“The level of cybercrime has risen to the point where it feels overwhelming. And every year it gets worse. And it feels like as defenders, it's almost like we're winning every battle and losing the war,” says Allison Nixon, a cybersecurity researcher. cbsn.ws/3Jh3nyL

STRONG RECOMMENDATION -
If you are a CISO and you have a 3rd party (Automation, AI, Analytics) that uses Sisense or you SUSPECT uses Sisense INSIST on an impact statement NOW.
I can 100% guarantee there are a lot of you with impact.

Your data was accessed by a threat actor.

If you are, or ever were a sisense customer, Treat this extremely seriously. Members of the cyber community and agencies all over the world have worked this over the last few days.

Do not underestimate the risk. Expire any exposed credentials. Check all exposed infrastructure.

The data stolen from sisense contained all these tokens, credentials and access configurations. This is a worst case scenario for many sisense customers. These are often literally the keys to their kingdoms. Treat as an EXTREMELY serious event. 2/2

The nature of sisense is they require access to their customers confidential data sources. They have direct access to JDBC connections, to SSH, and to SaaS platforms like Salesforce and many more. It also means they have tokens, credentials, certificates often upscoped. 1/2

The government doesnt want you to look at the sun. What are they hiding?

this is really funny in light of so many security layoffs

arstechnica.com/tech-policy/20…

Amazing

arstechnica.com/security/2024/…

but can the james webb space telescope see why kids love the taste of cinnamon toast crunch?

Ten months ago, we launched the Vesuvius Challenge to solve the ancient problem of the Herculaneum Papyri, a library of scrolls that were flash-fried by the eruption of Mount Vesuvius in 79 AD.

Today we are overjoyed to announce that our crazy project has succeeded. After 2000…

Twitter has had the sim swap password reset security flaw since before your new owners, and you can blame your users (or the old owners!) all you want but you still have to fix the problem. So go fix it.

I don't know why govs still use twitter at all

wired.com/story/sec-x-ac…

LOL

This is an interesting and excellent approach to fixing sim swap. Its a christmas miracle!

(Massive fines)

support.bandwidth.com/hc/en-us/artic…

New PC is lit

best talk at blackhat 2023 finally hit youtube youtube.com/watch?v=9YK7Ug…

i like to photoshop santa hats on law enforcement seizure notices when they happen right before christmas. i was not involved in this, but the feds seized the ALPHV/Blackcat site and stole all the decryption keys, and is handing them out to victims for free. so, MERRY CHRISTMAS!!

It seems that the core investigative method here is “if two people worked on something together “anywhere” then all the organizations they belong to must be colluding.”

Trust groups contain many people from many organizations. Im in several trust groups with volunteers from all…

Nutjobbery aside, let it be abundantly clear that whatever happens with regard to CTIL determines the viability of any future 'public-private partnership'. CTIL gave gov a slew of good faith wins built on volunteer effort. If they can't expect public support then no one should.

If you do Cyber Threat Intelligence you're a government censorship agent and you should be in jail for 50,000 years!!!!!!1111