On Wednesday, October 18, 2023, we @cloudflare] discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance.
.. and they wrap up with recommendations...
Take any report of compromise seriously and act immediately to limit damage; in this case Okta was first notified on October 2, 2023 by @beyondtrust but the attacker still had access to their support systems at least until October 18, 2023.
GitLab is hiring for a #redteam position, the position is somewhat unique in that #cicd experience, #blogging, and even #conference speaking would help land this job. Feel free to boost to get many #infosec eyes on it. And if we know each other I could put in a good word for you.
Gonna write this up better later. But thanks to @tbaraki , we found a fluke in Microsoft's SignonLogs table. Sometime in the last few days they made UserPrincipalName case sensitive.
So our alerts looking for breakglassadmin@CompanyName.onmicrosoft.com started failing because we were using (==) instead of (has).
Would highly recommend you check your alerting and see which operands you're using in your queries.
"Der Diebstahl eines Signatur-Schlüssels wirft weiterhin Fragen auf, die Microsoft nicht beantwortet. Was betroffene Unternehmen jetzt selbst tun können."
Den Aufruf von @ju916 kann ich nur unterstützen! Stellt bzw. flutet Microsoft so lange mit Fragen, bis endlich aussagekräftige Antworten kommen. heise bietet entsprechende Fragen/Vorlagen, die ihr einfach für eure Anfrage kopieren könnt. 👇
If your first instinct is to try and find blame when a security vulnerability is pointed out...
...you have already created an environment where everyone will hide issues from you.
You currently live in a fake reality where you think everything is fine and you have no idea the rot that is underneath you.
If you fire or punish a person every time a vulnerability is found, you will have no one left. Hell, fire yourself first to save us all the trouble.
Vulnerabilities exist. The world changes. Software changes. Attacks change. Business needs change.
Life is fucking impermanence.
So create an environment where folks come to you quickly and tell you what needs to be fixed as they find it.
How do you do that?! Reward vulnerability discovery. Reward mitigations. Reward patch management. Reward security improvement. Reward safety improvement.
My article at Forbes has been updated as the WebP zero-day issue is moving fast. 1Password and Signal join web browsers including Chrome, Edge, Brave, Firefox, Opera and Vivaldi in issuing emergency security updates. I expect a lot more non-web browser applications will follow…
It was super fun to interview @jerry for this week's episode of the Infosec Sidekick Podcast!
I had wanted to do this a while back; when the heat of the twitter migration was taking place, but I almost feel like now was a better time.
With the dust somewhat settled, @jerry and I talk about Information Sharing, Community Building, and how Mastadon plays a role in that.
I genuinely appreciate this conversation and hope it can provide you some value and entertainment throughout your week.
You will be sure to find gems in this episode, such as the unlikely comparison to twitter vs mastadon as Monsters Inc. Power Generation (don't ask, just listen lol)
Hi, Mastadon, I’m a Sr. Security Engineer with more than 15 Years of experience building reliable telecommunication infrasturcutre at global scale.
I’m looking for work one of these domains.
Cyber Threat Intelligence (CTI)
Detection Engineering
Jr. Software Engineering
Pre-sales engineer (B2B SaaS)
A few years ago, I was burned out to the point where I had nothing left for myself or my family. I was forced to make drastic changes in my life.
Does that sound like you?
I made a series of short videos talking about my experience with burnout and recovering from it. The first video is just an intro to the series, so start with the second video in the playlist. The sixth video is important.
I hope that by talking openly about mental health and burnout in #CyberSecurity#infosec, we will be able to help folks understand that they are not alone. If you are struggling, please talk to friends or loved ones about it. I'm always willing to listen, too. My DMs aren't wide open, but I look at every reply and will always follow back on request to switch to DM. Please don't be shy.
iOS 17.3 adds multiple features originally planned for #iOS 17
Adds “Stolen Device Protection” + a handful of #security#updates. Update ASAP.
Stolen Device Protection limits passcode fallback for some actions and adds security delay functions to sensitive changes, such as changing the device pin.