thekileen
@thekileen.bsky.social
IT Security in Higher Ed (no that’s not quite a contradictory statement), Electronics, Woodworking, BBQ (low & slow is the way), Dad, follower of Jesus (order changes at will). Opinions are my own.
Reposted by thekileen
The Treasury Department right now. People are turning out against Musk and DOGE staging a takeover of the Treasury’s payment system. This crowd is big. The whole block is packed. “Lock him up,” everyone yells.
February 4, 2025 at 10:43 PM
The Treasury Department right now. People are turning out against Musk and DOGE staging a takeover of the Treasury’s payment system. This crowd is big. The whole block is packed. “Lock him up,” everyone yells.
Reposted by thekileen
A few of us are still out here.
Sorry for the shaky video.
Sorry for the shaky video.
February 2, 2025 at 11:08 PM
A few of us are still out here.
Sorry for the shaky video.
Sorry for the shaky video.
Is anyone else having to block random accounts “following you” that should be classified as bots?
January 10, 2025 at 3:06 PM
Is anyone else having to block random accounts “following you” that should be classified as bots?
I am still catching up on DefCon talks! This one is a zinger from @[email protected] about how “Every cop's body cam is basically an AirTag.” blog.dataparty.xyz/blog/snoop-u...
DEFCON 31 - Snoop unto them, as they snoop unto us
The official videos from DEFCON 31 have been posted!
Below you can watch our talk “Snoop unto them as they snoop unto you”. The talk, slides, files
blog.dataparty.xyz
January 2, 2025 at 1:40 AM
I am still catching up on DefCon talks! This one is a zinger from @[email protected] about how “Every cop's body cam is basically an AirTag.” blog.dataparty.xyz/blog/snoop-u...
Reposted by thekileen
Fascinating piece from Lloyds List about the Russian tanker boarded by the Finnish coast guard on Christmas Day.
Turns out it was packed to the gills with surveillance gear that used so much power they occasionally caused brownouts on board.
Turns out it was packed to the gills with surveillance gear that used so much power they occasionally caused brownouts on board.
Russia-linked cable-cutting tanker seized by Finland ‘was loaded with spying equipment’
<em>Eagle S</em>, the Russia-linked tanker suspected of damaging an underwater electricity cable on Christmas Day, was kitted out with special transmitting and receiving devices that were used to monitor naval activity, according to a source with direct involvement in the ship, which has since been detained by Finnish police
www.lloydslist.com
December 28, 2024 at 12:46 AM
Fascinating piece from Lloyds List about the Russian tanker boarded by the Finnish coast guard on Christmas Day.
Turns out it was packed to the gills with surveillance gear that used so much power they occasionally caused brownouts on board.
Turns out it was packed to the gills with surveillance gear that used so much power they occasionally caused brownouts on board.
“Data-loss prevention startup vendor hacked to steal data”. I wonder if the admin’s system that got popped had the company’s edr software on it…if the company had something at all…or was it a BYOD environment. techcrunch.com/2024/12/27/c...
Cyberhaven says it was hacked to publish a malicious update to its Chrome extension | TechCrunch
The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."
techcrunch.com
December 27, 2024 at 8:50 PM
“Data-loss prevention startup vendor hacked to steal data”. I wonder if the admin’s system that got popped had the company’s edr software on it…if the company had something at all…or was it a BYOD environment. techcrunch.com/2024/12/27/c...
Privacy reminder 4 iOS users: There’s a native function that tracks network activity by apps (see what’s up to no good). Go to Settings > Privacy & Security > App Privacy Reports.
There’s no reason for Google Authenticator to call out to Google's servers. It shouldn't be doing it.
Use 2FAS instead!
There’s no reason for Google Authenticator to call out to Google's servers. It shouldn't be doing it.
Use 2FAS instead!
December 23, 2024 at 6:04 AM
Privacy reminder 4 iOS users: There’s a native function that tracks network activity by apps (see what’s up to no good). Go to Settings > Privacy & Security > App Privacy Reports.
There’s no reason for Google Authenticator to call out to Google's servers. It shouldn't be doing it.
Use 2FAS instead!
There’s no reason for Google Authenticator to call out to Google's servers. It shouldn't be doing it.
Use 2FAS instead!
ChangeHealthcare data breach started on 02/11/24 when creds of an employee were posted in a Telegram group chat. The creds were used to login to Citrix. The external actor was in their system for 9 days, creating admin accounts, installing malware, and exfiltrating terabytes of sensitive data.
