We all knew it would happen. In this case it was not from l33t IoT hax, but a lack of segregation of duties; Support had access to all of the video whether they needed it or not. Further proof that security basics need to apply to the whole IoT ecosystem. buff.ly/3C5Cryg

One of my amazing coworkers jsut put together some thoughts on the new and upcoming CVSS 4.0 scoring. TL;DR: He's excited. linkedin.com/posts/finitest… buff.ly/3X5nINC

In an apparent series of "Why does this thing need to be IoT enabled", Cyrill Künzi hacked his Philips Sonicare toothbrush: It is NFC enabled! buff.ly/45H3NrZ . atc1441 dropped the NFC password calculation: buff.ly/3N47Ztr. Now in the Proxmark Iceman firmware.

While still in the public comment phase, I'm like that CVSS 4.0 scoring can improve how organizations can make decisions on risk. Benefits from the proposed metrics can contextualize actual exploitability, and how it applies to OT/ICS and even healthcare. buff.ly/3J6TJPr

If you do Kubernetes, you need this class. Jay does amazing work!

Come hack some door access systems with me at Defcon’s Physical Security Village

They look great!

We've got a little something to help you make it to 5pm! Episode 21 of our podcast is out today! Eric & haxorthematrix, break down what the new White House Cybersecurity Labeling Program means for you and your customers + more. 🎧hubs.ly/Q01ZjqHv0

To all of my old hacker friends, don’t forget to refill your DEF CON ibuprofen… #DEFCON31

We're thrilled to be participating in an upcoming webinar hosted by SecurityWeek alongside our friends @microsoft. Join us Thursday, September 7th at 1p ET for "Scaling Software Supply Chain Security." haxorthematrix Thomas Bain Register: hubs.ly/Q01_c-q70

🚨 Vulnerability Alert: The WebP Library (CVE-2023-4863) 🚨 New updates reveal that the vulnerability originally discovered in Google Chrome has broader implications than initially thought. Delve deeper into CVE-2023-4863 and what it means for you: hubs.ly/Q023SZy10

Hey folks, Paul Asadoorian @[email protected] and I have been nominated for TWO SANS Difference Maker awards, One for podcast and one for lifetime achievement! Go vote for us at securityweekly.com/dma (search for "paul" to make it easy to find both of our entries)

Known as Looney Tunables (CVE-2023-4911), a newly disclosed vulnerabiilty impacts a vast number of Linux systems. While it's a local privilege escalation vulnerability, understanding the threat is paramount. For a comprehensive breakdown, read more here: hubs.ly/Q024DKMZ0

Visualize the DJI 2017 AWS data leak with CARTO to help grok what it may mean with regard to #HR2864 cc Elise Stefanik Rep. Elise Stefanik Department of Defense 🇺🇸 Department of State @djiglobal @djienterprise @djisupport @djiflysafe #DronesHelp #DronesForGood #DJI #DJIEnterprise clausa.app.carto.com/map/f7f15776-2…

Great turnout for haxorthematrix session yesterday @automotive_iq #AutoCyberSec24 in Detroit. We're always so honored and proud to see our Fi-Knights representing Finite State as leaders in the industry. Way to go, Larry! #automotivesecurity #connectedvehicles #sbom #finitestate

The U.S. Cyber Trust Mark. ✔️ What is it? When will it go into effect? How will it impact manufacturers and consumers? Our own Larry Pesce haxorthematrix has everything you should know about the FCC's new program for labeling smart products: hubs.ly/Q02qWmNz0 #finitestate

Hey all, Security Weekly has been nominated for a SANS Difference Maker award, and we are in the top 5 finalists.  Go vote for us!  sans.org/about/awards/d…

Ok, I know I posted this the other day, but now it is all official like: Big news! I’m a #SANSDMA nominee! Voting closes Friday, October 4 and I’d love if you could vote for me. Cast your vote now: survey.sans.org/jfe/form/SV_e3…

🚨 BIG NEWS! 🚨 haxorthematrix and I were accepted to to #Shmoocon! We are bringing the #CYA - Cover Your Ass - A cheap BLE Tracker Analyzer! It’s so cheap, you’ll think it runs on Colt45🍺 Come for the DIY BLE-Hunting Fun, stay punny fun! 🕵️‍♂️💛 It’s time to #CYA

The U.S. Cyber Trust Mark will help consumers identify IoT products meeting baseline security standards. Finite State can guide you through pre-certification & beyond. Check out our blog & drop your questions below 👉 finitestate.io/blog/u.s.-cybe… #IoTSecurity #CyberTrustMark