📅 Sabato 15:00
📍Hackmeeting | Ponticelli, Bologna
Questo sabato saremo ad HackMeeting per far conoscere TWC Italia e discutere di lavoro tecnologico e di come questo si lega ai temi della tecno-politica.
Per maggiori info: https://hackmeeting.org/hackit21/talks/58b7fa33-527b-40d6-a238-deb38430441b/
Amazon Echo Dot Does Not Wipe Personal Content After Factory Reset
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
7 Places to do Automated Security Tests
HTTP/3 needs us (and other people) to make firewall changes
This is not a drill: VMware vuln with 9.8 severity rating is under attack | Ars Technica
Shining a Light on DARKSIDE Ransomware Operations
Tracking and measuring ATT&CK coverage with attack2jira
Backdoored developer tool that stole credentials escaped notice for 3 months https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
[Event] DataSecOps: Solving Global Data Security Challenges
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
Blue Team Labs
A gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.
7th EU ATT&CK Workshop on 1-2 June. https://attack-community.org/event/. Updates from @MITREattack, launching @CycatP, exciting news from @sigma_hq and best practices presented by peers. Participation free but registration required. @circl_lu @CERTEU @MITREengenuity
Why hot new social app Clubhouse spells nothing but trouble
"Clubhouse makes unencrypted recordings of the conversations.... Agora, the company that supplies back-end infrastructure to the Clubhouse app, is based in Shanghai. This means...'a user’s unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government.'"
There is a Postman API conference and it is free to attend on Thursday and Friday
Quiet a lot of API security talks
Spotify secures horrifying patent to monitor users' speech - frollo
Ⓐ INTJ • Infosec Analyst • DevSecOps • Crypto-anarchism enthusiast
A Mastodon instance for info/cyber security-minded people.