Saltmyhash
@saltmyhash@infosec.exchange
- 35 Followers
- 302 Following
- 389 Posts
Sandhill cranes walking around the neighborhood like they own the place. They are huge in person, like 4-5 feet tall. #bird #birding #birdsofmastodon
@briankrebs check out the Integuru and browserless repos which were also downloaded based on the whistleblower screen grab of suspicious powershell IWR commands. Feeding a bunch of suspected NLRB web requests to some AI model to reverse-engineer internal undocumented APIs. Using browserless to likely bypass captchas and bot detectors.
This NLRB whistleblower complaint is a horror story for any CERT team. As a CTI/SOC analyst, if I see spawned powershell invoking web requests to some random-ass AI API reverse-engineering tool/headless browser repository, large outbound byte transfers measured in GBs, or conditional access policies/MFA being tampered with, you’re getting isolated and we’re standing up an incident response bridge. Also, someone on your team has an info stealer on their device if they’re seeing attempted logins from a foreign country within fifteen minutes of account creation.
This is an insider threat case of the worst kind: one your security team gets to watch but can’t do a damn thing to stop.
Update your fruit, not for the security patches, but for the fact Apple Password finally added a verification code timer. Job done, Apple.
This is a strong statement from Ronald Deibert in his latest book ‘Chasing Shadows.’ Apparently as of the publishing of the book, Citizen Lab has not observed any spyware infections on Apple devices running in Lockdown Mode. Based on the individuals they assist, that’s impressive. Assess your own personal threat model and consider enabling Lockdown Mode.
‘Chasing Shadows’ is an excellent read on the spyware industry and Citizen Lab’s efforts to inform and assist individuals frequently targeted by repressive regimes.