The Open Security Summit is organising monthly Mini-Summits
Next: 14th - 18th March 2022
https://open-security-summit.org/
Network security is often outsourced (e.g. cloud providers)
Endpoint security is their own island
Application security is not well understood
Organizations that learn how to bridge or unify these different practices will be more successful and efficient at defending themselves.
One relatively easy way to get started is to require existing departments to test each change they make. It forces them to learn how to verify things are working as intended.
How I got access to 25+ Tesla’s around the world. By accident. And curiosity.
https://medium.com/@david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028
20 Coolest Careers in Cybersecurity! Check out 20 of the most interesting and most in-demand #cyber job roles. Explore and download the poster for free: https://sans.org/u/1eNi
RT @twcitalia
📅 Sabato 15:00
📍Hackmeeting | Ponticelli, Bologna
🎯 https://hackmeeting.org/hackit21/arrivare/
Questo sabato saremo ad HackMeeting per far conoscere TWC Italia e discutere di lavoro tecnologico e di come questo si lega ai temi della tecno-politica.
Per maggiori info: https://hackmeeting.org/hackit21/talks/58b7fa33-527b-40d6-a238-deb38430441b/
Amazon Echo Dot Does Not Wipe Personal Content After Factory Reset
https://www.reddit.com/r/technology/comments/on1dxf/amazon_echo_dot_does_not_wipe_personal_content/?utm_medium=android_app&utm_source=share
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
https://threatpost.com/zero-day-attacks-woocommerce-databases/167846/
#wordpress
7 Places to do Automated Security Tests
https://wehackpurple.com/7-places-to-do-automated-security-tests/
How to Analyze Code for Vulnerabilities with Vickie Li
https://www.addevent.com/event/xG6776528
HTTP/3 needs us (and other people) to make firewall changes
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/HTTP3AndOurFirewalls
This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/
Shining a Light on DARKSIDE Ransomware Operations
Tracking and measuring ATT&CK coverage with attack2jira
https://medium.com/@mvelazco/tracking-and-measuring-att-ck-coverage-with-attack2jira-fe700e2a1654
Backdoored developer tool that stole credentials escaped notice for 3 months https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
RT @BlueLabsOnline
🪓Logger & 🧠Total Recall have been released! 🐻Grizzly releases tomorrow evening. Enjoy Defenders!
https://blueteamlabs.online #blueteam #dfir #soc
Blue Team Labs
Online
A gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.
RT @FDezeure
7th EU ATT&CK Workshop on 1-2 June. https://attack-community.org/event/. Updates from @MITREattack, launching @CycatP, exciting news from @sigma_hq and best practices presented by peers. Participation free but registration required. @circl_lu @CERTEU @MITREengenuity
Ⓐ INTJ • Infosec Analyst • DevSecOps • Crypto-anarchism enthusiast
Italy