thekileen

The Treasury Department right now. People are turning out against Musk and DOGE staging a takeover of the Treasury’s payment system. This crowd is big. The whole block is packed. “Lock him up,” everyone yells.

A few of us are still out here.

Sorry for the shaky video.

Is anyone else having to block random accounts “following you” that should be classified as bots?

That’s assuming your browsers are Chrome (which is highly likely considering the market share).

DEFCON 31 - Snoop unto them, as they snoop unto us The official videos from DEFCON 31 have been posted! Below you can watch our talk “Snoop unto them as they snoop unto you”. The talk, slides, files

I am still catching up on DefCon talks! This one is a zinger from @nullagent@partyon.xyz about how “Every cop's body cam is basically an AirTag.” blog.dataparty.xyz/blog/snoop-u...

So is the cheese if you count the cow’s diet.

Russia-linked cable-cutting tanker seized by Finland ‘was loaded with spying equipment’ <em>Eagle S</em>, the Russia-linked tanker suspected of damaging an underwater electricity cable on Christmas Day, was kitted out with special transmitting and receiving devices that were used to monitor naval activity, according to a source with direct involvement in the ship, which has since been detained by Finnish police

Fascinating piece from Lloyds List about the Russian tanker boarded by the Finnish coast guard on Christmas Day.

Turns out it was packed to the gills with surveillance gear that used so much power they occasionally caused brownouts on board.

If the university is providing the AutoCAD license, I’d check if they’d support installing it on MacOS. Most if not all support Windows & definitely not Linux. I tried running it through wine and that didn’t end well. www.autodesk.com/support/tech...

Cyberhaven says it was hacked to publish a malicious update to its Chrome extension | TechCrunch The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."

“Data-loss prevention startup vendor hacked to steal data”. I wonder if the admin’s system that got popped had the company’s edr software on it…if the company had something at all…or was it a BYOD environment. techcrunch.com/2024/12/27/c...

Privacy reminder 4 iOS users: There’s a native function that tracks network activity by apps (see what’s up to no good). Go to Settings > Privacy & Security > App Privacy Reports.
There’s no reason for Google Authenticator to call out to Google's servers. It shouldn't be doing it.
Use 2FAS instead!

ChangeHealthcare data breach started on 02/11/24 when creds of an employee were posted in a Telegram group chat. The creds were used to login to Citrix. The external actor was in their system for 9 days, creating admin accounts, installing malware, and exfiltrating terabytes of sensitive data.

Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches The annual defense spending bill contains money the FCC has sought to use to reimburse telecommunications carriers for removing Chinese equipment.

cyberscoop.com/senators-wit...

Not ironic at all. I have an appreciation for how the Tesla EV pushes the boundaries of the auto industry. I am not a fan of how they’re manufactured & do wonder what an economic impact report would look like for what it takes to generate a Tesla Model 3. Not to mention how ppl are treated at TSLA.

I find it ironic that electric vehicles are still delivered mainly by diesel-powered combustion engines. Is it just me?

Electric Cars Could Last Much Longer Than You Think Rather than having a shorter lifespan than internal combustion engines, EV batteries are lasting way longer than expected, surprising even the automakers themselves.

There’s some interesting data here about EV battery longevity. Great work by James Morris @ Wired! www.wired.com/story/electr...

Would it be possible for other endpoints with Defender installed within the same vlan or subnet to be able to tell you more about what’s happening, like if the system is online and connected? I do realize this is hyperbole and is more like a Juniper Mist network-sensor system. I’ll read the docs.

I’m just thinking about cases where something is side-loaded into memory and doesn’t hit disk. The only solution I know of that actively protects against that type of attack is a well-known EDR vendor *not* listed in EDRSilencer’s code.

And if you can be alerted, I’m assuming you should be able to proactively block this tool from blinding Defender.

GitHub - netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - netero1010/EDRSilencer

Can you be alerted in Defender before something like EDRSilencer is used on an endpoint to blind Defender?
Tool link: github.com/netero1010/E...
Context around how I became aware of it: www.trendmicro.com/en_us/resear...

So your only other choice is to stop using the service. It's a rough situation.

But the reality is most companies that care about security added non sms options 5+ years ago. The only other choice is to stop using the service. Some of these sites are govt and Healthcare & that just isn't an option most of the time. It's a rough situation.

You can also use a password manager like Bitwarden to manage your mfa and that would be a big step up from sms. If you only have the option for sms? There's not a lot to be done. You can bug customer service about it, maybe they can get word higher up the chain to get them to start caring…

There's now confirmation of man-in-the-middle happening. What can I do about this? The answer is "it depends. If you have the option to use something other than SMS mfa, you should use it now. Entra Auth is a great phone authenticator, and of course a hardware token would be best like a Yubikey.

Reposting from Sandrockcstm on Mastadon:

People are being kind of smug about the FBI announcent not to text anymore, and I understand why...Your mfa codes that are texted to you are now fully compromised…That's the real story here. We've known for a while sms mfa was insecure.

Today was spent setting up Ludus.cloud (I’d highly recommend it if you need a test environment!) and attempting to getting Caldera setup on Windows without Defender detecting it (my barrier of entry). Sliver loaded into memory just fine! Tmrw I’m going to attempt to setup OpenBAS which is new to me.

Here we go: The Verge now has a subscription A lot of our site will remain free, but you can now pay to get fewer ads and unlimited access to all of our work.

The ad-supported internet is on life support. Moving forward, you will pay to play, or be drowned in ads and AI crap.

www.theverge.com/2024/12/3/24...

Thank you John Strand and BHIS!
Sad news for CompTIA.

Oh that brings back some memories of playing this at a friend’s house!!

A WARNING! This generative Al task will require cutting off electricity to one random small city for up to 10 minutes! Continue creating 200 x 200 pixel avatar? Click YES or NO

If only.

Cybersecurity's effectiveness hinges on collaboration and relationship building, the ability to connect, explain, and persuade…it’s about developing emotional intelligence, learning to read your audience, and adapting your message while keeping its essential truth.

www.greynoise.io/blog/from-he...