Dan GoodinIs anyone following this breach involving the j-actions/changed-files GitHub Action? Seems pretty major, but I'm still trying to figure out exactly what's going on, who's affected, and what people (and how many) are affected. If you can help me get up to speed please DM me on Signal -- DanArs.82, or on Mastodon https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
Jerry Dixon
- 215 Followers
- 39 Following
- 20 Posts
CISO @ CrowdStrike -former DHS NCSD/US-CERT Alum & Desert Storm Vet (AATW)
BrianKrebsThere's an important vulnerability being disclosed today that allows attackers to massively increase the size of DDoS attacks.
The flaw is being tracked as CVE-2023-44487, a.k.a. "HTTP/2 Rapid Reset Attack." According to Damian Menscher at Google, the attack "works by sending a request and then immediately cancelling it (a feature of HTTP/2). This lets attackers skip waiting for responses, resulting in a more efficient attack."
More info:
https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
Fun doc visit today-power goes out comes back quickly then all the Windows machines started updates-took 15 minutes before they were able to view X-rays or access electronic health records - Doc apologizing and then we talked about PC hygiene :) meanwhile waiting room getting full due to delays from the updates - plus entertaining with nurses running to each room to see if there was a machine back up and running …15 minute ripple effect FTW
Eric Capuano1Password to begin collection anonymous telemetry (no user/site/vault info) to help measure application performance.
I can appreciate their over-the-top transparency and commitment to not collect actual user data, but making this opt-out versus opt-in is a head scratcher.
Give your users the option to actively opt-in, not an opt-out they will probably never see. @1password
https://blog.1password.com/privacy-preserving-app-telemetry/ #1password
Cisco Talos's latest year in review report: https://blog.talosintelligence.com/talos-year-in-review-2022/
Talos Year in Review 2022
We expect this data-driven story will shed some insight into Cisco’s and the security community’s most notable successes and remaining challenges. As these Year in Review reports continue in the future, we aim to help explain how the threat landscape changes from one year to the next.
Sting operation: Nighttime scorpion hunts at Kuwait base so popular with US troops that there’s a waitlist https://www.stripes.com/theaters/middle_east/2022-12-23/kuwait-scorpion-deployment-8508570.html
Sting operation: Nighttime scorpion hunts at Kuwait base so popular with US troops that there’s a waitlist
People stationed at Ali Al Salem have gone on some 100 hunts since the spring. The nighttime journeys into the desert attracted hundreds seeking to bag a scorpion or a camel spider during their tour to Kuwait.
Graham CluleyIf you’ve recently left #Twitter
for Mastodon... welcome!
Here are some things you should know about security and privacy on Mastodon.
https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/
(Please boost/reshare if you think a #TwitterRefugee would benefit from this. Thanks!)
Cyentia InstituteA look back on 18 years of studying #cyber #risk in #SupplyChains with Wade Baker: https://www.cyentia.com/18-years-cyber-risk-in-supply-chains/
