I love it when a headhunter or placement specialist sends someone skilled in OSINT, a resume they think they have suitably redacted to obscure the candidate😂
David Longenecker
AMD Information Security is #hiring! I have two positions open on my team. Both are mid-senior level analyst roles with some leadership potential:
DLP investigations lead, US https://careers.amd.com/careers-home/jobs/24631
SOC Senior Analyst, India https://careers.amd.com/careers-home/jobs/24474
O'Reilly published a book a while back, on software engineering at Google; that book is now available free online. Lots of good content - on #change #management, building scalable and supportable systems, and managing people and teams - lots that is applicable far beyond traditional software engineering. Sticking this in the #infosec #toolbox for my own future reference.
Any other time of year I would wonder if the "smoke" out my window were a wildfire in the woods across the street, but nope, it's just pollen billowing out of the ashe juniper (aka cedar) trees in the breeze. #atxweather #allergies 🤧
I am having a hard time comprehending how a "security feature bypass vulnerability" in SharePoint Server (CVE-2023-21743) can affect #integrity without also affecting #confidentiality. What am I missing? What on earth does "The attacker is able to bypass the expected user access as an unauthenticated user" mean? Has anyone seen further details on this #vulnerability?
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21743
@thegaryhawkins @ThomM @hacks4pancakes wear sunscreen! Second degree sunburns in your teens and twenties beget skin cancer in your thirties and forties. Ask me how I know... 🤷♂️
@GossiTheDog I've always seen invitations like that as a gray area fraught with opportunity for a company employee to divulge sensitive company practices. I genuinely wonder how many so-called consulting opportunities pitched to corporate staff, are in fact thinly veiled attempts to surveil.
David Longenecker boosted:
oh no, someone forgot to water the wind turbine.
Interesting. This may be old news to folks that deal with telephony, but it's new to me. There is a "Class 0" SMS - a form of SMS that is by design displayed as a full screen overlay, as might be appropriate for an emergency notification (...or abused for SMS spam).
Lovely news for the Thursday before Christmas: password vault provider LastPass disclosed that customer vaults were stolen by intruders in an incident earlier this year.
Password vaults make it practical to use unique and strong passwords for every account - but the vault itself becomes a target.
Using a unique, long, and unguessable password as the encryption key for that vault is precisely the right defense against the risk that the vault itself is stolen.
Be wary of phishing attempts impersonating lastpass now. The vault may be encrypted, but that's not much help if an attacker can phish for the key.
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/amp/
Yikes... That's a serious swing in the #weather #forecast. 54° differential from afternoon high to overnight low on Thursday 🌬️🥶 #txwx
I planted a flag over here because while I didn't expect Twitter to fully crash and burn, I wasn't sure Twitter as I knew it would still be around in 6 months.
Turns out I was off by about 5 months.
I don't see them on social media, but a huge shout out to Nascar Towing of Duluth MN. My son got stuck in snow and ice, called USAA roadside assistance for help. USAA dispatched help but then canceled a half hour later with no explanation, leaving him up a creek.
A Nascar Towing driver happened to drive by him and pulled him back on the road, and wouldn't even accept anything in payment. I wouldn't wish car trouble on any of my followers - but if you ever find yourself in need and are in Northern Minnesota, show them some love please.
✅ public by design
✅ unauthenticated attacker
✅ #RCE
✅ Exploited in the wild
😳 NSA advisory
If you use #Citrix ADC or Gateway, you'll want to read the below...
NSA hunting tips: https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
Vendor blog: https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
#Patch: https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
@malanalysis let's see...
✅ Public-facing by design (VPN)
✅ unauthenticated attacker
✅ RCE
yep, I concur 😬
Nice: the SANS #HolidayHack challenge just launched. If you aren't familiar with #HolidayHack, it is an annual tradition produced by @Edskoudis@twitter.com and the Counter Hack crew.
Some years I've worked the complete #CTF and competed for a prize. Other years I've spent a half day exploring a new-to-me #hacking technique to understand what it looks like from the adversary side. And still other years all I've had time to do was spend an hour on the couch with one of my kids and just play. But every year, without fail, I learn something.
I'm bookmarking this #leadership article for my own sake. "Doing the routine things routinely" - i.e. making routine things repeatable, turning repeatable things into a repeatable process, so I and my team spend our brain cycles on doing better every day instead of reinventing the same wheel.
"Our organization and people have a finite capacity in a day, week, month, and year. If we are able to apply effective management to accomplish the routine (and oft less important) things routinely, we reduce the overall capacity put forth towards them. By reducing and minimizing the capacity towards the routine (important or unimportant) items that require our attention, we can then apply that capacity elsewhere."
https://3x5leadership.com/2020/12/27/doing-routine-things-routinely-leaders-must-still-be-managers/
David Longenecker boosted:
No one else is afraid we’re teaching gpt to take over the world?
@jerry um, yes. And since they forgot to bake in Asimov's Three Laws, we're toast.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst