@badsamurai @hrbrmstr @cR0w @da_667 and I stole it from Johns Hopkins APL
Renée Burton
Love DNS and hunting the ever changing adversary. Personal account. Reflects my views and propensity for sweating..
nice article from Guardio on AI prompt injection with lots of pictures and clear examples.
#threatintel #ai #malware #phishing #cybercrime #cybersecurity #infosec
Fucking scammers.
Earlier this week i figured out that my mother-in-laws attempted scammer was running in azure. 8thoctioserror3[.]z13[.]web[.]core[.]windows[.]net
Then her brother-in-law showed me text messages this afternoon from scammers trying to get his Bitcoin at Coinbase. lovely.
Then our kiddo gets this lovely pop up trying to read restaurant reviews just now.
redinstantnews[.]shop
is yet again some #tds hiding in cloudflare likely running a ton of fraud.
Designed with deniability in mind.
#threatintel #scam #cybercrime #cybersecurity #infosec #adtech
@badsamurai ooh.. love it. I broke my wrist in Feb but am just about ready to dig into that supply oh cashmere..I'm so out of practice though I'm trying to figure out whether I do my usual...plunge headlong into something big.... Or do some small pieces. I'm am a serial knitter so it's a decision lol.. I am reneeknitsabit. Which is accurate these days..
@thekileen @InfobloxThreatIntel you can send a private message to the account. If it fits into our bailiwick we can take a look and see if there are resources available... We have a pretty big backlog but always look for fun collaboration.
@ipghod cloudflare definitely doesn't block this stuff
The most controversial topic in Seattle might be outdoor cats, so a No Kings protest is like a city-wide block party drawing 90k people and lots of silliness.
At the April protests, white middle age women were way overrepresented ... this was not the case yesterday. I saw all ages, all colors,... all kinds of diversity.
Super proud of #seattle #nokings #protest ... and fuck the furlough.
for the record, i have no position on outdoor cats. too dicey.
A year ago, i could get scammed on any device, any browser, from my home network. Now this has become quite challenging. Which: yay! boo!
It's great that there are more protections from malicious traffic distribution systems (TDS) but it makes me work for my research. lol.
Part of this change is a mystery to me. Maybe you have an idea?
There's interference happening at the network level in the ISP. Now, regardless of the browser or the device, i'll get an SSL protocol error -- so i'm just dead in the water.
At first i thought it was a DNS RPZ, but the DNS is passing through fine. The mucking is happening on the connection.
i've even had a few cases where i was able to get the scam content and then less than a minute later, on the same browser, it was blocked. and then the system remembers - that domain is dead for me afterwards.
I can still use a res proxy or go to a local cafe on the same device and get content. so yeah, it's my ISP. and a colleague reported the same in South America. so a network security appliance, i think. .Zscaler?
if you have thoughts, feel free to privately respond. bad guys watch my linkedin, so i'm sure they found my mastodon too. i'm sure they find my political posts riveting .maybe i should post more knitting.
@badsamurai @neurovagrant @spamhaus also... your example is a ccTLD and a bunch of them are just bulletproof.. and don't qualify for ICANN complaints..so yeah.. idk that is a matter of cost but convenience.
@badsamurai @neurovagrant @spamhaus we also have studied as you might imagine. At a first blush, these are correlated but there are also a ton of confounding factors which makes it not quite cut and dry.
Responsiveness of the TLD matters as well, even more so. We find XYZ extremely responsive, much more than .com but they are plagued by perception.
We published a statistically optimal algorithm for today reputation that relies on abuse. Source code also available on GitHub and extremely academic paper online. That's free to use. Regardless, everything still depends on visibility and so bias remains a fundamental problem.
There are similar arguments about bulk registration.
In the end we find that actors pick what works for their circumstances... If I only need one C2, more likely to use .com ....if you are going to get banned left and right, go cheap. In the end that is one versus thousands, but are they different?
Find out where it's at
And it's not hustlin' people strange to you
Even if you do got a two-piece custom made pool cue
Renée Burton boosted:
Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: 🧵👇https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
Renée Burton boosted:
The image below, as well as other recent examples, form part of an information operation meant to make my generation and older feel prematurely aged and infirm.
In this closed-door briefing i will….
Renée Burton boosted:
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
Renée Burton boosted:
TL;DR: Hating Nazis* shouldn't be a political opinion, it should be an opinion held by everyone who isn't a Nazi.
It's weird how this keeps being relevant.
*A Nazi is a Nazi, even if they go by "conservative" nowadays.
Renée Burton boosted:
@malwarejake it's free..you should definitely download it whatever it's name is.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst