VocaLounge

21 posts16 participants0 posts today

Christoffer S.It would appear as if Wiz may have discovered another supply-chain compromise:<a href="https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup</a>The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.<a href="https://swecyb.com/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://swecyb.com/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChain</a>

Robert [KJ5ELX] :donor:So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use. Let me put the important words in uppercase. So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use. [Edit with H/T: <a href="https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX</a>]<a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/</a><a href="https://infosec.exchange/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudflare</a> <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

considerateWhich do you use more? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Christoffer S.I just published the source code for my very naive <a href="https://swecyb.com/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked <a href="https://swecyb.com/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Markdown</a> files linking intrusion sets to their used techniques.Perhaps someone finds it useful or interesting to experiment with.Source code: <a href="https://github.com/cstromblad/markdown_node" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cstromblad/markdown_node</a>I hinted at this in a thread started by <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> where he asked for input on a few very likely malicious domains. Me <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> <a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cR0w</a> <a href="https://masto.deoan.org/@neurovagrant" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neurovagrant</a> and others did some OSINT fun work with a couple of the original domains.It was this thread: <a href="https://mastodon.social/@Viss/114145122623079635" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@Viss/114145122623079635</a>Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.<a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/Obsidian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Obsidian</a>

Harry SintonenThe fallout from the malicious tj-actions/changed-files is still being investigated. It is fortunate that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.- <a href="https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised</a> - <a href="https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Brian ClarkThe free service from portmap.io is being abused to support malware C2 communications. If you don’t use it, I suggest blocking *.portmap.io via DNS, NGFW and/or web proxy.<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> From: <a href="https://infosec.exchange/@ScumBots" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ScumBots</a> <a href="https://infosec.exchange/@ScumBots/114167879065509347" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ScumBots/114167879065509347</a>

CassanderIs today <a href="https://infosec.exchange/tags/FediHire" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FediHire</a> Friday? Sure looks like it!What I'm looking for: A senior level, individual contributor role supporting Windows, Active Directory, Certificates, PKI, Azure, and information security in a large environment. Interested in relocating outside of the US. I like to solve weird problems and make computers run smoothly. I want to help others use technology effectively.My main focus the last few years has been rebuilding and modernizing a struggling certificate management team. That includes growing the team to meet our company needs, migrating our AD-integrated private PKI stack, getting a handle on our web PKI consumption, and making massive improvements to our certificate lifecycle management platform. I supported and advised our CyberSec and Desktop teams as we rolled out multi-factor authentication to 50,000 employees and contractors across the US. My background in understanding deep computer fundamentals, talent for quickly grasping nuances of larger systems, and calmness in a crisis have contributed to quickly resolving major technology outages regardless of root cause.This role hasn't been exclusively technical. A big part of my current job is building relationships with our developers to help them understand how certificates work, the responsible ways to use them, and what our relevant internal policies are. I've been training and teaching junior and mid-level engineers both practical PKI concepts and our specific enterprise requirements. I've gotten to spend some time with upper management to both explain the immediate challenges we've had and the plans we can implement improve our infrastructure, reducing costs and outages.While this position has been focused on certs and how to use them, I'm very comfortable considering a technical leadership role for Windows (server and desktop) administration and Active Directory. I also have some good experience with Azure and virtualization platforms, but they haven't been my daily focus for several years.My current employer is direct retail for general public consumers. I've also worked in banking/finance, manufacturing, and architecture firms. The common thread is I love to help people leverage technology for their goals, to help them be more effective. In my personnel/volunteer time I've done very similar: working backstage with lights/sounds/projections so live performers can do their best. Right now I'm in Syracuse, New York (about five hours from NYC), but I'm open to relocation/migration anywhere in the world. PMs open if you want to talk details. Boosts/reshares appreciated.<a href="https://infosec.exchange/tags/Job" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Job</a> <a href="https://infosec.exchange/tags/GetFediHired" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GetFediHired</a> <a href="https://infosec.exchange/tags/ITJobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITJobs</a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ActiveDirectory</a> <a href="https://infosec.exchange/tags/Certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Certificate</a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://infosec.exchange/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Azure</a> <a href="https://infosec.exchange/tags/Migration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Migration</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSecurity</a>

