Se connecter

Recherches récentes

Aucune recherche récente

Options de recherche

Disponible uniquement lorsque vous êtes connecté.
mastodon.top est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastodon.top est une instance francophone stable, régulièrement mise à jour et accessible à tous hébergée par VirtuBox

Administré par :

Statistiques du serveur :

1,4K
comptes actifs

mastodon.top: À proposAnnuaire des profilsPolitique de confidentialité

Mastodon: À proposTélécharger l’applicationRaccourcis clavierVoir le code sourcev4.3.7

#cisa

5 messages4 participants0 message aujourd’hui
Public
Opalsec :verified:

👋 Ready for a fresh day of Cyber horrors? Me neither!

Oh well, here you go: opalsec.ghost.io/daily-news-up

Here's a few of the key items to be aware of:

🚨 Palo Alto GlobalProtect Scans: Observed a significant spike in scans targeting Palo Alto Network GlobalProtect login portals, possibly prior to new exploit releases. Time to audit those logs! 🧐

🇨🇳 China as Top Cyber Threat: Gen. Paul Nakasone (former NSA/Cyber Command Head) highlights China's unprecedented cyber activities, including malicious code in critical infrastructure and rapid exploitation of vulnerabilities. It's time to rethink our defense strategies! 🛡️

🇰🇵 North Korean IT Worker Expansion: North Korean "IT warriors" are infiltrating European companies, using fake identities to secure remote work and fund their regime. Stay vigilant and double-check those remote hires! 🕵️

🔑 Identity Flaws in Breaches: A new report indicates 60% of incidents involved an identity attack, with compromised valid accounts being a top initial access vector. Focus on robust MFA, least privilege, and AD security! 🔒

Read the full post for all the details and more actionable insights, and if you want all this straight to your inbox, you're in luck! 👉 opalsec.ghost.io/daily-news-up

Opalsec · Daily News Update: Wednesday, April 2, 2025 (Australia/Melbourne)Increased scans of Palo Alto GlobalProtect devices may indicate imminent attack. Nakasone names China the biggest Cyber threat to the US. DPRK expands prolific IT Worker campaigns to Europe. Talos finds Identity a key culprit in 69% of Ransomware incidents.
#Cybersecurity#InfoSec#ThreatIntel
Public *
Lorraine C. 🇨🇦

Via @marcelias of @democracydocket

#usa #uspol #homelandsecurity #criticalintrastructure
#infosec #data #arizona #election #trump #maga #gop #CISA

Arizona Secretary of State Adrian Fontes joins Marc Elias to discuss President Trump's latest executive order targeting elections and explains how the action will disenfranchise voters, cause chaos and make it impossible for states to run free and fair elections.

youtu.be/hL4KC21v9Qw?si=M6Cxcp

youtu.be- YouTubeProfitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Public *
Claudius Link

I'm looking for a #Tabletop #Cybersecurity incident exercise.
Idealy a sufficiently detailed scenario, similare to a (Solo) Adventure RPG Gamebook.

Any hints?

The #CISA Cybersecurity Scenarios cisa.gov/resources-tools/resou are going into this direction but contain too little details for me. I just have too little #Incident handling experience to create a coherent exercise which is addapted to participant actions.

#FediPower
Public
Darren

just wow. that’s a proper security security vulnerability! None of this messy packing bytes into some arrangement that’s probably processor specific. just ask politely to skip all the middle layer with the authentication in it and go straight to the api call. I’m sure #CISA are all over it. infosec.exchange/@hdm/11420944

Infosec ExchangeHD Moore (@hdm@infosec.exchange)Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps. Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone. You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/
Suite du fil
Public
Zhi Zhu 🕸️

DOGE to Fired CISA Staff: Email Us Your Personal Data
krebsonsecurity.com/2025/03/do

"The message instructed recently-fired #CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their #SocialSecurity number or date of birth in a password-protected email attachment — presumably with the #password needed to view the file included in the body of the email."

Headline and text from article: DOGE to Fired CISA Staff: Email Us Your Personal Data March 19, 2025 A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment — presumably with the password needed to view the file included in the body of the email.
#ElonMusk#Musk#Doge
ExplorerFlux en direct
À propos