»New Exploit Method Extracts Microsoft Entra Tokens Through Beacon«
How secure are the Microsoft products and do they serve, among other things, the CIA? How safe are companies that "inevitably" use it?! (rhetorical question)
https://gbhackers.com/new-exploit-method-extracts-microsoft-entra-tokens/
»Your password manager is under attack, and this new threat makes it worse: How to defend yourself:
Heard of polymorphic browser extensions yet? You will. These savage imposters threaten the very future of credential management. Here's what you need to know - and do.«
I use @keepassxc, but with the plugins for the browsers you should make sure that you use the right ones.
@alexchapman +9001%
#Adblockers are necessary for #Accessibility and #ITsec in the age of #malvertising aka. #malware being #advertised openly as wannabe-legitimate software!
"Are you secure?"
"Yes with salt and pepper." "What...?!??" "Password hashing!" … *peep*
#ChrisKrebs loses #GlobalEntry membership amid Trump feud
President's campaign continues against man he claims covered up evidence of electoral fraud in 2020 https://www.theregister.com/2025/05/01/chris_krebs_global_entry/
#CISA #ITSec
»Here's the source code for the unofficial @signalapp app used by Trump officials«
– from @micahflee
My goodness is this dilantic or a deliberate security weakening? In the code you do never write a fixed security code and even in the .env it is avoided. However, this is still implemented a lot of "professionals".
https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
#EFF Leads Prominent #Security Experts in Urging Trump Administration to Leave #ChrisKrebs Alone
Political Retribution for Telling the Truth Weakens the Entire #Infosec Community and Threatens Our #Democracy; Letter Remains Open for Further Sign-Ons
https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs
#ITSecurity #ITSec #CISA
@krypt3ia I think @briankrebs and other #ITsec profressionals are cringing hard.
@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...
Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…
#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.
Who needs #phishing when your login's already in the wild?
Stolen #credentials edge out email tricks for cloud break-ins because they're so easy to get
Criminals used stolen credentials more frequently than email phishing to gain access into their victims' IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant's list of most common initial infection vectors.
https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
#itsec #security
@GottaLaff the sheer fact that he didn't get jailed for this violation of #ITsec, #InfoSec, #ComSec & #OpSec rules is propably making #RealityWinner and #ChelseaManning scream internally at max volume.
The comment I made in the post referring to "within minutes" actually comes from the cover letter with the whistleblower affidavit which is available here:
Was? Das ist noch eine Meldung wert? Sollte es ernsthaft noch denkende Menschen geben, die #Zyxel einsetzen?
@shoppingtonz @alternativeto @torproject granted, those cases are "nieche" as in "extreme low latency applications" are out.of scope for #Tor as they are intrinsically incompatible with a self-routing #Proxy network.
I took an ITSec training today that gave "Thi5izmyP4ssWord!" as an example of a good password to use. I'm curious what people think of a password like this.
#ITSec #security #passwords
Wahnsinn. #opensource #linux #log4j #itsec #exploits
"I am no hero" Unfassbar gut, lieber @br_data ! #br #bayerischerrundfunk
Linkempfehlung ARD Audiothek
@IrrsinnHilft
1. Es gibt Leute, die müssen dahin, siehe https://heise.de/-10352231
2. Es geht um #ITSec und #Datensicherheit, nicht um eine andere Sicherheit.
Browser extensions... seriously? 
Think of 'em like little backdoors straight into your systems.
Sure, things like spellcheckers and handy AI tools seem convenient, right? But the permissions they often demand? Honestly, it's often insane. 
Look, as a pentester, I strike gold with these *all the time*! 
We're talking cookies, passwords, browsing habits – sometimes it's all just wide open. And *then* people are shocked when they get hacked. 
Yeah, security awareness training definitely matters. But here’s what’s even more critical: you absolutely *need* to know which extensions your team is actually using! Go on, check those permissions thoroughly! Otherwise, you're just asking for trouble down the line. 
So, spill the beans: Which browser extension has given *you* a major headache before? Let's hear it!
