/
Navigation
C
Chronicles
Browse all articles
C
E
Explore
Semantic exploration
E
R
Research
Entity momentum
R
N
Nexus
Correlations & relationships
N
~
Story Arc
Topic evolution
S
Drift Map
Semantic trajectory animation
D
P
Posts
Analysis & commentary
P
Browse
@
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
?
Concept Search
Semantic similarity search
!
High Impact Stories
Top coverage by position
+
Sentiment Analysis
Positive/negative coverage
*
Anomaly Detection
Unusual coverage patterns
Analysis
vs
Rivalry Report
Compare two entities head-to-head
/\
Semantic Pivots
Narrative discontinuities
!!
Crisis Response
Event recovery patterns
Connected
Nav: C E R N
Search: /
Command: ⌘K
Embeddings: large
VOICE ARCHIVE

Mick Douglas

@bettersafetynet
7 posts
2024-06-07
An open letter/thread to @msftsecurity and @Microsoft 🧵 MSFT, please listen. I get that you've invested a TON into the Recall product line. Hopefully, you've heard the concerns of the infosec community. If not, I recommend review of @GossiTheDog's recent work. 1
2024-06-07 View on X
Windows Central

After Microsoft eroded Windows users' trust with bad practices for years, Recall is a PR disaster, as users remain skeptical despite the company's assurances

inside the Copilot+ Recall disaster. Andrew Cunningham / Ars Technica : Windows Recall demands an extraordinary level of trust that Microsoft hasn't earned Alex / xaitax on GitHub ...

View original
2024-02-04
This AnyDesk situation is -=WILD=- When you get a signing cert, it's a bit like Fight Club. The first rule of signing certs is do not get your signing cert stolen. The second rule of signing certs is DO NOT GET YOUR SIGNING CERT STOLEN
2024-02-04 View on X
BleepingComputer

Remote desktop software maker AnyDesk says it has suffered a cyberattack recently; source: hackers stole source code and private code signing keys

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems.

View original
2023-09-07
Side tweet: I'm already seeing some snarky and frankly stupid takes about this report. I frequently do table top assessments. Had I run this as a scenario, most orgs would find this threat unrealistic. That MSFT could even tell how this happened puts them in the 0.01% 1
2023-09-07 View on X
BleepingComputer

Microsoft says Chinese hackers who in June breached US government email accounts stole an MSA key from a crash dump after hacking a Microsoft engineer's account

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump …

View original
How the signing key got stolen. IMO a must read for all infosec practitioners https://msrc.microsoft.com/... I am very appreciative of MSFT for the level of detail they've released here. I wish it were a little faster, but IDK? maybe it took them a while to get this done?
2023-09-07 View on X
BleepingComputer

Microsoft says Chinese hackers who in June breached US government email accounts stole an MSA key from a crash dump after hacking a Microsoft engineer's account

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump …

View original
After chatting w/ someone who wants OPSEC. This MSFT signing attack targeted a dev. They're now *the* target. They've been special for so long they don't have the controls needed that others I think we need to rethink dev systems. 1
2023-09-07 View on X
BleepingComputer

Microsoft says Chinese hackers who in June breached US government email accounts stole an MSA key from a crash dump after hacking a Microsoft engineer's account

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump …

View original
2021-02-13
@business If this is true, WE NEED TO KNOW. Show us some proof! Anything! PLEASE!! You have no idea how bad this goes each time you dig this corpse up and defile it again.
2021-02-13 View on X
Bloomberg

Sources: US investigators say hardware and firmware of Supermicro servers were tampered with as late as 2018, via chips with backdoors sending data to China

It has been two and a half years since … John Gruber / Daring Fireball : Bloomberg, at Long Last, Follows up on ‘The Big Hack’, and It's Nothing but a Pile of Sophistic Horseshit T...

View original
2020-07-26
Put the work in! Get your learn on... and get PAID. Infosec is not for the faint of heart, but for those who are willing to study/work hard, you have a bright future. Pick something and learn it WELL. Then pick another thing. Find those who will help you on your way. Join us! https://twitter.com/...
2020-07-26 View on X
Krebs on Security

A survey of 500+ cybersecurity pros sheds light on which skills they find most useful in cybersecurity job candidates, and which are most frequently lacking

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers … Tweets: @bettersafetynet , @briankrebs...

View original