shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

250
active users

#infosec

97 posts82 participants0 posts today
Tom Smykowski<p>🔐 16 billion passwords leaked.<br>If you’ve reused one since 2012 — it’s probably in a hacker's toolkit.<br>Google, Apple, Facebook, PayPal, GitHub, Netflix… all in.<br>Your dog’s name with a number won’t save you.</p><p>📖 <a href="https://medium.com/@tomaszs2/16-billion-passwords-leaked-if-youve-reused-a-password-since-2012-assume-it-s-compromised-89693d6cd846" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@tomaszs2/16-billio</span><span class="invisible">n-passwords-leaked-if-youve-reused-a-password-since-2012-assume-it-s-compromised-89693d6cd846</span></a><br><a href="https://techhub.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://techhub.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://techhub.social/tags/PasswordLeak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordLeak</span></a> <a href="https://techhub.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataBreach</span></a> <a href="https://techhub.social/tags/Hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackers</span></a> <a href="https://techhub.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://techhub.social/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a></p>
ChiefGyk3D<p>Parents, you might be doxxing your kids with graduation banners. Scammers are watching. I break it down + cover MFA, passkeys, Proton Pass, and credit freezes.</p><p>📺 <a href="https://youtu.be/m3eesBF3O6A?si=sgqES-ol1txqP9sA" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/m3eesBF3O6A?si=sgqES-</span><span class="invisible">ol1txqP9sA</span></a></p><p><a href="https://social.chiefgyk3d.com/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.chiefgyk3d.com/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://social.chiefgyk3d.com/tags/graduation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>graduation</span></a> <a href="https://social.chiefgyk3d.com/tags/highschool" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>highschool</span></a> <a href="https://social.chiefgyk3d.com/tags/college" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>college</span></a></p>
JayeLTee<p>US Forensic Lab was leaking phone data extracts for multiple cases, including ongoing ones.</p><p>Likely the most sensitive data I've found exposed to date, with links to the DOJ in Montana.</p><p>Thanks again to <span class="h-card" translate="no"><a href="https://infosec.exchange/@masek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>masek</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@PogoWasRight" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>PogoWasRight</span></a></span> for helping get the message to the people responsible for this one.</p><p><a href="https://jltee.substack.com/p/forensic-lab-with-links-to-montana-doj-leaks-phone-extracts" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jltee.substack.com/p/forensic-</span><span class="invisible">lab-with-links-to-montana-doj-leaks-phone-extracts</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/unitedstates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unitedstates</span></a> <a href="https://infosec.exchange/tags/usa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>usa</span></a> <a href="https://infosec.exchange/tags/us" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>us</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataleak</span></a> <a href="https://infosec.exchange/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>leak</span></a> <a href="https://infosec.exchange/tags/evidence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>evidence</span></a> <a href="https://infosec.exchange/tags/phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phone</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a></p>
Harry Sintonen<p>Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value.</p><p>I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3.</p><p>The commit fixing this is in <a href="https://github.com/canonical/cloud-init/pull/6265" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/canonical/cloud-ini</span><span class="invisible">t/pull/6265</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_11584" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_11584</span></a> <a href="https://infosec.exchange/tags/ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ubuntu</span></a> <a href="https://infosec.exchange/tags/systemd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemd</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Shodan Safari<p>ASN: AS53158<br>Location: Jundiaí, BR<br>Added: 2025-06-19T10:35</p><p><a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>shodansafari</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
OTX Bot<p>New Phishing Threat Leverages Government Domains to Targetv Employee Credentials</p><p>Recently a sophisticated phishing campaign targeting employees has beenidentified using fake toll payment notices to deceive victims.</p><p>Pulse ID: 68575ac30df6bedce4b1b5c0<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68575ac30df6bedce4b1b5c0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68575</span><span class="invisible">ac30df6bedce4b1b5c0</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-06-22 01:22:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocti</span></a></p>
Harris Lapiroff<p>Has anyone seen reporting on the 16 billion password leak that doesn’t rely on the Cybernews story as its sole source? It feels a little sus that there’s no other verification and that the original story has no practical details—leaked where? acquired how?—which is making me go 🤨</p><p><a href="https://social.coop/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://social.coop/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Matthias Schulze<p>Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign <a href="https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/06/russ</span><span class="invisible">ian-apt29-exploits-gmail-app.html</span></a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
