shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

244
active users

#ics

3 posts3 participants0 posts today
SleepyCatten<p>Hey folks :TransHeart: </p><p>So, we're going to try to keep this post shortish for our own wellbeing and sanity, as well as yours.</p><p>We will, however, frontload some abbreviations and links:</p><ul><li>EOEGS - <a href="https://ncth.nhs.uk/east-of-england-service/" rel="nofollow noopener noreferrer" target="_blank">East of England Gender Service</a></li><li><a href="https://transactual.org.uk/medical-transition/gender-dysphoria-clinics/" rel="nofollow noopener noreferrer" target="_blank">Gender Clinics</a><ul><li>Aka GIC (Gender Identity Clinic) or, solely by the NHS, Gender Dysphoria Clinic (GDC)</li></ul></li><li>IFR - <a href="https://www.england.nhs.uk/contact-us/privacy-notice/how-we-use-your-information/our-services/individual-requests-for-funding/" rel="nofollow noopener noreferrer" target="_blank">Individual Funding Request</a></li><li>ICB / ICS - <a href="https://www.nhs.uk/nhs-services/find-your-local-integrated-care-board/" rel="nofollow noopener noreferrer" target="_blank">Integrated Care Board</a> / System</li><li>GDNRSS - <a href="https://ncth.nhs.uk/gdnrss/" rel="nofollow noopener noreferrer" target="_blank">NHS Gender Dysphoria National Referral Support Services</a></li><li>GAHT - Gender-Affirming Hormone Therapy</li><li>FFS - Facial Feminisation Surgery</li><li>VFS - Voice Feminisation Surgery</li><li>GP - General Practitioner</li><li>PALS - <a href="https://www.nhs.uk/nhs-services/hospitals/what-is-pals-patient-advice-and-liaison-service/" rel="nofollow noopener noreferrer" target="_blank">Patient Advice and Liaison Service</a></li><li>PHSO - Parliamentary and Health Service Ombudsman </li></ul><p>We have already written up about some of our early experience of trying to get gender-affirming care from the NHS in an <a href="https://transactual.org.uk/blog/2023/10/21/i-have-no-gender-affirming-care-and-i-must-scream/" rel="nofollow noopener noreferrer" target="_blank">article for TransActual</a>, but that was published back in October 2023, so it's more than a little outdated now 😅</p><p>Back in August 2023, we knew it was possible to request funding for gender-affirming surgeries not routinely covered by the NHS via IFRs. These are submitted to your local ICB, who will likely refuse funding unless you've made a really good funding case.</p><p>(It's worth noting here that such gender-affirming surgeries are recommended by WPATH's <a href="https://www.tandfonline.com/doi/pdf/10.1080/26895269.2022.2100644" rel="nofollow noopener noreferrer" target="_blank">SOC8</a>: the NHS just disagrees and refuses to follow the international recommendations.)</p><p>Nonetheless, we mostly just wanted the chance to put our case forward for VFS. A standalone bilateral orchidectomy and FFS were there, but as lower priorities, since it was our voice causing us the most issues.</p><p>(We won't list all of our voice dysphoria issues here, but basically we've been doing voice feminisation training since December 2021 and we're nowhere near even the lowest-end voice goals. Our voice leads to us getting regularly misgendered both on the phone and even in person 😞 We've done our genuine best for years and VFS is very much our last resort.)</p><p>We are going to give selective details of what's happened since, but we'll first cut to key points: the EOEGS (our gender clinic) has been refusing to comply with their responsibilities for approaching <strong>2 YEARS</strong> and no-one within the NHS will hold them to account.</p><p>First they denied responsibility for IFRs and tried to say it was our GP's responsibility. So, we went to our local ICB to ask them and got given the details for the NHS England IFR team, who told us -- in no uncertain terms -- that it was the responsibility of the EOEGS to submit these for us. That was back in very early 2024.</p><p>We forwarded this to the EOEGS, and then followed it up with them at our 3rd appointment (Q1 2024). They still denied responsibility, so we forwarded on the proof again. And waited. 3 months later (Q2 2024), we chased... and waited again.</p><p>Near the end of Q3 2024, the EOEGS <strong>finally</strong> wrote up the notes from the 3rd appointment (~6 months ago), and mailed them to us and our GP in the post (no digital copy or email)... with multiple factual errors :Sighing_Face: 🤦‍♀️</p><p>So, we scanned the letter, turned it into a PDF, then highlighted and corrected <strong>all</strong> the errors. We then politely emailed it across to the EOEGS, CCing in our GP, along with a clear restatement of outstanding issues and requests.</p><p>As the quarter ended, we got an offer of a 4th appointment (more surgical referral gatekeeping nonsense) next quarter. Then silence, yet again.</p><p>Q4 2024 came around. The EOEGS claimed that the IFR issue was still with its "service lead". We raised it at the 4th appointment. No answers. Only further promises to look into it and get back to us.</p><p>As 2024 ended, we went back to the NHS England IFR team. They confirmed once again that our gender clinic was shirking their responsibility over IFRs. So, we chased the EOEGS for the last time that year. No response ever came.</p><p>As we moved into 2025, we reached out to GDNRSS to ask for guidance and help. They responded quickly, but advised that the only thing we could do was to raise a complaint with PALS.</p><p>So, that's what we did, CCing in the EOEGS, and made it very clear that this was only being done as a matter of last resort.</p><p>By now, as you can imagine, we weren't expecting anything great. However, we hadn't been mentally prepared for the combination of incompetence, lack of reading comprehension, and institutional malice that followed.</p><p>They'd send us a complaint response that didn't show any understanding of our complaint. We'd go back and clarify the issues again, and suggest a call to discuss it. They'd investigate more, say that they'd pass along our request for a call, delay the response, and then send another one which again failed to address the core issues.</p><p>By Q2 2025, we reached the point where they refused to take the complaint forward any further, and just directed us to the PSHO, which is very much biased towards whatever the current government wants.</p><p>In other words, we'd run out of options to hold the EOEGS accountable 😞</p><p>NGL: in combination with multiple other factors, this kind of broke us, and we simply had none of the time, energy, spoons, or motivation to follow up any further.</p><p>After a few weeks, however, we decided on 2 last-ditch options available to us:</p><ol><li>Raise a <a href="https://gdpr-info.eu/art-15-gdpr/" rel="nofollow noopener noreferrer" target="_blank">DSAR (Data Subject Access Request)</a> under GDPR to request a copy of any and all communications mentioning us (directly or indirectly) and our requests by all organisations and individuals involved.</li><li>Reach out to the senior partner at our GP surgery, via the practice manager, to ask if they'd consider submitting an IFR for us for at least VFS.</li></ol><p>On the 1st point, the ticking clock for that started just a few days ago. Officially they have 1 calendar month to comply, but can request up to 3 calendar months if the request is deemed complex. We are under no obligation to agree to this as the data subject.</p><p>On the 2nd point, the senior partner had a call with us over the issues, then asked whether we could compile all the info on everything for him. We said it would be difficult for us, but agreed, so he booked a follow-up appointment for us on 2025-06-09 (yesterday).</p><p>NGL: going through all the emails and documents again, then summarising them into a chronological sequence of events, was very, very difficult for many reasons, but primarily because it meant going back through everything and reliving the cumulative trauma of it :PleadingFace: </p><p>Nonetheless, we finished compiling it all just a couple of hours before the appointment. A "summary" document that spanned 4 sides of A4 and all the relevant "receipts" (digital documents like emails and PDFs), covering from August 2023 to June 2025.</p><p>Whilst the senior partner said it will take him time to go through it all, the key thing is that he agreed to submit the IFR for us.</p><p>It honestly made us teary just to have someone actually care enough to truly listen and be willing to discuss it with us :FaceHoldingBackTears: </p><p>Of course, this is just the beginning of another long, drawn-out process. It's likely going to take at least several weeks until we even get to the stage of working together to put together the best case possible, let alone getting the IFR submitted. It could even be months.</p><p>Even when it's submitted, it'll then be up to our local ICB to review the submission, and they will almost certainly find a reason or reasons to deny the application.</p><p>We're still not expecting this to succeed. We just wanted to have the chance to have at least one request submitted and reviewed.</p><p>The EOEGS and other NHS departments spent a level of magnitude more time, energy, and resources denying us the <strong>right</strong> to even consider submitting IFRs for us because, we suspect, they didn't want to set a precedent of trans patients in England utilising their rights.</p><p>Or maybe just because they didn't want to comply.</p><p>Whatever happens with the eventual IFR submission, at least we'll have tried every way we can think of to get the NHS to fund a basic gender-affirming surgery that would massively improve our daily quality of life.</p><p>If by some miracle the IFR is approved, it'll give us and maybe others a small glimmer of hope.</p><p>But realistically-speaking, at least then we can create a fundraiser for VFS with a clear conscience that we tried everything else we could first 🥺</p><p>If you got this far, thank you for reading this :TransHeart: Feel free to boost it, if you want others to read it too :BoostsOKPrideSymbol: </p><p><a href="https://cultofshiv.wtf/tags/trans" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trans</span></a> <a href="https://cultofshiv.wtf/tags/transgender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transgender</span></a> <a href="https://cultofshiv.wtf/tags/VoiceTraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceTraining</span></a> <a href="https://cultofshiv.wtf/tags/VoiceFeminisation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceFeminisation</span></a> <a href="https://cultofshiv.wtf/tags/VoiceFeminisationSurgery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceFeminisationSurgery</span></a> <a href="https://cultofshiv.wtf/tags/VFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VFS</span></a> <a href="https://cultofshiv.wtf/tags/VoiceDysphoria" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceDysphoria</span></a> <a href="https://cultofshiv.wtf/tags/NHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHS</span></a> <a href="https://cultofshiv.wtf/tags/NHSEngland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHSEngland</span></a> <a