shellsharksVolume SEVEN of my <a href="https://malici.ous.computer/tags/indieweb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IndieWeb</a>, <a href="https://malici.ous.computer/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fediverse</a> and <a href="https://malici.ous.computer/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> / <a href="https://malici.ous.computer/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> newsletter, "Scrolls" has landed! You can read and get scrollin' here <a href="https://shellsharks.com/scrolls/scroll/2025-03-14" rel="nofollow noopener noreferrer" target="_blank">https://shellsharks.com/scrolls/scroll/2025-03-14</a>.It features the usual awesomeness and also has a vastly improved logo, created by my good friend and super talented artist angryrolypoly (<a href="https://www.instagram.com/angryrolypoly/" rel="nofollow noopener noreferrer" target="_blank">https://www.instagram.com/angryrolypoly/</a>). He's also the genius behind a lot of the other art on my site including my Fedi profile pic!Also, special shoutout as well to <a href="https://social.lol/@humdrum" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@humdrum</a> for making some other art for the Scrolls cause 🤗.The art and images of Scrolls, as much as the links themselves are what make it such a pleasure to read - one more big THANK YOU to <a href="https://mastodon.art/@shaferbrown" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@shaferbrown</a> & <a href="https://mastodon.social/@skeddles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@skeddles</a> for being such talented artists. I enjoy seeing everything you post!Finally, my mass-shouting-out of everyone else who contributed to this weeks edition! Sharing the cool stuff you find, build and create is what makes the Internet great, and this newsletter so fun to put together.<a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> <a href="https://mastodon.social/@_elena" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@_elena</a> <a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cR0w</a> <a href="https://4d2.social/@CryogenicNighthawk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@CryogenicNighthawk</a> <a href="https://mastodon.social/@Daojoan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Daojoan</a> <a href="https://mstdn.social/@DM_Ronin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@DM_Ronin</a> <a href="https://infosec.exchange/@mubix" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mubix</a> <a href="https://sonomu.club/@gavcloud" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gavcloud</a> <a href="https://indieweb.social/@fyr" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fyr</a> <a href="https://lazybear.social/@hyde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@hyde</a> <a href="https://xoxo.zone/@artlung" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@artlung</a> <a href="https://mastodon.social/@eddiedale" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@eddiedale</a> <a href="https://mastodon.social/@jgilbert" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jgilbert</a> <a href="https://mastodon.social/@MastodonEngineering" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@MastodonEngineering</a> <a href="https://yatil.social/@yatil" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@yatil</a> <a href="https://gofer.social/@daj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@daj</a> <a href="https://puz.fun/@dave" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dave</a> <a href="https://ibe.social/@theresmiling" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@theresmiling</a> <a href="https://mastodon.social/@tomusher" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tomusher</a> <a href="https://mastodon.me.uk/@coffeenow" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@coffeenow</a> <a href="https://social.lol/@bjhess" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bjhess</a> <a href="https://labyrinth.social/@nash" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nash</a> <a href="https://mstdn.social/@Nickiquote" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Nickiquote</a> <a href="https://pony.social/@axxuy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@axxuy</a> <a href="https://mstdn.social/@vonExplaino" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@vonExplaino</a> <a href="https://fosstodon.org/@joel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@joel</a> <a href="https://social.lol/@jmock" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jmock</a> <a href="https://tilde.zone/@xandra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@xandra</a> <a href="https://mastodon.social/@DavidMadeThis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@DavidMadeThis</a> <a href="https://mastodon.sprawl.club/@32x33" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@32x33</a> <a href="https://mastodon.nzoss.nz/@strypey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@strypey</a> <a href="https://mathstodon.xyz/@jskherman" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jskherman</a> <a href="https://mamot.fr/@nhoizey" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nhoizey</a> <a href="https://mementomori.social/@rolle" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rolle</a> <a href="https://gamedev.lgbt/@renkotsuban" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@renkotsuban</a> <a href="https://infosec.exchange/@emanuelduss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@emanuelduss</a> <a href="https://merveilles.town/@lrhodes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lrhodes</a> <a href="https://fedi.splitbrain.org/@splitbrain" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@splitbrain</a> <a href="https://bookstodon.com/@shannonkay" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@shannonkay</a> <a href="https://mastodon.social/@ricmac" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ricmac</a> <a href="https://infosec.exchange/@timb_machine" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@timb_machine</a> <a href="https://flipboard.social/@Flipboard" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Flipboard</a> <a href="https://mastodon.social/@sylvesterady" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sylvesterady</a>

