Chrome now wants to store and autofill your driver’s license and other ID info.

From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.

I wrote up why this feature is such a risky idea and what I recommend instead:

🔗 https://www.kylereddoch.me/blog/chromes-new-drivers-license-autofill-is-a-terrible-idea/

#Infosec #Privacy #Chrome #Cybersecurity

Needed 4 random characters for my PIN, so chose Samwise Gamgee, Rose Tyler, Zoë Boutin-Perry and Hawkeye Pierce

Had to replace Zoë with her mom Jane because the server couldn't handle umlauts

#GeekHumor #sysadmin #InfoSec #MFAshortStories

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Update:

Our velociraptor plugin `Windows.Memory.Mem2Disk` can detect RAM injections and fileless malware.

We tested it against (among others) the C2 frameworks Sliver, Havoc and Mythic. All three were detected.

It was recently featured in a blog post by Mike Cohen:

https://docs.velociraptor.app/blog/2025/2025-11-15-memory-analysis-pt1

Stay tuned for memory analysis with velo part 2!

#C2 #detection #memoryforensics #velociraptor #DFIR #cybersecurity #infosec #pwr2

Chrome now wants to store and autofill your driver’s license and other ID info.

From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.

I wrote up why this feature is such a risky idea and what I recommend instead:

🔗 https://www.kylereddoch.me/blog/chromes-new-drivers-license-autofill-is-a-terrible-idea/

#Infosec #Privacy #Chrome #Cybersecurity

They say "no sensitive information" was compromised, after a data breach involving real names, email addresses, phone numbers, and physical addresses.
That's some serious bullshit right there.
That is, in fact, "sensitive information," you idiots.
#infosec #privacy #DoorDash #breach
DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch
https://techcrunch.com/2025/11/17/doordash-confirms-data-breach-impacting-users-phone-numbers-and-physical-addresses/

They say "no sensitive information" was compromised, after a data breach involving real names, email addresses, phone numbers, and physical addresses.
That's some serious bullshit right there.
That is, in fact, "sensitive information," you idiots.
#infosec #privacy #DoorDash #breach
DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch
https://techcrunch.com/2025/11/17/doordash-confirms-data-breach-impacting-users-phone-numbers-and-physical-addresses/

Anyone know of a good curated list of JA3 fingerprints of known shitty bots? (Think: Alibaba, Tencent, AI slop, etc)

The only two I could find are:

f79b6bad2ad0641e1921aef10262856b
5cc600468c246704e1699c12f51eb3ab

#infosec #websecurity #noai

.. as you might have notice since Saturday, a #CFP is open for next #BSidesLjubljana at https://cfp.bsidesljubljana.si

.. and in last week, with much of the effort we managed to published (almost) all the videos from previous event at https://0x7e8.bsidesljubljana.si/

#InfoSec #Cybersecurity

.. as you might have notice since Saturday, a #CFP is open for next #BSidesLjubljana at https://cfp.bsidesljubljana.si

.. and in last week, with much of the effort we managed to published (almost) all the videos from previous event at https://0x7e8.bsidesljubljana.si/

#InfoSec #Cybersecurity

Anyone know of a good curated list of JA3 fingerprints of known shitty bots? (Think: Alibaba, Tencent, AI slop, etc)

The only two I could find are:

f79b6bad2ad0641e1921aef10262856b
5cc600468c246704e1699c12f51eb3ab

#infosec #websecurity #noai

Weekendowa Lektura: odcinek 650 [2025-11-15]. Bierzcie i czytajcie

https://zaufanatrzeciastrona.pl/post/weekendowa-lektura-odcinek-650-2025-11-15-bierzcie-i-czytajcie/

Linków jest dużo, a czasu mało, materiały są jak zwykle całkiem ciekawe, zaparzcie więc kawę lub herbatę i bierzcie się do czytania. Miłego klikania!

#infosec #cyberbezpieczenstwo #WeekendowaLektura

RE: https://mastodon.social/@mysk/115283952511882565

To demonstrate this vulnerability, we picked:
iMessage
Safari
Signal
1Password
Figma

We recorded nice videos that we can't wait to publish once Apple gives us the go-ahead.

‼️NOTE: This is a macOS bug and has nothing to do with the apps we picked.

Make sure you follow our YouTube channel. The demos are best viewed on a desktop screen.

#privacy #infoSec