today we at #FattoQuotidiano report on the most interesting fact about #JeffreyEpstein, unearthed by #DropSiteNews' #RyanGrim and #MurtazaHussain:
in the shadows of #Israel's #cyber boom was #JeffreyEpstein
Bizarre:
in the same weeks in which media outlets around the world are hunting for sensational news about #JeffreyEpstein, no major international media has picked up #DropSiteNews' investigations on #JeffreyEpstein and his role in #Israel's #cyber boom
(Italian)
today we at #FattoQuotidiano report on the most interesting fact about #JeffreyEpstein, unearthed by #DropSiteNews' #RyanGrim and #MurtazaHussain:
in the shadows of #Israel's #cyber boom was #JeffreyEpstein
nell’ombra del boom del cyber israeliano c’era #JeffreyEpstein:sfruttò la sua rete di élite politiche e finanziarie per aiutare #EhudBarak e lo stesso governo israeliano, ad aumentare la penetrazione delle aziende di #cyberspionaggio israeliane nei Paesi stranieri
è curioso: nelle stesse settimane in cui i media di tutto il mondo sono a caccia di notizie sensazionali su #JeffreyEpstein nessuno riprende lavoro investigativo di #DropSiteNews su queste rivelazioni di #JeffreyEpstein e il suo ruolo nel #cyber #Israele
Disrupting the first reported AI-orchestrated cyber espionage campaign
https://www.anthropic.com/news/disrupting-AI-espionage
#HackerNews #Disrupting #AI #Espionage #Cybersecurity #AI #News #Cyber #Espionage
#stopthegenocideingaza🇵🇸 Compri #cyber tecnologie da #Israele? Lo Stato ti premia!
"Sono previsti criteri di premialità per le proposte o per le offerte che contemplino l’uso “di tecnologie di cybersicurezza italiane o di Paesi appartenenti all'Unione europea o di Paesi aderenti alla NATO o di Paesi che sono parte di accordi di collaborazione con l’Unione
europea”. Tra iPaesi "partner" che consentiranno un "premio" alle società italiane che acquisteranno tecnologie cyberc'è Israele.
@matclab La Poste est spécialiste de ça (utiliser plusieurs noms de domaine sans lien entre eux) :-(
@bortzmeyer Alors, après avoir recherché pas mal de choses, j'ai fini par tomber sur cette FAQ du site de la poste : https://aide.laposte.fr/contenu/j-ai-recu-un-sms-ou-un-mail-me-demandant-de-payer-des-droits-de-douane-comment-etre-sur-qu-il-ne-s-agit-pas-d-une-arnaque
Qui ne mentionne des mails en provenance de laposte.fr.
MAIS, qui propose d'aller voir sur l'outil de suivi en ligne pour voir si le numéro de colis est légitime et en attente de paiement des droits de douane : https://www.laposte.fr/outils/suivre-vos-envois
Ils ne réfléchissent pas beaucoup à la cybersécurité à la poste. C'est inquiétant !
On est d'accord qu'un mail de notif-laposte.info@notif-laposte.info qui demande des sous pour la poste, c'est un phishing ? Je poubellise ?
Hmmm, le whois dit que ça appartient au groupe LA POSTE : https://www.whois.com/whois/notif-laposte.info, mais on n'a rien pour en vérifier la légitimité…
@bortzmeyer comment on fait pour lever les doutes dans ce cas ?
NPM flooded with malicious packages downloaded more than 86k times
#HackerNews #NPM #malicious #packages #security #vulnerabilities #cyber #threats #software #development
Stéphane Bortzmeyer
boosted
🛡️ La cellule de crise de l’Afnic en force pour REMPAR25, l’exercice cyber d’envergure organisé par l’ANSSI - Agence nationale de la sécurité des systèmes d'information.
💻 Nos équipes se sont mobilisées face à une crise fictive, massive et d’un réalisme saisissant.
🌐 Cet exercice contribue à renforcer la résilience du numérique, la sécurité du DNS et notre capacité collective à anticiper des menaces.
#Afnic #Cyber #ExerciceCyber #REMPAR25 #DNS #ANSSI #RésilienceNumérique
🛡️ La cellule de crise de l’Afnic en force pour REMPAR25, l’exercice cyber d’envergure organisé par l’ANSSI - Agence nationale de la sécurité des systèmes d'information.
💻 Nos équipes se sont mobilisées face à une crise fictive, massive et d’un réalisme saisissant.
🌐 Cet exercice contribue à renforcer la résilience du numérique, la sécurité du DNS et notre capacité collective à anticiper des menaces.
#Afnic #Cyber #ExerciceCyber #REMPAR25 #DNS #ANSSI #RésilienceNumérique
MacLemon
boosted
On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks
On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks
What's that, little buddy? You would like some CYBER. Sure, no probs...
(SOUND: ON)
Poliverso & Poliversity
boosted
#ransomware
📢 #Cyber Threat Landscape Italia – Q2 2025 | è online sul forum per la #community!
📢 #Cyber Threat Landscape Italia – Q2 2025 | è online sul forum per la #community!
🛡️Aprile-Giugno in un report di fonti aperte: analisi malware, infostealer e ricerche del #GTI di Google 👉 insights e dati su #threat rilevanti
https://forum.ransomfeed.it/viewtopic.php?p=4056&sid=ccba94d67b554bba3835cc71c4b2d16f#p4056
#ransomware
📢 #Cyber Threat Landscape Italia – Q2 2025 | è online sul forum per la #community!
📢 #Cyber Threat Landscape Italia – Q2 2025 | è online sul forum per la #community!
🛡️Aprile-Giugno in un report di fonti aperte: analisi malware, infostealer e ricerche del #GTI di Google 👉 insights e dati su #threat rilevanti
https://forum.ransomfeed.it/viewtopic.php?p=4056&sid=ccba94d67b554bba3835cc71c4b2d16f#p4056
Cybersecurity, risk management, long post, brainstorming
Hey folks, I'm currently working on a thing for a company, and I need a brainstorm buddy as my team went on a corporate retreat.
It has to do with risk management.
Let's say we have a qualitatively assessed risk that was initially based mostly on vibes rather than solid data.
Now let's say we have an incident that stems from this specific risk. At the end of the incident, we need to re-assess the risk based on the data we collected.
Now, the requirement is a risk model that accommodates a shift from qualitative assessment to quantitative, starting with a single occurrence.
Anyone knows any papers on the topic or dealt with something similar? From my past experience quantitative risk in cybersec is mostly bullshit anyway and everyone just kind of makes up numbers, especially for probability/frequency, just so they can get a bigger budget approved, which kind of goes against the spirit of risk management in my eyes.
My current train of thought is the following:
The risk model should calculate the risk not based on the traditional impact * probability formula, but something more detailed, like a weighted score based on the threat characteristics multiplied by asset value divided by current defence capability multiplied by real-world statistics.
Based on the incident, we first adjust our threat model, possibly tweaking some numbers, then have a critical look at our capability and adjust that based on the results of the root cause analysis, and then add a statistical multiplier with the default value of 1.
Then for every incident within the same year we multiply the statistical multiplier by 2, and every year without this risk being triggered we divide it by 2.
Also every year a threat model gets reviewed based on OSINT, updated, risks get recalculated.
Also also every year the independent audit cycle happens, controls get assessed, maturity scores get updated, risks get recalculated.
At that point the risk team only needs to get threat modelling reports, audit reports, new asset inventories, and interview asset owners to verify there were no changes in asset value.
Thoughts?
#infosec #infosecurity #informationsecurity #cyber #cybersec #cybersecurity #riskmanagement
I had a great chat with the @Synack folks back on July 29, 2022. 'Listen Up!' here:
"Tracy Maleeff on diversifying the #cyber workforce, #OSINT skills and #LibrarianFace”
https://sherpaintelligence.substack.com/p/listen-up-synacks-were-in-s1e21