Flipboard Tech DeskGoogle's newest AI model can peruse your search history to improve its understanding of you as a person. <a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@arstechnica</a> asks: What could go wrong? <a href="https://flipboard.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://flipboard.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://flipboard.social/tags/Gemeni" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gemeni</a> <a href="https://flipboard.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://flipboard.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a> <a href="https://flipboard.social/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://flip.it/afRE32" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://flip.it/afRE32</a>

BGDoncasterOh really it was Ukraine that took down X on March 10? Not so fast. Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. <a href="https://www.wired.com/story/x-ddos-attack-march-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/x-ddos-attack-march-2025/</a> <a href="https://techhub.social/tags/X" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X</a> <a href="https://techhub.social/tags/Musk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Musk</a> <a href="https://techhub.social/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DDoS</a> <a href="https://techhub.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberattack</a> <a href="https://techhub.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://techhub.social/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://techhub.social/tags/BotNet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BotNet</a> <a href="https://techhub.social/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Internet</a>

Open Rights Group“There is significant public interest in knowing when and on what basis the UK government believes that it can compel a private company to undermine the privacy and security of its customers.”ORG, Big Brother Watch and Index on Censorship call for the Tribunal into the UK government's secret order for Apple to break encryption to be held in public.The case happens TOMORROW.Read more ⬇️<a href="https://techcrunch.com/2025/03/13/apples-appeal-against-uks-secret-icloud-backdoor-order-must-be-held-in-public-rights-groups-urge/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://techcrunch.com/2025/03/13/apples-appeal-against-uks-secret-icloud-backdoor-order-must-be-held-in-public-rights-groups-urge/</a><a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#e2ee</a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://social.openrightsgroup.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpolitics</a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpol</a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a>

Open Rights Group📣 Make your voice heard through the secrecy!By ordering Apple to break encryption, the UK government has put millions at a higher risk of their personal data, documents and photos falling into the hands of criminals and predators.The secret tribunal is taking place this Friday – we need to take a stand for encryption!Sign and share our petition ⬇️<a href="https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted</a><a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#e2ee</a> <a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://social.openrightsgroup.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpolitics</a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpol</a> <a href="https://social.openrightsgroup.org/tags/investigatorypowersact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#investigatorypowersact</a>

Open Rights GroupThe “case implicates the privacy rights of millions of British citizens who use Apple’s technology, as well as Apple’s international users.”“End-to-end encryption cannot be broken in a targeted manner – once a ‘backdoor’ into the system has been created, it can be exploited by anyone, putting the privacy and security of all users at risk.”With such high stakes, we demand to know what could possibly justify it.<a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#e2ee</a> <a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://social.openrightsgroup.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpolitics</a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpol</a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a>

Open Rights Group"Holding this Tribunal in secret would be an affront to the global privacy and security issues that are being discussed. This is bigger than just the UK, or Apple."We call for the case – happening this Friday – to be held in the open as a matter of public interest!🗣️ <a href="https://social.openrightsgroup.org/@jim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jim</a> – ORG Executive Director.<a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#e2ee</a> <a href="https://social.openrightsgroup.org/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://social.openrightsgroup.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpolitics</a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpol</a> <a href="https://social.openrightsgroup.org/tags/investigatorypowersact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#investigatorypowersact</a>

