@Viss *lightsaber noises*
Tanawts
Things are not always what they seem
Redfin | Rent Head of Information Security
Former Ubisoft Director of Security Operations
Microsoft Alumni | Former Director of MSRC's Cloud Incident Response | He/Him/Hrm | Philosopher & Ninja
SANS:
GCIH #16353 - Cerified Incident Handler
GWAPT #3274- Web Application Pen Tester
GXPN #164 - Exploit Researcher and Advanced Penetration Tester
@GossiTheDog ok. Officially notified.
You feel strongly on the signs of IOC for that particular mongodb though?
@GossiTheDog is the system in question still online or did you get an ack / confirmation the thing got pulled
@GossiTheDog :(
@GossiTheDog :(
Tanawts boosted:
If you reward technology teams to ignore cybersecurity, they will.
If you think security teams can magically stop criminals and spies while this is happening, you are fooling yourself.
Tanawts boosted:
Asciicinema joins the crab army! https://blog.asciinema.org/post/three-point-o/
Tanawts boosted:
That one is straight outta the UK LAPSUS playbook btw, eg they frequently get access to Azure and start spinning up VMs and using them to host data from other victims, they daisy chain them together like The Data Centerpede so every victim hosts other stolen data.
ReliaQuest may have been detailing the Prosper incident there, we’ll see.
Tanawts boosted:
Jimmy Kimmel show got cancelled by his network for saying:
“The MAGA Gang desperately trying to characterize this kid who murdered Charlie Kirk as anything other than one of them and doing everything they can to score political points from it.. In between the finger-pointing, there was grieving,”
Good thing everybody is so concerned about free speech.
https://www.cnbc.com/2025/09/17/charlie-kirk-jimmy-kimmel-abc-disney.html
@GossiTheDog sigh
Yup... if the cloud fixes it and the customer doesnt have to take action for a fix, then it's mostly silent.
Due diligence review of potential post-breach unauthorized access is completely excluded
CVE is obsolete in cloud service paradigm
:/
RE: https://infosec.exchange/@Enigma/115137776715198675
It sure does look like additional indicators are manifesting
https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
@GossiTheDog internet time capsules
Tanawts boosted:
i don't know who needs to hear this, but
@zackwhittaker a reminder that plex has recent history with chaining attacks to valuable targets....
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html?m=1
@GossiTheDog "The bar is low."
Tanawts boosted:
That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.
Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.
The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.
Ok, fixed, github updated their advisory to reflect the affected debug version: 4.4.2
Ok, fixed, github updated their advisory to reflect the affected debug version: 4.4.2
Tanawts boosted:
Phishing email sent to maintainers, they basically targeted people with 2FA by getting them to.. reset their 2FA.
@BleepingComputer
It would be nice if Github could be talked to about their preference for strong wording so as not to cause a panic...
Patched Versions: None
Affected versions: All?
Remediation steps, blanket rotate all creds in all things with dependencies on debug?
<sigh> come on folks...
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst