Scott Vintinner
@flakshack.bsky.social
Your friendly neighborhood Cybersecurity DJ.
#netsec #sysadmin #cybersecurity #python #powershell #legal #it #technology #house #dj #f1
Latest DJ Mix (10/12): https://www.youtube.com/watch?v=4xidQ_SLUuQ
#netsec #sysadmin #cybersecurity #python #powershell #legal #it #technology #house #dj #f1
Latest DJ Mix (10/12): https://www.youtube.com/watch?v=4xidQ_SLUuQ
My latest mix is out now. Mostly new stuff from the last few months.
🎧🎶🎧🎶
🎧🎶🎧🎶
I Just Can't Stop Where You Are | Indie Dance | Live DJ Mix | dj.scottv
YouTube video by dj.scottv
www.youtube.com
November 4, 2025 at 1:47 AM
My latest mix is out now. Mostly new stuff from the last few months.
🎧🎶🎧🎶
🎧🎶🎧🎶
Some good news for once. Only 23% of ransomware victims are paying out, versus 85% back in 2019.
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
www.bleepingcomputer.com
October 31, 2025 at 2:27 PM
Some good news for once. Only 23% of ransomware victims are paying out, versus 85% back in 2019.
My new mix is out now:
🎧🎶🎧🎶
Check out crystallized at 1:28:30. What a song.
🎧🎶🎧🎶
Check out crystallized at 1:28:30. What a song.
After You Daydream | Melodic House and Techno | Live DJ Mix | dj.scottv
YouTube video by dj.scottv
www.youtube.com
October 15, 2025 at 10:28 PM
My new mix is out now:
🎧🎶🎧🎶
Check out crystallized at 1:28:30. What a song.
🎧🎶🎧🎶
Check out crystallized at 1:28:30. What a song.
Redis critical vulnerability allows authenticated user to take over the server.
Redis warns of critical flaw impacting thousands of instances
The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances.
www.bleepingcomputer.com
October 7, 2025 at 2:16 PM
Redis critical vulnerability allows authenticated user to take over the server.
Reposted by Scott Vintinner
Phishers target 1Password users with convincing fake breach alert for Malwarebytes Labs www.malwarebytes.com/blog/news/20...
Phishers target 1Password users with convincing fake breach alert
Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins.
www.malwarebytes.com
October 6, 2025 at 6:09 PM
Phishers target 1Password users with convincing fake breach alert for Malwarebytes Labs www.malwarebytes.com/blog/news/20...
Increased scanning of Palo Alto Networks login portals.
GreyNoise noted...that surges in malicious scanning, brute-forcing, or exploit attempts are often followed by the disclosure of a new CVE affecting the same technology within six weeks.
GreyNoise noted...that surges in malicious scanning, brute-forcing, or exploit attempts are often followed by the disclosure of a new CVE affecting the same technology within six weeks.
Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
GreyNoise detects 500% spike in Palo Alto login scans, linking it to recent Cisco ASA exploit trends.
thehackernews.com
October 6, 2025 at 9:48 PM
Increased scanning of Palo Alto Networks login portals.
GreyNoise noted...that surges in malicious scanning, brute-forcing, or exploit attempts are often followed by the disclosure of a new CVE affecting the same technology within six weeks.
GreyNoise noted...that surges in malicious scanning, brute-forcing, or exploit attempts are often followed by the disclosure of a new CVE affecting the same technology within six weeks.
Fortra GoAnywhere (secure file transfer system) vulnerability being exploited by Storm-1175.
"While Fortra patched the vulnerability on September 18 without mentioning active exploitation, security researchers at WatchTowr Labs tagged it as exploited... as a zero-day since September 10."
"While Fortra patched the vulnerability on September 18 without mentioning active exploitation, security researchers at WatchTowr Labs tagged it as exploited... as a zero-day since September 10."
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month.
www.bleepingcomputer.com
October 6, 2025 at 9:45 PM
Fortra GoAnywhere (secure file transfer system) vulnerability being exploited by Storm-1175.
"While Fortra patched the vulnerability on September 18 without mentioning active exploitation, security researchers at WatchTowr Labs tagged it as exploited... as a zero-day since September 10."
"While Fortra patched the vulnerability on September 18 without mentioning active exploitation, security researchers at WatchTowr Labs tagged it as exploited... as a zero-day since September 10."
More details emerge about Red Hat data breach from last week.
Attackers compromised a Red Hat Gitlab instance used for consulting engagements (possible customer data) and have set a ransom deadline for 10/10.
Attackers compromised a Red Hat Gitlab instance used for consulting engagements (possible customer data) and have set a ransom deadline for 10/10.
