Tailscale<p>Security isn’t just a priority — it’s a passion. 🛡️</p><p>This Sunday at @BSidesSF, Tailscale’s <span class="h-card" translate="no"><a href="https://infosec.exchange/@patrickod" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>patrickod</span></a></span> will share how he found a long-standing CSRF bug in the gorilla/csrf Go lib.</p><p>Don’t miss it 🔍 (theatre 14)<br>📅 <a href="https://bsidessf2025.sched.com/event/1x8UA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bsidessf2025.sched.com/event/1</span><span class="invisible">x8UA</span></a><br>📺 <a href="https://bsidessf.org/streams" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bsidessf.org/streams</span><span class="invisible"></span></a></p><p><a href="https://hachyderm.io/tags/BSidesSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesSF</span></a> <a href="https://hachyderm.io/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://hachyderm.io/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a> <a href="https://hachyderm.io/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tailscale</span></a> <a href="https://hachyderm.io/tags/SecurityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityResearch</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
268active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#securityresearch
0 posts · 0 participants · 0 posts today
Rafa Guillermo<p>Been gifted a pair of <a href="https://infosec.exchange/tags/Rayban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rayban</span></a> <a href="https://infosec.exchange/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meta</span></a> glasses for a development job and been told to keep them when done. Kind of interested in them from a security research perspective - what things, if any, are you interested in or curious about that I could take a look into? <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a></p>
G :donor: :Tick:<p>This has been on and off the backlog for a while for various reasons. Excited to finally be able to share!</p><p><a href="https://cirriustech.co.uk/blog/how-i-dorked-my-way-into-meeting-with-canadian-cybercrime/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cirriustech.co.uk/blog/how-i-d</span><span class="invisible">orked-my-way-into-meeting-with-canadian-cybercrime/</span></a></p><p><a href="https://infosec.exchange/tags/GoogleDorks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleDorks</span></a> <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <br><a href="https://infosec.exchange/tags/SecurityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityResearch</span></a> <a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://infosec.exchange/tags/rcmp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rcmp</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>osint</span></a></p>
mle✨<p>Imagine you have a friend who’s worked in security for nearly a decade and they’re feeling burned out. The spark is still there, they care about the work, but they are ✨tired✨. Nothing feels exciting or interesting anymore. </p><p>Apart from taking some time off, they’ve asked for podcast or book recs—stories that will help them feel that twinge of excitement, that will remind them of how rewarding and fascinating this field can be. </p><p>What do you suggest? </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a> <a href="https://infosec.exchange/tags/bookstodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bookstodon</span></a></p>
Xavier Knol :verified_paw: :donor:<p>While I may publish a more complete blog post about this later <br>I also sent this on twitter to make <a href="https://infosec.exchange/tags/Github" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Github</span></a> aware of it quicker<br>However I felt that I should also publish it here.</p><p>I recently came upon this post on reddit: <a href="https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reddit.com/r/cybersecurity_hel</span><span class="invisible">p/comments/196qhup/how_do_i_remove_this_malware/</span></a></p><p>Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop</p><p>looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.</p><p>When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,<br>Adding several exclusions to defender <br>and uninstalling various windows security components such as MRT.</p><p>After which it of course connected to various Monero mining pools.</p><p><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cryptominers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptominers</span></a> <a href="https://infosec.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a></p>
JM ☠️<p>“In a first, cryptographic keys protecting SSH connections stolen in new attack” (in other words, you should have adopted ed25519 for some time already ;) <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>informationsecurity</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://infosec.exchange/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a> </p><p><a href="https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2023/</span><span class="invisible">11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/</span></a></p>
