The internet says the internet is down

Sweet Jesus. Also, that timeline response is atrocious

#cloudsecurity

https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/

The new site-to-site secrets manager inclusion is pretty sweet.

#awssecurity

https://aws-cloudsec.com/p/issue-101

@dimillian nice 👍🏼

You too can take some device over in these 12 easy steps.

https://www.thestack.technology/absurd-12-step-malware-dropper-spotted-in-malicious-npm-packages/

I can’t wait for my $1.50.

https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/

A nice little read detailing Twitters newer encrypted DMs (xchat)

TL;DR - it’s not replacement for Signal

File in the “No shit” department.

https://mjg59.dreamwidth.org/71646.html

Price lock for a not great price. If you’re in the markets this is available in now and have absolutely no other choice, ok, less terrible. But any market with any other options make this not competitive.

https://www.theverge.com/news/678897/t-mobile-fiber-internet-launch-plans

Good. One less spreadsheet I have to maintain

#cybersecurity

https://www.reuters.com/sustainability/boards-policy-regulation/forest-blizzard-vs-fancy-bear-cyber-companies-hope-untangle-weird-hacker-2025-06-02/

This seems like a great idea. (No sarcasm)

https://www.theverge.com/news/675446/microsoft-windows-update-all-apps-orchestration-platform

Wild

#cybersecurity

https://www.wsj.com/business/north-korea-remote-jobs-e4daa727

Duo IAM 👀

https://duo.com/blog/meet-the-new-duo-iam

The carrier that is arguably the biggest dumpster fire with regards to security (T-Mobile) is defaulting to an overly permissive screen recording permission

https://9to5mac.com/2025/05/28/t-life-app-has-screen-recording-on-by-default-t-mobile-says-not-a-privacy-risk/

Handy

#awssecurity #awscloud #cloudsecurity

https://aws.amazon.com/about-aws/whats-new/2025/05/amazon-inspector-container-security-images/

Defensive Security Podcast Episode 307

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant data breach at Coinbase, the challenges of cryptocurrency security, the importance of patch management, and the evolving landscape of cyber threats. They also discuss insider threats, the failures of rigid security programs, and the overlooked cybersecurity risks in mergers and acquisitions.

https://defensivesecurity.org/defensive-security-podcast-episode-307/

Why would you not deploy this in the management account (or a security tooling account) considering what the tool is?

#awssecurity

https://www.token.security/blog/aws-built-a-security-tool-it-introduced-a-security-risk

Any thoughts or feedback on Material.security and/or Abnornal.ai with regards to at least email security? Broader functionality they both provide?

#cybersecurity #emailsecurity

It was nice of AWS to make this deprecation page. It was also a kick in the teeth to make it the least scalable or accessible page. What in the world… this page is useless.

#aws

https://aws.amazon.com/products/lifecycle/

Thoughts on LEV…a new enhancement to KEV overall?

#cybersecurity

https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/

No idea what the issue was but I ended up having to replace the chrome folder within application support directory in the user directory and that seemed to fix it. So….a corrupt chrome profile basically.