@edelahoz.bsky.social
El próximo sábado 22 de febrero estaremos presentando el proyecto RAMONES en la @morteruelocon.bsky.social en Cuenca. Es mi primera charla en mi ciudad y hablaré de mitigación de movimiento lateral en entorno activo usando teoría de grafos. doi.org/10.1016/j.jn...
Redirecting
doi.org
February 15, 2025 at 12:44 PM
El próximo sábado 22 de febrero estaremos presentando el proyecto RAMONES en la @morteruelocon.bsky.social en Cuenca. Es mi primera charla en mi ciudad y hablaré de mitigación de movimiento lateral en entorno activo usando teoría de grafos. doi.org/10.1016/j.jn...
Reposted
Paragon hacking/surveillance system (hacking via WhatsApp/eavesdropping/data theft) has been used on targets from Italy, Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain and Sweden. www.governo.it/en/articolo/...
Statement by Palazzo Chigi
With regard to what has been published by some media outlets about alleged espionage activities targeting members of the press, the Presidency of the Council of Ministers rules out that individuals pr...
www.governo.it
February 6, 2025 at 12:47 PM
Paragon hacking/surveillance system (hacking via WhatsApp/eavesdropping/data theft) has been used on targets from Italy, Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain and Sweden. www.governo.it/en/articolo/...
Reposted
Multiple high-profile accounts have been hacked over the past week to promote various memecoins.
Known victims so far:
Snopes
TIME Magazine
NASDAQ
Tor Project
former Brazilian president Jair Bolsonaro
Twitch streamer Asmongold
Breaking Bad actor Dean Norris
Various crypto-bros
Known victims so far:
Snopes
TIME Magazine
NASDAQ
Tor Project
former Brazilian president Jair Bolsonaro
Twitch streamer Asmongold
Breaking Bad actor Dean Norris
Various crypto-bros
February 2, 2025 at 5:42 PM
Multiple high-profile accounts have been hacked over the past week to promote various memecoins.
Known victims so far:
Snopes
TIME Magazine
NASDAQ
Tor Project
former Brazilian president Jair Bolsonaro
Twitch streamer Asmongold
Breaking Bad actor Dean Norris
Various crypto-bros
Known victims so far:
Snopes
TIME Magazine
NASDAQ
Tor Project
former Brazilian president Jair Bolsonaro
Twitch streamer Asmongold
Breaking Bad actor Dean Norris
Various crypto-bros
Reposted
What's the story you're telling yourself about why you can't separate from work? When can you say I'm NOT available? Such good advice from Dr. Daniel Shore. #CTISummit
January 28, 2025 at 2:43 PM
What's the story you're telling yourself about why you can't separate from work? When can you say I'm NOT available? Such good advice from Dr. Daniel Shore. #CTISummit
Reposted
Over 20 Chinese and over 10 Iranian APT and IO groups abused Google's Gemini AI assistant for their campaigns.
Mostly for reconnaissance and automation, although some tried to use it to write malware, such as a Chrome infostealer.
cloud.google.com/blog/topics/...
Mostly for reconnaissance and automation, although some tried to use it to write malware, such as a Chrome infostealer.
cloud.google.com/blog/topics/...
Adversarial Misuse of Generative AI | Google Cloud Blog
We share our findings on government-backed and information operations threat actor use of the Gemini web application.
cloud.google.com
January 29, 2025 at 7:01 PM
Over 20 Chinese and over 10 Iranian APT and IO groups abused Google's Gemini AI assistant for their campaigns.
Mostly for reconnaissance and automation, although some tried to use it to write malware, such as a Chrome infostealer.
cloud.google.com/blog/topics/...
Mostly for reconnaissance and automation, although some tried to use it to write malware, such as a Chrome infostealer.
cloud.google.com/blog/topics/...
El gobierno extranjero al que llamaban a deponer es el de España
Research group Graphika says this is the first time they've seen Chinese info-op Spamouflage call for the overthrow of a foreign government
graphika.com/reports/chin...
graphika.com/reports/chin...
Chinese State Influence
Chinese covert influence operations have impersonated human rights organizations critical of Beijing, almost certainly in an effort to discredit their activities and disrupt domestic political convers...
graphika.com
January 29, 2025 at 11:39 PM
El gobierno extranjero al que llamaban a deponer es el de España
Reposted
The OWASP Project has published its Top 10 ranking of risks associated with non-human identities (NHIs) for application developers.
The organization listed Improper Offboarding as the top risk.
owasp.org/www-project-...
The organization listed Improper Offboarding as the top risk.
owasp.org/www-project-...
January 19, 2025 at 3:03 PM
The OWASP Project has published its Top 10 ranking of risks associated with non-human identities (NHIs) for application developers.
The organization listed Improper Offboarding as the top risk.
owasp.org/www-project-...
The organization listed Improper Offboarding as the top risk.
owasp.org/www-project-...
Otra línea de investigación que tenemos abierta está relacionada con la optimización de la asignación de frecuencias a puntos de acceso en WiFi 802.11 . El primer trabajo es de 2015: www.mdpi.com/118610
Automated Negotiation for Resource Assignment in Wireless Surveillance Sensor Networks
Due to the low cost of CMOS IP-based cameras, wireless surveillance sensor networks have emerged as a new application of sensor networks able to monitor public or private areas or even country borders...
www.mdpi.com
January 17, 2025 at 9:13 AM
Otra línea de investigación que tenemos abierta está relacionada con la optimización de la asignación de frecuencias a puntos de acceso en WiFi 802.11 . El primer trabajo es de 2015: www.mdpi.com/118610
Reposted
International team (France, USA, others) used active operations to remove PlugX malware from thousands computers around the world. L’opération de cyber-désinfection. www.tribunal-de-paris.justice.fr/sites/defaul... www.justice.gov/opa/media/13...
January 16, 2025 at 6:32 PM
International team (France, USA, others) used active operations to remove PlugX malware from thousands computers around the world. L’opération de cyber-désinfection. www.tribunal-de-paris.justice.fr/sites/defaul... www.justice.gov/opa/media/13...
Reposted
The World Economic Forum is out with their annual assessment of the greatest risks facing the planet.
In the next two years?
Mis- and disinformation and extreme weather events.
In the next 10 years?
Massive disruptions of the environment in four different areas.
In the next two years?
Mis- and disinformation and extreme weather events.
In the next 10 years?
Massive disruptions of the environment in four different areas.
January 16, 2025 at 6:27 PM
The World Economic Forum is out with their annual assessment of the greatest risks facing the planet.
In the next two years?
Mis- and disinformation and extreme weather events.
In the next 10 years?
Massive disruptions of the environment in four different areas.
In the next two years?
Mis- and disinformation and extreme weather events.
In the next 10 years?
Massive disruptions of the environment in four different areas.
Para la validación de estos trabajos hemos generado escenarios usando herramientas como and three generated using different synthetic tools: BadBlood github.com/davidprowe/B... AD Simulator github.com/nicolas-caro... y BloodHound DB Creator github.com/BloodHoundAD...
GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to ...
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world....
github.com
January 16, 2025 at 4:15 PM
Para la validación de estos trabajos hemos generado escenarios usando herramientas como and three generated using different synthetic tools: BadBlood github.com/davidprowe/B... AD Simulator github.com/nicolas-caro... y BloodHound DB Creator github.com/BloodHoundAD...
En la misma línea del anterior, el último trabajo es 'Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs' www.mdpi.com/2986390 #mdpielectronics
Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs
Cybersecurity threats, particularly those involving lateral movement within networks, pose significant risks to critical infrastructures such as Microsoft Active Directory. This study addresses the ne...
www.mdpi.com
January 16, 2025 at 4:13 PM
En la misma línea del anterior, el último trabajo es 'Unsupervised Learning for Lateral-Movement-Based Threat Mitigation in Active Directory Attack Graphs' www.mdpi.com/2986390 #mdpielectronics
Aprovecho y comparto por aquí alguno de los últimos artículos que hemos publicado: 'Surgical immunization strategies against lateral movement in Active Directory Environments' www.sciencedirect.com/science/arti...
Surgical immunization strategies against lateral movement in Active Directory environments
Lateral movement, in which a cyber attacker progresses through an enterprise network in order to compromise its most valuable assets, is a key stage o…
www.sciencedirect.com
January 16, 2025 at 4:09 PM
Aprovecho y comparto por aquí alguno de los últimos artículos que hemos publicado: 'Surgical immunization strategies against lateral movement in Active Directory Environments' www.sciencedirect.com/science/arti...
En este 2025, he vuelto a trabajar a la Universidad de Alcalá. Como fiesta de bievenida, me han organizado de nuevo CIBERSEG. Si no tenéis plan para el próximo miércoles 22 de enero, nos vemos allí. ciberseg.uah.es
XII Jornadas de Seguridad y Ciberdefensa de la Universidad de Alcalá
Sitio Web de las XII Jornadas de Seguridad y Ciberdefensa de la Universidad de Alcalá
ciberseg.uah.es
January 16, 2025 at 4:02 PM
En este 2025, he vuelto a trabajar a la Universidad de Alcalá. Como fiesta de bievenida, me han organizado de nuevo CIBERSEG. Si no tenéis plan para el próximo miércoles 22 de enero, nos vemos allí. ciberseg.uah.es
Reposted
Another example of the externalized cost of fixed release Linux distributions: Debian Bullseye (oldstable, LTS until August 2026) ships a root store that's years out of date.
Besides being a security issue, it slows down the entire TLS ecosystem.
Besides being a security issue, it slows down the entire TLS ecosystem.
crypto/x509: potentially anomalous path building results · Issue #65085 · golang/go
Go version go1.21.5 linux/amd64 Output of go env in your module/workspace: GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/home/runner/.cache/go-build' GOENV='/home/runner/.config/go/env' GOEXE=''...
github.com
January 4, 2025 at 12:47 AM
Another example of the externalized cost of fixed release Linux distributions: Debian Bullseye (oldstable, LTS until August 2026) ships a root store that's years out of date.
Besides being a security issue, it slows down the entire TLS ecosystem.
Besides being a security issue, it slows down the entire TLS ecosystem.
Reposted
Not sure how I missed this: NIST is deprecating and then outright disallowing elliptic curve cryptography for key establishment as well as for digital signatures by 2035: nvlpubs.nist.gov/nistpubs/ir/...
November 19, 2024 at 1:50 PM
Not sure how I missed this: NIST is deprecating and then outright disallowing elliptic curve cryptography for key establishment as well as for digital signatures by 2035: nvlpubs.nist.gov/nistpubs/ir/...
Reposted
Talks from the IRISSCON 2024 security conference, which took place earlier this month, are available on YouTube
www.youtube.com/@irisscert/v...
www.youtube.com/@irisscert/v...
irisscert
Computer Security Incident Response
www.youtube.com
November 16, 2024 at 5:12 PM
Talks from the IRISSCON 2024 security conference, which took place earlier this month, are available on YouTube
www.youtube.com/@irisscert/v...
www.youtube.com/@irisscert/v...