Posts by jeeves@nicecrew.digital
(DIR) Post #AYxKWifGemNyubjCUa by jeeves@nicecrew.digital
2023-08-21T12:52:11.594277Z
1 likes, 0 repeats
Research Shows AI Is Biased Against ConservativesCommentaryHere again is your Monday Moment of DUH!This Monday’s moment comes from a the University of East Anglia. Nothing as of yet from the University of West Anglia but new watchers are waiting with baited breath.The artificial intelligence platform ChatGPT shows a significant and systemic left-wing bias, according to a new study by the University of East Anglia (UEA)What did they do? They tested ChatGPT with 60 questions and the results? The same thing many outside observers have been saying for the past year. Liberal bias is clearly present and provably repeatable.Link:Original: https://www.uea.ac.uk/news/-/article/fresh-evidence-of-chatgpts-political-bias-revealed-by-comprehensive-new-studyArchived: https://archive.today/jlOYd#Mondaymomentofduh #Monday #duh #AI #Bias
(DIR) Post #AYz4hUr588nsJlI6C0 by jeeves@nicecrew.digital
2023-08-22T09:04:17.093550Z
0 likes, 0 repeats
#GoodMorning #NiceCrew!Source: https://lifebible.com/home
(DIR) Post #AYz4rRO0slA6SHR62q by jeeves@nicecrew.digital
2023-08-22T09:06:04.784806Z
0 likes, 0 repeats
GitLab has been exploited to launch a novel proxyjacking attackhttps://iamjeeves.info/News+Articles/2023/2023-08-22+GitLab+has+been+exploited+to+launch+a+novel+proxyjacking+attack#Cybersecurity #News #CVE #GitLab #Patches #Patching #Proxyjack #Cryptojack
(DIR) Post #AYz50vx6bkbzrONQNU by jeeves@nicecrew.digital
2023-08-22T09:07:47.764363Z
0 likes, 0 repeats
Bronze Starlight uses VPN provider code certificate to sign malwarehttps://iamjeeves.info/News+Articles/2023/2023-08-22+Bronze+Starlight+uses+VPN+provider+code+certificate+to+sign+malware#Cybersecurity #News #CobaltStrike #CodeSigningCertificate #DLLHijack #DLLSideLoading #IvacyVPN #VPN
(DIR) Post #AYz577KPE3p0sZDwMy by jeeves@nicecrew.digital
2023-08-22T09:08:54.894312Z
0 likes, 0 repeats
Google ad leads to Microsoft support scamhttps://iamjeeves.info/News+Articles/2023/2023-08-22+Google+ad+leads+to+Microsoft+support+scam#Cybersecurity #News #Google #GoogleAds #Malware
(DIR) Post #AZ1PXk8ZwXlGAkaLi4 by jeeves@nicecrew.digital
2023-08-23T12:07:14.375889Z
0 likes, 0 repeats
#GoodMorning #NiceCrew!Source: https://lifebible.com/home
(DIR) Post #AZ1Pj6GO1IJLypeWcS by jeeves@nicecrew.digital
2023-08-23T12:09:18.128710Z
0 likes, 0 repeats
BlackCat ransomware group claims the hack of Seiko networkhttps://iamjeeves.info/News+Articles/2023/2023-08-23+BlackCat+ransomware+group+claims+the+hack+of+Seiko+network#Cybersecurity #News #BlackCat #ALPHV #RansomWare #Seiko
(DIR) Post #AZ1PqTuEW0j5KkoIfw by jeeves@nicecrew.digital
2023-08-23T12:10:38.101115Z
0 likes, 0 repeats
Confusion Surrounds the New SEC Cybersecurity Material Rulehttps://iamjeeves.info/News+Articles/2023/2023-08-23+Confusion+Surrounds+the+New+SEC+Cybersecurity+Material+Rule#Cybersecurity #News #Security #Cyberattacks #Disclosure #Policy #PolicyChange #ReportingStandards #Investing
(DIR) Post #AZ1QC6EnC7NOIYjdlA by jeeves@nicecrew.digital
2023-08-23T12:14:32.547422Z
0 likes, 0 repeats
ZAP is Available via Wingethttps://iamjeeves.info/News+Articles/2023/2023-08-23+ZAP+is+Available+via+Winget#Cybersecurity #News #PentestingTools #ZAP
(DIR) Post #AZ3KWs6Gk2IJ7lBpeC by jeeves@nicecrew.digital
2023-08-24T10:20:29.391834Z
0 likes, 0 repeats
#GoodMorning #ShingFam!Source: https://lifebible.com/home
(DIR) Post #AZ3L5IcIextxD4aXqa by jeeves@nicecrew.digital
2023-08-24T10:26:42.311310Z
0 likes, 0 repeats
Duolingo users hackedhttps://iamjeeves.info/News+Articles/2023/2023-08-24+Duolingo+users+hacked#Cybersecurity #News #DuoLingo #Breaches #DataLossPrevention #ActiveDataLoss
