Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions. I have Direct Messages disabled - you can send them, but I will never receive them.
Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw
Profile Code
nprofile1qqs0dpc2ln0yfq8vs5y02qcysk0pffgnp8ljf2elp7rzc54acjhcw3cprpmhxue69uhhyetvv9ujumn0wdmksetjv5hxxmmdqy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kykj6md5
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Show more details
Published at
2024-01-09T18:27:42+01:00 Event JSON
{
"id": "4a37b7018c6335d3d691e0fca403fbdd921157c681a39e892f64556dd25b7b95" ,
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747" ,
"created_at": 1704821262 ,
"kind": 0 ,
"tags": [
[
"proxy",
"https://cyberplace.social/users/GossiTheDog",
"activitypub"
]
],
"content": "{\"name\":\"Kevin Beaumont\",\"about\":\"Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions.\\n\\nI have Direct Messages disabled - you can send them, but I will never receive them.\",\"picture\":\"https://cyberplace.social/system/accounts/avatars/109/387/499/752/708/037/original/ff1988cab5f341e2.png\",\"banner\":\"https://cyberplace.social/system/accounts/headers/109/387/499/752/708/037/original/f22e6e33bbef7d97.jpeg\",\"nip05\":\"[email protected] \"}" ,
"sig": "fe61c07143c47c345da54c6e47876aa5d5a2a2d150597c47e992bbcc885716508147aa1ac9fe01d151bf44d5e13186e01dca0587318eb4e66e2ee8ba9406068c"
}
Last Notes npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub18w7…4wlj I think the content search may be over uploads in past 90 days, not sure though. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub18w7…4wlj how long ago was the file uploaded? Do any engines flag it as malicious? npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont You can now buy Kalashnikovs, pistols, grenades and grenade-launchers on Twitter https://www.bbc.com/news/articles/c86l4pl6072o npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1g52…u50x hmmm, not sure I believe it 🤣 (that it’s customer created content) npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub19ys…vr34 you may want to include where you are based, roughly npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont It’s valid research and people should apply updates as usual, ie no panic. It would be good if Microsoft could turn their researchers attention to their own products, where gaping holes exist in things like legacy (still enabled) components in Windows OS, Office etc etc. Or maybe just look at the long list of known issues in SmartScreen, DWM etc etc rather than waiting for Kaspersky to tell them after people have already been owned. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont LinkedIn have booted me, no reason provided. 🫡 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1242…l2hp he’s pursuing advertisers. Who are risk adverse. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont If anybody wants the subtext of what is happening here, CrowdStrike and Microsoft both really do not want to get sued by Delta and have it go to court as it would potentially be explosive for both orgs and the wider security industry. The customers are always plebs to be milked, as is status quo. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Twitter is closing its head office, after mandating staff return to said office and firing those who didn’t. https://www.nytimes.com/2024/08/05/technology/x-twitter-san-francisco-office.html npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont If you reported a vulnerability to Microsoft over the past few decades to January 2024, consider any writeup and proof of concept compromised. #threatintel npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Gartner Magic Quadrant for Unavailability https://cyberplace.social/system/media_attachments/files/112/887/344/730/488/675/original/461becc7501f1035.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Just to be explicitly clear about this, there is an ongoing DDoS attack aimed at Azure. They’re using similar language to last time this happened in 2023. https://cyberplace.social/system/media_attachments/files/112/876/850/910/836/257/original/6b34b2bda9a8cea9.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont A reminder that everything being shared online about the Southport attacker is not real, and is being reshared by media outlets in Russia to peddle anti-migrant fears (and by IT people on LinkedIn). The person also isn’t called Ali Al-Shakati, and did not arrive by boat. https://www.bbc.co.uk/news/live/cevwgqz0x41t?post=asset%3A41e0a685-70bf-4606-bcd4-013cdf5c3e1f#post https://cyberplace.social/system/media_attachments/files/112/875/479/801/186/265/original/e3f9bc1b18c590d7.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Great research for Microsoft here - Black Basta and Akira ransomware deployment using a logic flaw in VMware ESXi, using a zero day (which they don't mention). If you get domain admin in Windows, you can make a group called "ESX Admins", and then you can log into ESXi - this allows you to encrypt non-Windows systems (and everything else in VMware) https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire. https://www.wired.com/story/infostealer-malware-password-theft/ npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont She installed exactly one application, a movie player. It hijacked her entire system. This is why Recall is such a fucking bad idea btw, the idea Windows security is fixed is a joke - home users have no chance against this stuff. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Me at the Olympics after installing too many Skyrim mods https://cyberplace.social/system/media_attachments/files/112/854/698/714/720/281/original/128bd13fa13f2770.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Olympics opening in video form https://cyberplace.social/system/media_attachments/files/112/854/355/085/547/326/original/2b643a4dfba0de3c.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Olympics opening in GIF form https://cyberplace.social/system/media_attachments/files/112/854/167/395/793/803/original/62ea43efbfc16ac3.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1u9n…8kuw https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/ npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub186w…xwcc it’s a requirement to run Active Directory, every Windows running org does it. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Funniest org save so far https://cyberplace.social/system/media_attachments/files/112/829/634/207/034/794/original/e858200754f631b5.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont BitLocker style, CrowdStrike edition. https://cyberplace.social/system/media_attachments/files/112/829/621/098/582/693/original/4861413cf11b4e14.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Head right, CrowdStrike edition https://cyberplace.social/system/media_attachments/files/112/829/616/006/280/806/original/b607d15b8e9366ef.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Repairing CrowdStrike PCs https://cyberplace.social/system/media_attachments/files/112/829/609/339/284/911/original/015e72702ae3c9dd.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont My mastodon server had its busiest day ever today. Also more federation failures than when Trump got shot. https://cyberplace.social/system/media_attachments/files/112/815/725/173/642/616/original/89c2e1856443790c.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Every so often some Linux guy replies to me saying ‘no critical infrastructure runs Windows’, so I just gotta say, today is education for you. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont PSA for those in threat intel circles - I know an org remediating 50k systems with CrowdStrike that won’t boot, and their reaction to ‘be careful of CrowdStrike themed phishing!!1!!’ is essentially ‘our entire business is having a heart attack, phishing emails are the least of our problems’. Always remember that InfoSec is not a business, it’s a small part of a business - nobody in the trenches gives two shits about that stuff right now, they’re more worried about their businesses cratering. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Obvious point - the CrowdStrike worldwide IT incident is not the fault of one CrowdStrike staff member. Whoever created the signature or pushed the button does not operate in isolation. It’s a company with a $73bn market cap. They need to, later, go back and look at everything that went wrong. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont CrowdStrike's shares are down 20% in pre-market. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The .sys files causing the issue are channel update files, they cause the top level CS driver to crash as they're invalidly formatted. It's unclear how/why Crowdstrike delivered the files and I'd pause all Crowdstrikes updates temporarily until they can explain. This is going to turn out to be the biggest 'cyber' incident ever in terms of impact, just a spoiler, as recovery is so difficult. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont BBC tracker (they mix up an earlier Microsoft outage, what they're actually tracking is the Crowdstrike issue) https://www.bbc.co.uk/news/live/cnk4jdwp49et npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont If anybody is wondering, the update was delivered via channel updates in Crowdstrike. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont I've obtained copies of the .sys driver files Crowdstrike customers have. They're garbage. Each customer appears to have a different one. They trigger an issue that causes Windows to blue screen. I am unsure how these got pushed to customers. I think Crowdstrike might have a problem. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Favour to IT folks fixing - could you please copy the C-00000291*.sys file to somewhere and upload it to Virustotal, and reply with the Virustotal link or file hash? It's still unclear if the update was malicious or just a bug. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Sky News has gone off air in the UK. https://cyberplace.social/system/media_attachments/files/112/812/035/052/540/095/original/9220b9cc5e8c5e85.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Crowdstrike published a faulty update. Causes Windows to bluescreen. Driver is C-00000291*.sys. Will cause worldwide outages. