mle

mle, 5 months ago to random

every year I so look forward to a break during the holidays (which I'm very thankful to have!), and every year, I get excited for all the fun little side projects I aspire to work on during the break.

datasets I want to look at and maybe throw into some models, small hardware projects and things I want to build, scripts and notebook ideas that have been bouncing around in my head for months.

I can't think of a single year where I've completed any of them, and I don't expect to break my streak this year. :lolsob:

mle, 5 months ago to security

How long will it take for organizations to move away from giving this advice about looking for a lock icon and the word "secure" in the browser re: "safe" browsing?

#security #infosec

mle, 6 months ago to coffee

"Good baristas already employ the water trick; it's known as the Ross droplet technique, per Hendon. But this is the first time scientists have rigorously tested that well-known hack and measured the actual charge on different types of #coffee."

Ars Technica article: https://arstechnica.com/science/2023/12/study-why-a-spritz-of-water-before-grinding-coffee-yields-less-waste-tastier-espresso/

Matter journal article: https://www.cell.com/matter/fulltext/S2590-2385(23)00568-4

mle, 6 months ago to Futurology

Another hack against a #water utility, this time in Ireland.

As an aside, the article calls out “Eurotronics” Israeli-made water pump system, but I’m having trouble finding a “Eurotronics” PLC or electronics manufacturer based in Israel. Possibly a misinterpretation of “Unitronics”? I see a Eurotronics circuit board manufacturer based in Belgium, but that doesn’t seem quite right. “Eurotronix” appears to be based in Spain. So 🤷‍♀️

#cybersecurity #security #criticalInfrastructure #CIKR

https://westernpeople.ie/news/hackers-hit-erris-water-in-stance-over-israel_arid-4982.html

mle, 6 months ago to infosec

In light of yet more #MOVEit breach disclosures, @censys researchers took another look at MOVEit exposure across the Internet. In early May, prior to Progress Software's disclosure of the initial vulnerability, we saw just under 3,000 MOVEit instances online. Over the next few months, we saw the number drop slightly, and as of August, we observe a fairly consistent presence of around 2,200 instances online.

We have no way to know whether these instances are all patched and remediated, but based on recent MOVEit breach disclosures from AutoZone, Welltok, and others, it's possible some unpatched instances (and undiscovered intrusions 😓) remain.

#CensysResearch #infosec #cybersecurity

hrbrmstr, 6 months ago to random

Join @kimb3r & me @ 10:30 ET for another edition of the @greynoise Storm⚡️Watch while @ntkramer & @mle goof off teaching a workshop #slackers.

Today's topics include:

— BulletProftLink🚫
— My Maine MOVEit Rant
— Busted SSH
— C O N S P I R A C I E S (since Kimber & I have no supervision)
— NotCVE
— CVE Half-day Watcher
— PCAPs in GreyNoise Analyzer!
— GN 🏷️ Roundup
— CISA/KEV Roundup

Join us LIVE to heckle/contribute or catch us on-demand!

https://show.greynoise-storm.watch/ 👀

https://pod.greynoise-storm.watch/ 🎧

mle, 7 months ago to random

so tired of computer

mle, 7 months ago to running

Still processing everything from yesterday, but I ran a 12 hour race on a looped 2.2mi course.

It was in the 80sF so not exactly ideal conditions, but I managed to check off my goal of running a 50 miler this year. With the temps, I abandoned my stretch goal of 100k pretty early on. I think it was for the best—this was a distance PR by ~16mi!

🏃🏻‍♀️ Total distance: 26 x 2.2mi laps, 57.2mi
🥇 First female (I am still in disbelief because ???!??!)
🌅 Beautiful (but toasty 🫠) day
💯 Awesome event, awesome humans; so much encouragement and camaraderie at these events—if you ever want to have your faith in humanity restored, go run an ultra❤️

I’ll probably write an actual race report soon but for now I’m going to eat some pizza and figure out how to walk down the stairs.

#running #run #ultrarunning

Sunset over a lake; the blue and orange sky is reflected in the water against the silhouette of trees.
A smiling woman holds a backpack, a stone coaster that reads “50M,” and a trophy. She is outdoors and stands in front of a photo backdrop, with a jack-o-lantern and Halloween-themed lights.

mle, 7 months ago to random

The Okta breach made for some interesting weekend reading. I don't typically like to kick companies when they're down, experiencing a breach, because nobody on the outside really knows the full story (https://sec.okta.com/harfiles).