href="https://cultofshiv.wtf/tags/EOEGS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EOEGS</span></a> <a href="https://cultofshiv.wtf/tags/PALS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PALS</span></a> <a href="https://cultofshiv.wtf/tags/IFR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IFR</span></a> <a href="https://cultofshiv.wtf/tags/ICB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICB</span></a> <a href="https://cultofshiv.wtf/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://cultofshiv.wtf/tags/GDNRSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDNRSS</span></a> <a href="https://cultofshiv.wtf/tags/GAHT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAHT</span></a> <a href="https://cultofshiv.wtf/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> <a href="https://cultofshiv.wtf/tags/DSAR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DSAR</span></a> <a href="https://cultofshiv.wtf/tags/TransRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TransRights</span></a> <a href="https://cultofshiv.wtf/tags/TransRightsAreHumanRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TransRightsAreHumanRights</span></a> <a href="https://cultofshiv.wtf/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQ</span></a>+ <a href="https://cultofshiv.wtf/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQIA</span></a>+ <a href="https://cultofshiv.wtf/tags/queer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>queer</span></a> <a href="https://cultofshiv.wtf/tags/GenderAffirmingCare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenderAffirmingCare</span></a></p>
Censys<p>In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here: </p><p><a href="https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">censys.com/blog/turning-off-th</span><span class="invisible">e-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/water" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>water</span></a></p>
Bill<p>Gotta admit, 35,000 solar panels would make a baaaaadass botnet.</p><p><a href="https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/35000-solar-p</span><span class="invisible">ower-systems-exposed-to-internet/</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
🏳️‍🌈Trentskunk🏳️‍🌈:unverified:<p>Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?</p><p><a href="https://mstdn.social/tags/emacs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>emacs</span></a> <br><a href="https://mstdn.social/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <br><a href="https://mstdn.social/tags/calendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>calendar</span></a> <br><a href="https://mstdn.social/tags/DeGoogle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeGoogle</span></a></p>
Geriatric Gardener<p>“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”</p><p>by Skwawkbox <span class="h-card" translate="no"><a href="https://mastodon.social/@skwawkbox" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>skwawkbox</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.cloud/@UKLabour" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>UKLabour</span></a></span> </p><p>“Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”</p><p><a href="https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">skwawkbox.org/2025/05/23/inves</span><span class="invisible">tors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/</span></a></p><p><a href="https://mstdn.social/tags/Press" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Press</span></a> <a href="https://mstdn.social/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://mstdn.social/tags/NHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHS</span></a> <a href="https://mstdn.social/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedHealth</span></a> <a href="https://mstdn.social/tags/Insurance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Insurance</span></a> <a href="https://mstdn.social/tags/Treatment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Treatment</span></a> <a href="https://mstdn.social/tags/Refusal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Refusal</span></a> <a href="https://mstdn.social/tags/Denial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Denial</span></a> <a href="https://mstdn.social/tags/UHG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UHG</span></a> <a href="https://mstdn.social/tags/OptumRX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OptumRX</span></a> <a href="https://mstdn.social/tags/Labour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Labour</span></a> <a href="https://mstdn.social/tags/Streeting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Streeting</span></a> <a href="https://mstdn.social/tags/Starmer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Starmer</span></a> <a href="https://mstdn.social/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a></p>
mle✨<p>While there's a huge existing body of research on Internet-exposed <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> devices, much of the prior work in this space disregards the existence of ICS honeypots. This can lead to inaccurate measurements and an inflated sense of real device exposure. </p><p>A recent paper by researchers from the Norwegian University of Science and the Delft University of Technology leverages Censys data to address this challenge (<a href="https://gsmaragd.github.io/publications/EuroSP2025-ICS/EuroSP2025-ICS.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gsmaragd.github.io/publication</span><span class="invisible">s/EuroSP2025-ICS/EuroSP2025-ICS.pdf</span></a>).</p><p>Specifically, they outline their approach to classifying ICS services as real or deceptive based on various metadata characteristics.</p><p>It's exciting to see researchers working on this problem and trying to more accurately measure ICS exposure. More of my thoughts on this paper were included in this SecurityWeek article: </p><p><a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>honeypot</span></a> </p><p><a href="https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/up-to-25-of-i</span><span class="invisible">nternet-exposed-ics-are-honeypots-researchers/</span></a></p>
BSides Boulder<p>⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵 </p><p>Trace attack paths in ICS with Gilberto "Gil" Garcia's <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSidesBoulder25</span></a> talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows. <br>Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 <a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
scy<p>Habt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern</p><p>• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem)<br>• Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)</p><p>Einmalige Downloads sind okay, Feed-URLs wären fast besser.</p><p><a href="https://chaos.social/tags/iCal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iCal</span></a> <a href="https://chaos.social/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://chaos.social/tags/Kalender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kalender</span></a> <a href="https://chaos.social/tags/KalenderFeed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KalenderFeed</span></a> <a href="https://chaos.social/tags/Feiertag" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feiertag</span></a> <a href="https://chaos.social/tags/Feiertage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feiertage</span></a> <a href="https://chaos.social/tags/Schulferien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Schulferien</span></a> <a href="https://chaos.social/tags/Ferien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ferien</span></a></p>
Bill<p>Geez, TWENTY-TWO ICS advisories from CISA today? Is that as awful as it sounds?</p><p><a href="https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/news-events/alerts/20</span><span class="invisible">25/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a></p>
OTX Bot<p>Recruitment Scams on the Rise: How Threat Actors Exploit Job Seekers</p><p>A significant increase in recruitment scams has been observed, with three distinct threat actors targeting job seekers. The first impersonates tech employers using advance fee fraud tactics. The second poses as a logistics recruitment agency, targeting 18 geographies and affecting 63,000 people in the U.S. alone. The third impersonates the Government of Singapore to steal personal identity numbers and Telegram account details. These scams exploit economic factors and the rise of gig work, often using task-based schemes to extract money and free labor from victims. The scams typically involve unsolicited messages, fake websites, and promises of high-paying, flexible jobs. Victims are coerced into making upfront payments or providing personal information. The sophistication and scale of these operations highlight the growing threat to job seekers in the digital age.</p><p>Pulse ID: 68220ed2e06f82cae4fa7bef<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68220ed2e06f82cae4fa7bef" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68220</span><span class="invisible">ed2e06f82cae4fa7bef</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-12 15:08:02</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Singapore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Singapore</span></a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telegram</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
brunoc<p>Any <a href="https://mastodon.sprawl.club/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> / <a href="https://mastodon.sprawl.club/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://mastodon.sprawl.club/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> folks here who would be able to give me an idea about compensation for roles in the field? I'm working on something that might lead to some OT/ICS security work, but I need to know what's a "good" hourly rate for pros in the US and abroad. Thank you!!</p>
Seth Grover<p><a href="https://github.com/idaholab/Malcolm/releases/tag/v25.04.1" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.04.1</a> contains new features and improvements, component version updates, bug fixes, and other great stuff.</p><p>For these notes, I'm lumping v25.04.0 and v25.04.1 together, as v25.04.1 was released only two days after v25.04.0 in order to update Arkime to <a href="https://github.com/arkime/arkime/blob/6eaf2ee53a808cece94cec887cf8f058e0441a5c/CHANGELOG#L39-L42" rel="nofollow noopener noreferrer" target="_blank">v5.6.4</a> which mitigates newly-discovered remote code execution (RCE) vulnerabilities.</p><p><a href="https://github.com/idaholab/Malcolm/compare/v25.03.1...v25.04.1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/idaholab/Malcolm/co</span><span class="invisible">mpare/v25.03.1...v25.04.1</span></a></p><ul><li><p>✨ Features and enhancements</p><ul><li>add option to use external NetBox instance (<a href="https://github.com/cisagov/Malcolm/issues/597" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#597</a>)</li><li>add <code>-q</code>/<code>--quiet</code> option for <code>start</code>/<code>restart</code> (<a href="https://github.com/cisagov/Malcolm/issues/656" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#656</a>)</li><li>handle non-HTTPS arkime case (<a href="https://github.com/cisagov/Malcolm/issues/629" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#629</a>)</li><li><p>lots of improvements to <code>control.py</code> and <code>install.py</code> for Kubernetes deployment</p><ul><li>improved <code>start</code>/<code>stop</code>/<code>wipe</code> control script behavior</li><li>allow providing resource requests in manifests via YML file and command-line argument</li></ul><pre><code>...<br>Kubernetes:<br> -n, --namespace &lt;string&gt;<br> Kubernetes namespace<br> --skip-persistent-volume-checks [SKIPPERVOLCHECKS]<br> Skip checks for PersistentVolumes/PersistentVolumeClaims in manifests (only for "start" operation with Kubernetes)<br> --no-capture-pods [NOCAPTUREPODSSTART]<br> Do not deploy pods for traffic live capture/analysis (only for "start" operation with Kubernetes)<br> --no-capabilities [NOCAPABILITIES]<br> Do not specify modifications to container capabilities (only for "start" operation with Kubernetes)<br> --inject-resources [INJECTRESOURCES]<br> Inject container resources from kubernetes-container-resources.yml (only for "start" operation with Kubernetes)<br> --image-source &lt;string&gt;<br> Source for container images (e.g., "ghcr.io/idaholab/malcolm"; only for "start" operation with Kubernetes)<br> --image-tag &lt;string&gt; Tag for container images (e.g., "25.04.0"; only for "start" operation with Kubernetes)<br> --delete-namespace [DELETENAMESPACE]<br> Delete Kubernetes namespace (only for "wipe" operation with Kubernetes)<br>...<br></code></pre></li><li><p>improvements to Malcolm's vanilla Kubernetes manifests</p><ul><li>lowered the amount of storage for the persistent volumes in the AWS EFS example</li><li>replaced <code>name</code> label with <code>app</code> label for deployments in accordance with best practices</li></ul></li><li><p>improve links on landing page for NetBox and auth to accurately reflect what Malcolm is using</p></li><li><p>added more smarts to the NGINX startup script to dynamically set up upstreams that may or may not exist based on enabled or disabled Malcolm features</p></li><li><p>fixed a minor issue in the script setting up Zeek intelligence updates where it would remove its own lockfile</p></li></ul></li><li><p>✅ Component version updates</p><ul><li>Alpine Linux <a href="https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.21.0" rel="nofollow noopener noreferrer" target="_blank">v3.21</a></li><li>Arkime <a href="https://github.com/arkime/arkime/blob/6eaf2ee53a808cece94cec887cf8f058e0441a5c/CHANGELOG#L39-L42" rel="nofollow noopener noreferrer" target="_blank">v5.6.4</a> to <a href="https://github.com/arkime/arkime/pull/3188" rel="nofollow noopener noreferrer" target="_blank">resolve</a> RCE vulnerabilities, as described below in the <a href="https://infosec.exchange/tags/announcements" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>announcements</span></a> channel on the <a href="https://arkime.slack.com/" rel="nofollow noopener noreferrer" target="_blank">Arkime slack</a>: * possible to bypass forced expressions for some API calls * direct access to OpenSearch/Elasticsearch could be used to create session documents that hang viewer or have viewer execute code * since Arkime 5.1.0 any arkimeUser user could create OpenSearch/Elasticsearch documents in any index that viewer had access to</li><li>Keycloak <a href="https://www.keycloak.org/docs/latest/release_notes/index.html#keycloak-26-2-0" rel="nofollow noopener noreferrer" target="_blank">v26.2</a></li><li>NetBox <a href="https://github.com/netbox-community/netbox/releases/tag/v4.2.8" rel="nofollow noopener noreferrer" target="_blank">v4.2.8</a></li><li>netbox-initializers <a href="https://github.com/tobiasge/netbox-initializers/releases/tag/v4.2.0" rel="nofollow noopener noreferrer" target="_blank">v4.2.0</a></li><li>netbox-topology <a href="https://github.com/netbox-community/netbox-topology-views/releases/tag/v4.2.1" rel="nofollow noopener noreferrer" target="_blank">v4.2.1</a></li><li>Fluent Bit to <a href="https://github.com/fluent/fluent-bit/releases/tag/v4.0.1" rel="nofollow noopener noreferrer" target="_blank">v4.0.1</a></li></ul></li><li><p>🐛 Bug fixes</p><ul><li>API tokens created in NetBox still require authentication through NGINX reverse proxy (<a href="https://github.com/cisagov/Malcolm/issues/383" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#383</a>)</li><li>adjust Logstash health check so K8s liveness probe doesn't kill it (<a href="https://github.com/cisagov/Malcolm/issues/630" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#630</a>)</li><li>be more resilient in <code>zeekctl</code> status checks in <code>zeekdeploy.sh</code> (<a href="https://github.com/cisagov/Malcolm/issues/652" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#652</a>)</li><li>in deployments with multiple zeek-live containers, each container's restarting causes the others to restart zeek (<a href="https://github.com/cisagov/Malcolm/issues/651" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#651</a>)</li></ul></li><li><p>🧹 Code and project maintenance</p><ul><li><a href="https://malcolm.fyi/docs/custom-rules.html#Logstash" rel="nofollow noopener noreferrer" target="_blank">document</a> customizing Malcolm with an additional output pipeline (<a href="https://github.com/cisagov/Malcolm/issues/643" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#643</a>)</li><li>overhaul <a href="https://malcolm.fyi/docs/aws.html#AWS" rel="nofollow noopener noreferrer" target="_blank">"deploying Malcolm on AWS"</a> documentation (<a href="https://github.com/cisagov/Malcolm/issues/655" rel="nofollow noopener noreferrer" target="_blank">cisagov/Malcolm#655</a>)</li></ul></li></ul><p><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.</p><p>Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.</p><p>Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/idaholab/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/idaholab/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/idaholab/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank"><strong>Downloading Malcolm - Installer ISOs</strong></a> for instructions.</p><p>As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.</p><p><a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HedgehogLinux</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arkime</span></a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBox</span></a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSearch</span></a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Elasticsearch</span></a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCAP</span></a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkTrafficAnalysis</span></a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecuritymonitoring</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INL</span></a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DHS</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISAgov</span></a></p>
OTX Bot<p>Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Introduces New Banking Phishing Kit</p><p>The Chinese eCrime group Smishing Triad has launched a global SMS phishing campaign targeting over 121 countries across various industries. Their infrastructure generates over one million page visits in 20 days, averaging 50,000 daily. The group has introduced a new 'Lighthouse' phishing kit focusing on banking and financial organizations, particularly in Australia and the Asia-Pacific region. Smishing Triad claims to have '300+ front desk staff worldwide' supporting their operations. They frequently rotate domains, with approximately 25,000 active during any 8-day period. The majority of phishing sites are hosted by Chinese companies Tencent and Alibaba. The campaign primarily targets postal, logistics, telecommunications, transportation, finance, retail, and public sectors.</p><p>Pulse ID: 67f80a4937d04f9036252cf7<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67f80a4937d04f9036252cf7" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67f80</span><span class="invisible">a4937d04f9036252cf7</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-10 18:13:29</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/Australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Australia</span></a> <a href="https://social.raytec.co/tags/Bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bank</span></a> <a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/Smishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smishing</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/Telecommunication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecommunication</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>More Solar System Vulnerabilities Expose Power Grids to Hacking <a href="https://www.securityweek.com/more-solar-system-vulnerabilities-expose-power-grids-to-hacking/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/more-solar-sy</span><span class="invisible">stem-vulnerabilities-expose-power-grids-to-hacking/</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/Featured" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Featured</span></a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a>/OT <a href="https://social.skynetcloud.site/tags/energy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>energy</span></a> <a href="https://social.skynetcloud.site/tags/solar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solar</span></a> <a href="https://social.skynetcloud.site/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a></p>
Nicco Kunzmann<p>Thanks to the funding by <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span>, I added <a href="https://toot.wales/tags/event" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>event</span></a> sign up via email to the <a href="https://toot.wales/tags/OpenWebCalendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenWebCalendar</span></a>. In this tutorial, I show how to enable others to sign up to your events on your <span class="h-card" translate="no"><a href="https://mastodon.xyz/@nextcloud" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nextcloud</span></a></span> <a href="https://toot.wales/tags/calendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>calendar</span></a>.</p><p>Video: <a href="https://youtu.be/RnMz23p7UP0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/RnMz23p7UP0</span><span class="invisible"></span></a></p><p>Blog Post: <a href="https://open-web-calendar.quelltext.eu/news/2025-03-17-caldav-nextcloud-sign-up/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">open-web-calendar.quelltext.eu</span><span class="invisible">/news/2025-03-17-caldav-nextcloud-sign-up/</span></a></p><p><a href="https://toot.wales/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://toot.wales/tags/caldav" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>caldav</span></a> <a href="https://toot.wales/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://toot.wales/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextcloud</span></a></p>
mle✨<p>Water utilities would get cybersecurity boost under bipartisan Senate bill:<br>The Cybersecurity for Rural Water Systems Act would expand USDA’s Circuit Rider Program. </p><p><a href="https://cyberscoop.com/rural-water-utilities-cybersecurity-senate-bill/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/rural-water-uti</span><span class="invisible">lities-cybersecurity-senate-bill/</span></a></p><p><a href="https://infosec.exchange/tags/water" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>water</span></a> <a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a></p>
🦅 🪿RKeller Photography🏳️‍🌈<p>Light tunneling and squiggles.</p><p><a href="https://toot.community/tags/PhotoHour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhotoHour</span></a> <a href="https://toot.community/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abstract</span></a> <a href="https://toot.community/tags/AbstractPhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AbstractPhotography</span></a> <a href="https://toot.community/tags/improvisation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>improvisation</span></a> <a href="https://toot.community/tags/night" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>night</span></a> <a href="https://toot.community/tags/nightphotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nightphotography</span></a> <a href="https://toot.community/tags/street" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>street</span></a> <a href="https://toot.community/tags/interstate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>interstate</span></a> <a href="https://toot.community/tags/I80" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>I80</span></a> <a href="https://toot.community/tags/icm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icm</span></a> <a href="https://toot.community/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://toot.community/tags/photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>photography</span></a> <a href="https://toot.community/tags/AltText" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AltText</span></a></p>
🦅 🪿RKeller Photography🏳️‍🌈<p>Sprites &amp; sinusoidal waves.</p><p>Walking near I-80 last night so decided to head up to a nearby walking bridge that crosses it. Haven't done one of these in a few yrs. Don't have a cityscape as a backdrop to my traffic pics so I "liven" them up.</p><p><a href="https://toot.community/tags/StormHour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StormHour</span></a> <a href="https://toot.community/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://toot.community/tags/abstract" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abstract</span></a> <a href="https://toot.community/tags/AbstractPhotography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AbstractPhotography</span></a> <a href="https://toot.community/tags/photography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>photography</span></a> <a href="https://toot.community/tags/AltText" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AltText</span></a></p>
Paul Shread<p>Just what we need, another Russian threat group tampering with critical infrastructure control panels. <br><a href="https://masto.ai/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://masto.ai/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://masto.ai/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://masto.ai/tags/CriticalInfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CriticalInfrastructure</span></a> <a href="https://masto.ai/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://masto.ai/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://masto.ai/tags/SCADA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SCADA</span></a> <a href="https://masto.ai/tags/Hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackers</span></a> <a href="https://masto.ai/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://masto.ai/tags/NationalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NationalSecurity</span></a> </p><p><a href="https://cyble.com/blog/dark-web-activity-new-hacktivist-group-emerges/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyble.com/blog/dark-web-activi</span><span class="invisible">ty-new-hacktivist-group-emerges/</span></a></p>
mle✨<p>Our team at <span class="h-card" translate="no"><a href="https://infosec.exchange/@censys" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>censys</span></a></span> has studied Internet exposure of <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> for the better part of a year, learning more about the products, protocols, and nuances of this space. </p><p>Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:</p><p>🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself. </p><p>💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector. </p><p>⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> </p><p>You can find a copy of the report with all the details here! 👇</p><p><a href="https://censys.com/the-2024-state-of-the-internet-report/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">censys.com/the-2024-state-of-t</span><span class="invisible">he-internet-report/</span></a></p>