NIST turns to IT consultants to clear National Vulnerability Database backlog
🤔
"According to the agency's statement last week, it hopes to reach its pre-February processing rate of CVEs within the next few months. NIST predicted it should be caught up and back to processing current CVEs by the end of the fiscal year."
I don't recall which #infosec person inspired me to create a security/cyber policy page on our company website, and security.txt files on our apps, but I am glad we did.
We received our first vulnerability notification email last night and it was fixed today. Grateful for the white hats out there. 🙌
I just received a moderately interesting #scam call.
The phone rings.
It's a New York Number (I'm in NYC) with "New York NY" as its CID.
I answer and say hello, and hear a couple seconds of silence and then the blip sound indicating I've been transferred from the bulk dialer to a live person.
The person who says hello has a strong Indian accent and I can hear other people talking in the background. #infosec#privacy#telemarketing
1/4
"I'm calling from the diabetes supply team, and we're sending you an [unintelligible] glucose meter. Are you a diabetic?"
Me: "Why?"
The guy repeats exactly the same sentence.
Me: "I heard you. Why are you sending me a meter. Did someone tell you to do that?"
He repeats the same sentence.
Me: "I heard you. I'm asking why you're sending me a meter."
He hangs up.
2/4
He's trying to get me to say "Yes" so he can record that and use it to fraudulently claim I verbally agreed to buy something.
If I'd played ball he would have collected personal / payment information about me and used it to harm or scam me.
It's possible that there really is a glucose meter that they want to send me as a loss leader to make money off of the needed supplies.
I'm thinking it was probably (1), but not certain.
3/4
I'm currently learning about #Zscaler Deception, and I really wish Zscaler would allow you to get a setup for homelabs but they want a minimum of 50 seats when I spoke to them. Because I would love to roll a proper SME homelab to tie Zscaler, #Crowdstrike, #Pfsense, and more and then pipe all that to a #SIEM such as Datadog or another one.
I think it would benefit Zscaler to allow professionals to have access to do this on homelabs as we implement what we are familiar with.
#Infosec#Twitter is dead, why do people still insist on being on that platform? It's lost its relevance, and all the best people in Infosec have moved here to #Mastodon or another #Fediverse app.
I feel like most of those still on Twitter are more worried about appearances and keeping their follower numbers than keeping and growing a great community.
@chiefgyk3d had a couple of meetings today though and in general here in the UK the numbers are down hugely in 2024 across all the platforms including youtube, twitch, tik tok. Everything is harder, and prices are up and rewards are down. The big tinternet bubble of great numbers and easy money seems to have gone very quickly
@3dcandy I think overall a lot of people had a lot of free time to use the internet more during the pandemic, and not that is starting to decline as people have to get back to regular routines.
I know that free time and being bored in a house is what led me to make Tiktok and other content.
So funny story, Dr. Squatch approved my request to sample some of their products for some upcoming content. I have been a customer of theirs for about two years, and this will be a great segway to discuss the 3-2-1 rule of #DEFCON .
Three hours of sleep, two meals and one shower per day.
I'll try and setup my @mullvadnet on @QubesOS tonight on #Twitch. I will be on #Tiktok as well, but I don't have a stream key yet so I can't properly simulcast. But I will be on Tiktok as well. I will also see about setting dark mode on all of my things. Probably do the #Monero wallet later this week
I am loving the new GUI in the latest QubesOS, I just wish they made it easier to set dark mode everywhere, or at least out of the box have an option to set as default. #Cybersecurity#Infosec
I'll check my @mullvadnet subscription before the stream, as I think I am paid up until september which will get me through #DEFCON. But yeah the next few streams will be sprinkling in a few things I am doing for DEFCON prep. I also need to dust off my Pixel 7A with GrapheneOS and reset that so I can properly prep it. This is the phone I primarily use at DEFCON.