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1fpm…zdhe yes, that is why it makes my skin crawl npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont “Rewrite with AI” makes me shudder every time I see it. It makes my skin crawl. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The AT&T Snowflake database wasn’t a law enforcement database, that is false. They’re a major Snowflake customer, they put CDR in to do data analysis. They subscribe to Snowflake Telecom Data Cloud and push petabytes of data in, as do other telcos. Snowflake had no way to mandate MFA on local accounts. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Advanced Auto Parts have confirmed 2.8 million people impacted in their Snowflake breach. https://www.helpnetsecurity.com/2024/07/12/breach-snowflake-mfa/ npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Ethics statement: - I do not work for a cybersecurity vendor (or an MSSP, MSP, etc) - I do not own shares in any cybersecurity company, tech company etc - I do not have any shorts in any company - I’m busy in the trenches dealing with attackers typing “../..” to get root access and such. https://cyberplace.social/system/media_attachments/files/112/774/309/674/497/002/original/c7817da7ab6ba1e3.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont This is not okay. https://www.bbc.co.uk/news/articles/cger582weplo npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont France’s finance minister has quite the hot take, says far right not winning election will cause a financial crisis. https://www.bbc.co.uk/news/live/ck7gydwgvy8t?post=asset%3Ada88b562-f552-4bf2-82a9-0fa397bccecc#post https://cyberplace.social/system/media_attachments/files/112/750/517/234/151/722/original/68304fb690b94e33.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont France's far-right National Rally (RN) has failed to win a majority in the parliamentary elections, defying many political observers' expectations All major French outlets are showing early projections of a victory for the left-wing alliance, New Popular Front (NFP) https://www.bbc.co.uk/news/live/ck7gydwgvy8t npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Microsoft have started running paid adverts for Recall, apparently unaware the feature didn’t ship. https://www.tomshardware.com/software/windows/new-microsoft-ads-tout-unavailable-recall-feature-dont-mention-it-was-indefinitely-delayed-due-to-privacy-concerns https://cyberplace.social/system/media_attachments/files/112/735/728/895/729/717/original/962a60fbcc7d1181.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont lol Microsoft Copilot #GeneralElection https://cyberplace.social/system/media_attachments/files/112/732/669/389/733/317/original/cc0c41734330a65f.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The exit poll was largely right again, although it overestimated Reform (they only have 3 seats), and overestimated Conservative seats (lol). #GeneralElection npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont 6 seats left to count but basically Liz Truss, Penny Mordaunt, Grant Shapps and Jacob Rees-Mogg and 248 other Tory MPs are off to get a sad face cake at Greggs #GeneralElection https://cyberplace.social/system/media_attachments/files/112/732/644/172/982/804/original/02c7fa0adbc4e72a.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Tory civil war has begun https://www.bbc.co.uk/news/live/cn09xn9je7lt?post=asset%3Af84506db-c4ca-4e2e-aa59-f306c775d472#post #GeneralElection https://cyberplace.social/system/media_attachments/files/112/730/778/687/230/363/original/4bf018ee145979fc.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont People are setting off fireworks here 🤣🤣 #GeneralElection npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont If anybody wants a hobby project, map out all the open source projects in Windows OS nowadays - there's loads - and check out the versions and forks in use, and compare with vulnerabilities. Microsoft haven't kept on top of it, there's tons of stuff unpatched but shipped. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. https://youtu.be/w5h_1Buf54I https://cyberplace.social/system/media_attachments/files/112/728/426/382/626/814/original/985a9e63aff51034.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1x4c…ls6t stealing this npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Goldman Sachs says the return on investment for generative AI is disappointing. “AI’s fundamental story is unlikely to hold up” “AI will increase US productivity by only 0.5% and GDP growth by only 0.9% cumulatively over the next decade.” https://www.goldmansachs.com/intelligence/pages/gen-ai-too-much-spend-too-little-benefit.html npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Patelco, a credit union in the US with half a million members, has been hit with ransomware. Their website, app, ATMs, phone lines and email support are offline. #threatintel https://cyberplace.social/system/media_attachments/files/112/707/885/082/389/803/original/ce73ee69bd3a8207.