ifwo.eu ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Raum für Irritationen

Serverstatistik:

12
aktive Profile

#cybersecurity

68 Beiträge45 Beteiligte2 Beiträge heute

"Zusätzlicher Angriffspunkt": Weißes Haus direkt an Starlink angeschlossen

Der Sitz des US-Präsidenten ist dank eines "Geschenks" jetzt direkt an Starlink angeschlossen. Ein Cybersicherheitsexperte spricht von einem unnötigen Risiko.

heise.de/news/Zusaetzlicher-An

heise online · "Zusätzlicher Angriffspunkt": Weißes Haus direkt an Starlink angeschlossen
Mehr von Martin Holland

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d]

blog.cloudflare.com/password-r

benjojo.co.ukbenjojo:It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing...

Edit: Apparently, Signal doesn't collaborate with any state actors whatsoever. Quote: "[at]dymaxion [at]cigitalgem We don't officially work with any gov, Ukraine or otherwise, and we never stopped. We're not sure where this came from or why." Source: mastodon.world/@Mer__edith/114
#meaculpa sorry for my mistake & thx to all the folks who've pointed this out <3

🇺🇦💻 Read more: cyberinsider.com/signal-no-lon #cybersecurity #Ukraine #Russia #Signal #privacy #newz

MastodonMeredith Whittaker (@Mer__edith@mastodon.world)@dymaxion@infosec.exchange @cigitalgem@sigmoid.social We don't officially work with any gov, Ukraine or otherwise, and we never stopped. We're not sure where this came from or why.
Fortgeführter Thread

Contextual data enriches data sources and provides a broader system view. Contextual anomaly detection contributes to better overall anomaly detection via filtration. Filtration reduces false positives, and using metadata to find the source improves attribution. AI modeling of multivariate / time-variant systems uses the deviation of real / expected outputs for contextual anomaly detection purposes.

datatofu.wordpress.com

Tahs: #ai #linux #tech #datascience #cybersecurity #python #rstats

Digestible Data Analytics (DDA)Digestible Data Analytics (DDA)Serving you digestible big data analysis and analytics systems.

#Cyberangriff auf #Aerticket dauert nach wie vor an: Schon seit dem 9.3. ist der Berliner Großhändler für Flugtickets von einem Cybervorfall betroffen und zurzeit immer noch offline. Parallel wird eine alternative Buchungsplattform online gehen, um den Grundbetrieb zu ermöglichen. Der Angriff zeigt, dass auch die Kompromittierung eines Nicht-#KRITIS-Unternehmens in der #Lieferkette KRITIS-relevante Auswirkungen auf den Betrieb des Flugverkehrs haben kann:
#cybersecurity
golem.de/news/flugticketgrossh

I just published the source code for my very naive #Python implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked #Markdown files linking intrusion sets to their used techniques.

Perhaps someone finds it useful or interesting to experiment with.

Source code: github.com/cstromblad/markdown

I hinted at this in a thread started by @Viss where he asked for input on a few very likely malicious domains. Me @Viss @cR0w @neurovagrant and others did some OSINT fun work with a couple of the original domains.

It was this thread: mastodon.social/@Viss/11414512

Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.

I just published the source code for my very naive #Python implementation for generating a node network based on MITRE Intrusion Sets and Techqniques. It will output linked #Markdown files linking intrusion sets to their used techniques.

Perhaps someone finds it useful or interesting to experiment with.

Source code: mastodon.social/@Viss/11414512

I hinted at this in a thread started by @Viss where he asked for input on a few very likely malicious domains. Me @Viss @cR0w @neurovagrant and others did some OSINT fun work with a couple of the original domains.

It was this thread: mastodon.social/@Viss/11414512

Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.

Singular IDS sensors generate 400 alerts per minute, up to a daily average of 400,000 alerts, without being under duress (the entire system generates millions of alerts daily). The typical system examines incoming traffic for risks and threats based on identified patterns and generates an alert at each instance. But solely depending on network traffic is not enough.

datatofu.wordpress.com

Tags: #ai #linux #tech #datascience #python #rstats #opensource #cybersecurity

Digestible Data Analytics (DDA)Digestible Data Analytics (DDA)Serving you digestible big data analysis and analytics systems.

‘Absurd’

When you have the press and civil society camped outside the courtroom, the secret might be out 🤷

Even so, we’re still denied the reasons why the UK government wants to take a battering ram to our security and privacy.

It shows contempt for the public interest in the Apple encryption case.

pressgazette.co.uk/media_law/a

#encryption#e2ee#privacy

"Google refuses to deny it received encryption order from UK government"

The UK’s encryption-breaking order for a backdoor into iCloud isn’t a one-off.

The secret hearing happening RIGHT NOW is bigger than just Apple. If the government wins, our right to privacy and security falls.

Other services will be hit.

therecord.media/google-refuses

Sign our petition ➡️ you.38degrees.org.uk/petitions

therecord.mediaGoogle refuses to deny it received encryption order from UK governmentU.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K. — a mechanism to access encrypted messages that Apple reportedly received.
#e2ee#encryption#apple