But then you have the BeyondTrust blog (https://www.beyondtrust.com/blog/entry/okta-support-unit-breach), which steps in detail through their investigation of the intrusion that led them to suspect Okta had been breached.

And the Cloudflare blog (https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/), where they explicitly call out recommendations to Okta.

Based on the timeline provided by BeyondTrust, time between their notification to Okta and Okta's actual acknowledgement of the issue is...discouraging at best.

I worry this also has the potential to (however unfairly) breed mistrust in technology that should arguably make environments more secure and reduce complexity of user account management. See also: LastPass.

mle, 7 months ago to Signal

While the #Signal #zeroDay seems like maybe it's not an actual thing (?), following the alleged mitigation advice of disabling link previews doesn't seem like the worst thing to do, just in general.

#SignalApp

hrbrmstr, 8 months ago to random

EPIC Storm⚡️Watch episode today thanks to @mle!

I highly suggest tuning in (I'm biased, ofc) especially for the unexpected convo on how hard it is to get test environments for both scanning and vuln research.

It was also super cool getting the "exposure" side of things as well as the "attack" side of things.

Methinks we're on to something.

Oh, and our Overwatch (Ashlee) took the co-hosts up on the "Barbie hrbrmstr" challenge.

hrbrmstr, 8 months ago to random

🤩 privileged to have @mle (heralded Censys researcher) to join me, @ntkramer & @kimb3r on this week's Storm⚡️Watch by @greynoise!

Emily will be dropping WS_FTP deets on us & we may even convince her to hang for the whole show! (Drop in & say "Hi" during the live stream!)

Other menu items incl:

• libwebp shenanigans
• CISA ICS CSAF
• FDA 🛑
• Exim
• Introducing GN Sift!
• MurderGPT
• 🏷️/KEV Roundup

YT: https://www.youtube.com/playlist?list=PLJMVjRLTR-QiDOunvHRRZw7-9Rju8cAaA

Twitch: https://www.twitch.tv/greynoiseio

Podcast: https://stormwatch.libsyn.com/

mle, 8 months ago to infosec

Last week I chatted with @mattburgess at WIRED about the long tail of fallout from #MOVEit. Read my comments and the excellent article by Matt and @lhn here:

#CensysResearch #securityResearch #infosec #security #cybersecurity #MFT

https://www.wired.com/story/moveit-breach-victims/

mle, 8 months ago to infosec

Progress Software is having an interesting time. First #MOVEit, now multiple #vulnerability disclosures for their #WS_FTP product. The silver lining here is that it doesn’t look like any of these are known to have been exploited in the wild. (Yet?)

But out of curiosity, we looked at the Internet exposure of WS_FTP instances with the Ad Hoc Transfer module installed, read about it here ⬇️

#infosec #securityResearch #CensysResearch #MFT (No, this isn’t MFT but it all feels very…related.)

https://censys.com/cve-2023-40044/

mle, 8 months ago to infosec

On Friday at #LABScon23, I shared some research on the state of #MFT tool hacks. In particular, I talked about how #MOVEit has become a supply chain issue at this point, and that I strongly suspect we’ll see a long tail of breach disclosures as a result. You may not use it, but if you contract with a vendor who does (and do you even know?), your users’ data is at risk.

Last month, the Colorado Department of Health Care Policy and Financing disclosed that health data for 4 million people was stolen through the #MOVEit campaign—not because they used the tool, but because they contracted with IBM, who used it. (https://hcpf.colorado.gov/moveit)

Just this morning, I saw the news that the National Student Clearinghouse has filed a breach notification indicating that the data for more than 900 universities has been affected by #MOVEit. (https://www.helpnetsecurity.com/2023/09/25/clearinghouse-moveit-breach/)

It's been about 4 months since the initial MOVEit vulnerability disclosure, and I think we may be seeing fallout—especially from a supply chain angle, as vendors complete investigations and notify affected customers—for months to come.

#securityResearch #infosec #cybersecurity #CensysResearch

Title slide from deck with light text on dark background that reads, "Managed File Transfer or Miscreants' Favorite Target? An Internet-wide study of MFT exposures." Below the title, smaller text reads, "Emily Austin, Senior Researcher & Research Team Lead, Censys."

mle, 8 months ago to random

everything is fine dot jpg

@/spicylittlebrain on IG

mle, 9 months ago to infosec

what's your favorite resource for #phishing kits? looking for a good, current repo with lots of kits for analysis

#infosec #cybersecurity #phish #spam #threatResearch

mle, 9 months ago to random

I’ll be like “having a good mental health day today!” and then three people Slack me at once and I realize I am, indeed, not having a good mental health day