🚨 ALERT 🚨 Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.

hoot hoot! What started as "just looking at some videoconfercing solutions" turned in to a story of: "How broken can a smart videoconferencing device possibly be?" modzero.com/modlog/archive… #MeetingOwl

Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken #MeetingOwl #Sicherheitslücke glm.io/165766?s

Meeting Owl videoconference device used by govs is a security disaster arstechnica.com/information-te… by @[email protected] -- Follow me there

Der Chaos Computer Club wird die 37. Ausgabe des Chaos Communication Congress in Hamburg ausrichten. ccc.de/de/updates/202…

Meet our #infosec-veteran Max Moser at Area41 Security Con! He will provide some insights on our #MeetingOwl research during his talk on Friday and is happy to meet-up on the hallway-track.

The Area41 Security Con swag booth is open! Looking forward to meet you there

I released version 0.8.0 of HardeningKitty 🥳 🚀 If you use the development version (github.com/0x6d69636b/win…) there are no changes, but if you use the stable (and signed) version (github.com/scipag/Hardeni…) there are many new lists and improvements #HardeningKitty

Wir haben uns den Report zu TikTok genau durchgelesen: Das ist größtenteils Quatsch. Schauen wir uns die Behauptungen nacheinander an 🧵 x.com/antonrainer/st…

We found a security issue in the latest CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archive…

Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archive…

I published a new release of HardeningKitty 🚀😺 It is now official a PowerShell module, for all other changes see github.com/0x6d69636b/win…

Happy birthday to us! 🎉 12 years of hacking! Thank you to everyone who helped get this far! 😍 modzero.com/en/blog/12th-a…

Joining us for a second year as sponsor is @[email protected]. Thanks for your continued support! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides

darkreading.com/risk/leaky-dic…

This weekend is our event! Doors open 9am at the Säälchen entrance Holzmarkt 25. Join us on Discord discord.gg/ThHNsfQk

📢 ANNOUNCEMENT 📢#CfP for #BSidesBE is finally open. Key Points: - Deadline: 2024-07-14 23:59:59 CET (Bern time) - talk and slides must be in English. - 25m + 5m Q&A More info bern.bsides.ch/call-for-paper… #Infosec #CTI #appsec #ThreatHunting #DFIR #malware #PleaseRT Security BSides

Less than two days until we present our deception strategy at #TROOPERS24 and publish the Active Directory honeypot we always wanted to have. Let's say there is an interesting connection to the talk from Jonas Bülow Knudsen and Andy Robbins...

😂

The 4n6pi and its methodology has been vetted, it will be released by the end of the week. 🥳 Also, I'm considering creating a dedicated HAT with an LCD, status LEDs, and possibly a hardware write-blocked USB port (if feasible). Would anyone be interested in such a HAT?"