El próximo sábado 22 de febrero estaremos presentando el proyecto RAMONES en la @morteruelocon.bsky.social en Cuenca. Es mi primera charla en mi ciudad y hablaré de mitigación de movimiento lateral en entorno activo usando teoría de grafos. doi.org/10.1016/j.jn...

Statement by Palazzo Chigi With regard to what has been published by some media outlets about alleged espionage activities targeting members of the press, the Presidency of the Council of Ministers rules out that individuals pr...

Paragon hacking/surveillance system (hacking via WhatsApp/eavesdropping/data theft) has been used on targets from Italy, Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain and Sweden. www.governo.it/en/articolo/...

Multiple high-profile accounts have been hacked over the past week to promote various memecoins.

Known victims so far:

Snopes
TIME Magazine
NASDAQ
Tor Project
former Brazilian president Jair Bolsonaro
Twitch streamer Asmongold
Breaking Bad actor Dean Norris
Various crypto-bros

What's the story you're telling yourself about why you can't separate from work? When can you say I'm NOT available? Such good advice from Dr. Daniel Shore. #CTISummit

Adversarial Misuse of Generative AI | Google Cloud Blog We share our findings on government-backed and information operations threat actor use of the Gemini web application.

Over 20 Chinese and over 10 Iranian APT and IO groups abused Google's Gemini AI assistant for their campaigns.

Mostly for reconnaissance and automation, although some tried to use it to write malware, such as a Chrome infostealer.

cloud.google.com/blog/topics/...

El gobierno extranjero al que llamaban a deponer es el de España

Screenshot of the top three risks: improper offboard, secret leakage, and vulnerable third-party identities

The OWASP Project has published its Top 10 ranking of risks associated with non-human identities (NHIs) for application developers.

The organization listed Improper Offboarding as the top risk.

owasp.org/www-project-...

IEEE 802.11 graph models There are several recent research lines addressing Wi-Fi network planning and optimization, both in terms of channel assignment and access point deplo…

En este y otros trabajos relacionados, hemos empleado el modelo que se presenta aquí 'IEEE 802.11 graph models' www.sciencedirect.com/science/arti... #WiFi #802.11

Automated Negotiation for Resource Assignment in Wireless Surveillance Sensor Networks Due to the low cost of CMOS IP-based cameras, wireless surveillance sensor networks have emerged as a new application of sensor networks able to monitor public or private areas or even country borders...

Otra línea de investigación que tenemos abierta está relacionada con la optimización de la asignación de frecuencias a puntos de acceso en WiFi 802.11 . El primer trabajo es de 2015: www.mdpi.com/118610

International team (France, USA, others) used active operations to remove PlugX malware from thousands computers around the world. L’opération de cyber-désinfection. www.tribunal-de-paris.justice.fr/sites/defaul... www.justice.gov/opa/media/13...

World Economic Forum's Global Risks Top five in next two years? Misinformation and disinformation Extreme weather events State-based armed conflict Societal polarization Cyberespionage and warfare In the next 10 years? Extreme weather events Biodiversity loss and ecosystem collapse Critical change to Earth systems Natural resource shortages Misinformation and disinformation

The World Economic Forum is out with their annual assessment of the greatest risks facing the planet.

In the next two years?
Mis- and disinformation and extreme weather events.

In the next 10 years?
Massive disruptions of the environment in four different areas.

GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to ... BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world....

Para la validación de estos trabajos hemos generado escenarios usando herramientas como and three generated using different synthetic tools: BadBlood github.com/davidprowe/B... AD Simulator github.com/nicolas-caro... y BloodHound DB Creator github.com/BloodHoundAD...

También disponible en el portal de ciencia abierta: ebuah.uah.es/dspace/handl...

Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs Cybersecurity threats, particularly those involving lateral movement within networks, pose significant risks to critical infrastructures such as Microsoft Active Directory. This study addresses the ne...

En la misma línea del anterior, el último trabajo es 'Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs' www.mdpi.com/2986390 #mdpielectronics

Lo tenéis disponible también en acceso abierto en el portal de ciencia abierta de la UAH: ebuah.uah.es/dspace/handl...

Surgical immunization strategies against lateral movement in Active Directory environments Lateral movement, in which a cyber attacker progresses through an enterprise network in order to compromise its most valuable assets, is a key stage o…

Aprovecho y comparto por aquí alguno de los últimos artículos que hemos publicado: 'Surgical immunization strategies against lateral movement in Active Directory Environments' www.sciencedirect.com/science/arti...

En este 2025, he vuelto a trabajar a la Universidad de Alcalá. Como fiesta de bievenida, me han organizado de nuevo CIBERSEG. Si no tenéis plan para el próximo miércoles 22 de enero, nos vemos allí. ciberseg.uah.es

crypto/x509: potentially anomalous path building results · Issue #65085 · golang/go Go version go1.21.5 linux/amd64 Output of go env in your module/workspace: GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/home/runner/.cache/go-build' GOENV='/home/runner/.config/go/env' GOEXE=''...

Another example of the externalized cost of fixed release Linux distributions: Debian Bullseye (oldstable, LTS until August 2026) ships a root store that's years out of date.

Besides being a security issue, it slows down the entire TLS ecosystem.

Not sure how I missed this: NIST is deprecating and then outright disallowing elliptic curve cryptography for key establishment as well as for digital signatures by 2035: nvlpubs.nist.gov/nistpubs/ir/...

irisscert Computer Security Incident Response

Talks from the IRISSCON 2024 security conference, which took place earlier this month, are available on YouTube

www.youtube.com/@irisscert/v...

Hello, world!