franken.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Allmächd'na! Franggn is im Fediversum. Fei schee.

Administered by:

Server stats:

44
active users

#cybersecurity

90 posts36 participants0 posts today

It would appear as if Wiz may have discovered another supply-chain compromise:

wiz.io/blog/new-github-action-

The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.

wiz.io · GitHub Action supply chain attack: reviewdog/action-setup | Wiz BlogA supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d]

blog.cloudflare.com/password-r

benjojo.co.ukbenjojo:It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing...

#Cyberangriff auf #Aerticket dauert nach wie vor an: Schon seit dem 9.3. ist der Berliner Großhändler für Flugtickets von einem Cybervorfall betroffen und zurzeit immer noch offline. Parallel wird eine alternative Buchungsplattform online gehen, um den Grundbetrieb zu ermöglichen. Der Angriff zeigt, dass auch die Kompromittierung eines Nicht-#KRITIS-Unternehmens in der #Lieferkette KRITIS-relevante Auswirkungen auf den Betrieb des Flugverkehrs haben kann:
#cybersecurity
golem.de/news/flugticketgrossh

I just published the source code for my very naive #Python implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked #Markdown files linking intrusion sets to their used techniques.

Perhaps someone finds it useful or interesting to experiment with.

Source code: github.com/cstromblad/markdown

I hinted at this in a thread started by @Viss where he asked for input on a few very likely malicious domains. Me @Viss @cR0w @neurovagrant and others did some OSINT fun work with a couple of the original domains.

It was this thread: mastodon.social/@Viss/11414512

Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.

Replied in thread

@ct_Magazin

IT-Sicherheit: Reaktiv oder endlich proaktiv?

Jahrzehntelang rennen wir Sicherheitslücken hinterher, während Hacker immer neue Schwachstellen ausnutzen. Mathematisch gehärtete Architekturen & Zero-Trust-Modelle könnten die Lösung sein – aber warum setzen wir sie nicht konsequent um?

🔹 Patch-Zyklus: ewige Abwehr oder modernes Design?
🔹 Digitale Souveränität vs. Big-Tech-Abhängigkeit?
🔹 Wie können neue Security-Architekturen für IT-Systeme aussehen?

Was meint ihr? Sind wir zu sehr in veralteten Sicherheitsmodellen gefangen? 🤔