Red Hat data breach escalates as ShinyHunters joins extortion
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.
www.bleepingcomputer.com
October 6, 2025 at 9:36 PM
More details emerge about Red Hat data breach from last week.
Attackers compromised a Red Hat Gitlab instance used for consulting engagements (possible customer data) and have set a ransom deadline for 10/10.
Attackers compromised a Red Hat Gitlab instance used for consulting engagements (possible customer data) and have set a ransom deadline for 10/10.
Splunk reports high-severity vulnerability that allows "an unauthenticated attacker could trigger a blind server-side request forgery (SSRF), potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user."
advisory.splunk.com/advisories/S...
advisory.splunk.com/advisories/S...
Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119, and 9.2.2406.122, an unauthenticated attacker could trigger a ...
advisory.splunk.com
October 6, 2025 at 9:31 PM
Splunk reports high-severity vulnerability that allows "an unauthenticated attacker could trigger a blind server-side request forgery (SSRF), potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user."
advisory.splunk.com/advisories/S...
advisory.splunk.com/advisories/S...
Good conversation on reddit today:
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
www.reddit.com
September 22, 2025 at 9:11 PM
Good conversation on reddit today:
Blade Runner replicant tests coming true right before our eyes.
Want to Foil an AI Deepfake? Tell It to Draw a Smiley Face
Cyber experts are discovering that low-tech ploys and the minutiae of human life can be some of the best weapons against the all-digital impostor.
www.wsj.com
September 17, 2025 at 2:47 PM
Blade Runner replicant tests coming true right before our eyes.
Reposted by Scott Vintinner
Apple has rolled out two new updates to patch a zero-day vulnerability in the ImageIO framework that may have already been exploited. www.csoonline.com/article/4058...
Apple patches critical zero-day in ImageIO amid reports of targeted exploits
With no workaround available, Apple advises all users to install iOS 16.7.12 and iPadOS 16.7.12 without delay.
www.csoonline.com
September 17, 2025 at 1:11 PM
Apple has rolled out two new updates to patch a zero-day vulnerability in the ImageIO framework that may have already been exploited. www.csoonline.com/article/4058...
Reposted by Scott Vintinner
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service #cybersecurity #hacking #news #infosec #security #technology #privacy
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service
Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials.
www.bleepingcomputer.com
September 17, 2025 at 1:30 PM
Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Scott Vintinner
The Essential Toolkit: 25+ Cybersecurity Commands Every Professional Must Master
Introduction: In the dynamic field of cybersecurity, proficiency with command-line tools is not just an advantage—it's a necessity. From penetration testing to system hardening, the ability to swiftly interrogate…
Introduction: In the dynamic field of cybersecurity, proficiency with command-line tools is not just an advantage—it's a necessity. From penetration testing to system hardening, the ability to swiftly interrogate…
The Essential Toolkit: 25+ Cybersecurity Commands Every Professional Must Master
Introduction: In the dynamic field of cybersecurity, proficiency with command-line tools is not just an advantage—it's a necessity. From penetration testing to system hardening, the ability to swiftly interrogate systems, networks, and applications forms the bedrock of effective security practices. This guide consolidates critical commands across major platforms to equip both trainees and seasoned professionals with a verified arsenal. Learning Objectives:
undercodetesting.com
September 17, 2025 at 2:10 PM
The Essential Toolkit: 25+ Cybersecurity Commands Every Professional Must Master
Introduction: In the dynamic field of cybersecurity, proficiency with command-line tools is not just an advantage—it's a necessity. From penetration testing to system hardening, the ability to swiftly interrogate…
Introduction: In the dynamic field of cybersecurity, proficiency with command-line tools is not just an advantage—it's a necessity. From penetration testing to system hardening, the ability to swiftly interrogate…
My latest mix from Sept 14, 2025.
With U By My Side | Melodic House and Techno | Live DJ Mix | dj.scottv
YouTube video by dj.scottv
www.youtube.com
September 15, 2025 at 9:17 PM
My latest mix from Sept 14, 2025.
Reposted by Scott Vintinner
Store passwords in a password manager that is refrigerated and airtight to keep them fresh until their expiration date.
Follow me for more infosec tips!
Follow me for more infosec tips!
September 8, 2025 at 7:20 PM
Store passwords in a password manager that is refrigerated and airtight to keep them fresh until their expiration date.
Follow me for more infosec tips!
Follow me for more infosec tips!
Reposted by Scott Vintinner
So this happened:
The ENTIRE Los Angeles Superior Court system - the largest state court system in the nation - is down today due to a ransomware attack, forcing the closure of all 36 courthouses.