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty. As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed. That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont World’s richest company thinks it’s okay if they steal because.. well.. they can. Okay. https://www.theverge.com/2024/6/28/24188391/microsoft-ai-suleyman-social-contract-freeware npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont I have a lot of questions about the direction Microsoft is going with Copilot after this podcast. https://www.youtube.com/watch?v=cNzRviY4Ei8 https://cyberplace.social/system/media_attachments/files/112/692/706/915/047/012/original/8dbb452028da684a.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont TeamViewer got owned (again) by Russia. https://infosec.exchange/@jtig/112689362692682679 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Universal pulled the funding for the Browncoats site at the end of 2005 when they didn’t option the sequels (two, btw).. so I got them to redirect the domain name to me and I kept paying for it myself for years. Also Joss paid to keep the sets up after the TV show got cancelled, which was a dumb financial decision. https://cyberplace.social/system/media_attachments/files/112/678/981/205/800/972/original/a9a173172a538116.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont When Snowflake allows orgs to easily mandate MFA across their users, I plan to answer this forum post from 2019. https://community.snowflake.com/s/question/0D50Z00008ugjwISAQ/is-there-a-way-to-force-all-users-to-use-mfa npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Things I learn, fonts support sandboxed code execution https://www.coderelay.io/fontemon.html https://cyberplace.social/system/media_attachments/files/112/670/322/291/717/854/original/bb45eba61a5eeb45.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1rj4…ssk8 looking good, you’ve invented the Pip-Boy Max npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1nyq…vvvs if you apply I’ll apply for Microsoft npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont On the US banning Kaspersky. https://cyberplace.social/system/media_attachments/files/112/667/655/795/100/468/original/310241d8441b09ee.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Noice https://cyberplace.social/system/media_attachments/files/112/666/635/117/488/179/original/02ad74603a9f035e.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Things I learn - at New Atlantis in #Starfield, if you don't head into the city after landing but instead head about a mile east, there's a large ship you can steal at an autonomous farm just over the river. https://cyberplace.social/system/media_attachments/files/112/666/618/987/272/368/original/0b83afe505644ccb.jpg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont I no longer have the flu so I’m back at #starfield. Just finished the final Xbox achievements, on Xbox aptly enough. Save file so out of control it takes several minutes to load on Xbox 🤣 https://cyberplace.social/system/media_attachments/files/112/665/046/867/557/747/original/a8dac78d76d21c67.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont I see Palo-Alto have decided to hire Keanu Reeves and produce a load of bollocks adverts about AI cyber attacks. https://cyberplace.social/system/media_attachments/files/112/659/806/385/881/342/original/d7fa6f20b5ef30d8.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Good find by Elastic - North Korean based threat actors using an unfixed bug in Windows to execute code, undetected across all vendors until that point (and as of writing only Elastic detect still) They’ve named it GrimResource https://www.elastic.co/security-labs/grimresource #threatintel https://cyberplace.social/system/media_attachments/files/112/657/325/354/409/173/original/8be1d000eeccd8c4.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1cz9…t6rc the cheek of it! npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont I still think the funniest Mastodon moment for me is when I joined, helped move over a large portion of Twitter InfoSec following to infosec.exchange, then accidentally blocked the server while walking my dog, causing everybody in infosec to automatically unfollow me. I never recovered most of that audience, which is fine - it got replaced with you weirdos instead. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Total Followers 40,076 i'd apologise for the content of my toots but they're always going to stay poop npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont https://cyberplace.social/system/media_attachments/files/112/654/932/084/144/189/original/e91d62c6e790d8c7.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1nr9…wgvq Defender for Endpoint? Crowdstrike are talking there in the context of enterprises. I'm going to guess the free Defender AV and the EDR solution are being mixed together. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub13th…fzx3 oh we definitely are, that whole interview is about how much money they’re making from the CSRB report basically. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont 🤔 Crowdstrike CEO suggesting 50% of their IR cases come from Microsoft Defender customers, not sure I believe this. https://cyberplace.social/system/media_attachments/files/112/650/932/629/439/930/original/6e274af463932666.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The best thing about the flu so far is I’ve lost hearing in one ear for some reason, and it completely throws me off balance - whenever anything happens I end up just turning on the spot to try to orientate myself. I’m like a glitched NPC in Skyrim. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1hzg…zc23 I don’t think that helps anyone as so many people depend on MS functioning well. I also think it’s a redundant role as Microsoft have become experts at shooting themselves in the foot. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1rf6…039u I saw a dude on YouTube who had paid for 8 devices for a comparison video. He unboxed and set them up in one uncut video.. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Also the Copilot+ PC launch appears to be a disaster, from no Amazon user reviews at all to the AI drawing ‘angry Jew’ as literally the devil, features not working etc: https://www.tomshardware.com/news/live/copilot-pc-launch-2024 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Unfortunately I am ill with the flu. Me being me, I had to think about what I should post in case I die (you know, from the flu) and how I want to be remembered, so here it is: the best movie trailer. https://cyberplace.social/system/media_attachments/files/112/647/914/300/086/102/original/c44fa110127ed965.mp4 npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub12lx…jvjy email out of office npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Good. Buy Now Pay Later schemes are proven to be predatory. https://www.theverge.com/2024/6/17/24180340/apple-pay-later-shutting-down-months-after-launch npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont 65 page PDF on searching for Snowflake malicious activity: https://services.google.com/fh/files/misc/snowflake-threat-hunting-guide.pdf npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1zcm…sn55 unknown re internet archive, but Hudson Rock got legal threats https://cyberplace.social/system/media_attachments/files/112/633/533/486/109/996/original/a193f96a25bc9676.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Ah, now I've taken off I've realised the weather maybe isn't the best. #GossiAirways https://cyberplace.social/system/media_attachments/files/112/633/245/969/674/602/original/9541594ae6d5cb24.jpg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont #GossiAirways VR time! Going to learn a new bird, taking this helicopter up over the US. https://cyberplace.social/system/media_attachments/files/112/633/214/034/625/829/original/9c7b4a3104531266.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The Hudson Rock blog on Snowflake, archived elsewhere: https://archive.ph/2024.06.01-023241/https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont The Hudson Rock blog archive earlier in this thread on Internet Archive has also been removed. https://cyberplace.social/system/media_attachments/files/112/632/975/140/339/539/original/48daf1aad86e1c3a.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1n2v…2u7z that was a risky click npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont STOP RIGHT THERE CRIMINAL SCUM! https://cyberplace.social/system/media_attachments/files/112/632/563/662/801/775/original/676926d2a9a765d2.jpeg npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Access went on for several weeks to Medibank, and EDR alerts triggered, but their outsourced MSP and/or Medibank itself didn't triage the alerts properly. https://cyberplace.social/system/media_attachments/files/112/632/339/024/689/537/original/ab59a7cba1801d84.png npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont - The credentials they used were saved in the browser of a staff members work PC, who also signed into his home gmail account (presumably via Chrome) and synced. - Then, when he used his home PC, his work creds synced and the infostealer stole 'em. - By the way, if you're wondering why I pushed back so hard against Microsoft Recall - InfoStealers would have a riot if that feature got widespread adoption as you wouldn't just have credentials going walkies. npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont Medibank, Australia's biggest health insurer, had a data breach by REvil ransomware group that lead to the loss of 4 million customer records in 2022. The Australian Information Commissioner are taking legal action against them, and the court case contains a lot of details: https://www.oaic.gov.au/__data/assets/pdf_file/0025/221974/AIC-v-Medibank-Private-Limited-concise-statement.pdf Thread: - Initial access was via an infostealer on a home PC - Their Palo-Alto GlobalProtect VPN allowed just username and password access npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont @npub1a8e…ywga yep. Situation crazy. (Or should I say, craze). npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlw Kevin Beaumont At least I’ll forget about RealPlayer. https://cyberplace.social/system/media_attachments/files/112/620/512/046/158/867/original/f0eb89c3c405b8f9.jpeg