Is it just me, or did SMS OTP sent by customer support for privacy reasons break the security model for SMS OTP 2FA authentication for logins?
Now every customer is used to reading OTP codes over the phone just to get help with their account, so they don't think twice about where the 2FA codes should be used.
[#]privacy #cybersecurity
=> More informations about this toot | View the thread
If you can setup a segregated network with a partition that has very uniform activity, a defender can use it to create very high fidelity alerting on unusual behaviour.
T-Mobile say they detected a recent breach attempt using this method:
Reported by @lhn
[#]cybersecurity #firewall
=> More informations about this toot | View the thread
Our representatives passing 11 bills in 38 minutes is a worrying sign for Australian democracy.
https://www.abc.net.au/news/2024-11-29/federal-politics-live-november-29/104658552
[#]auspol #socialmedia #socialmediaban
=> More informations about this toot | View the thread
Social Media Ban Senate committee trying to regain some relevance by emphasising that they didn't publish (or likely read) almost all of the 15000+ submissions by stating they only published 107 submissions.
"The committee published 107 submissions from organisations and individuals, which are listed in Appendix 1 and available on the committee's website."
https://web.archive.org/web/20241126073352/https://otd.aph.gov.au/public-api/api/documents/8445/files/14404
[#]auspol #socialmediaban
=> More informations about this toot | View the thread
Australian government websites being targeted by a DDoS group based on this post.
I wonder why...
[#]auspol
https://social.circl.lu/@NoName57Bot/113542083573314902
=> More informations about this toot | View the thread
GraphQL API vulnerability adventures talk at #bsidescbr2024 by Danielle Rosenfeld-Lovell
For starters, GraphQL has introspection enabled by default, to give your attackers quick access to your entire API schema with one query!
=> More informations about this toot | View the thread
Discoveries by strategic threat hunters must promptly be transferred to incident responders with actionable details.
[#]bsidescbr2024
=> More informations about this toot | View the thread
A strategic Threat Hunting team needs to be separate from a day-to-day SOC, and should have clear priorities for each threat hunting project.
[#]bsidescbr2024
=> More informations about this toot | View the thread
Raising the costs of adversaries works because resourcing, and hence money, is always a factor.
[#]bsidescbr2024
=> More informations about this toot | View the thread
"It's probably not cyberwar and it's definitely not chess" - Brody Nisbet
[#]bsidescbr2024
=> More informations about this toot | View the thread
Next at #bsidescbr2024 is Brody Nisbet from Crowdstrike on how to strategically perform threat hunting to gain an advantage against adversaries.
=> More informations about this toot | View the thread
Vulnerabilities can change the program state to a "weird machine", which is a Turing machine that doesn't necessarily follow the possibilities of the original state machine.
[#]bsidescbr2024
=> More informations about this toot | View the thread
Exploitability of vulnerabilities is a cost benefit calculation because you can't work on a difficult bug forever.
[#]bsidescbr2024
=> More informations about this toot | View the thread
[#]bsidescbr2024 starting with Chompie presenting the keynote on the exploit development lifecycle #cybersecurity
=> More informations about this toot | View the thread
=> This profile with reblog | Go to merospit@infosec.exchange account This content has been proxied by September (ba2dc).Proxy Information
text/gemini