Attorney General Mike Hilgers Files Lawsuit Against Change Healthcare for Critical Failures to Protect Consumer Data and Prevent Against Harm from a Widespread Cyberattack | Nebraska Attorney General ...
ago.nebraska.gov
December 17, 2024 at 11:11 PM
ChangeHealthcare data breach started on 02/11/24 when creds of an employee were posted in a Telegram group chat. The creds were used to login to Citrix. The external actor was in their system for 9 days, creating admin accounts, installing malware, and exfiltrating terabytes of sensitive data.
I find it ironic that electric vehicles are still delivered mainly by diesel-powered combustion engines. Is it just me?
December 9, 2024 at 8:02 PM
I find it ironic that electric vehicles are still delivered mainly by diesel-powered combustion engines. Is it just me?
There’s some interesting data here about EV battery longevity. Great work by James Morris @ Wired! www.wired.com/story/electr...
Electric Cars Could Last Much Longer Than You Think
Rather than having a shorter lifespan than internal combustion engines, EV batteries are lasting way longer than expected, surprising even the automakers themselves.
www.wired.com
December 9, 2024 at 8:00 PM
There’s some interesting data here about EV battery longevity. Great work by James Morris @ Wired! www.wired.com/story/electr...
Reposting from Sandrockcstm on Mastadon:
People are being kind of smug about the FBI announcent not to text anymore, and I understand why...Your mfa codes that are texted to you are now fully compromised…That's the real story here. We've known for a while sms mfa was insecure.
People are being kind of smug about the FBI announcent not to text anymore, and I understand why...Your mfa codes that are texted to you are now fully compromised…That's the real story here. We've known for a while sms mfa was insecure.
December 6, 2024 at 2:51 AM
Reposting from Sandrockcstm on Mastadon:
People are being kind of smug about the FBI announcent not to text anymore, and I understand why...Your mfa codes that are texted to you are now fully compromised…That's the real story here. We've known for a while sms mfa was insecure.
People are being kind of smug about the FBI announcent not to text anymore, and I understand why...Your mfa codes that are texted to you are now fully compromised…That's the real story here. We've known for a while sms mfa was insecure.
Today was spent setting up Ludus.cloud (I’d highly recommend it if you need a test environment!) and attempting to getting Caldera setup on Windows without Defender detecting it (my barrier of entry). Sliver loaded into memory just fine! Tmrw I’m going to attempt to setup OpenBAS which is new to me.
December 4, 2024 at 3:12 AM
Today was spent setting up Ludus.cloud (I’d highly recommend it if you need a test environment!) and attempting to getting Caldera setup on Windows without Defender detecting it (my barrier of entry). Sliver loaded into memory just fine! Tmrw I’m going to attempt to setup OpenBAS which is new to me.
Reposted by thekileen
The ad-supported internet is on life support. Moving forward, you will pay to play, or be drowned in ads and AI crap.
www.theverge.com/2024/12/3/24...
www.theverge.com/2024/12/3/24...
Here we go: The Verge now has a subscription
A lot of our site will remain free, but you can now pay to get fewer ads and unlimited access to all of our work.
www.theverge.com
December 3, 2024 at 5:07 PM
The ad-supported internet is on life support. Moving forward, you will pay to play, or be drowned in ads and AI crap.
www.theverge.com/2024/12/3/24...
www.theverge.com/2024/12/3/24...
Thank you John Strand and BHIS!
Sad news for CompTIA.
Sad news for CompTIA.
November 30, 2024 at 4:30 AM
Thank you John Strand and BHIS!
Sad news for CompTIA.
Sad news for CompTIA.
Cybersecurity's effectiveness hinges on collaboration and relationship building, the ability to connect, explain, and persuade…it’s about developing emotional intelligence, learning to read your audience, and adapting your message while keeping its essential truth.
www.greynoise.io/blog/from-he...
www.greynoise.io/blog/from-he...
www.greynoise.io
November 27, 2024 at 3:24 PM
Cybersecurity's effectiveness hinges on collaboration and relationship building, the ability to connect, explain, and persuade…it’s about developing emotional intelligence, learning to read your audience, and adapting your message while keeping its essential truth.
www.greynoise.io/blog/from-he...
www.greynoise.io/blog/from-he...
Told the kiddos to cleanup after dinner. The oldest starts getting to work. The youngest looks at me, tells me I’m so mean and refuses to get out of their chair & start. Tell me siblings are not different…do it.
November 24, 2024 at 2:43 AM
Told the kiddos to cleanup after dinner. The oldest starts getting to work. The youngest looks at me, tells me I’m so mean and refuses to get out of their chair & start. Tell me siblings are not different…do it.
Thanks for posting this @[email protected]. “Go
to the cloud they said…it’ll be fine they said…integrate an LLM to summarize your emails they said” yro.slashdot.org/story/24/11/...
to the cloud they said…it’ll be fine they said…integrate an LLM to summarize your emails they said” yro.slashdot.org/story/24/11/...
Microsoft Copilot Customers Discover It Can Let Them Read HR Documents, CEO Emails - Slashdot
According to Business Insider (paywalled), Microsoft's Copilot tool inadvertently let customers access sensitive information, such as CEO emails and HR documents. Now, Microsoft is working to fix the ...
yro.slashdot.org
November 22, 2024 at 2:44 AM
Thanks for posting this @[email protected]. “Go
to the cloud they said…it’ll be fine they said…integrate an LLM to summarize your emails they said” yro.slashdot.org/story/24/11/...
to the cloud they said…it’ll be fine they said…integrate an LLM to summarize your emails they said” yro.slashdot.org/story/24/11/...
Threat actors using a publicly available tool called NFCGate where they relay the NFC traffic from one cybercriminal (attacker) to another (mule) and do it on a scalable manner, effectively cashing out money. www.threatfabric.com/blogs/ghost-...
Ghost Tap: New cash-out tactic with NFC Relay
ThreatFabric analysts have discovered Ghost Tap: a new cash-out tactic involving relaying of NFC traffic that is actively abused by threat actors.
www.threatfabric.com
November 21, 2024 at 2:41 PM
Threat actors using a publicly available tool called NFCGate where they relay the NFC traffic from one cybercriminal (attacker) to another (mule) and do it on a scalable manner, effectively cashing out money. www.threatfabric.com/blogs/ghost-...
Reposted by thekileen
Oh damn there it is: www.theverge.com/202...
DOJ says Google must sell Chrome to crack open its search monopoly
Divesting Android is still on the table.
www.theverge.com
November 21, 2024 at 5:39 AM
Oh damn there it is: www.theverge.com/202...
I have to say, the attacker’s awareness of LLM-based phishing detection at the receiver’s organization surprised me! sublime.security/blog/adversa...
Adversarial ML: Extortion via LLM Manipulation Tactics
Sublime Security Attack Spotlight: Social Engineering attack that employs command and text injection in the message body to evade LLM detection.
sublime.security
November 21, 2024 at 2:37 AM
I have to say, the attacker’s awareness of LLM-based phishing detection at the receiver’s organization surprised me! sublime.security/blog/adversa...
Be on the lookout!! thehackernews.com/2024/11/fake...
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
New phishing campaign targets Black Friday e-commerce shoppers in Europe and US, stealing personal and financial data via fake brand websites.
thehackernews.com
November 20, 2024 at 3:18 PM
Be on the lookout!! thehackernews.com/2024/11/fake...
Reposted by thekileen
WIRED has tracked thousands of US military & intel personnel coming & going from classified sites, incl. NSA hubs & nuclear vaults. We know where they sleep, what they eat, and which brothels they visit.
It's an ocean of blackmail & national secrets within reach of every spy agency in the world.
It's an ocean of blackmail & national secrets within reach of every spy agency in the world.
Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
www.wired.com
November 20, 2024 at 4:00 AM
WIRED has tracked thousands of US military & intel personnel coming & going from classified sites, incl. NSA hubs & nuclear vaults. We know where they sleep, what they eat, and which brothels they visit.
It's an ocean of blackmail & national secrets within reach of every spy agency in the world.
It's an ocean of blackmail & national secrets within reach of every spy agency in the world.
I’m thinking about watching Battlestar Battlestar Galactica again, where Edward James Olmos plays Admiral William Adama & Mary McDonnell plays President Laura Roslin. Now I need to find the dvd set!
November 20, 2024 at 6:02 AM
I’m thinking about watching Battlestar Battlestar Galactica again, where Edward James Olmos plays Admiral William Adama & Mary McDonnell plays President Laura Roslin. Now I need to find the dvd set!