The ENTIRE Los Angeles Superior Court system - the largest state court system in the nation - is down today due to a ransomware attack, forcing the closure of all 36 courthouses.
August 15, 2025 at 4:24 PM
So this happened:
The ENTIRE Los Angeles Superior Court system - the largest state court system in the nation - is down today due to a ransomware attack, forcing the closure of all 36 courthouses.
The ENTIRE Los Angeles Superior Court system - the largest state court system in the nation - is down today due to a ransomware attack, forcing the closure of all 36 courthouses.
Using long file names to evade detection.
Pentest Trick: Out of sight, out of mind with Windows Long File Names
Abusing Windows file names that exceed 260 characters to bypass the EDR's sample collection tool by the pentester. Redteam trick
www.zerosalarium.com
August 12, 2025 at 2:36 PM
Using long file names to evade detection.
If you are in the job market for a cybersecurity or even regular IT job, there's a great post over on /r/cybersecurity to help you tune your resume:
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
www.reddit.com
August 12, 2025 at 2:22 PM
If you are in the job market for a cybersecurity or even regular IT job, there's a great post over on /r/cybersecurity to help you tune your resume:
My latest mix from August 3rd is out now:
www.youtube.com/watch?v=D9w-...
soundcloud.com/djscottv/bas...
www.mixcloud.com/djscottv/bas...
www.youtube.com/watch?v=D9w-...
soundcloud.com/djscottv/bas...
www.mixcloud.com/djscottv/bas...
Basskick Higher | Bass Heavy Breakbeat House | Live DJ Mix | dj.scottv
YouTube video by dj.scottv
www.youtube.com
August 11, 2025 at 9:50 PM
My latest mix from August 3rd is out now:
www.youtube.com/watch?v=D9w-...
soundcloud.com/djscottv/bas...
www.mixcloud.com/djscottv/bas...
www.youtube.com/watch?v=D9w-...
soundcloud.com/djscottv/bas...
www.mixcloud.com/djscottv/bas...
Pacer court system that handles filings for federal district courts has been hacked. Their systems have long been underfunded. Hopefully this will encourage some change.
Federal court filing system hit in sweeping hack
The identities of confidential court informants are feared compromised in a series of breaches across multiple U.S. states.
www.politico.com
August 7, 2025 at 4:35 PM
Pacer court system that handles filings for federal district courts has been hacked. Their systems have long been underfunded. Hopefully this will encourage some change.
Reposted by Scott Vintinner
why is no one capable of basic appsec these days?
The viral app Tea left part of its database exposed and 4chan is posting the IDs of its users. Vuln closed but only after it went viral on 4chan
www.404media.co/women-dating...
www.404media.co/women-dating...
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
“DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.
www.404media.co
July 25, 2025 at 5:10 PM
why is no one capable of basic appsec these days?
Reposted by Scott Vintinner
Clorox is claiming in a lawsuit that a Cognizant help desk worker reset Okta and Microsoft passwords three different times for a cybercriminal without verifying who was asking
Clorox says it lost $380 million from the August 2023 hack
therecord.media/clorox-cyber...
Clorox says it lost $380 million from the August 2023 hack
therecord.media/clorox-cyber...
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack
Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges i...
therecord.media
July 23, 2025 at 4:40 PM
Clorox is claiming in a lawsuit that a Cognizant help desk worker reset Okta and Microsoft passwords three different times for a cybercriminal without verifying who was asking
Clorox says it lost $380 million from the August 2023 hack
therecord.media/clorox-cyber...
Clorox says it lost $380 million from the August 2023 hack
therecord.media/clorox-cyber...
If you run VMware vSphere/vCenter/ESXi at your company, take some time to read this breakdown of an attack.
Attackers showing a very high level of sophistication and persistence even after discovery. This is the stuff of nightmares.
Attackers showing a very high level of sophistication and persistence even after discovery. This is the stuff of nightmares.
Fire Ant: Hypervisor-Level Espionage Targeting VMware ESXi & vCenter | Sygnia
Discover Sygnia’s investigation into Fire Ant, an advanced cyber-espionage campaign breaching VMware ESXi, vCenter, and network appliances. Learn how the attackers bypassed traditional defenses with h...
www.sygnia.co
July 25, 2025 at 6:29 PM
If you run VMware vSphere/vCenter/ESXi at your company, take some time to read this breakdown of an attack.
Attackers showing a very high level of sophistication and persistence even after discovery. This is the stuff of nightmares.
Attackers showing a very high level of sophistication and persistence even after discovery. This is the stuff of nightmares.
Good discussion on reddit's /cybersecurity:
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
www.reddit.com
July 14, 2025 at 9:24 PM
Good discussion on reddit's /cybersecurity: