The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked. How?

#GhostSec claims to have conducted the first ever #ransomwwre attack against an RTU - remote terminal unit used in ICS environments. @uuallan @RobertMLee #cybersecurity #infosecurity #infosec #cyber

Breaking RSA with a Quantum Computer

🕸️Inside the Ransomware Economy🕸️ Ryuk is the biggest Saas unicorn u've never heard of. $150M ARR. 3 yrs old. Maybe it’s taboo to learn business strategy from a cybergang. But the ransomware industry-- from supply chain operations to market microstructures-- is truly genius. 👇

IoT device browser doesn't let you enter file:///? Use view-source:file:///. It works 80% of the time, every time

Scenario: Your CEO is worried about supply chain security and tells you to implement a program to "stop us from being hit with another SolarWinds." What *specifically* do you do to secure your software supply chain? Please RT for reach. I'm interested in diverse opinions.

Deep link on mobile app ➡️ Host-relative SSRF ➡️ Account takeover 🦾 (affecting @Pinterest) https://t.co/YK5BESKC1F

I'm not that great a chess player, but a pretty good hacker...so after watching The Queen's Gambit I of course put my skills to great use and found a board setup I could give to a chess engine to have it segfault when it tries to search for the next best move... take that

Security Budgets - Supply and Demand Thinking Think of budgeting as a supply & demand problem. Work both sides to make it a risk management exercise. It will bring clarity of thought and illustrates to your business that you are thinking commercially. https://t.co/l1GDuQGncd

Without formal access, a college kid got hold of @OpenAI's GPT-3 and created a fake, AI-generated blog under a fake name. Within hours, his first post reached #1 on @newsycombinator. A case study in how people could (ab)use the model in the future.

🛡️ Sensitive data leakage using .json 🛡️ #cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

For 327 days, the impostor site https://t.co/I2Dnj5GvAe has been stealing traffic/privacy/users from https://t.co/kJk2Wkjqxc, a legit encrypted msg service. Worse: KrebsOnSecurity found https://t.co/I2Dnj5GvAe also will alter bitcoin addresses in messages. https://t.co/FKImFsr1gO

A Red Team Maturity Model https://t.co/5luckZDKQy

From the 15th-19th of June 2020, we will be bringing the best security minds together to take our participants on a unique experience. All sessions will be recorded, LIVE streamed and shared : ) To register, head over to https://t.co/rf8TPGu9NR

I am just watching a great presentation about security & #WardleyMapping by @madplatt. My notes are here, feel free to add

We're excited to release TerraGoat, a vulnerable-by-design training tool for #Terraform! 🐐 📑 Read more about why we built TerraGoat: https://t.co/CZ9pDhfcM7 ⭐ Check it out on GitHub: https://t.co/odFPivB8Ib

We chased an attacker in #AWS and want to share the story. Our blog covers: 🔍 Initial lead w/ #CloudTrail 🕵️ Investigative approach 🤖 Use of orchestration "robots" to respond faster ✅ Steps to improve ☁️ #Mitre ATT&CK Cloud Tactics? 👍 Those too! https://t.co/vUOX5irLs8

.@KorNimrod's @allthetalksconf recording is up! 🥳 Check it out to see the unveiling of AirIAM, our newest open-source project that migrates existing AWS IAM to least-privilege IAM Terraform. https://t.co/BnP6ts83TJ