LightNews
furaxfox.bsky.social
Goupil
@furaxfox.bsky.social
210 followers 400 following 75 posts
Parceque ! (mes opinions n'engagent que moi) Ailleurs en ligne: http://goupilland.net http://github.com/FuraxFox/ http://mastodon.acm.org/@FuraxFox
goupilland.net
Posts Media Videos Starter Packs
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
youtu.be/AQqZUzeTFOc?...
If you want love from attackers: vibe code your applications
Vibe coding your way into a security nightmare by Arjen Wiersma
YouTube video by Devoxx
youtu.be
1
Reposted by Goupil
cert-fr.bsky.social
CERT-FR @cert-fr.bsky.social · 4d
Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-042/
1 1
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
And when strategic choices make the organisation fragile, it is not only IT which suffers but the whole organization and its partners.
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
The impact of a serious cyber attack is not about IT it is about business. And restoring full business function after an emergency interruption can be very, VERY, long.

Cyber-resilience is not just an IT problem, and it has to be dealt with as an organisation level strategy.
1
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
...Anybody who has been in the trenches of these incidents will tell you that two things happen: your business IT has a heart attack, and paying does not equal restoration. In almost every case, even with payment, restoration takes weeks to months[...]
1
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
[...]Many organisations think IT disaster recovery plans deal with ransomware. It doesn’t. [...]. I’ve talked to business after business after business whose real plan with ransomware is simply: the insurance covers it, we’d pay. ...
1
furaxfox.bsky.social
Goupil @furaxfox.bsky.social · 2d
@doublepulsar.com on the impact of ransomware on business and society
doublepulsar.com/the-elephant...
The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic…
Recently, there’s been three major UK ransomware and/or extortion incidents at three big UK companies — Co-op Group, Marks and Spencer and…
doublepulsar.com
1
Reposted by Goupil
lauriewired.bsky.social
LaurieWired @lauriewired.bsky.social · 8d
Virtual Machines render fonts. It’s kind of insane.



TrueType has its own instruction set, memory stack, and function calls.



You can debug it like assembly. It’s also exploitable:
3 21 110
Reposted by Goupil
legrugru.fr
Legrugru @legrugru.fr · 7d
Sa très belle exposition avait été installée à Besançon. La Russie est un état terroriste.
noelreports.com
NOELREPORTS @noelreports.com · 7d
A French journalist, Anthony Lallikan, was killed by a Russian FPV drone strike near Druzhkivka. His colleague, Hryhorii Ivanchenko from the Kyiv Independent, was wounded in the same attack.
32 100
Reposted by Goupil
cert-fr.bsky.social
CERT-FR @cert-fr.bsky.social · 11d
Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-041/
2 1
Reposted by Goupil
cert-fr.bsky.social
CERT-FR @cert-fr.bsky.social · 15d
⚠️ Alerte CERT-FR ⚠️

Les vulnérabilités CVE-2025-20362 et CVE-2025-20333 sont activement exploitées sur Cisco ASA et FTD.
Un attaquant non authentifié peut exécuter du code arbitraire à distance.

www.cert.ssi.gouv.fr/alerte/CERTF...
1 5 3
Reposted by Goupil
nolimitsecu.bsky.social
nolimitsecu.bsky.social @nolimitsecu.bsky.social · 12d
#Podcast #Cybersécurité #ANSSI #IOT

Épisode #514 consacré à la publication de @anssi-fr.bsky.social : "Approche SSI pour l'Internet des objets industriels", avec Laëtitia C.

www.nolimitsecu.fr/approche-ssi...
Approche SSI pour l'Internet des objets industriels - NoLimitSecu
Episode #514 Approche SSI pour l’Internet des objets industriels Avec Laëtitia C. Références :  https://cyber.gouv.fr/sites/default/files/document/approche_ssi_pour_l_internet_des_objets_industriels_2...
www.nolimitsecu.fr
4 5
Reposted by Goupil
lcheylus.bsky.social
Laurent Cheylus @lcheylus.bsky.social · 8d
How to assemble a tiny but realistic, Docker-like Container using only stock Linux tools: unshare, mount, and pivot_root - A very long article by Ivan Velichko #Docker #Linux labs.iximiuz.com/tutorials/co...
How Container Filesystem Works: Building a Docker-like Container From Scratch | iximiuz Labs
Learn how Linux containers are built from the ground up. Starting with the mount namespace and a root filesystem, see why PID, cgroup, UTS, and network namespaces naturally follow - and how this…
labs.iximiuz.com
3 5
Reposted by Goupil
lauriewired.bsky.social
LaurieWired @lauriewired.bsky.social · 9d
This processor doesn’t (officially) exist.



Pre-production Engineering Samples sometimes make it into the grey market.



Rarer still are Employee Loaner Chips.

Ghosts abandoned before ever becoming products:
3 6 35
Reposted by Goupil
bleepingcomputer.com
BleepingComputer @bleepingcomputer.com · 10d
Roughly 48,800 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 48,800 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
www.bleepingcomputer.com
4 6
Reposted by Goupil
antoinehasday.bsky.social
Antoine Hasday @antoinehasday.bsky.social · 11d
Enquête pour @numerama.com: comment Rohan Rane, fondateur de l'organisation CVLT incarcéré en France, a posé les bases méthodologiques et idéologiques d'une vague mondiale de cyber-sextortion sadique, qui a ciblé des centaines de mineures. Le fondateur de 764 a ainsi été "formé" au sein de CVLT.
1 42 40
Reposted by Goupil
ryanaraine.bsky.social
Ryan Naraine @ryanaraine.bsky.social · 13d
The three buddies back together for a fresh problem. @craiu.bsky.social @jags.bsky.social

WATCH on YouTube youtu.be/yBrNMWvYQ6A?...
Cisco firewall zero-days and bootkits in the wild
YouTube video by Three Buddy Problem
youtu.be
1 5 6
Reposted by Goupil
theregister.com
The Register @theregister.com · 10d
Warnings about Cisco vulns under active exploit are falling on deaf ears
Warnings about Cisco vulns under active exploit are falling on deaf ears
50,000 firewall devices still exposed Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.…
dlvr.it
4 7
Reposted by Goupil
micahflee.com
Micah Lee @micahflee.com · 12d
A good post by Bruce Schneier: digital threat modeling under authoritarianism www.schneier.com/blog/archive...
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smar...
www.schneier.com
1 31 43
Reposted by Goupil
occrp.org
Organized Crime and Corruption Reporting Project @occrp.org · 12d
Russia has become the largest single-country buyer of Ecuadorian bananas, purchasing 1.5 million metric tons during 2024 and the first half of 2025.

How is it related to global diversification of cocaine trafficking routes? 🤔
3 32 53
Reposted by Goupil
lauriewired.bsky.social
LaurieWired @lauriewired.bsky.social · 18d
SSDs are pretty reliable in a technical sense.


That is, unless you make a really, really bad mistake in firmware.

HP had a line of ~20 different Enterprise SSD models for datacenter use.


In exactly 3 years, 270 days and 8 hours, every one is irrecoverably bricked.
11 39 140
Reposted by Goupil
nolimitsecu.bsky.social
nolimitsecu.bsky.social @nolimitsecu.bsky.social · 18d
#Podcast #Cybersécurité

Épisode #513 consacré à l'outil de cartographie open source Mercator, avec son créateur Didier Barzin

www.nolimitsecu.fr/mercator/
Mercator - NoLimitSecu
Episode #513 consacré à Mercator Avec Didier Barzin
www.nolimitsecu.fr
3 7
Reposted by Goupil
cert-fr.bsky.social
CERT-FR @cert-fr.bsky.social · 18d
Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-040/
1 1
Reposted by Goupil
artefr.bsky.social
ARTE @artefr.bsky.social · 18d
Seuls des rois de la cryptanalyse pouvaient percer le mystère des lettres codées d'une reine ✍️
2 54 170
Reposted by Goupil
romanad.bsky.social
Roman A. @romanad.bsky.social · 20d
In-depth investigation from the BBC, which infiltrated a disinformation operation to interfere in the Moldovan elections.

This operation is coordinated remotely by pro-Russian actors through Telegram.
www.bbc.co.uk/news/article...
How Russian-funded fake news network aims to disrupt European election - BBC investigation
An undercover reporter discovers a network is offering to pay for social media posts undermining Moldova’s ruling party.
www.bbc.co.uk
3 30 39