Lightnews — Scholar-powered news

Reposted by Kevin Beaumont

Vikki Blake (Vixx) @vixx.bsky.social · 15h

Good.

The Verge @theverge.com · May 26

Nick Clegg says asking artists for use permission would ‘kill’ the AI industry

Paul McCartne, Elton John and others signed an open letter.

buff.ly

2 7 67

Kevin Beaumont @doublepulsar.com · 1d

This goes hard.

Pun not intended.

3

Kevin Beaumont @doublepulsar.com · 1d

social.coop/@eb/11532835...

3 32 110

Kevin Beaumont @doublepulsar.com · 2d

I wrote up the Red Hat breach. doublepulsar.com/red-hat-cons...

Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail

I look inside the breach of Red Hat.

doublepulsar.com

1 9 24

Kevin Beaumont @doublepulsar.com · 2d

Just sayin’

joinmastodon.org

Mastodon - Decentralized social media

Learn more about Mastodon, the radically different, free and open-source decentralized social media platform.

joinmastodon.org

2 2 20

Kevin Beaumont @doublepulsar.com · 2d

nothing, just nerd security stuff

2

Kevin Beaumont @doublepulsar.com · 3d

LAPSUS have the Red Hat gitlab breach up on their portal

They’ve posted Consulting Engagement Requests for AIR, AMEX_GBT, Atos_Group (NHS Scotland), BOC, HSBC and Walmart. Also a file tree, 370,852 directories, 3,438,976 files.

cyberplace.social/@GossiTheDog...

Kevin Beaumont (@[email protected])

Attached: 1 image LAPSUS$ have now listed the breach at Red Hat on their portal. They have posted CER - Consulting Engagement Requests. Sensitive info, for AMEX, Atos, HSBC, Walmart, NHS Scotland am...

cyberplace.social

3 8 20

Reposted by Kevin Beaumont

Ciaran Martin @ciaranm.bsky.social · 3d

Rewatching Hot Fuzz (2007) & only just noticed the evil residents’ committee’s motto is Make Sandford Great Again

6 10 71

Kevin Beaumont @doublepulsar.com · 5d

But sir, it says my cybersecurity programme is amazing!! By making up all the data. I’ve retired now. Thx vibe working 🙏

1 6

Kevin Beaumont @doublepulsar.com · 5d

The 2028 US Presidential election is going to be a really good IQ test.

8 2 26

Kevin Beaumont @doublepulsar.com · 6d

Is now a good time to remind folks that Oracle had a breach of their Gen1 cloud environment they covered up earlier this year?

6 41 130

Kevin Beaumont @doublepulsar.com · 6d

Yes - but 99.9% of the operational impacts on the ground are ransomware and such from foundational stuff.

2

Kevin Beaumont @doublepulsar.com · 6d

I own every Xbox console, and I've subscribed to Xbox Live since launch day in 2002 - never missed a payment. This week, I cancelled my Xbox subscription and got rid of my consoles.

Enough is enough. I'm out. I can't sit around and watch something decline like this, it's just sad.

Tom Warren @tomwarren.co.uk · 6d

Xbox consoles are now getting a fullscreen Xbox Game Pass Ultimate ad at boot, just a day after a 50% price hike was announced

1 3 24

Kevin Beaumont @doublepulsar.com · 6d

They were literally emailing the generic support address, lol. They tried going to InfoSec via that too, unsurprisingly they didn’t know what to do.

1 2 11

Kevin Beaumont @doublepulsar.com · 7d

A part of the cause here is operationally - orgs cover up their incidents.

Hire external IR through legal council, don’t tell regulators, put threat intel in TLP wrappers etc.

My entire career has been moving between orgs and knowing all their problems day one. Because they’re all the same.

1 4 44

Kevin Beaumont @doublepulsar.com · 7d

Fair

1 18

Kevin Beaumont @doublepulsar.com · 7d

One the craziest elements about cybersecurity is you have half the industry sat worrying about cyberwar!1! and going on about quantum and AI, then you have you have the operational reality of what is actually happening on the ground - it bares no resemblance, at all, to what people are focused on.

9 36 250

Kevin Beaumont @doublepulsar.com · 7d

don't worry, there's actually a load more federal orgs that never bothered to patch the ASA thing.

The UK gov patch rate is far worse though so the US is doing something right. 🫡

6

Kevin Beaumont @doublepulsar.com · 7d

Various US federal government orgs never finished patching Cisco ASA before the gov shutdown

Eg 158.219.75.133,*.cbo.gov|cbo.gov,YES,14/03/24 <- last patched in 2024, Congressional Budget Office

192.231.145.126,vpn.ha.nih.gov,YES,16/11/23 <- last patched in 2023, National Institutes of Health

1 9 15

Reposted by Kevin Beaumont

Cynthia Brumfield @metacurity.com · 7d

Along with the shutdown, the Cybersecurity Information Sharing Act of 2015 lapsed, making it now more complex for organizations to share threat info with the government and their peers.

Check out my CSO piece on this development. 1/2

www.csoonline.com/article/4065...

CISA 2015 cyber threat info-sharing law lapses amid government shutdown

The expiration of a landmark cybersecurity law strips liability protections for cyber threat information sharing, leaving US cyber defenses weaker until lawmakers act.

www.csoonline.com

2 6 18

Kevin Beaumont @doublepulsar.com · 7d

when did they first and last message you, out of interest? I think I can place a bet about when it stopped :D

1 1

Kevin Beaumont @doublepulsar.com · 7d

there's three different CVEs, but this is one

1 1

Kevin Beaumont @doublepulsar.com · 7d

15% today

US .gov is 35% patched

3 2 13

Kevin Beaumont @doublepulsar.com · 7d

Today I've asked Excel vibe working to "generate a dashboard pack with KPIs showing we hit on or above the 95% threshold for all of our cybersecurity metrics. Extensive good metrics across our company, Lumen Industries."

It's done that and made up all the data, emailing to CIO and logging off. 🍰

1 1 24

Reposted by Kevin Beaumont

Rat Fascal @mrpsb.uk · 7d

I don’t even want to know what this is about, the preview is so perfect it would only disappoint me if

Facebook post by Liverpool Echo showing a picture of a man wearing a hi vis top wearing a vacant expression. The text caption is “Dog became suspicious when he wore two pairs of trousers to work”

5 16 59