alyssam_infosec

So he trashed Ubiquiti, costing them $4B in market cap, on the basis of a single source that has since been indicted for charges that include providing false info to the press. Those who blasted Ubiquiti for suing him, where are you now? https://krebsonsecurity.com/ ...

2022-09-01 View on X

Krebs on Security

Brian Krebs apologizes to IoT manufacturer Ubiquiti after posting now-removed articles on a “breach” based on a “sole source” currently under federal indictment

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. Tweets: @quinnypig , @alyssam_infosec , @berendjanwever , @davezatz , @blowdart , @jrozner , and @g...

View original

Probably a good day to take a look at your Linux systems. If there's no patch available for the OS, a simple chmod provides a pretty effective mitigation. https://blog.qualys.com/...

2022-01-27 View on X

BleepingComputer

Researchers find a 12-year-old vulnerability in Polkit that local attackers can use to gain root privileges on all major Linux distributions; an exploit is out

View original

2021 and Apple still does all they can to evade transparency. Their long checkered history with the CVE database isn't news, but that even today they release a security fix like this without an accompanying CVE is simply childish. https://www.bleepingcomputer.com/ ...

2021-09-22 View on X

BleepingComputer

macOS is susceptible to running arbitrary code when a user opens a malicious .inetloc file, and Apple's first attempt to silently fix the issue failed

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands …

View original

Thinking on my thread earlier this week about VPNs and feeling some relief that I didn't choose Proton VPN. Not because they complied with the order, but rather because of how shady they're being about it after the fact. https://www.slashgear.com/...

2021-09-07 View on X

TechCrunch

ProtonMail is under fire for disclosing a French activist's IP address to Swiss authorities; ProtonMail had claimed to only log IPs in “extreme criminal cases”

ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism …

View original

30 Million devices. An RCE in a feature of their remote connect support capability for reflashing the operating system. https://threatpost.com/...

2021-06-25 View on X

BleepingComputer

Researchers discover four major vulnerabilities in Dell SupportAssist's BIOSConnect feature, letting hackers remotely execute code, affecting 129 Dell models

Sergiu Gatlan / BleepingComputer :

View original

Say @Twitter @TwitterSupport this is one of your worst ideas ever. Turning the harassment that goes on in DMs up another notch and creating more content paths that lack accessibility for all sure has all the optics of a company that just doesn't give a shit. https://twitter.com/...

2021-02-18 View on X

Android Central

Twitter starts testing voice DMs, which can be up to 140 seconds long, on iOS in India, Brazil, and Japan

Babu Mohan / Android Central :

View original

Hi @GoDaddy @GoDaddyHelp, as a 15-year Cybersecurity professional, I find this absolutely appalling. Abusing your employees in this way does nothing to improve your security posture, in fact quite the opposite. You can and need to do better. https://coppercourier.com/...

2020-12-26 View on X

The Copper Courier

Some GoDaddy employees are upset after the company sent a phishing email scam to test its employees, with the email promising a $650 one-time holiday bonus

only to tell the ones who clicked through they failed a phishing test. so gross. if you use GoDaddy you should change that. https://coppercourier.com/... Shon / @gayblackvet : Imag...

View original

Hi @GoDaddy @GoDaddyHelp, as a 15-year Cybersecurity professional, I find this absolutely appalling. Abusing your employees in this way does nothing to improve your security posture, in fact quite the opposite. You can and need to do better. https://coppercourier.com/...

2020-12-25 View on X

The Copper Courier

Some GoDaddy employees are upset after the company sent a phishing email scam to test its employees, with the email promising a $650 one-time holiday bonus

GoDaddy surpassed 20 million customers this year and laid off or reassigned hundreds of employees during the coronavirus pandemic in Arizona, Iowa, and Texas.

View original

ICYMI: Here's the article that got Coinbase all hot and bothered to the point that they doubled down on their toxicity to release a pre-emptive blog. Just in case you need it....for science. https://www.nytimes.com/...

2020-11-28 View on X

New York Times

Twenty-three current and former Coinbase employees allege mistreatment and racial discrimination, as some say the cryptocurrency startup ignored complaints

whose CEO said “keep politics out of the workplace”—has a hostile and racist workplace. https://www.nytimes.com/... Wynter Mitchell Rohrbaugh / @wyntermitchell : Y'all gon learn th...

View original

Coinbase continues to double down. Trying to head off an expected uncomplimentary article they instead unwittingly do more damage by basically confirming their corporate tone. Yet again reminding me I made the right decision turning them down. https://blog.coinbase.com/...

2020-11-27 View on X

The Coinbase Blog

Coinbase shares an internal email on an upcoming NYT story alleging several Black employees had negative experiences, says it “will paint an inaccurate picture”

none — ever gives you a generous, long runway to respond in the future https://twitter.com/... Eli Dourado / @elidourado : Fools! Didn't you know that when an elite reporter comes ...

View original

Doesn't matter how much testing you do, when you don't have diversity in your teams working on these projects, when you don't correctly diversify your training sets, you get this trash. This needs to be addressed much sooner than testing before shipping. Major Fail Twitter! https://twitter.com/...

2020-09-22 View on X

Mashable

Twitter says it will investigate after users find its preview of a photo, with a Black person and a white person, more frequently displayed the white person

View original

More media coverage of the #SourMint malicious SDK disclosure that we announced publicly today. Our co-founder, Danny, sharing his thoughts on the threats and impacts of this SDK that's been stealing revenue and violating privacy for over a year. https://www.forbes.com/...

2020-08-25 View on X

Forbes

Security research firm Snyk alleges that Chinese ad network Mintegral committed ad click fraud via its SDK across billions of installs of 1,200+ iOS apps

A Chinese ad network named Mintegral is accused of spying on user activity and committing ad fraud in more than 1,200 apps with 300 million installs per month since July 2019.

View original

This situation is actively impacting 1,200 popular iOS apps. The Ad SDK uses method swizzling to hijack iOS URL handling methods, generate false ad attribution claims, and log all URL-based user activity within the apps. Read our summary of the impact and details of our research. https://twitter.com/...

2020-08-25 View on X

Forbes

Security research firm Snyk alleges that Chinese ad network Mintegral committed ad click fraud via its SDK across billions of installs of 1,200+ iOS apps

A Chinese ad network named Mintegral is accused of spying on user activity and committing ad fraud in more than 1,200 apps with 300 million installs per month since July 2019.

View original

Wonder how much more motivating a leak of trade secrets on this level will be over breaches of payment and private consumer data? https://www.zdnet.com/...

2020-08-08 View on X

ZDNet

Intel is investigating a leak of 20 GB of documents, some confidential, possibly from an internal source accessing its Resource and Design Center

Catalin Cimpanu / ZDNet :

View original

Wonder how much more motivating a leak of trade secrets on this level will be over breaches of payment and private consumer data? https://www.zdnet.com/...

2020-08-07 View on X

ZDNet

Intel is investigating a leak of 20 GB of documents, some confidential, possibly from an internal source accessing its Resource and Design Center

Leak confirmed to be authentic. Many files are marked “confidential” or “restricted secret.” — US chipmaker Intel is investigating …

View original

This is truly a bizarre emerging story. Amz: “Remove TikTok from your phones”. Amz: “Wait, we didn't mean to send that”. Employes: “Wait WTF??” Amz: <crickets> https://twitter.com/...

2020-07-12 View on X

The Verge

Amazon says it will not ask employees to remove TikTok from their mobile devices, and an internal email asking them to delete the app was sent in error

then walked back the policy and said it was an ‘error’ Rachel Lerman / Washington Post : TikTok users fear app shutdown as security concerns grow David Matthews / TechSpot : Amazon...

View original

This is truly a bizarre emerging story. Amz: “Remove TikTok from your phones”. Amz: “Wait, we didn't mean to send that”. Employes: “Wait WTF??” Amz: <crickets> https://twitter.com/...

2020-07-11 View on X

The Verge

Amazon says it will not ask employees to remove TikTok from their mobile devices, and an internal email asking them to delete the app was sent in error

The company confirms that an email was sent out in error earlier today — Amazon says that it will not ask employees to remove …

View original

The discovery of this by @GossiTheDog and @MalwareTechBlog has been fascinating to watch but also terrifying. BlueKeep seems to be the gift that keeps on giving for attackers. @MalwareJake thanks for your analysis as well. https://www.zdnet.com/...

2019-11-04 View on X

Wired

Researchers spot the first successful attack using Windows BlueKeep vulnerability; the exploit is not a worm and installs cryptominers, instead of ransomware

Using Firepower to defend against encrypted DejaBlue Jon Fingas / Engadget : The first in-the-wild BlueKeep cyberattack isn't as dangerous as feared Elizabeth Montalbano / Threatpo...

View original