Early bird tickets for OrangeCon are available until June 1st. If you’re thinking about coming, now’s a good time to grab your spot and save a little. Hope to see you there! #OrangeCon #CyberSec
Recent searches
Search options
#cybersec
7 posts4 participants0 posts today
Replied in thread
I am going to be hard pressed to think that these guys all got it wrong.
- NIST: https://pages.nist.gov/800-63-3/sp800-63b.html
- CISA: https://www.cisa.gov/secure-our-world/use-strong-passwords
- FTC: https://consumer.ftc.gov/articles/protect-your-personal-information-hackers-and-scammers
- UK NCSC: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers
- EFF: https://ssd.eff.org/module/choosing-the-password-manager-that-s-right-for-you
- OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
- Google: https://passwords.google.com
- Microsoft: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-password-manager-security
- Apple: https://support.apple.com/en-us/HT204085
- Stanford: https://stanford.service-now.com/it_services?id=kb_article&number=KB00015886
pages.nist.govNIST Special Publication 800-63BNIST Special Publication 800-63B
NIST "new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a key gap in vulnerability management: identifying which of the thousands of reported flaws each year are actually being used in real-world attacks." www.helpnetsecurity.com/2025/05/26/n... #cybersec #data #tech #natsec
NIST proposes new metric to ga...
Help Net Security · NIST proposes new metric to gauge exploited vulnerabilities - Help Net SecurityNIST proposes the Likely Exploited Vulnerabilities metric to estimate past exploitation and improve patch prioritization.
NUOVA ACTION FIGURE IN EDIZIONE LIMITATA! 
Ammiocuggino – CISO Edition 
Campione mondiale di "Ve l’avevo detto" e genio del male con le "slide del giorno dopo"
Incluso nel prezzo:
50 slide PowerPoint in Comic Sans Il silenziatore per incident response La magica checklist ISO 27001 scritta su un tovagliolo Il cappellino “Non sono io il DPO”
Addestrato nell’arte del "Risk Accepted",
invulnerabile agli alert critici (soprattutto se arrivano di venerdì pomeriggio).
Disponibile solo per chi ha partchato nella sua vita 3 vulnerabilità critiche con la frase: "Tanto è segregato a livello di VLAN."
E ricordate sempre: le minacce cambiano, gli ammiocuggini restano.
"Europol had already detailed attempts to take down the Qakbot and Danabot malware groups, and last Friday it announced the disruption of the following five malware crews:
Bumblebee
Lactrodectus
Hijackloader
Trickbot
Warmcookie" www.theregister.com/2025/05/26/s... #cybersec #data #natsec #tech
RE: https://bsky.app/profile/did:plc:yw6wbtma6fynxiafh5v7j5sf/post/3lq3gj2hvss2y
TeleMessage security SNAFU wor...
The Register · TeleMessage security SNAFU worsens as 60 government staffers exposed
"NSA's Artificial Intelligence #Security Center (AISC) is releasing the joint Cybersecurity Information Sheet (CSI), “AI Data Security: Best Practices for Securing Data Used to Train & Operate #AI Systems”" ieu-monitoring.com/editorial/u-... #cybersec #natsec #infosec #data #tech
U.S. NSA releases guidance on ...
Bluesky SocialBluesky
21 May: "advisory includes indicators of compromise typical of an attack by Unit 26165 of the Russian Main Intelligence Directorate. Threat intel firms track the unit variously as Forest Blizzard, Fancy Bear and APT 28." www.govinfosecurity.com/russian-inte... #cybersec #data #tech #natsec
Russian Intelligence Hackers S...
WATERFALL vs AGILE: il risultato non cambia, ma almeno te lo serviamo a rate.
Quando i manager parlano di Agile, si illuminano come se stessero spiegando la teoria delle stringhe...
Poi guardi i progetti e ti rendi conto che:
In Waterfall il disastro arriva tutto insieme a dicembre. In Agile… ti arriva a rate, da gennaio a dicembre. Con retrospettiva, stand-up e sprint review incluse.
Consiglio gratuito: non è il metodo che ti salva, ma il buon senso.
"As AI-powered social engineering attacks rise, the human lay er has become the new cybersecurity battleground—where trust is exploited and mobile devices are the target." www.forbes.com/sites/tonybr... #cybersec #natsec #data #tech #security #policy #ISA #CISO #NIST
The Human Layer Is The New Att...
There. Cancelled one of my few AI subscriptions and put the money into a monthly donation to @signalapp instead.
I'm thinking I'll get a lot more use out of that 
Time is running out to register for OWASP Global AppSec EU 2025 in Barcelona!
Training: May 26-28 Conference: May 29-30
This event is for builders, breakers, defenders, leaders, and all others who want to engage with the best minds in AppSec, explore emerging tech like AI and LLM security, and connect with OWASP project leaders.
Register now: https://owasp.glueup.com/event/123983/register/
"US Cybersecurity & Infrastructure Security Agency ( #CISA) added Google Chromium, DrayTek routers, & SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog" securityaffairs.com/177962/hacki... #cybersec FCEB agencies #IT #tech #security
CVE-2024-12987
CVE-2025-4664
CVE-2025-42999
U.S. CISA adds Google Chromium...
Bluesky SocialBluesky
ACTIVE EXPLOITATION ALERT
Great work Kyle Lefton 
The baddies at Akamai SIRT (Security Intelligence Response Team) have identified the first ITW exploitation of command injection vulns CVE-2024-6047 and CVE-2024-11120. It's a Mirai variant called LZRD (pronounced luh-zurd according to the interwebs)
blog post includes IOCs, full technical details and malware analysis. video is a silly interpretation bc i'm allergic to content without puns
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
TeleMessage probes 'hack' of Signal clone used by Feds USA 
#signalgate #cybersec #infosec
https://www.theregister.com/2025/05/05/telemessage_investigating/
The Register · Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess
From earlier: This could be detrimental to cybersecurity.
Trump administration proposes cutting $491M from CISA budget https://cyberscoop.com/trump-administration-proposed-cisa-budget-cuts/?mid=1&ref=metacurity.com#cid=2809947
CyberScoop · Trump administration proposes cutting $491M from CISA budget
"Cybersecurity vulnerabilities threatened sensitive student data for millions of North Carolina students. Here's how it happened, how victims can protect themselves from identity theft, and why experts say a threat could still exist" www.wral.com/story/a-hack... #cybersec #tech #data #privacy #hack
A hacker’s ransom: Inside the ...
WRAL · A hacker's ransom: Inside the cyberattack that compromised NC student and teacher records
Serious q. for all queer folk, esp fellow trans girlies: what risks do I run posting face-blurred selfies/photos of myself?
My only thought is association at protests etc, but I don't go to any, so...
I just wanna share cute outfits and photos without feeling like I need an alt. Not authentic...
Would love any feedback RE: AI and related Deepfake etc stuff, or cybersec/opsec folks info perhaps?
My many thanks! 