Oh and in case there a journalists from the Netherlands in my bubble (or in yours, please share!): It might be interesting to do a follow-up to our article (which will be published tomorrow) because WebEx leaked tons of data from the Dutch government.
Feel free to contact me for further information. #webex#cybersecurity#netherlands
Ok, ich habe gestern mittag ein paar Anfragen rausgeschickt - und eine Deadline genannt, weil meine Erfahrung zeigt, dass sonst erstmal gar nichts passiert. Ich habe aber nicht gesagt, dass man mir erst dann antworten DARF. Trotzdem sind alle Antworten quasi gleichzeitig heute Abend eingetrudelt. Wie Deadline-Abhängig sind deutsche Behörden und US-Konzerne? 😂
Text kommt morgen früh :) #webex#cybersecurity
When a #cybersecurity expert manages to escalate a wrongly-classified #cve into a correct classification, we find a bug in #Progress that allows for arbitrary remote code execution by an unprivileged user.
"On or around May 12, 2024, ARRL was the victim of a sophisticated network attack by a malicious international cyber group. ARRL immediately involved the FBI and engaged with third party experts to investigate.
This serious incident was extensive and categorized by the FBI as “unique,” compromising network devices, servers, cloud-based systems, and PCs...."
huh, so there's a #Telegram data breach of some sort and my details appear to be in it, although I have zero memory of ever using Telegram. I suppose it's possible that I briefly installed it as I /am/ likely to check secure & private messengers, but Telegram is actually neither of those things despite their claims.
So yeah, a bit confused that I'm in the list of compromised accounts on it but whatevs.
#infosec
A large western Washington municipality that rhymes with "free cattle" is going to post an opportunity for a new OT #cybersecurity manager in a few weeks.
For a variety of reasons, I am very invested in this position even though I'm just lowly water engineer.
Please stay tuned. I will post a link here when I have it myself.
Please spread the word wherever infosec folks gather.
My hope is that this will be an opportunity for some culture change.
Please help: I am looking for a spokesperson or even better a CISO of the government of the Netherlands - ideally both. I need a quick and easy contact for an IT security related issue. The website is not helpful. #cybersecurity#netherlands
Oops, wieder in ein fremdes Webex-Meeting verirrt. 😜
Aber die Menschen nehmen es mit Humor. "Hallo, mein Name ist Eva Wolfangel, Ich recherchiere über Sicherheitslücken bei Webex Nur ganz kurzes Schweigen. Dann: "Herzlichen Glückwunsch, die Recherche scheint erfolgreich zu sein."
Artikel kommt bald - und ja: das Problem ist seit meinen beiden anderen Artikeln ... größer geworden. #cybersecurity#webex
Ist es denn eine systemische Sicherheitslücke oder eher eine menschliche:
zu grosse Sorglosigkeit mit dem Umgang von Einladungsmails/Meetingadressen und z.B. Nichtverwendung oder schlampige Nutzung der "Vorzimmer"-Funktion?