Lmst

I'm not sure if you all read the news about the rogue communication devices found in Chinese solar power inverters?

If not here is a short recap of the Reuters article from 2025-05-14:

Two anonymous U.S experts stated that they found "rogue" communication devices that were not listed in product documents in some Chinese solar inverters.
They also claimed that similar undocumented communication devices, including cellular radios, have also been found previously in some batteries from Chinese suppliers.

These communication devices could be used to bypass firewalls and switch off inverters remotely, or change their settings, could destabilize power grids, damage energy infrastructure, and trigger widespread blackouts. In the end the devices could be used to physically destroy the grid.

The whole article is here:
https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/

While Reuters stayed vague enough to not be wrong, other news outlets were quick to postulate that a Chinese “kill switches” had been found hidden in American solar farms.

While I don't doubt the theoretical possibility of the envisioned attack, the story still feels off to me!

The story just contains too few details. Reading it carefully it just states that undocumented components or undocumented communication devices were found. The "rogue" part is an interpretation. The theoretical consequences are valid nevertheless.

It remind me a lot of the story of spy chips on server boards (2018), which The Register described as a "mishmash of disparate and inaccurate allegations" .
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/

What do you think?

#Cybesecurity #CriticalInfrastructure

#AWS rolls out #MLKEM to secure #TLS from #quantum threats

https://www.bleepingcomputer.com/news/security/aws-rolls-out-ml-kem-to-secure-tls-from-quantum-threats/

#cybesecurity #Amazon

DM ahora #hackedgmail #cybesecurity #hacker #infosec @reach2ratan #security #cyber #tech #opensource #cybercrime #Crime #GDPR #Cloud #CloudSecurity #DataProtection #Privacy #CloudComputing #Malware #Ransomware https://t.co/FqSHwqRdWd

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe

malicious PDFs delivered via SMS messages whose senders impersonate the United States Postal Service

Attacks commence once the victim clicks on the malicious link hidden in the PDF; usually containing requests for personal information, including names, addresses and credit card details

#PDF #Phishing #messaging #USPS #security #cybesecurity #hackers #hacking

https://www.techradar.com/pro/security/millions-at-risk-as-malicious-pdf-files-designed-to-steal-your-data-are-flooding-sms-inboxes-how-to-stay-safe

Explore the power of Urlex! 🌐✨ This amazing URL expander safely reveals the full links behind shortened URLs, making it the fastest and easiest way to unmask them. 🚀🔗 With batch expansion and custom timeouts, it's perfect for anyone needing efficiency! Check it out 👉 https://urlex.org #URLExpander #SafetyFirst #TechTools #WebUtility #privacy #cybesecurity

The biggest underestimated security threat of today? Advanced persistent teenagers

If you ask some of the top cybersecurity leaders in the field what’s on their worry list, you might not expect bored teenagers to be top of mind. But in recent years, this entirely new generation of money-driven cybercriminals has caused some of the biggest hacks in history and shows no sign of slowing down.

#teenagers #security #cybesecurity #databreach #infosec #hackers #hacking

https://techcrunch.com/2024/11/01/the-biggest-underestimated-security-threat-of-today-advanced-persistent-teenagers/

Videosorveglianza e Privacy: la tutela dell’operatore in ambito Forze dell’Ordine, sanita’, trasporti. Relatori al convegno di Battipaglia: Il Comune di Battipaglia ospitera’ l’evento formativo l’8 ottobre prossimo, segniamo la data! Al centro dell’iniziativa e della serie di interventi, un tema emergente nel mondo dell’utenza pubblica e privata, in ambito sanitario, dei trasporti e della sicurezza urbana: la tutela...
#Videosorveglianza #privacy #cybesecurity… http://dlvr.it/TCPsWV

In my last livestream you could witness LIVE, how not reading an exploit (or its code for that matter) can cause some unnecessary headaches (in the best case). Sometimes I fall into these kind of "amateur-ish" patterns (especially during livestreams). :ablobcatmelt:

⬇️ I downloaded this exploit and tried to run it with a simple "PHP GET-CMD" webshell:

https://github.com/kimusan/pkwner/blob/main/pkwner.sh

After failing to do some damage with that one, I finally read the code and saw the "/bin/bash" at the end (thanks to the walkthrough of @0xdf I found the exploit in the first place, and after reading the walkthrough I also saw the bash line there). :flan_hacker:

And then I got the root flag thanks to the writeup :blobsmile:

TL;DR: Read the Exploit Code and try to understand it...

#hacking #cybesecurity #ctf #hackthebox

Next #intune blog is up. #windows and Driver Updates.

We look at #patchmanagement via Intune update rings

#cybesecurity #securebydefault #blueteam

https://strategic-cyber.co.uk/2024/05/16/microsoft-intune-16-windows-and-driver-updates/

#LLRX #CybeSecurity @bespacific

Pete Recommends – Weekly highlights on cyber security issues, May 18, 2024

Four highlights from this week: Google Accidentally Deleted $125 Billion Pension Fund's Account; Generating Harms: Generative AI’s New & Continued Impacts; What I wish I’d known before my smartphone was snatched; and Mortgage Brokers Sent People’s Estimated Credit, Address, and Veteran Status to Facebook.

