I knew there had to be an ulterior motive to his behavior.
From: @GossiTheDog
https://cyberplace.social/@GossiTheDog/113951804684067306
=> More informations about this toot | View the thread
Hey @screaminggoat welcome back from your court-ordered anger management course
=> More informations about this toot | View the thread
It didn’t take long for DeepSeek to be compromised. I guess being good at creating LLM’s doesn’t translate to being good at security.
Cc: @GossiTheDog @screaminggoat
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
[#]deepseek #cybersecurity
=> More informations about this toot | View the thread
My semi-regular reminder: block *.trycloudflare.com if you don’t use it. It is heavily abused by bad people. This is a free service from Cloudflare which makes it attractive to people trying to do bad things. Of course, Cloudflare will take down the accounts when presented with evidence of abuse, but that takes time. By the time they are taken down the damage is already done.
From: @monitorsg
https://infosec.exchange/@monitorsg/113911569687420079
=> More informations about this toot | View the thread
Hoopla you are killing me. Upgrade the app? Fine. Delete all downloaded content? No. Especially right before I get on a 5 hour flight. #bummer #audiobooks
=> More informations about this toot | View the thread
This tactic of sending unsolicited messages and calls via Teams has an easy solution—only allow specific external domains to communicate with your end users. Review your Teams logs, see which domains your users are communicating with, add them to the allow list and enable the control. Make your end users open up a support ticket for future domain adds so you can vet them.
[#]Cybersecurity
This is unfortunately another example of #Microsoft INsecure by default, as they allow messages and calls from any domain by default and leave it up to the organization to manage.
Microsoft docs:
https://learn.microsoft.com/en-us/microsoft-365/solutions/trusted-vendor-onboarding?view=o365-worldwide#allow-the-vendors-domain-in-teams-external-access
From: @BleepingComputer
https://infosec.exchange/@BleepingComputer/113867174217080151
=> More informations about this toot | View the thread
This tactic of sending unsolicited messages and calls via Teams has an easy solution—only allow specific external domains to communicate with your end users. Review your Teams logs, see which domains your users are communicating with, add them to the allow list and enable the control. Make your end users open up a support ticket for future domain adds so you can vet them.
Forget about Zero Trust and apply best practice security configurations. Let the marketing people and the CISO worry about whether something is “zero trust” or not. #Cybersecurity
Microsoft docs:
https://learn.microsoft.com/en-us/microsoft-365/solutions/trusted-vendor-onboarding?view=o365-worldwide#allow-the-vendors-domain-in-teams-external-access
From: @screaminggoat
https://infosec.exchange/@screaminggoat/113867636525001029
=> More informations about this toot | View the thread
All tucked in for a nap on a cold winter day #caturday #catsofmastodon #cats
=> More informations about this toot | View the thread
I can’t believe the #Microsoft #Azure East US2 networking issues are still on-going a full day later https://azure.status.microsoft/en-us/status
=> More informations about this toot | View the thread
Today, like everyday, is a good day for a nap. #cats #catsofmastodon #caturday
=> More informations about this toot | View the thread
Merry Christmas to everyone who celebrates. For those that don’t celebrate I hope you have a great day. 🎄🎅🌲
=> More informations about this toot | View the thread
Oh #crypto you never disappoint!
From: @paulisci
https://mstdn.ca/@paulisci/113698227232062837
=> More informations about this toot | View the thread
Today’s a good day for a nap.
[#]catsofmastodon #caturday #cats
=> More informations about this toot | View the thread
Bofferding Christmas Lager — brewed in Luxembourg. It’s just ok, no spices like American seasonal brews. 5.5% ABV which is low for a Christmas beer.
[#]Beer #beersofmastodon
=> More informations about this toot | View the thread
If you allow people outside of your organization to initiate Teams chats with your users, I’d definitely look for this.
[#]cybersecurity
From: @fabian_bader
https://infosec.exchange/@fabian_bader/113686636768785688
=> More informations about this toot | View the thread
BYOVD is bad, but you can take proactive steps to prevent exploitation of known vulnerable drivers. A full list of all publicly known vulnerable drivers is available here:
https://github.com/magicsword-io/LOLDrivers
[#]cybersecurity
From: @screaminggoat
https://infosec.exchange/@screaminggoat/113680579413588817
=> More informations about this toot | View the thread
The tl;dr here is to ensure you block inbound .rdp files from being emailed to your users and to prevent or limit Internet-bound RDP (3389/tcp) connections from your devices and networks
From: @screaminggoat
https://infosec.exchange/@screaminggoat/113670315137646947
=> More informations about this toot | View the thread
Vasilis Orlaf has a good newsletter where he walks through #threathunting for various types of #cybersecurity threats. This week he hunted for Cobalt Strike C2 infrastructure using @censys and even found some that was unknown to both VirusTotal and ThreatFox. Check it out.
[#]CobaltStrikeBeaconDetected #threatintel
https://open.substack.com/pub/intelinsights/p/from-939-to-85-hunting-cobalt-strike
=> More informations about this toot | View the thread
He’s a bit grumpy today #caturday #catsofmastodon
=> More informations about this toot | View the thread
This is the way ⬇️
[#]cybersecurity
From: @Orca
https://nya.one/notes/a1lz4o9w7j510k0h
=> More informations about this toot | View the thread
=> This profile with reblog | Go to deepthoughts10@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini