very short and unsafe password, and that still worked. I also found a number of old forum accounts that still worked and that I hadn''t visited in 15+ years. Back then my password hygiene wasn't always as strict as it is today.
noodlemancerOct 8, 2024
Geoff DuncanOct 8, 2024

Recent conversation:

Them: "Oh, there's a QR code, I'll just scan that!"

Me: "If a stranger sent you a random link, you'd just click that?"

Them: "No, that's probably a scam."

Me: "So if a stranger prints a random link on paper and tapes it to a window, that magically makes it safe?"

Them: (pause) "But it's a QR code."

Me: (facepalm)

#infosec #qrcode

noodlemancerOct 5, 2024
Brad RosenheimOct 3, 2024

My wife is on the phone with HP and looks exasperated. We had a working printer that, in my opinion, was surveiling us too much. It knew when our ink cartridges were almost empty and had our credit card number so it could send us new cartridges when we needed them. My wife loved that because ink cartridges always go dry right when you need them, and it was getting more difficult to find the proper cartridges. Yes, the printer knew if we installed third party cartridges.

But, the credit card on file just passed the expiration date, and the printer magically stopped working. That is why she is calling. And, of course, they are telling us it is obsolete and we should big a new one with even MORE surveillance! That, folks, is #enshittification

#HP
#printers
#SubscriptionHardware
#RentSeekers

noodlemancerOct 4, 2024
David J. Bianco (He/Him)Oct 4, 2024

#Cybersecurity tip:

Use a password manager! Not only will it save you a lot of remembering, but once it learns which passwords go with which sites, it'll help you avoid putting them into imposter sites (like from a phish). If you're looking at a login page, but the manager isn't suggesting which password to use, take an extra close look to see if it's legit!