considerate<p>Cyber security is so vast and complex that it is as if it is designed to give people imposter syndrome. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> also <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltaChat</span></a> natively supports <a href="https://infosec.space/tags/Proxies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proxies</span></a>, <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a>|s and <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> so not only can people use it that way but also use any other bypass method.</p><ul><li>Obviously, the classic <a href="https://infosec.space/tags/Sneakernet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sneakernet</span></a> with people doing <a href="https://en.wikipedia.org/wiki/UUCP" rel="nofollow noopener noreferrer" target="_blank"><code>uucp</code></a> with foreign mobile networks near borders works just as well...</li></ul><p>I'd not be surprised if delta Chat is also used by <a href="https://infosec.space/tags/RimjinGang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RimjinGang</span></a><a href="https://www.asiapress.org/rimjin-gang/" rel="nofollow noopener noreferrer" target="_blank">*</a> and <a href="https://infosec.space/tags/38North" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>38North</span></a><a href="https://www.38north.org/" rel="nofollow noopener noreferrer" target="_blank">**</a> for a <em>"contactless sneakernet"</em> tho I am convinced they won't confirm or deny that for <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> &amp; <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> reasons alone...</p><ul><li>I mean, both <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Iran</span></a> and <a href="https://infosec.space/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> ain't <a href="https://infosec.space/tags/Iraq" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Iraq</span></a> and <a href="https://infosec.space/tags/Syria" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Syria</span></a> where one could just take a <em>phat</em> satellite dish, strap an LTE stick or even external antennas on and just point it at turkish or lebanese radio towers near the border, as owning any satellite equipment in these places is a guarantee to get publicly executed for <em>"espionage"</em>...</li></ul>
Scott Wilson<p>Everyone should sign up for Zack’s newsletter. </p><p>It’s packed with the news you need, is insightful, entertaining, and concise! </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://infosec.exchange/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://mastodon.social/@zackwhittaker/114721301901032070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@zackwhittaker</span><span class="invisible">/114721301901032070</span></a></p>
eribosot<p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> To the experts on here: is the 16-billion-account breach I've been hearing about the infosec equivalent of The Big One in seismology? Or is this just the beginning, and are things only gonna get worse from here on in?</p>
Jeremy Kirk<p>This is the first time I've seen privacy used as a marketing argument for eyeglasses. Is Zenni's claim is accurate? Does deflecting infrared light foil facial recognition/AI-based tracking? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
bencourtice<p>I uninstalled the Facebook app, and Messenger. Now I only look at Facebook on the mobile page, in Firefox. But Facebook still seems to discover my search history to serve me ads (and I use DuckDuckGo as search engine). Any ideas how the sneaky fuckers at Meta are spying on me? My phone is a Samsung, ie Android. <br><a href="https://aus.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://aus.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://aus.social/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meta</span></a></p>
Matthias Schulze<p>Takeover of British Russia expert’s email accounts used novel phishing tactic <a href="https://therecord.media/keir-giles-russia-expert-email-attack-gtig-citizen-lab-reports" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/keir-giles-rus</span><span class="invisible">sia-expert-email-attack-gtig-citizen-lab-reports</span></a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ChiefGyk3D<p>Wiz just sent me a shirt, hat, and socks—and just saying, free vendor swag is always appreciated in cybersecurity. We will wear it. A lot. Honestly, most of my wardrobe is just a rotating lineup of infosec vendor shirts at this point. <a href="https://social.chiefgyk3d.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.chiefgyk3d.com/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
rk: it’s hyphen-minus actually<p>Friend of mine is looking for a job. He has 25 years of experience in <a href="https://mastodon.well.com/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> , including working for some of the most famous orgs in our industry and sitting at a pretty high level in orgs that you’ve heard of. </p><p>Anyway, a recruiter reached out saying that a company needed someone to build their whole security org from the ground up. You’d need 10+ years experience in infosec management, etc. </p><p>He sent his resume and got back “sorry, you don’t have a Security+, this isn’t going to work.” 😐</p>
Free Teks for sale, cheap<p>My friends in <a href="https://freeradical.zone/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a>: do you use a DAST tool you don’t hate, that can log in with OAuth, and that doesn’t cost a gazillion bucks? There are so many options today, and I could use some recommendations to narrow my search.</p>
Julie Webgirl<p>So I decided to get my PayPal functional again. They want a business document to prove I am who I am. Fine.</p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@elfin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>elfin</span></a></span> you're gonna love this one.</p><p>There are 2 things they required. 1) personal id which had already been done ages ago, maybe proof of address (env.) and 2) business document</p><p>So I send what's handy, a redacted excise tax doc from WA State. </p><p>They approved that. </p><p>But NOW...</p><p>3 more requirements appear</p><p>INCLUDING PASSPORT </p><p>Nope. I'm ripping all my data out &amp; DELETE ACCT</p><p>1/</p><p><a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@afreytes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>afreytes</span></a></span> +9001%</p><ul><li><p>It's impossible to get <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> compliance with <a href="https://infosec.space/tags/GAFAMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAFAMs</span></a>' products!</p></li><li><p>It's impossible to get <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> &amp; <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> on a compliant level when a literal <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> (<a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>) is being used.</p></li><li><p>I cannot work as <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> Sysadmin unter WinShit just like a cardiologist can't perform a heart transplant just cutlery from a prison mess hall and NSAIDs and just like a nurse can't CPR a toddler with a pneumatic jackhammer!</p></li></ul>