Posted in: AI, Cybercrime, Cybersecurity, Financial System, Legal Research, #privacy Social Media

https://www.llrx.com/2024/05/pete-recommends-weekly-highlights-on-cyber-security-issues-may-18-2024/

@adamshostack @RuthMalan

Sorry for the dummy follow up questions
What does UW mean on this context 🥴?

Today was the discussion and I learned a lot about #STPA/ #STAMP
The checklist of hazards on each controller would IMHO be helpful in #cybesecurity
Actually it feels to me that #STRIDE represents these hazards on one level

The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.

https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment

The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)

Abusive Partners
Stalkers
Kids

while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.

I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames

Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.

A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney

Graphic connecting cyber threat actors with their motivations:

Nation state -> geopolitically
Cybercriminals -> profit
Hacktivists -> ideologically motivated.
Terrorist groups -> ideological violence.
Thrill-seekers -> satisfaction.
Insider threats -> discontent.

Want to know how make your career easier? Time to Google “informational interviews” and get networking. Here’s an article to get you started: https://hbr.org/2016/02/how-to-get-the-most-out-of-an-informational-interview. #cybesecurity #career #networking

The ‘US Cyber Trust Mark’ finally gives device makers a reason to spend big on security

“US #CyberTrustMark” as part of its voluntary labeling program for smart devices.

The mark is a quality seal to help Americans more easily and securely select these products.

Tech giants like Amazon, Best Buy, Google, LG Electronics, Logitech, and Samsung Electronics have already pledged their support

#InternetOfThings #IoT #Smarthome #security #cybesecurity #hackers #hacking

https://techcrunch.com/2023/08/23/the-us-cyber-trust-mark-finally-gives-device-makers-a-reason-to-spend-big-on-security/

#pentest #penetrationtesting #redteam #blueteam #cybesecurity

as i said before #cybersecurity fields like #pentesting #redteaming needs good #skills + #experience (both) so this video is very good for those who want to start cyber security fields like ... "this video is recommended for those guys in my country which really needs to learn new things/skills for starting cyber security fields [especially those guys who comes from university which really their skills/experience is not enough & should learn new things] etc."

in my opinion important point is you should make "Documents with details step-by-step via [html/docs/pdf/chm/write articles in blog]" for anything you learned and share that to public (public which means: your field experts or #infosec communities [or/and other fields in Cyber Security]) , this will help you to re-write/re-think those things which you learned before also this will useful in future when you want to back to read something which learned before ;D just with read articles or docs which you wrote before and this will help others to learn from you with details much faster & much better...

Note: make simple list of Articles/Codes/Docs/Projects which made by yourself or by others and do review/update that every-week also share that to the public, this will help you and your friends to learn faster and better...

Video: "Why Cyber Security is Hard to #Learn (Tips For Success!)"

Having the right #mindset , you can overcome any challenge. The second piece you need is an effective #learning strategy for cyber security. Here’s the three:

Method #1: Top-down.
The top-down method involves selecting a specific skill and learning it directly. This approach is best used via an apprenticeship. Proper tutelage under a senior or master practitioner can reduce the time-to-proficiency drastically.
-----------------
Method #2: Bottom-up approach.
For many apprenticeships, you’re expected to have a solid baseline first. A bottom-up approach breaks topics down into fundamental components. The process may often involve reading lots of cyber security books and articles. Mastering the basics first can make it much easier to pick up on more high-level concepts.
-----------------
Method #3: Project-based.
This approach is a hybrid of the previous two. First you define a technical goal and then collect the resources needed to achieve it. Pursuing projects will expose you to many skills top-down learning may not cover. It also makes bottom-up learning less monotonous and boring.

As of today, there isn’t an institutionalized path towards learning cyber security. Other professions (doctors, lawyers, accountants) have it much easier, in this regard. Hence, you really have to take the education path into your own hands. With the right mindset and strategy, you’ll get there in no time.

video link => https://www.youtube.com/watch?v=vI79qT4lcfA

Just getting started on Mastodon and wondering where all the #infosec and #cybesecurity folks are? This should help:
https://www.sentinelone.com/blog/cybersecurity-sharing-an-infosec-users-guide-to-getting-started-on-mastodon/

RT @TranscendHEu@twitter.com

WP3, leaded by @FraunhoferISI@twitter.com, is the empirical heart of @TranscendHEu@twitter.com
@EOS_EU@twitter.com , WP4 leader, presented the Work Package ambitions and objectives.
#societalimpact #cybesecurity #bordermanagement #fct #DRS

🐦🔗: https://twitter.com/TranscendHEu/status/1589906409592090624