Man, these targeted attacks hitting Uyghur activists are seriously rough. They're pushing out a weaponized version of what's supposed to be a helpful tool (UyghurEdit++).

It really hammers home just how vital awareness is, doesn't it? And frankly, it shows how deeply these attackers understand their targets.

Speaking as a pentester, I see this kind of thing constantly. You know, the tech doesn't always have to be incredibly complex; it's the *tactics* that truly make the difference. And yeah, let's be real, automated scans often completely miss stuff like this.

Curious to hear your thoughts – what role do you think disinformation plays in situations like this? And how can we collectively step up our game to protect ourselves better?

#infosec #pentesting #awareness #Uyghurs #cybersecurity

IBM reports multiple flaws in Cognos Analytics, at least one critical

IBM Cognos Analytics has reported two high-severity vulnerabilities: CVE-2024-51466 and CVE-2024-40695 enabling attackers to introduce executable malware. IBM is recommending immediate upgrades to patched versions as no workarounds exist.

**First, make sure your IBM Cogonos is isolated from the internet unless it's absolutely necessary. Then plan a quick patch cycle, the flaws are critical but still require authenticated access so you have a bit of time. Just don't ignore the flaws.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ibm-reports-multiple-flaws-in-cognos-analytics-at-least-one-critical-b-6-b-2-p/gD2P6Ple2L

Possible Phishing 🎣
on: ⚠️hxxps[:]//reconnectings-dew-db56[.]u3fsmzuc[.]workers[.]dev/05f7d261-43e8-4a07-91d3-5e41f03b3be4
🧬 Analysis at: https://urldna.io/scan/6815ef003b775000106bdae1
#cybersecurity #phishing #infosec #urldna #scam #infosec

@tomminieminen @rejzor Oh dear, I just saw that it's not even Signal. As Heather Cox Richardson said:

"Yesterday I identified incorrectly the messaging app newly fired national security advisor Michael Waltz was using at a Cabinet meeting on Wednesday as the unsecure Signal app. Joseph Cox of 404 Media identified the app as “an obscure and unofficial version of Signal” from “a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them.” As Josh Marshall of Talking Points Memo notes, this third-party app introduces even more insecurity into those White House communications."

#Signal #Security #Telemessage #ShittySpies #Infosec

Seriously, SonicWall *again*?! 🤯 Looks like their SMA devices are in the crosshairs, with CVEs actively being exploited... and honestly, it's making my stomach churn a bit.

Just a reminder, SMA stands for Secure Mobile Access – basically, it's the front door to your company's network. Well, thanks to some nasty OS command injection and Apache vulnerabilities, that door might be wide open right now. 🤦‍♂️ Sounds complicated, I know, but here's the bottom line: attackers could potentially run their own commands directly on your system. Yeah, definitely not the kind of news anyone wants.

It's incredibly frustrating when these kinds of weaknesses pop up in enterprise-level solutions, isn't it? Swift action isn't just advisable; it's absolutely critical at this point!

So, what's the game plan? You've got to patch immediately. Then, double-check all logins. Make sure Apache is updated. You'll also want to thoroughly review your configurations and take a hard look at your network segmentation. And please, folks, remember this: automated scans are helpful, but they are *NOT* a replacement for a proper penetration test!

Are you currently using SonicWall SMA appliances? Have you already started taking steps to secure them? Curious to hear how you're generally keeping your VPN access locked down!

#infosec #pentesting #vpn

Possible Phishing 🎣
on: ⚠️hxxps[:]//usps[.]stampspos[.]com/address[.]html
🧬 Analysis at: https://urldna.io/scan/6815e9293b775000106bd9c9
#cybersecurity #phishing #infosec #urldna #scam #infosec

Ik heb nu van 3 mailadressen die ik uniek voor een webshop heb aangemaakt spam ontvangen.

Dat betekent dat er 3 webshops gehackt zijn en wie weet welke gegevens allemaal gelekt zijn. Geen vermelding bij Have I Been Pwnd.

Van geen van deze webshops heb ik een verplichte AVG notificatie gehad.

Wat te doen? Melden bij AP?

Bij de eerste webshop heb ik ooit contact opgenomen maar daar werd heftig ontkend dat er iets aan de hand was.

#informatiebeveiliging #infosec

nrh::KdC'q.s!VN:`D5@

PastimeBoxer6Exception

#bot #password #passphrase #infosec #opsec

Hello #Saturday super cybers, by me @Forbes: Surely everyone's passwords, all of them, must be available in one online list or another by now. I'm adding '1' to all of mine just to be on the safe side. <--- Sarcasm.

#infosec

https://www.forbes.com/sites/daveywinder/2025/05/03/new-warning---19-billion-compromised-passwords-create-hacking-arsenal/

For everyone getting excited about #RSAC .. or not... 😉 there are many cool #infosec events happening out there. Check them out here! 👇

https://github.com/xsa/infosec-events

Dla tych, co przegapili ostatnio wydane raporty polskich CERT-ów i CSIRT-ów, polecam ich przystępne omówienie w formie wideo od @mateuszchrobok

https://www.youtube.com/watch?v=ldXnmO8IYjA

A tu parę linków, jeśli ktoś chciałby sięgnąć do źródeł:
👉 https://www.knf.gov.pl/knf/pl/komponenty/img/Raport_Roczny_CSIRT_KNF_2024_93226.pdf
👉 https://cert.pl/uploads/docs/Raport_CP_2024.pdf
👉 https://cert.orange.pl/wp-content/uploads/2025/04/Raport_CERT_Orange_Polska_2024.pdf

#infosec #cyberbezpieczenstwo

@johncarlosbaez

In Information Security one of the models we work with is the C.I.A triad: it helps us design and implement controls to protect the Confidentiality, Integrity, and Availability of information.

While a lot of conversations in #infosec are currently focused on the Confidentiality aspect of AI (fuelled by vendors trying to upsell fictitious solutions), I would like to point out the real threat posed by AI is to the Integrity of our information.

And I mean ALL of our information. Everything ever made by humans. Every sentence, every picture, every graph, every dataset, every footnote. Everything. All of it. For ever.

AI is poisoning the wells of Humanities, Social science, Natural science, Formal science, Applied science, one untraceable droplet of disinformation at a time.

And immeasurably worse, all of our human interactions, personal thoughts and ideas.

That damage is already done, and I honestly don’t know if we’ll ever recover. Our whether we could even tell.

What does it mean if you get scam/spam (fraudulent messages) on an iWatch but the same message doesn't appear on the iPhone it's tied to?

Does it mean the phone was hacked?

And also asking how to mitigate in this case, whether hacked or not.

Asking for a friend. (I personally don't own a smartwatch).

TIA!

Note: Apple has yet to respond to other customers regarding this issue.

(Snark & insults will be ignored/blocked).

#infosec
#apple
#spam

@apple

Possible Phishing 🎣
on: ⚠️hxxp[:]//solutionfun[.]info/landingpage/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/tnuoxp6xeb_amudv8wnt5e8pvorbwllx98tes-uqs-0
🧬 Analysis at: https://urldna.io/scan/6815c1ad3b775000106bd63a
#cybersecurity #phishing #infosec #urldna #scam #infosec

US indicts Black Kingdom ransomware admin for MS Exchange attacks. ‼️
#ransomware #netsec #infosec

https://www.bleepingcomputer.com/news/security/us-indicts-black-kingdom-ransomware-admin-for-microsoft-exchange-attacks/