Frühere Suchanfragen

Keine früheren Suchanfragen

Suchoptionen

Nur verfügbar, wenn angemeldet.
sueden.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Eine Community für alle, die sich dem Süden hingezogen fühlen. Wir können alles außer Hochdeutsch.

Verwaltet von:

Serverstatistik:

1,8 Tsd.
aktive Profile

sueden.social: ÜberStatusProfilverzeichnisDatenschutzerklärung

Mastodon: ÜberApp herunterladenTastenkombinationenQuellcode anzeigenv4.4.3

#infosec

997 Beiträge292 Beteiligte143 Beiträge heute
BeyondMachines :verified:

State of (in)security - Week 34, 2025

During the week of August 18-25, 2025, we track 32 total cybersecurity events (9 vulnerabilities/advisories and 23 data breach incidents) affecting over 2 million individuals. Malware/ransomware attacks (5 incidents) and social engineering/phishing (3 incidents) are the primary attack vectors. Healthcare was the most targeted industry with 6 incidents. The largest single breach affected Orange Belgium's 850,000 customers.

**Never trust messages in Microsoft Teams that are from unknown sources. Consider blocking external Teams access in your admin settings to avoid fake "help desk" accounts. Advise that teams should check back with their IT via a well known channel and never run commands or programs sent via Teams messages from an unknown person, even if they claim to be from IT support.**
#cybersecurity #infosec #knowledge #weeklyreport
beyondmachines.net/event_detai

BeyondMachinesState of (in)security - Week 34, 2025During the week of August 18-25, 2025, we track 32 total cybersecurity events (9 vulnerabilities/advisories and 23 data breach incidents) affecting over 2 million individuals. Malware/ransomware attacks (5 incidents) and social engineering/phishing (3 incidents) are the primary attack vectors. Healthcare was the most targeted industry with 6 incidents. The largest single breach affected Orange Belgium's 850,000 customers.
*
Andrew 🌻 Brandt 🐇

Good morning, #TechPolicy enthusiasts! I have a call to action for your Monday:

Here in Colorado, MULTIPLE bills were just introduced into the state legislative session. One is the Increase Transparency for Algorithmic Systems bill (aka, the Sunshine Act, leg.colorado.gov/bills/sb25b-0) and another called the Consumer Protections for Artificial Intelligence Interactions bill (leg.colorado.gov/bills/hb25b-1)

The purpose of both bills is ostensibly to provide important consumer protection from generative AI chatbots, and other systems that use LLM or AI technology.

The problem is that the House bill (1008) is a shambles that has been gutted by the tech industry lobbyists, and the Senate bill (004) is pretty good, but under heavy pressure by those same lobbyists.

Among the protections the bill (as currently drafted) provides:

  • AI system developers or "deployers" (if they didn't make the AI system, itself) will have a duty to prevent "algorithmic discrimination" and prove it with documentation (within 90 days of deployment), as well as be able to disclose any known or foreseeable risks of algorithmic discrimination arising from use of the AI system.
  • Any org that deploys or uses an AI system will need to explicitly disclose that the end user is interacting with an AI and not a real person

Needless to say, the tech industry is working very hard to kill this bill, despite the relatively benign solutions it proposes to the problems it is intended to address, so I am looking for anyone who is willing to help speak (or write) in favor of this kind of law.

Possibly today, but at most in the next few days, I expect these bills will be sent to one or more of the committees who will consider whether to vote to send it to the full legislature for a vote. These committees ask members of the public (not necessarily Coloradans, exclusively, but people who care about the issue or are knowledgeable about it) to write or attend (virtually or in person) the hearing to provide public comment on the topic.

So I'd like to ask if you would be willing to provide public comment on this bill when the committee hearings roll around. For people who want to provide written comment, there is no text limit, but for comment provided as an in-person or virtual attendee, there is a 2-minute comment time limit, after which the lawmakers may wish to ask commenters questions.

Once again, the 1008 bill is BAD and should not be permitted to pass, and the 004 bill is GOOD, and needs your support.

If anyone is interested in participating in this effort to help get this bill passed, please reach out to me directly and I will help coordinate you giving testimony or writing a statement.

Thanks in advance!

leg.colorado.govIncrease Transparency for Algorithmic Systems | Colorado General Assembly
#AI#GenAI#LLM
Lenin alevski 🕵️💻

Who keeps Google Cloud's IP ranges updated? 🌐🤔

Mark Adams' GitHub repo automates the fetching and parsing of Google's public IP ranges. It uses a Python script to extract JSON data from Google's authoritative source, making it easier for developers to integrate or analyze network configurations.

#GoogleCloud #Networking #GitHub

🔗 Project link on #GitHub 👉 github.com/mark-adams/gcp-ip-l

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

BeyondMachines :verified:

Critical Google Cloud Dataform path traversal flaw enables cross-tenant data access

Google patched a critical path traversal vulnerability (CVE-2025-9118) in Google Cloud Dataform's NPM package installation process that allowed unauthenticated attackers to bypass multi-tenant security boundaries and read/write files in other customers' repositories. The flaw affected all Dataform environments using NPM package installation before August 21, 2025.

**If you use Google Cloud Dataform, be aware of this vulnerability. You can't do anything about it, it's already patched. But still be aware of the flaw for vendor evaluation, and to review your Dataform repositories for any unexpected changes or unknown code that may have been added before August 21, 2025, when the fix was deployed.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

Hackfest

Ingénierie Sociale au Hackfest 2025: LA Formation ET LE Concours le plus déjanté en ville!
(EN will follow)

FORMATION: OSINT/Social Engineering Bootcamp - Anglais
=====
Come learn the pro tips you need to digitally eviscerate your target, with this comprehensive course offered by two time DEF CON black badgewinner Shane MacDougall. This intensive two day course will give youall the skills needed to profile, target, and attack your targets, be they people or institutions, with ruthless efficiency.

Lien pour la formation: eventbrite.ca/e/billets-osints

CONCOURS D’INGÉNIERIE SOCIALE
=====
Faites vos recherches, préparez vos dossiers, et venez ensuite briller au concours d'ingénierie sociale du prochain Hackfest, où les participants doivent obtenir des informations privilégiées via techniques de discussion et OSINT.

Un concours d’ingénierie-sociale par téléphone où le participant doit obtenir des informations privilégié via des techniques de discussion d’ingénierie. L’objectif est d’obtenir un nombre X d’information et le meilleur gagne!

Drôle, intéressant ET stressant, serez-vous à la hauteur?

Inscription ici: hackfest.ca/fr/villages/se/

#hacking #infosec #hackfest #hf17 #hf2025 #cybersecurity #cybersécurité #villages #socialengineering

====================

Social Engineering at Hackfest 2025: THE Most Outrageous Training AND Competition in Town!

TRAINING: OSINT/Social Engineering Bootcamp
=====
Come learn the pro tips you need to digitally eviscerate your target, with this comprehensive course offered by two time DEF CON black badge winner Shane MacDougall. This intensive two day course will give you all the skills needed to profile, target, and attack your targets, be they people or institutions, with ruthless efficiency.

Training link: eventbrite.ca/e/billets-osints

SOCIAL ENGINEERING COMPETITION
=====
Do your research, prepare your files, and then come shine at the next Hackfest's social engineering competition, where participants must obtain privileged information via discussion techniques and OSINT.

A phone-based social engineering competition where the participant must obtain privileged information via engineering discussion techniques. The objective is to obtain X amount of information and the best one wins!

Funny, interesting AND stressful, will you rise to the challenge?

Registration here: hackfest.ca/en/villages/se/

AAKL

This feature was confirmed last October. It's now being tested, and it relates to RCS messaging. The aim is to confirm that the person you're messaging is the one you intended to message. But QR codes? Really?

You get two new features:

"Verify keys? This helps ensure only you and your contact can read the RCS messages you send each other"

"Scan the QR code on your contact’s device. Then ask them to scan the QR code on yours."

9to5Google: Google Messages beta rolling out QR code key verification 9to5google.com/2025/08/25/goog @9to5google #Google #cybersecurity #infosec #Android

9to5Google · Google Messages beta rolling out QR code key verification Von Abner Li
Aki the Conqueror 🦓

Security friends, let’s play a game:
what vulnerabilities have you seen in VPNs? This can be any part of a VPN, admin interface, control plane, relay, client endpoint or anything in between. Bonus points for a link to a CVE. Extra bonus points for a great story to go with it.

(Taking a page from @vaurora’s book) #infosec #CRA

Work funded by EFTA and EC

AngesagtLive-Feeds
Über