Open Rights Group🚨 BREAKING 🚨ORG, Big Brother Watch and Index on Censorship call for the secret Tribunal into the UK Home Office's encryption-breaching order against Apple to be held in PUBLIC 🧑‍⚖️There's a significant public interest in knowing why the UK government believes it can compel a private company to undermine the privacy and security of its users.Read our joint letter ⬇️<a href="https://www.openrightsgroup.org/press-releases/make-the-investigatory-powers-tribunal-on-apple-encryption-a-public-hearing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.openrightsgroup.org/press-releases/make-the-investigatory-powers-tribunal-on-apple-encryption-a-public-hearing/</a><a href="https://social.openrightsgroup.org/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryption</a> <a href="https://social.openrightsgroup.org/tags/e2ee" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#e2ee</a> <a href="https://social.openrightsgroup.org/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> <a href="https://social.openrightsgroup.org/tags/investigatorypowersact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#investigatorypowersact</a> <a href="https://social.openrightsgroup.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://social.openrightsgroup.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://social.openrightsgroup.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.openrightsgroup.org/tags/ukpolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpolitics</a> <a href="https://social.openrightsgroup.org/tags/ukpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ukpol</a>

Brian ClarkI’ve never heard of the MSP-focused bluetrait.io but add it to the list of legitimate services that get abused. If you don’t use this RMM service, I suggest blocking it via DNS, NGFW or Web security proxy. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> From: <a href="https://infosec.exchange/@threatinsight" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@threatinsight</a> <a href="https://infosec.exchange/@threatinsight/114144688263847941" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@threatinsight/114144688263847941</a>

GreyNoise🚨 March 12 UPDATE: Grafana Exploitation May Signal Multi-Phase SSRF Attacks. Update + original analysis: <a href="https://www.greynoise.io/blog/new-ssrf-exploitation-surge" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.greynoise.io/blog/new-ssrf-exploitation-surge</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/GreyNoise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GreyNoise</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a>

Flipboard Tech DeskShadowDragon, a contractor for ICE and other government agencies, has developed a tool that lets analysts more easily pull an individual’s publicly available data from a wide array of sites, social networks, apps, and services across the web. <a href="https://flipboard.com/@404media" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@404media</a> has the story. <a href="https://flipboard.social/tags/ICE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICE</a> <a href="https://flipboard.social/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialMedia</a> <a href="https://flipboard.social/tags/ShadowDragon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShadowDragon</a> <a href="https://flipboard.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a> <a href="https://flipboard.social/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://flipboard.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://flip.it/Rjm1ZI" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://flip.it/Rjm1ZI</a>

AAKLPalo Alto's security advisories include six vulnerabilities. Updated today. CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers <a href="https://security.paloaltonetworks.com/CVE-2025-0113" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0113</a>- PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS <a href="https://security.paloaltonetworks.com/PAN-SA-2025-0006" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2025-0006</a>- PAN-SA-2025-0005 GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks <a href="https://security.paloaltonetworks.com/PAN-SA-2025-0005" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2025-0005</a>- PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) <a href="https://security.paloaltonetworks.com/PAN-SA-2025-0004" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2025-0004</a>- CVE-2024-1135 Impact of CVE-2024-1135 <a href="https://security.paloaltonetworks.com/CVE-2024-1135" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/CVE-2024-1135</a>- CVE-2025-0112 Cortex XDR Agent: Local Windows User Can Disable the Agent <a href="https://security.paloaltonetworks.com/CVE-2025-0112" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.paloaltonetworks.com/CVE-2025-0112</a> <a href="https://bird.makeup/users/paloaltontwks" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@paloaltontwks</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a>

The Linux Foundation🏅 Already earned the essential certs? Take your career to the next level!With 20+ vendor-neutral certifications, you can specialize in: ✳️ Cloud & infrastructure observability ✳️ Digital trust ✳️ Finance ✳️ Cybersecurity & more!Explore all certifications: 🔗 <a href="https://training.linuxfoundation.org/certification-catalog/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://training.linuxfoundation.org/certification-catalog/</a><a href="https://social.lfx.dev/tags/CloudNative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudNative</a> <a href="https://social.lfx.dev/tags/DigitalTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalTrust</a> <a href="https://social.lfx.dev/tags/Finance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Finance</a> <a href="https://social.lfx.dev/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>

Recent searches

Search options

Administered by:

Server stats:

#cybersecurity