The Spamhaus Project<p>🎉 And we’re on Mastodon!</p><p>If you’re new to The Spamhaus Project, check out our bio above 🔝</p><p>Ultimately, we’re here to build a community. A community of like-minded individuals, who want to make the internet a safer place. On Mastodon, we’ll be sharing latest threat intelligence from our researchers and threat hunters, and we’d like to invite you to do the same….</p><p>Earlier this month, we launched our Threat Intel Community, giving anyone the ability to submit malicious domains, IPs, email source codes, or URLs to Spamhaus through our user-friendly portal. </p><p>If you’re curious to know more, read this blog:<br><a href="https://www.spamhaus.org/news/article/821/want-to-submit-data-be-our-guest" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/news/article/821/</span><span class="invisible">want-to-submit-data-be-our-guest</span></a></p><p>Or visit the Threat Intel Community here:<br><a href="https://submit.spamhaus.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">submit.spamhaus.org</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/ThreatHunter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunter</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/SecurityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityResearch</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Botnets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Botnets</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a></p>
mle✨<p>Progress Software is having an interesting time. First <a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MOVEit</span></a>, now multiple <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> disclosures for their <a href="https://infosec.exchange/tags/WS_FTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WS_FTP</span></a> product. The silver lining here is that it doesn’t look like any of these are known to have been exploited in the wild. (Yet?)</p><p>But out of curiosity, we looked at the Internet exposure of WS_FTP instances with the Ad Hoc Transfer module installed, read about it here ⬇️</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/securityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityResearch</span></a> <a href="https://infosec.exchange/tags/CensysResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CensysResearch</span></a> <a href="https://infosec.exchange/tags/MFT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFT</span></a> (No, this isn’t MFT but it all feels very…related.)</p><p><a href="https://censys.com/cve-2023-40044/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">censys.com/cve-2023-40044/</span><span class="invisible"></span></a></p>
Amit Serper :donor: 🎗️<p>I'm very happy to share with you all my latest research <a href="https://infosec.exchange/tags/blogpost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blogpost</span></a> along with my awesome team mate Reuven Yakar. Reuven and I found a critical vulnerability in the popular Wemo smart electrical socket by Belkin. This research had all the fun stuff - software AND hardware hacking and reverse engineering and I'm super excited to finally be able to share it. Note that Belkin WILL NOT be releasing a patch to this vulnerability:<br><a href="https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sternumiot.com/iot-blog/mini-s</span><span class="invisible">mart-plug-v2-vulnerability-buffer-overflow/</span></a></p><p><a href="https://infosec.exchange/tags/iot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iot</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a> <a href="https://infosec.exchange/tags/belkin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>belkin</span></a> <a href="https://infosec.exchange/tags/wemo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wemo</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
Cory DoctorowLong thread/6
SecurityBSidesItalia<p>Attention all security professionals and enthusiasts! We are excited to announce our upcoming SecurityBSides event in Milan on July 8, 2023. This is your chance to share your knowledge, insights, and experiences with the community. We are now accepting proposals for presentations and workshops. Submit your ideas on cutting-edge security topics for a chance to speak at the event. Don't miss this opportunity to be a part of the security conversation in Milan. Submit your proposal now! <a href="https://infosec.exchange/tags/SecurityBSides" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBSides</span></a> <a href="https://infosec.exchange/tags/Milan2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Milan2023</span></a> <a href="https://infosec.exchange/tags/BSML23" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSML23</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/information" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>information</span></a> <a href="https://infosec.exchange/tags/cfp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cfp</span></a> <a href="https://infosec.exchange/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>research</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@SecurityBSidesGlobal" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>SecurityBSidesGlobal</span></a></span> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a> <a href="https://infosec.exchange/tags/securityawareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityawareness</span></a> <a href="https://infosec.exchange/tags/trainings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trainings</span></a> Check out our website!! <a href="https://milano.securitybsides.it" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">milano.securitybsides.it</span><span class="invisible"></span></a> and the call for paper page!! <a href="https://easychair.org/cfp/bsml23" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">easychair.org/cfp/bsml23</span><span class="invisible"></span></a> <br>We are waiting for you, are you up for it!!</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload