2026-03-05
This is likely snake oil, but tons of people are boosting it. Ultrasonic mic jammers are real & a fraction of the price. What they claim is new: using AI to detect mics. There are ways to find hidden mics. The TSCM space (bug sweepers) has tons of tricks that seem like pure
The Daily Dot
Deveillance's upcoming anti-surveillance device, Spectre I, went viral after its founder said it blocks nearby listening devices with AI, but some are skeptical
2025-05-05
All the people who actually think the gov has a backdoor in Signal are real quiet right now. 😂 Multiple departments have been using this clone of Signal just to keep copies of their messages. It's so busted that it only took 20min effort to start reading people's messages.
micahflee
A hacker breaches TeleMessage, which makes modified versions of apps like Signal used by US officials including JD Vance, leaking some chats, contacts, and more
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked. — 💡
People were concerned that gov record retention laws were being broken due to the use of Signal. This picture shows that's not the case! See the “TM SGNL” on screen? That's a Signal wrapper specifically for maintaining archives of the messages. https://www.telemessage.com/ ... I [image]
micahflee
A hacker breaches TeleMessage, which makes modified versions of apps like Signal used by US officials including JD Vance, leaking some chats, contacts, and more
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked. — 💡
2023-10-22
So the front door into tons of companies (Okta) has such bad visibility for their own network that they can't find an intrusion that someone has actively flagged. Sleep well defense teams!
CNBC
Okta's stock closed down 11.57% on October 20 after the cybersecurity firm said a hacker used a stolen credential to access its support system and client files
- Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
2023-10-21
So the front door into tons of companies (Okta) has such bad visibility for their own network that they can't find an intrusion that someone has actively flagged. Sleep well defense teams!
CNBC
Okta's stock closes down 11.57% after the cybersecurity company said a hacker accessed its support system using a stolen credential and viewed client files
- Cybersecurity firm Okta said an unidentified hacker had accessed the company's support system and viewed client files.
2023-03-01
It was Plex. They exploited Plex to get into the home network, installed a keylogger on a home laptop, and got the corp vault password because the home laptop was logging into it. Targeted high value employee shortly after the https://arstechnica.com/...... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
4 people who have access to “the keys to the kingdom”. At least 1 of them was accessing them from a home computer. For how long without anyone noticing? If that didn't raise flags, then it won't for an attacker either. Helping them harden their home network is nice, but there... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing https://support.lastpass.com/ ...... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
Does your Red Team get to target people's home computers and networks? I am guessing that a great big “nope” for almost every company I know of.
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
Just to be clear: while there is plenty to criticize about the LastPass product, the transparency of what was posted today is great. It actually gives me some hope that I didn't previously have. The attacks seen here could happen to any company. Most would have handled it much... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
2023-02-28
Does your Red Team get to target people's home computers and networks? I am guessing that a great big “nope” for almost every company I know of.
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing https://support.lastpass.com/ ...... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
4 people who have access to “the keys to the kingdom”. At least 1 of them was accessing them from a home computer. For how long without anyone noticing? If that didn't raise flags, then it won't for an attacker either. Helping them harden their home network is nice, but there... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
Just to be clear: while there is plenty to criticize about the LastPass product, the transparency of what was posted today is great. It actually gives me some hope that I didn't previously have. The attacks seen here could happen to any company. Most would have handled it much... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
It was Plex. They exploited Plex to get into the home network, installed a keylogger on a home laptop, and got the corp vault password because the home laptop was logging into it. Targeted high value employee shortly after the https://arstechnica.com/...... https://twitter.com/...
BleepingComputer
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
2023-01-31
Calling all you “ChatGPT can make malware” people. Here is your chance to get off social media and start generating passive income. https://twitter.com/...
CyberScoop
Kaspersky: from January 2020 to June 2022, hacker groups offered salaries from six figures to $1.2M, bonuses, and paid leave to attract talent on the dark web
Despite the obvious risks, tech jobs with hacking groups can be alluring for those who need the money or want to do the work.
2022-07-04
If DoorDash allowed drivers to query customer details of everyone signed up, not just their active order, people would lose their minds. But bug bounty employees accessing critical vulns of customers they aren't even working on? Just a policy stopping it, no technical controls https://twitter.com/...
BleepingComputer
HackerOne says an employee stole vulnerability reports submitted through its bug bounty platform and disclosed them to seven companies for financial rewards
Sunday, July 03, 2022 // (IG): BB //Weekly Sponsor: Zanes Hand Made (leather works) Slashdot : How Bug Bounty Platform HackerOne Handled Its Own ‘Internal Threat’ Actor Tweets: Jak...
2022-07-03
If DoorDash allowed drivers to query customer details of everyone signed up, not just their active order, people would lose their minds. But bug bounty employees accessing critical vulns of customers they aren't even working on? Just a policy stopping it, no technical controls https://twitter.com/...
BleepingComputer
HackerOne says an employee stole vulnerability reports submitted through its bug bounty platform and disclosed them to seven companies for financial rewards
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. Source: HackerOne .
2022-03-29
This shows a lot of layers of security breakdown happening here. This is bigger than Okta. I promise that a lot of these fails are easily observed at many companies. Take notes, learn, improve. https://twitter.com/...
Wired
Leaked Mandiant report: Okta's contractor Sitel first sent a Lapsus$ breach notification to Okta on January 25 and a detailed “Intrusion Timeline” on March 17
Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don't explain the apparent lack of urgency.
2022-03-24
... and quite a journey from the original statement, we finally arrive at 366 customers potentially impacted. Detailed logs being shared with those customers. That's good! I wouldn't be surprised if LAPSUS$ drops more loot from their slack, etc. Hopefully Okta has cleaned that up https://twitter.com/...
Bloomberg
Security researchers say a 16-year-old from England is the Lapsus$ group's mastermind; source: researchers identified seven unique accounts tied to Lapsus$
Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp. …