(DIR) Post #AZ3LB5A1bNazDL7X7I by jeeves@nicecrew.digital
2023-08-24T10:27:45.375963Z
0 likes, 0 repeats
Tesla Data Breach Investigation Reveals Inside Jobhttps://iamjeeves.info/News+Articles/2023/2023-08-24+Tesla+Data+Breach+Investigation+Reveals+Inside+Job#Cybersecurity #News #Breaches #Tesla #DisgruntledEmployee #SelfAcceleration #BrakeFunctionIssues #Coverup #TeslaCoverup
(DIR) Post #AZ3LGaRshXUlhT66nA by jeeves@nicecrew.digital
2023-08-24T10:28:45.054864Z
0 likes, 0 repeats
A cyber attack hit the Australian software provider Energy Onehttps://iamjeeves.info/News+Articles/2023/2023-08-24+A+cyber+attack+hit+the+Australian+software+provider+Energy+One#Cybersecurity #News #EnergyOne #Breaches
(DIR) Post #AZ3LWLu0YHVhDclrm4 by jeeves@nicecrew.digital
2023-08-24T10:31:35.752966Z
0 likes, 0 repeats
And now….for Thursday’s Thoughts….https://iamjeeves.info/Thursday+Thought/2023/2023-08-24#ThursdaysThoughts#ThursdaysThoughts
(DIR) Post #AZ5Oa5kRFATMSCgoYC by jeeves@nicecrew.digital
2023-08-25T10:15:18.690705Z
0 likes, 0 repeats
#GoodMorning #NiceCrew!Source: https://lifebible.com/home
(DIR) Post #AZ5OhqD4tiaaa1mSpc by jeeves@nicecrew.digital
2023-08-25T10:16:42.887299Z
0 likes, 0 repeats
Defense contractor Belcan leaks admin password with a list of flawsObservations:WHOOPS! Belcan, a US Federal contractor left a Kibana instance wide open releasing a large about of data into the open.The leaked Belcan data in the open Kibana instance contained the following: Admin emails Admin passwords (hashed with bcrypt, cost setting 12) Admin usernames Admin roles (what organizations they’re assigned to) Internal network addresses Internal infrastructure hostnames and IP addresses Internal infrastructure vulnerabilities and actions taken to remedy/not remedy them.The issue has since been resolved but this leak opens up several clients to potential attacks as pentest data was also leaked. Any hacker with decent OSINT skills attempting to attack any of Belcan’s clients would have come upon this compromised database.You can read more at the Cybernews link below.Links:Original: https://cybernews.com/security/belcan-leaks-admin-password-flaws/Archived: https://archive.today/uhbXaCrossposted from I am JeevesPost: https://iamjeeves.info/News+Articles/2023/2023-08-25+Defense+contractor+Belcan+leaks+admin+password+with+a+list+of+flaws#Cybersecurity #News #Breaches #Belcan
(DIR) Post #AZ5P6x4kVa4L74rIW0 by jeeves@nicecrew.digital
2023-08-25T10:21:15.120168Z
0 likes, 0 repeats
Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway TechnologyObservations:Ivanti has been having some issues as of late. While Ivanti is not reporting on any exploitation of this issue there are a number of reports in the Cyber-security community that there are exploits in the wild and are in use today. Quoted from the article:"The vulnerability, tracked as CVE-2023-38035, is present in the interface that administrators use to configure security policies and gives attackers a way to bypass authentication controls. The flaw affects all supported Sentry versions (918, 9.17 and 9.16). Older, non-supported versions and releases of Sentry are also at risk of exploit via the vulnerability."Customers should patch for this as soon as possible.Links:* Original: https://www.darkreading.com/attacks-breaches/ivanti-issues-fix-for-critical-vuln-in-its-sentry-gateway-technology* Archived: https://archive.today/k6SmJCross-posted from: https://iamjeeves.info/News+Articles/2023/2023-08-25+Ivanti+Issues+Fix+for+Critical+Vuln+In+Its+Sentry+Gateway+Technology#Cybersecurity #News #CVE #Patches #Patching
(DIR) Post #AZ5PHz3JUzLEQhRoEy by jeeves@nicecrew.digital
2023-08-25T10:23:14.720583Z
0 likes, 0 repeats
TP-Link smart bulbs can let hackers steal your WiFi passwordObservations:I've said it many times, the Internet Of Things is bad. I've said this simply because you see products like these where the concerns for security are just weak or simply not there.Quoted from the article:"The first vulnerability concerns improper authentication on Tapo L503E, allowing attackers to impersonate the device during the session key exchange step.This high-severity vulnerability (CVSS v3.1 score: 8.8) allows an adjacent attacker to retrieve Tapo user passwords and manipulate Tapo devices.The second flaw is also a high-severity issue (CVSS v3.1 score: 7.6) arising from a hard-coded short checksum shared secret, which attackers can obtain through brute-forcing or by decompiling the Tapo app.The third problem is a medium-severity flaw concerning the lack of randomness during symmetric encryption that makes the cryptographic scheme predictable.Finally, a fourth issue stems from the lack of checks for the freshness of received messages, keeping session keys valid for 24 hours, and allowing attackers to replay messages during that period."The solution for these issues? A fix is coming...Researchers from Universita di Catania and the University of London jointly published a paper on the issues with these smart bulbs and Internet of Things devices in general.* Original: https://arxiv.org/pdf/2308.09019.pdfMy solution...listen to these researchers and don't use Internet of Things devices in the first place. No one really needs their light bulbs on their WiFi network.Links:* Original: https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/* Archived: https://archive.today/1FY5lCross-posted from: https://iamjeeves.info/News+Articles/2023/2023-08-25+TP-Link+smart+bulbs+can+let+hackers+steal+your+WiFi+password
(DIR) Post #AZ5PVlXeWn2ea6D65w by jeeves@nicecrew.digital
2023-08-25T10:25:43.946943Z
0 likes, 1 repeats
Kali Linux 2023.3 ReleasedObservations:This latest release has a lot to it but what really caught my eye was Kali Autopilot."Kali AutopilotWith the release of Kali Purple in Kali 2023.1, we also had the debut of Kali Autopilot. Since then, its been worked on and is unrecognizable with its redesigned GUI and multitudinous amount of features added.What is Kali Autopilot? We are glad you asked! Kali Autopilot is an automated attack framework. It is a bit like an “AutoPwner”, which follows pre-defined “attack scenarios”. The motivation originally started its development for the defensive side of Kali.It is a lot easier to demonstrate Kali’s offensive side, especially when you start seeing the shells popping up. But when it comes to the defensive side, how do you know if you have set things up? You start to ask questions: Are the Intrusion Detection System (IDS) and the Web Application Firewall (WAF) detecting malicious activities? Is the Security information and event management (SIEM) ingesting the right logs? Are the dashboards and alerts tuned to detect attacks? Are the analysts trained in finding the needle in the haystack? Has it been tested? How can you test?Either you can wait for someone to try and break in, or you could do it yourself. This is where Kali Autopilot comes in."This will make like a LOT easier!Links:* Original: https://www.kali.org/blog/kali-linux-2023-3-release/* Archived: https://archive.today/0QQ01Cross-posted from: https://iamjeeves.info/News+Articles/2023/2023-08-25+Kali+Linux+2023.3+Released#Cybersecurity #News #Kali #KaliLinux #KaliLinux #Release
(DIR) Post #AZ5RwFza8V6aSX28xM by jeeves@nicecrew.digital
2023-08-25T10:52:55.779566Z
0 likes, 0 repeats
User Friendly Fridays Archive for 2023-08-25Here’s this week’s selection from the User Friendly Archive, enjoy!Cross-posted from https://iamjeeves.info/User+Friendly+Fridays/2023/2023-08-25+User+Friendly+Fridays#UserFriendlyFridays #Humor