WordPress 5.2.4 Security Release Breakdown
"Dance like no one is watching, encrypt like everyone is." Ho parlato con @email@example.com dei TransCyberian CryptoParty https://www.vice.com/it/article/vb5xbd/transcyberian-cryptoparty-intervista-xenia-ermoshina
Securing Docker Containers https://0x00sec.org/t/securing-docker-containers/16913
Security researcher and OSINT practioner @firstname.lastname@example.org has put together this awesome #osint beginner guide to detecting firewalls and gateways.
Così i partiti manipolano l’opinione pubblica online: un problema globale https://www.agendadigitale.eu/cultura-digitale/cosi-i-partiti-manipolano-lopinione-pubblica-online-un-problema-globale/
~Open Source Security Tool of the Day~
Nebulo is a free, open-source, non-root and small sized DNS changer utilizing dns-over-https and dns-over-tls to bring privacy and security to your phone.
It is fast, contains no ads or tracking and offers a lot of flexibility.
Vendor related - Intelligence From Internet Background Noise
Analysis of an Exploited #NPM Package || Jarrod Overson
Vendor Whitepaper, TI
ThreatConnect Building a Threat Intelligence Program
Blog post: CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins - https://iwantmore.pizza/posts/cve-2019-10392.html
Reading: 3 min
Getting started with the "semantic wiki for threat intel" project:
Name's SemanCTI, still empty for now but I'll try to put up sample pages with some real intel.
Finding Cyber Threats with ATT&CK™-Based Analytics
Uncovering #IoT Threats in the Cybercrime Underground
As cybersecurity issues have mounted, dual-use technologies have proliferated. These technologies can be used for legitimate and socially beneficial purposes. However, they can also undermine human rights depending on how they are deployed. For example, network traffic management technology such as deep packet inspection (DPI) and Internet filtering tools can be used legitimately for traffic management.
A huge database of Facebook users’ phone numbers found online – TechCrunch
@infosechandbook 🔗 https://mastodon.at/users/infosechandbook/statuses/102738432428099346
Facebook – 419+ million phone numbers found online:
Modern Threat Hunting And Response: How TTPs Are Changing The Game - Webcast https://www.sans.org/webcasts/modern-threat-hunting-response-ttps-changing-game-110797
Vulnerability Management. A thread.
I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vuln. mgmt. should be contextualized into enterprise risk/control. But still worth a short thread.......
DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
A Mastodon instance for info/cyber security-minded people.