Western Digital just sent an email informing users about a recent data breach incident. The email only contains an image of the letter. Users can't read the email without allowing loading remote content. And the link doesn't use HTTPS.
Did WD learn anything from this incident?
Does anyone know of good accounts or instances to follow that report the latest cyber security threats and vulnerabilities taking place around the world? Used to have some good hashtags to follow on Twitter, but now I’m trying to replicate the same feed on Mastodon.
Any CISO's, senior Infosec, or Legal folks out there interested in chatting with me about the Joe Sullivan sentencing (no jail time) that came out yesterday?
Would love to hear your thoughts on how it impacts the future of the CISO role and just general opinions on the matter.
Recording via Squadcast for my podcast Infosec Sidekick and would love to build some connections and chat. Looking for recurring guests w/ different areas of expertise.
Any help boosting this to others who may be interested would be greatly appreciated!
North Korean hackers #Kimsuky using new ReconShark reconnaissance tool to target individuals via spear-phishing emails, OneDrive links & malicious macros.
I am a non-binary trans person (They/Them) who loves linux, infosec, science / physics, animals, cannabis, jungle music, nice people, art, and learning about new things in general.
(I just moved to Hachyderm after .Social's spam meltdown earlier today.)
I'm friendly and follow back, feel free to connect if you'd like. :)
I just spent a day or so figuring this out, and CVE-2022-41099 is... really stupid...
I decided to call this "push button decrypt".
basically when you boot to WinRE tied to an OS install, keys for the os volume are derived (this is done by having a sha256 hash of a wim in the bitlocker metadata)
anyway, WinRE does not require bitlocker recovery key when choosing to "reset my PC" and "remove everything".
When choosing "just remove my files", winre starts to decrypt the bitlocker volume at ~98%.
Hard resetting (hard power off / power on) here will reboot back into WinRE and show an error.
Clicking OK on the error will cause a reboot back to the OS, and starts windows setup which shows an "upgrade" screen.
...where Shift+F10 works to get a shell, you can then pause the decryption, remove all key protectors, then dump plaintext VMK, decrypt the FVEK with that, and use that FVEK to decrypt a disk image you made earlier.
This is the second time that Shift+F10 in setup to get a shell broke bitlocker.
The fix removes "reset my PC" -> "remove everything" from the list of options that are allowed to start with the osvolume unlocked and without entering a recovery key. (leaving only one in place: startup repair)
Because this is an issue with code running in winre usermode, this affects legacy integrity validation as well as secure boot integrity validation.
If you're in the market for an Android OS that respects your privacy, has secure defaults, and still enables you to use Google apps and Play store apps on your own terms - I highly recommend it. Great experience using it so far.
If an entity decides to ignore contacts or demands from attackers, that's somewhat understandable. But if the threat actors added you to their leak site, maybe you should say something?
thanks @winload_exe for mirroring a 2016 build of Windows (x86) with private symbols
it's not 100% private symbols (there's a few public symbols only in there afaik), but the majority of them have full type/locals/params info, most of which is still relevant today depending on what components you are looking at.
having private symbols definitely helped with my windows bootloader research, for example.
🚨 Breaking news: A researcher (neskafe3v1) hijacked 14 popular #Packagist#PHP packages to get a job! 😲 With one of them reaching 500M+ installs, it's a bold move, to say the least. Does this display creativity or recklessness? 🤔 Let's discuss! 💬 #InfoSec#JobHunt#CodingEthics