Some cybercriminals with [presumably] spoofed IPv4's are trying to #pwnat my @pfSense - box whilst also hammering #telnet.
#ISP#TechSupport is either criminally incompetent or refuses to acknowledge the issue...
And this is why you should alyways block known #Military / #Intelligence networks, because even if they don't target you, cybercriminals will #BGP-hack or #spoof their #IP|s.
@ljrk@lexd0g It's worse because #Passkey brick a lot of workflows and systems as an addon-layer instead of fixing the core problem.
And the core problem is that #ITsec, #OpSec, #ComSec and #InfoSec are just "Afterthoughts" at best for all but the most #TechLiterate.
Using i.e. #PGP encryption and login on everything [and not as a "password replacement"] would be a way better fix.
Just like @torproject does a self-signing namespace on #OnionServices.
So, friend of mine just fell for a phishing text message pretending to be the mail service, advising him that a delivery had failed - and besides the fact that even savvy people like said friend can be fooled, there's a question: How the f**k do the Bad Guys™️ know that we were expecting delivery from that carrier, even at exactly that time, down to phone number & email...?
This was far too on-the-nose to be coincidence. Somebody in the chain has a leak.
Es scheint vollkommen egal, wie sehr man versucht, seine Daten selbst zu schützen, so lange Organisationen sammelwütig & unfähig deine Identität auf dem Präsentierteller anbieten. Vlt. gehören einige Daten einfach nicht in Systeme mit Verbindung ins Internet, gescheit verschlüsselt & maximal zugriffsbeschränkt.
Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
This might be a way to provide a pre-configured kali environment for users who insist on bringing Windows laptops to workshops.
I don't need a lot of extras, but my workshop currently runs best if the participant has a device providing DHCP. Also, I have USB wifi dongles that need drivers installed to complete a task in the #UAV communications module.
So maybe #Kali on #BeagleBone + RDP to handle those Windows users.
@noiq which paranoid sadist prevents people doing #ITsec from booting & installing their own OS?
If I as a #Linux-#Sysadmin wasn't allowed to do that I couldn't do my job, and I literally declined offers because they didn't allow me to use @ubuntu LTS on the Desktop or even in a #VirtualBox-#VM...
One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details.
How do I know? The fraudsters tried the trick with me.
it-sa 2023 in Nürnberg: Großer Andrang in unserer Speaker’s Corner beim Vortrag „Cyber-Angriffe abwehren: Wie auch KMU sich effektiv schützen können“
Manuel Bach, Leiter des Referates „Cyber-Sicherheit für KMU“, stellte die aktuelle Bedrohungslage für kleine und mittlere Unternehmen dar, gab Tipps und Tricks zum Schutz vor Cyber-Angriffen und stellte den neuen CyberRisiko-Check vor. Den Vortrag gibt’s noch einmal am Donnerstag, 12.10.2023 um 11.15 Uhr live beim BSI, Halle 7a, Stand 618.
Curl und libcurl bekommen am 11. Oktober ein ziemlich wichtig klingendes Sicherheits-Update:
"We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. >>>The one rated HIGH is probably the worst curl security flaw in a long time.<<<"
Important #ITsec Announcement - #PleaseBoost!
:boost_requested: :boost_animated: :boost_ok:
Please #Update your #FritzBox#CPE's - espechally at your "#TechIlliterate" parents' and friends' houses.
There's a #remote-exploitable issue and it's really a big problem - and it also applies to those that don't have any #RemoteAccess or #VPN configured.