The Open Security Summit is organising monthly Mini-Summits
Next: 14th - 18th March 2022
Network security is often outsourced (e.g. cloud providers)
Endpoint security is their own island
Application security is not well understood
Organizations that learn how to bridge or unify these different practices will be more successful and efficient at defending themselves.
One relatively easy way to get started is to require existing departments to test each change they make. It forces them to learn how to verify things are working as intended.
How I got access to 25+ Tesla’s around the world. By accident. And curiosity.
📅 Sabato 15:00
📍Hackmeeting | Ponticelli, Bologna
Questo sabato saremo ad HackMeeting per far conoscere TWC Italia e discutere di lavoro tecnologico e di come questo si lega ai temi della tecno-politica.
Per maggiori info: https://hackmeeting.org/hackit21/talks/58b7fa33-527b-40d6-a238-deb38430441b/
Amazon Echo Dot Does Not Wipe Personal Content After Factory Reset
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
7 Places to do Automated Security Tests
HTTP/3 needs us (and other people) to make firewall changes
This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
Shining a Light on DARKSIDE Ransomware Operations
Tracking and measuring ATT&CK coverage with attack2jira
Backdoored developer tool that stole credentials escaped notice for 3 months https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
Blue Team Labs
A gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.
7th EU ATT&CK Workshop on 1-2 June. https://attack-community.org/event/. Updates from @MITREattack, launching @CycatP, exciting news from @sigma_hq and best practices presented by peers. Participation free but registration required. @circl_lu @CERTEU @MITREengenuity
Ⓐ INTJ • Infosec Analyst • DevSecOps • Crypto-anarchism enthusiast
A Mastodon instance for info/cyber security-minded people.