We are reporting out webshells installed on Citrix ADC/Gateway IPs likely compromised as part of CVE-2023-3519 attacks. We found 691 instances on 2023-07-28. If you received a report today for your network/constituency, please make sure to investigate.

https://www.shadowserver.org/what-we-do/network-reporting/compromised-website-report/

New exploit method for ProxyNotShell for your holiday stockings! (I'm sorry)

https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/

I really don’t think a discount security assessment is what you want, but I suppose there is someone out there can do that for you. 🤦‍♂️✅📦👍

#infosec #cybersecurity

@lunasec I like their wines http://www.irene.wine .Also US moved to organic very fast, so probably quite some choices.

@lunasec butter-salt and a glass of syrah

I don’t know if this is the right place for that, but my team at Apple is looking to hire several vulnerability researchers: https://jobs.apple.com/en-us/details/200423067/swe-vulnerability-researcher-sear. The role is based in Paris but fully remote positions will be considered on an individual case basis. We also have another job opening for microarchitecture experts: https://jobs.apple.com/en-us/details/200429738/swe-microarchitecture-security-researcher-sear. Don’t hesitate to spread the word if you know someone who could be interested!

The number of times I’ve typed “infosex.exchange”.

YES I KNOW HOW IT SOUNDS. :transgender_flag:

If you download your #Twitter archive it arrives wrapped as a static HTML page, which is not very useful for doing anything with, and worse: it requires the original account to be still active to do useful things like enlarge the images since they use t.co links.

So here's a #Python script to convert a Twitter archive to #markdown or other formats: https://github.com/timhutton/twitter-archive-parser

Now you can archive your tweets in any way you want.

Two complimentary ways to find the Microsoft365/
Office365 features and shortcuts to the control panels you're paying for:
- msportals.io (@AdamFowler_IT)
- cmd.ms (@merill)
Each has its own specialities and approach to the problem and both valuable.

Reminder for all of us new here: don't forget to enable MFA!