[#]BOLO Another #DarkAI chatbot has been born #GhostGPT. Similar to #WormGPT I started discussing at my company over a year ago, it is an unrestricted AI with zero guardrails. DO NOT USE THESE CHATBOTS! THEY ARE DANGEROUS!
Expect another increase in #novel #malware and #scriptkiddies "playing around".
Β
https://www.darkreading.com/cloud-security/cyberattackers-ghostgpt-write-malicious-code
=> More informations about this toot | View the thread
Please - stay away from #DeepSeek. They aren't hiding the fact that they are taking all your data and storing it in #PRC. Like this Author says - if you think #TikTok was bad, DeepSeek is SO MUCH WORSE.
https://www.forbes.com/sites/zakdoffman/2025/01/27/warning-deepseek-is-a-chinese-security-nightmare-come-true/
=> More informations about this toot | View the thread
People sometimes have the mistaken notion that they aren't targets for bad actors because they aren't famous and don't have a high net worth. But that's simply not the case today. Anyone with any online presence is a potential target to attackers. That means everyone needs to know their cyber hygiene.
Basic #cyber #hygiene is essential and easy. Steps include:
:finger_point: Be more stringent about the info you share online
:finger_point: Review and adjust #privacy settings
:finger_point: Use #strong and #unique #passwords
:finger_point: Enable two-factor #authentication
:finger_point: Monitor online presence
:finger_point: Learn about data brokers
:finger_point: #Secure all devices
:finger_point: Be skeptical of unsolicited requests
:finger_point: Regularly #audit third-party apps
:finger_point: Monitor credit reports
:finger_point: Separate personal and professional identities
=> More informations about this toot | View the thread
Not gonna lie, Trump's EO on this kind of scares me. As I understand it - Zero oversight on #AI development? No hard requirement for implementation of #guardrails and #security features? There's now free reign on the #development of AI (unless something else comes into play). While I can appreciate the #investment in AI by the US Government (ex: China has committed far more by now), the removal of most/all government oversight is what scares me the most. Leave it the private sector? No. Big corps won't #protect users, they will protect profits (in the name of "#innovation" and "#progress"). And most people STILL don't have any clue how any of this works, connects, and affects every #internet_connected system on the #planet, and in #orbit around our planet. Reminds me of the beginning of the #Internet, just "smarter", as it were. But to me, it feels like history repeating itself but no one #learned anything from the past.
Time to really shore up your personal assets and your digital life even more. Shit is as real as it will ever be.
https://www.darkreading.com/threat-intelligence/trump-overturns-biden-rules-on-ai-development-security
=> More informations about this toot | View the thread
[#]OfflineMode
=> More informations about this toot | View the thread
I've been saying for decades now - NO SYSTEM IS SAFE FROM #HACKERS! #Mac users have always evangelized that "Macs are more secure, so I don't need antivirus software". Still untrue. Today, #Apple has a larger market share than ever. And while Apple hardware is seen as more secure by design, due in part to their closed eco-system, users are still the weakest link, which means YOU NEED TO PROTECT YOURSELF, FROM YOURSELF. This article from #DarkReading highlights this fact - no system is safe, including Macs.
Install anti-everything software on all your systems and devices. EVERYTHING is at risk. #StayVigalent #CyberSecurity #Hacking #InfoStealers
https://www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs
=> More informations about this toot | View the thread
This is a common #AttackVector today, but this is very targeted at #Windows and #mac developers.
https://www.darkreading.com/threat-intelligence/crowdstrike-job-interviews-hacker-tactic
=> More informations about this toot | View the thread
The #AI race to control advancement just got more interesting: https://arstechnica.com/ai/2025/01/biden-administration-puts-quotas-on-global-ai-chip-sales/
=> More informations about this toot | View the thread
Okay, upping this to 8.5/10. It's a lot of fun now that I've gotten more into it. Played on my #VitureXRPro glasses last night and whoa π now THAT was dope af. Way less neck strain that way too: #ergonomic #gaming.
I learned you actually have real players on the same map as you, going for the same goals, and they are also enemies! Not just #NPCs running and gunning, though there are plenty and their intelligence is pretty damn good. You can steal everyone's loot! Still working on figuring out the Stash and Marketplace to find the right balance of getting dope gear, selling loot for tokens, and apparently there's a 'forge' style section where I can build weapons and attachments. Need to level up a few more times to open that up.
Just opened up #Ranked too, and it's a solo match (unless you are already in a team) so I control my own destiny, and fight my own fights. As long as you extract from a map, you will progress. If you die, you lose everything on your character, and can't get it back. No Ranked points for dying lol.
[#]DeltaForce #ProTip only deploy with 1 weapon, the gear with the most available slots, a few hundreds rounds of ammo, 2 or 3 first-aid packs or injectors, at least 2 sergical kits, and 1 debuff. You want to leave plenty of slots open for high value loot, rare weapons you loot from #frags, etc. I've found that carrying anything over 50% capacity doesn't give you space for bigger loot items that have higher values. You end up losing out in the end, unless you take out the #HVTs to earn reward money.
Also, if you're good enough with iron sights or #hipfire, optical upgrades aren't worth the expense IMHO. Barrel upgrades (for distance increases), magazine capacity upgrades, and muzzel or grip upgrades (for enhanced control) are solid. You don't have to pay for the most expensive upgrades to see real differences in gameplay. Even the cheap ones help significantly. Keep in mind, if you die with that modified weapon equipped, you lose it.
Well made game. Will be playing this for a bit lol.
=> More informations about this toot | View the thread
All #sysadmins should review this article and the #CVE reports. Ensure ALL of your #domaincontrollers (at a minimum) and #WindowsServers are fully patched to prevent this vulnerability from being exploited. No one wants an #LDAP #DoS situation. What a nightmare that would be.
[#]StayCyberAware #BeCyberSafe
https://www.darkreading.com/vulnerabilities-threats/active-directory-flaw-can-crash-any-microsoft-server-connected-to-the-internet
=> More informations about this toot | View the thread
[#]GiggledToMuch π
=> More informations about this toot | View the thread
Started playing the new #DeltaForce. Graphics are insane lol. It's fun! But it lacks any real guidance as to what you're supposed to do. Kind of figuring it out as I go, but it is fun. 7/10 would recommend.
=> More informations about this toot | View the thread
Cheers to you and yours for an amazing and prosperous #2025!
=> View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
https://www.darkreading.com/cyber-risk/quantum-computing-advances-2024-security-spotlight
I've been fascinated with #quantum concepts since I was a kid. It's so cool to see these "pipe dreams" come to fruition in my lifetime.
That said, knowing what I know in the tech space, I think they are still too generous with their timelines. While I don't believe quantum computing will be in the consumer space for 2-3 decades still (no viable reason for us to have a quantum computer at our desks yet), I do believe we will see viable quantum superiority within the next 2-3 years, with functional commercial quantum within the next 5 years. Could not tell you if the US or China will lead the charge, but I am confident that one of those two countries will realize true quantum sooner than anyone thinks. Which is dangerous for the security space - we're no where close to ready lol.
Once a stable quantum computer is opened up to the masses, that's when we'll see hackers deep dive. Quantum will change our world (and possibly our perception of the universe) in so many ways, and I believe for the better, but hackers will always figure out how to be 10 steps ahead of any curve. Talk about uncharted territory.
=> More informations about this toot | View the thread
Never heard of #Honey personally, but this #scam is very real. I am skeptical of any coupon sites generally, because they have NEVER worked for me in the past (before they were doing quasi-criminal activity). Also, NEVER install a browser extension you aren't 100% sure of its legitimacy AND how it works.
[#]Honey is actively stealing from affiliates, which, while not illegal, is highly unethical and simply not fair.
If you don't know about this scam, I recommend you watch this video so you understand how it works (clearnet): https://youtu.be/vc4yL3YTwWk?feature=shared
[#]BeCyberSafe #StayCyberAware
=> More informations about this toot | View the thread
Excellent article about cyber defense and "Cultivating a #Hacker Mindset.." to stay at least in-step with adversaries.
My favorite part:
"Growing and honing a hacker mindset is a journey, and it won't come from reading a book or taking a course. It takes time, practice, mentorship, and hands-on experience...make mistakes. Real learning happens by doing."
This is how I have gained my knowledge and perspective in the industry - by being a hacker from a ripe young age, not just "pushing buttons." Always questioning "why" while appreciating the "how". I have always called my technical curiosity as being "someone who is likely overly paranoid, thus I trust nothing", but maybe I was just using the incorrect terminology all along. π€ Maybe it is just having a "Hacker's Mindset" after all. Hmm...
https://www.darkreading.com/cyberattacks-data-breaches/cultivating-hacker-mindset-cybersecurity-defense
=> More informations about this toot | View the thread
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education.
[#]BeCyberSafe #StayCyberAware
=> More informations about this toot | View the thread
NIST 800-63B - If you are a #sysadmin you should be familiar with the 2022/2023 updates in regards to authentication security. Here's a summary. Link to the full publication EOF.
If you are in a specialized industry, or have other regulatory hurdles, then proceed as recommended by your security teams after consulting legal (or just read the damn laws yourself lol). LISTEN TO YOUR #SECURITYGEEKS!!
Checklist for aligning with #NISTβs new password guidance.
Updating a password strategy may not be an overnight process for most organizations. However, there are several steps you can keep in mind while working towards meeting NIST guidelines:
:finger_point: Update internal password policies: Organizations will want to make sure their password policies include the latest NISTβs recommendations, such as prioritizing length over complexity requirements and adjusting password expiration timings.
:finger_point: Use password filtering lists: Organizations will want to start looking at tools that allow using password filtering lists to prevent the use of well-known compromised passwords and commonly used passwords.
:finger_point: Move towards passphrases: End users likely need to be educated on the use of passphrases and taught the benefits of longer passwords. Use good examples to show how longer passphrases can be more memorable than short complex passwords.
:finger_point: Multi-factor authentication: Make MFA mandatory for all important systems and sensitive data. MFA solutions will provide an additional layer of defense against a cyberattack.
:finger_point: Move away from password hints and knowledge-based questions: Use secure recovery methods and get rid of weak password reset processes that relay on information that could be easily guessed by hackers.
:finger_point: Employee cybersecurity training: Update end users on why NIST guidelines are worth following and how it will help keep everyone safer from cyber-attacks.
https://pages.nist.gov/800-63-4/sp800-63b.html#AAL_SEC4
=> More informations about this toot | View the thread
Reference: https://www.darkreading.com/vulnerabilities-threats/defeat-cybercriminals-understand-how-they-think
=> More informations about this toot | View the thread
Let's talk about #CyberHygiene:
You have to develop a certain level of "Spidey sense", and it can be as simple as realizing that you need a second opinion before clicking a link. You don't have to be subject matter experts; just have to know enough to recognize when you should ask someone else. #StopAndThink
People sometimes have the mistaken notion that they aren't targets for bad actors because they aren't famous and don't have a high net worth. But that's simply not the case today. Anyone with any online presence is a potential target to attackers. That means everyone needs to know theirΒ #cyberhygiene
Basic cyber hygiene is essential and easy. Steps include:
:finger_point: Be more stringent about the info you share online
:finger_point: Review and adjust privacy settings
:finger_point: Use strong and unique passwords (I recommend using diceware passphrases)
:finger_point: Enable two-factor authentication
:finger_point: Monitor online presence
:finger_point: Learn about data brokers
:finger_point: Secure all devices
:finger_point: Be skeptical of unsolicited requests
:finger_point: Regularly audit third-party apps
:finger_point: Monitor credit reports
:finger_point: Separate personal and professional identities
With #CyberSecurity, a little can go a long way to protecting yourself, your family/friends, and even your employer. Again, you don't need to be an expert, you just need to slow down and think. Be a human lol. And in the #CyberWorld, trust nothing, question everything.
[#]BeCyberSafe #StayCyberAware :C_H:
=> More informations about this toot | View the thread
=> This profile with reblog | Go to Geekmaster@ioc.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini