Search
Items tagged with: infoSec
https://threadreaderapp.com/thread/1796640601431027979.html
Thread by @rosaticorp on Thread Reader App
@rosaticorp: 🚨 Just received a phone call from the Hillsborough County Sheriff's Office this afternoon. Officer reads off his badge number & proceeds to ask if this is [my name] located at [my address] w/ SSN#...…threadreaderapp.com
In his latest piece, @GossiTheDog@cyberplace.social dives deep into the security implications of Microsoft's Copilot+ Recall. 🔍📝
Key takeaways:
🔴 Recall constantly takes screenshots of your PC
🔴 Everything you've seen is stored in a plain text database 📁
🔴 Hackers can easily exfiltrate this data in seconds 👨💻💨
🔴 Auto-deleting messages stay in Recall indefinitely ♾️
"Recall enables threat actors to automate scraping everything you've ever looked at within seconds." 😱
"This is the dumbest cybersecurity move in a decade." - @gossithedog 🤦
#AI #Infosec #DataSecurity #Windows #Recall #CyberSecurity
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…Kevin Beaumont (DoublePulsar)
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…Kevin Beaumont (DoublePulsar)
Big fan of this: smart curtains company Slide is shutting down, but they offer one last update which enables its consumers to keep their curtains running through a local API. Great solution for an increasingly prevalent situation in which consumers are left with IoT devices that no longer function because the manufacturer stops existing (see VanMoof, Gigaset, and more).
https://mailchi.mp/62a41d08c384/important-service-message-slide-is-closing-its-doors?e=d537a73017
Oh noo....
Did someone forget to change the default credentials on your multifunction printer?!?!?!
Ohhhh nooooo.....
Did someone set up the printer to do email address lookups on active directory?
Hmmm????
Are there stored Domain user service account credentials on this here printer????
Hmmmm???
Well..... since I AMMMMMM administrator on the printer because I looked up the default credentials on the public internet.....
Maybe you wouldn't mind if I changed the IP Address to point from the Domain Controller... to ME!!!!
Hahahaha!!!!
I'm the Domain Controller... I swear.... I even have port 389 open on my hack box... err... Domain Controller. LDAP. Like you like!
And you should do a little... mmm.... "Test Connection".... just to see if you can connect.
Oh what's that?! Your user name is is "PrinterServiceAccount" and your password is "Pr1nt3r$3cr3tP@$$w0rd"
Oh, I'm sorry. You have the wrong place buddy. Why don't you run along....
....while I connect to Active Directory with your username and password....
😈😈😈
A simple observation:
"White Hat Hacker" is NOT synonymous with "Ethical Hacker"
You can legally protect an unethical corporation and in doing so, you are an accomplice to their unethical actions.
You can ethically hack to protect people and still be conducting illegal activities.
Do not conflate the two terms.
@Viss I wish articles like this would include, up front, the indicators of compromise that I can use to test if the servers I manage are affected. It's the first and most important thing I want to know when learning about a vulnerability.
Wondering if anyone has already started adding malicious LLM prompts to their User Agent strings and hammering sites of companies that might be expected to use "AI" for log analysis. 🤔
Inspired by:
https://tweesecake.social/@weirdwriter/112441889190313713
Robert Kingett, blind (@weirdwriter@tweesecake.social)
So my friend hooked up his LLM's to his email account. I guess he couldn't be bothered to read emails anymore so that got me thinking.TweeseCake
Last night I got a visit from the #infosec fairy.
She said: "Martin, you have been doing a lot of good security deeds, I decided to grant you a wish."
I replied: "Great, I always wanted a unicorn."
The fairy looked pained: "You know, unicorns are extinct. That is a very difficult wish. Do you have another one?"
I thought long and hard: "How about a working IT security process?"
Now I have a question for the community: What does a unicorn eat?