Kodama

Happy Halloween!

#halloween2025 #wizards #fairy

Disclaimer: I do not intend this to be a comment on the state of JLR's security — only a warning to those who might take the wrong lesson away from their crisis.

Around 40% of cyber insurance claims were denied in 2024. The primary reason? Failure to meet basic security requirements.

If you're not getting the fundamentals of security right, you’re throwing money away buying cyber insurance.

www.dcsny.com/technology-b...

#JLR #cybersecurity #insurance

Discord Data Breach: Hackers Access IDs, Billing Details and Support Chats Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Discord confirms a data breach through a third-party vendor, exposing user IDs, emails, and even government IDs. Meanwhile, hackers on #Telegram claim responsibility.

Read: hackread.com/discord-data...

#Discord #DataBreach #CyberSecurity #Privacy #InfoSecurity #Hacking

How the BEAST Attack Works: Reading Encrypted Data Without Decryption Learn why the BEAST attack (Browser Exploit Against SSL/TLS) posed a major threat to data security, how a cryptographic vulnerability ignored as impractical became a very practical threat, and what cy...

🎲 Randomness is a foundational pillar of security.

www.invicti.com/blog/web-sec...

Evanston orders Flock to remove reinstalled cameras - Evanston RoundTable Private surveillance vendor Flock Safety reinstalled all of its stationary license plate cameras in Evanston that had previously been removed, apparently

Apparently FLOCK is pretty aggressive in standing up their surveillance cameras too.

evanstonroundtable.com/2025/09/24/f...

License plate readers are growing fast. These days, they are cheap to own and operate. Essentially, a $100 burner phone with a $5/month prepaid account can be made into a license plate reader. It's gonna solve a lot of crime, making it impractical to drive anywhere to commit crime.

CISA kills agreement with nonprofit that runs MS-ISAC : The federal government's not the only thing shutting down on Oct. 1

Well, this is a big one. CISA ending its agreement with CIS is going to send some serious shockwaves through state and local government IT shops.
TL;DR
💰 Ends free tools for SLTTs
🛡️ Creates a major defense gap

www.theregister.com/2025/09/30/c...
#CISA #Cybersecurity #GovTech #SLTT #SLED

I've seen this video circulated and am a little confused. What good does harassing the national guard do exactly? We lose when we dehumanize people regardless of your political leanings.

GitHub - kodamaChameleon/Twiliompus: Discord bot for Twilio Phone Lookups Discord bot for Twilio Phone Lookups. Contribute to kodamaChameleon/Twiliompus development by creating an account on GitHub.

🎉🎉 Excited to announce the launch of Twiliompus. A Discord phone verification bot using the Twilio API.

github.com/kodamaChamel...

#GitHub #Discord #Bots #Twilio #phoneverification

Security by Anonymity Most of us in the security profession have heard the term “security through obscurity”—the flawed model that assumes systems are […]

🦓 Exploring why this default security strategy often misses the mark, and how security professionals can communicate more effectively.
#CyberAwareness #SecurityMindset #OnlineSafety

And we are supposed to believe somehow that this individual speaks on behalf of the entire Scattered Spider network why?

breachforums.hn

#scatteredspider #Lapsus$ #threatintel

I can't help but wonder: what percentage of social media users are real versus how many are bots or sock puppet accounts fanning the flames of "Charlie Kirk was a Nazi." The only real winners here are media clicks and foreign adversaries.

#informationwarfare #PsyOps #FreeSpeechDilemma

What are your thoughts on allowing 3rd party password managers store and implement your passkeys for you?

Salesloft breach dates back to March and originated from the company's GitHub account, per a new update

trust.salesloft.com?uid=Update+o...

I didn’t come to BlueSky for political reasons, but rather for their business model and because it’s open-sourced.

Input simulators or keep-awake utilities?

Considering more in-depth academic research into computer networks, internet measurements, internet operations, or internet resiliency as pertains to cyber threat intelligence. Hit me with your best topic ideas!

#research #cti #networksecurity #threatintel

I don't know anyone from Obsidian (at least, I'm not aware if i do) but this take is :chef's kiss: spot on accurate and more folks need to recognize this across ecrime, and even state-sponsored ops:

Kodama Chameleon - Strange Cyber Tails Caught in the Wild Strange Cyber Tails Caught in the Wild

I realize changing colors platform to platform might leave some to wonder... so I made a nice, shiny new logo to tie them all together. Look for the K built from Penrose shapes. Why Penrose? I guess I'm just fascinated with making something from the impossible.

kodamachameleon.com

Kodama Chameleon (@kodamachameleon@infosec.exchange) 0 Posts, 8 Following, 0 Followers · Threat Intel | OSINT | Programming | Cybersecurity MSc Student

✦ Big news ✦
I’ve joined #Mastodon ! 🐘✨

If you’d like to follow me there, here’s my shiny new handle:
➡️ infosec.exchange/@kodamachame...

Be sure to say hi if you're in the #Fediverse! 💬

If security was not a relative term, then we would all be stuck using a One-Time-Pad.

#OTP #cryptography #shannonsecure #cybersecurity

It seems that most age verification laws target service providers. Whats your opinion on the feasibility of enforcing client side age verification instead of server side? In other words, should lawmakers be after Apple and Google instead of Meta, X, Mastodon, Bluesky, etc.?

Major password managers can leak logins in clickjacking attacks Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card ...

Is this really a surprise?! Leaking sensitive information is the downstream effect of a bigger issue, vulnerability to XSS or cache poisoning. Marek Tóth wrote a good article and recommendations for more security sensitive environments!

#cybersecurity #xss

www.bleepingcomputer.com/news/securit...

It’s a genius idea! Will do.

And a quick shout out to @danielpost.com for #autoblue! Bluesky is now the official commenting system of kodamachameleon.com

Software Dev Process As someone who can easily find themselves up past midnight coding for fun, I figured this chameleon ought to learn […]

... I figured this chameleon ought to learn something about the software development process formally for a change. I was in for a bit of a surprise!

#omscy #cs6300 #gatech #cybersecurity

Interesting article, and I like the idea. Curious if you’ve had much success… I can’t say I agree with the idea that BlueSky uses real identities with less incentive to troll. There are definitely fake identities and trolls.

LLM’s are not very good at differentiating between people sharing a common name.