Long and awaited...the #FIRSTCON23 @firstdotorg TLP:CLEAR recordings have been published to our YouTube! Check them out here https://www.youtube.com/c/firstdotorg
#FIRSTCON23
Slightly behind on announcements 📢
#FIRSTCON23 may be over, but we still have content to share! Tune in this #FIRSTFriday for Diamond sponsor, @Cisco’s First Time Attendee guest Blog article: ow.ly/2ROl50P8IvK + @Cisco’s CSIRT CTO, Vinay Bansal’s #FIRSTImpressions interview here: https://media.first.org/podcasts/FIRST_Impressions-cisco.mp3
Been editing a bunch of podcasts from #FIRSTCON23. Great collection of smart people… Can't wait for the podcasts to be released.
Did you miss #FIRSTCON23? Have no fear; the #FIRSTImpressions podcast is here! Check out the newest episode to learn about the critical role #PSIRT plays in Customer Trust, Adoption, and Renewal from con speakers, Kevin Hagopian and Emer O’Neill. ow.ly/IXa950OZIQB
There are about 14,000 names in the .zip zone.
un.zip is not in the zone, but it is reserved and you can't register it.
bidenleak.zip and trumpleak.zip were both registered on May 13 seemingly at the same time by the same registrant, and are currently parked.
There are dozens of names that have "install" in the first label, those might be good ones for a rainy day analysis.
dataplane.zip has a secret message if you can find it (some did at #FIRSTCON23).
Some .zip names aren't cheap. For example, boston.zip is currently available, but it'll cost ya.
#Canada's top #cybercrime cop wanted to talk about common misunderstandings of #police work, and how he hopes to limit the impact of cybercrime in a #holistic way. So we talked.
Read at @heiseonline in German:
Welche digitalen Bedrohungen gibt es in einem Land, in dem mit #Ransomware und #Crypto #Betrug nichts zu holen ist?
Ich hatte die Gelegenheit, mit dem Leiter des Malawi #CERT zu sprechen. #Malawi ist eines der ärmsten Länder der Welt, dennoch setzt die Regierung auf Digitalisierung. Allein, es gibt keine Fachkräfte für #IKT #Sicherheit.
Täter zu verhaften ist oft unmöglich - denn sie sitzen bereits in ganz furchtbaren Gefängnissen.
The Internet Last Week
* BGP unknown attribute disruption
https://labs.ripe.net/author/emileaben/unknown-attribute-28-a-source-of-entropy-in-interdomain-routing/
* FIRST 2023
https://www.first.org/conference/2023/
* Microsoft 365 disruption
https://twitter.com/MSFT365Status/status/1665734492122742790
The Forum of Incident Response and Security Teams (#FIRST) is proud to announce the official release of #CVSS v4.0 #ThePublicPreview. The latest information on CVSS v4.0 can be found at https://first.org/cvss/v4-0/ #FIRSTCON23
"Prevention without pursuit is toothless, but
pursuit without prevention is endless"
Final presentation of #FIRSTCON23.
Chris Lynam, Director General of the National Cybercrime Coordination Centre (NC3)
The integrated role of law enforcement in cyber is critical. We are all responsible for reducing the harm and effects of Cybercrime on the public.
I have seen a lot of infosec.exchange links in #FIRSTCON23 presentations, almost no Twitter
Scope of Cyber Hygiene Hunting
"Pyramid of Gain for Cyber Hygiene Hunting"
Cyber Hygiene Hunting - A continuous / proactive approach to identification of risks that may cause future intrusion.
IoC (Indicator of compromise) - past looking vs EoC (Enabler of compromise) - future looking
SBOM is only the beginning. Product Bill of Materials is the next step.
When you go to RFP, you should be asking these questions to get confirmation the vendor is doing the right thing.
@ChrisJohnRiley There's actually 12 pillars, if you want to talk about necessary, sufficient & complete security.
They arrange such that you can't have any consequent pillar without it's antecedents.
See http://dx.doi.org/10.13140/RG.2.2.12609.84321
Perhaps let CMU SEI know :)
Starting off the last day if the conference with 'The four pillars of Cybersecurity" by Laurie Tyzenhaus (CERT CC)
Big shoutout to everyone who attended my lightning talk; “My Insta Turned Into a Honeypot”, at #firstcon23. I had a blast running through 105 slides in 5 minutes. Thanks for giving me a lot of energy! 🙏🏻
#scammers #honeypot #instagram #firstdotcom #montreal
@Instagram @firstdotorg
A new open source tool to check the integrity of an iPhone without jailbreaking it. Great work from @ddurvaux @aaronkaplan and Emilien.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst