Manuel Urueña
@muruenya.bsky.social
Security Architect at Redeia. Entropy fighter.
@muruenya@infosec.exchange
@muruenya@infosec.exchange
Reposted by Manuel Urueña
October is Cybersecurity Awareness Month! Please be aware of cybersecurity. If you encounter cybersecurity, DO NOT APPROACH IT. Back away slowly. Protect children and pets. Make noises to scare it away.
October 13, 2025 at 3:08 PM
October is Cybersecurity Awareness Month! Please be aware of cybersecurity. If you encounter cybersecurity, DO NOT APPROACH IT. Back away slowly. Protect children and pets. Make noises to scare it away.
Reposted by Manuel Urueña
A Spanish academic and author of books on extremism was placed on the EU's most-wanted list for allegedly aiding a pro-Russia hacking group therecord.media/europol-adds...
Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list
Spanish national Enrique Arias Gil, 37, is suspected of gathering information on Spain’s critical infrastructure and members of its security forces to facilitate cyberattacks. He is also accused of th...
therecord.media
September 15, 2025 at 5:11 PM
A Spanish academic and author of books on extremism was placed on the EU's most-wanted list for allegedly aiding a pro-Russia hacking group therecord.media/europol-adds...
Reposted by Manuel Urueña
Great article by @kimzetter.bsky.social about Mandiant and APT1. The behind-the-scenes look at how the report came together and the assessment of what Mandiant was willing to expose in order to publish the report.
Well done...
Well done...
How the Infamous APT 1 Report Exposing China’s PLA Hackers Came to Be
This is the first in a series of pieces I’ll publish that take an in-depth look at significant events, people and cases in security and surveillance from the past. If there’s something you think would...
www.zetter-zeroday.com
September 11, 2025 at 3:53 PM
Great article by @kimzetter.bsky.social about Mandiant and APT1. The behind-the-scenes look at how the report came together and the assessment of what Mandiant was willing to expose in order to publish the report.
Well done...
Well done...
Reposted by Manuel Urueña
#PasswordsCon CFP closes tonight at midnight, Sunday september 7.
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
September 7, 2025 at 10:28 AM
#PasswordsCon CFP closes tonight at midnight, Sunday september 7.
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
We have received many amazing talks already, but still room for more! 🤩
Https://PasswordsCon.org/
Reposted by Manuel Urueña
I did a write up on some learnings from the Colt Technology Services ransomware incident.
Contains a banger of an email 😅
doublepulsar.com/colt-technic...
Contains a banger of an email 😅
doublepulsar.com/colt-technic...
Colt Technical Services gets ransomware’d via SharePoint initial access— some learning points
A look at what to learn.
doublepulsar.com
August 23, 2025 at 3:20 PM
I did a write up on some learnings from the Colt Technology Services ransomware incident.
Contains a banger of an email 😅
doublepulsar.com/colt-technic...
Contains a banger of an email 😅
doublepulsar.com/colt-technic...
Reposted by Manuel Urueña
I use USB daily but I have no idea how it works 🤔
USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details 💎
And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped 🙃
media.ccc.de/v/why2025-25...
USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details 💎
And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped 🙃
media.ccc.de/v/why2025-25...
USB: the most successful interface that also brings power
We use it every day, but how does it really work? USB has been around for almost 30 years and it evolved into really universal interface ...
media.ccc.de
August 19, 2025 at 8:04 PM
I use USB daily but I have no idea how it works 🤔
USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details 💎
And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped 🙃
media.ccc.de/v/why2025-25...
USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details 💎
And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped 🙃
media.ccc.de/v/why2025-25...
Reposted by Manuel Urueña
Poland stopped a cyberattack that could have cut water supply to a major city yesterday.
Cyberattacks against water is a troubling trend. Access to clean water is fundamental, and these types of attacks are direct threats to public health and safety.
#ICS #OTsecurity
www.reuters.com/en/p...
Cyberattacks against water is a troubling trend. Access to clean water is fundamental, and these types of attacks are direct threats to public health and safety.
#ICS #OTsecurity
www.reuters.com/en/p...
August 15, 2025 at 6:16 AM
Poland stopped a cyberattack that could have cut water supply to a major city yesterday.
Cyberattacks against water is a troubling trend. Access to clean water is fundamental, and these types of attacks are direct threats to public health and safety.
#ICS #OTsecurity
www.reuters.com/en/p...
Cyberattacks against water is a troubling trend. Access to clean water is fundamental, and these types of attacks are direct threats to public health and safety.
#ICS #OTsecurity
www.reuters.com/en/p...
Reposted by Manuel Urueña
Weird, as you will use a hash function which gives a fixed length output to store. Could be many reasons.
Bcrypt has a 72 char limit.
Django released patches back in 2013 that reduced max pwd length to 4095 chars (!), for good reasons: Pwd auth DoS attack.
www.helpnetsecurity.com/2013/09/17/t...
Bcrypt has a 72 char limit.
Django released patches back in 2013 that reduced max pwd length to 4095 chars (!), for good reasons: Pwd auth DoS attack.
www.helpnetsecurity.com/2013/09/17/t...
Too long passwords can DoS some servers - Help Net Security
The discovery of a vulnerability in popular open source web application framework Django has recently demonstrated that using a long password is not
www.helpnetsecurity.com
August 14, 2025 at 7:24 PM
Weird, as you will use a hash function which gives a fixed length output to store. Could be many reasons.
Bcrypt has a 72 char limit.
Django released patches back in 2013 that reduced max pwd length to 4095 chars (!), for good reasons: Pwd auth DoS attack.
www.helpnetsecurity.com/2013/09/17/t...
Bcrypt has a 72 char limit.
Django released patches back in 2013 that reduced max pwd length to 4095 chars (!), for good reasons: Pwd auth DoS attack.
www.helpnetsecurity.com/2013/09/17/t...
Reposted by Manuel Urueña
Reposted by Manuel Urueña
Former CISA Director Jen Easterly responds to the DOD retracting her teaching position at West Point due to Loomer's conspiracy theories
www.linkedin.com/pulse/harder...
www.linkedin.com/pulse/harder...
The Harder Right
I spent 25 years in uniform, including four as a cadet at the United States Military Academy at West Point and two and a half more teaching economics and national security at West Point’s Department of Social Sciences, USMA (a.k.
www.linkedin.com
July 31, 2025 at 9:43 PM
Former CISA Director Jen Easterly responds to the DOD retracting her teaching position at West Point due to Loomer's conspiracy theories
www.linkedin.com/pulse/harder...
www.linkedin.com/pulse/harder...
Reposted by Manuel Urueña
Palo Alto Networks has published a blog post on how its APT naming scheme works
unit42.paloaltonetworks.com/unit-42-attr...
unit42.paloaltonetworks.com/unit-42-attr...
July 31, 2025 at 6:57 PM
Palo Alto Networks has published a blog post on how its APT naming scheme works
unit42.paloaltonetworks.com/unit-42-attr...
unit42.paloaltonetworks.com/unit-42-attr...
Reposted by Manuel Urueña
We are just days away from hackerweek in Vegas, with #PasswordsCon at BSidesLV, and Crypto & Privacy Village at Defcon, where there also will be password/mfa talk. 😎
I won't be there this time around, but I know organizers, speakers & friends will make it great!
I won't be there this time around, but I know organizers, speakers & friends will make it great!
July 31, 2025 at 5:09 PM
We are just days away from hackerweek in Vegas, with #PasswordsCon at BSidesLV, and Crypto & Privacy Village at Defcon, where there also will be password/mfa talk. 😎
I won't be there this time around, but I know organizers, speakers & friends will make it great!
I won't be there this time around, but I know organizers, speakers & friends will make it great!
Reposted by Manuel Urueña
Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. www.wired.com/story/russia...
The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia's network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.
www.wired.com
July 31, 2025 at 4:01 PM
Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. www.wired.com/story/russia...
Reposted by Manuel Urueña
🚨 Operation Eastwood targets pro-Russian cybercrime network NoName057(16) and shuts down over one hundred criminal servers in global operation.
Read more in our press release ⤵️
www.europol.europa.eu/media-press/...
Read more in our press release ⤵️
www.europol.europa.eu/media-press/...
July 16, 2025 at 12:58 PM
🚨 Operation Eastwood targets pro-Russian cybercrime network NoName057(16) and shuts down over one hundred criminal servers in global operation.
Read more in our press release ⤵️
www.europol.europa.eu/media-press/...
Read more in our press release ⤵️
www.europol.europa.eu/media-press/...
Reposted by Manuel Urueña
Europol disrupts pro-Kremlin hacktivist group NoName057(16)
-2 arrests (1 preliminary arrest in France and 1 in Spain)
-7 arrest warrants issued (6 by Germany, and 1 by Spain)
-DDoS infrastructure taken down
-1k+ supporters identified and notified
www.europol.europa.eu/media-press/...
-2 arrests (1 preliminary arrest in France and 1 in Spain)
-7 arrest warrants issued (6 by Germany, and 1 by Spain)
-DDoS infrastructure taken down
-1k+ supporters identified and notified
www.europol.europa.eu/media-press/...
Global operation targets NoName057(16) pro-Russian cybercrime network – The offenders targeted Ukraine and supporting countries, including many EU Member States | Europol
The offenders targeted Ukraine and supporting countries, including many EU Member States. Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol, targete...
www.europol.europa.eu
July 16, 2025 at 12:58 PM
Europol disrupts pro-Kremlin hacktivist group NoName057(16)
-2 arrests (1 preliminary arrest in France and 1 in Spain)
-7 arrest warrants issued (6 by Germany, and 1 by Spain)
-DDoS infrastructure taken down
-1k+ supporters identified and notified
www.europol.europa.eu/media-press/...
-2 arrests (1 preliminary arrest in France and 1 in Spain)
-7 arrest warrants issued (6 by Germany, and 1 by Spain)
-DDoS infrastructure taken down
-1k+ supporters identified and notified
www.europol.europa.eu/media-press/...
Reposted by Manuel Urueña
UK cyber defenders, particularly ones with large high street brands visible in Greater London, make sure you have read and done something about:
- LAPSUS$ www.cisa.gov/sites/defaul...
- and Scattered Spider www.cisa.gov/sites/defaul...
- LAPSUS$ www.cisa.gov/sites/defaul...
- and Scattered Spider www.cisa.gov/sites/defaul...
May 1, 2025 at 9:56 PM
UK cyber defenders, particularly ones with large high street brands visible in Greater London, make sure you have read and done something about:
- LAPSUS$ www.cisa.gov/sites/defaul...
- and Scattered Spider www.cisa.gov/sites/defaul...
- LAPSUS$ www.cisa.gov/sites/defaul...
- and Scattered Spider www.cisa.gov/sites/defaul...
Reposted by Manuel Urueña
TIL that haveibeenpwned.com lets you craft a URL with an email address to easily check whether it has been seen in a breach. Save as a bookmark - makes it easy to see if that address has pwnage.
Just add /account/[email address] to the end of the haveibeenpwned URL.
Just add /account/[email address] to the end of the haveibeenpwned URL.
Have I Been Pwned: Check if your email address has been exposed in a data breach
Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.
haveibeenpwned.com
June 27, 2025 at 1:34 PM
TIL that haveibeenpwned.com lets you craft a URL with an email address to easily check whether it has been seen in a breach. Save as a bookmark - makes it easy to see if that address has pwnage.
Just add /account/[email address] to the end of the haveibeenpwned URL.
Just add /account/[email address] to the end of the haveibeenpwned URL.
Reposted by Manuel Urueña
Regarding recent news that Microsoft et al plan to *not* eliminate silly threat actor names, @ciaranm.bsky.social m.bsky.social and Jen Easterly weigh in on the silliness and call for a moratorium on ridiculous marketing names for state-sponsored Russian/Chinese/Iranian/NK hacker groups.
Call Them What They Are: Time to Fix Cyber Threat Actor Naming
The Microsoft-CrowdStrike partnership on cyber threat actor naming conventions is welcome, but more comprehensive reform is needed to serve defenders and the public.
www.justsecurity.org
June 13, 2025 at 12:07 PM
Regarding recent news that Microsoft et al plan to *not* eliminate silly threat actor names, @ciaranm.bsky.social m.bsky.social and Jen Easterly weigh in on the silliness and call for a moratorium on ridiculous marketing names for state-sponsored Russian/Chinese/Iranian/NK hacker groups.
Reposted by Manuel Urueña
NEW: The Telegram messaging app has a reputation for security — but Important Stories found that its technical infrastructure is run by a man whose companies closely collaborate with Russian intelligence services.
Meet Vladimir Vedeneev 👇
Meet Vladimir Vedeneev 👇
June 10, 2025 at 7:24 AM
NEW: The Telegram messaging app has a reputation for security — but Important Stories found that its technical infrastructure is run by a man whose companies closely collaborate with Russian intelligence services.
Meet Vladimir Vedeneev 👇
Meet Vladimir Vedeneev 👇
Reposted by Manuel Urueña
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
Really excited to see this research go live. We found 400 web based HMIs for US Water facilities open on Censys. With the EPA, we helped reduced that exposure by over 94%.
https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
June 5, 2025 at 4:51 PM
Great research. They found 400 web-based HMIs for US water facilities exposed online. All used same HMI/SCADA software. Some required credentials to access, some were in read-only mode and couldn't be manipulated. But 40 systems didn't require authentication and were fully controllable via internet
Reposted by Manuel Urueña
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper called PathWiper
blog.talosintelligence.com/pathwiper-ta...
blog.talosintelligence.com/pathwiper-ta...
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”
blog.talosintelligence.com
June 5, 2025 at 4:52 PM
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper called PathWiper
blog.talosintelligence.com/pathwiper-ta...
blog.talosintelligence.com/pathwiper-ta...
Reposted by Manuel Urueña
NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (aka “The Mask”), which then vanished and only resurfaced last year.
We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.
We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.
Mysterious hacking group Careto was run by the Spanish government, sources say | TechCrunch
The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group.
techcrunch.com
May 23, 2025 at 1:00 PM
NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (aka “The Mask”), which then vanished and only resurfaced last year.
We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.
We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.
Reposted by Manuel Urueña
Background info if you've no idea wtf I'm talking about:
blogs.microsoft.com/on-the-issue...
blogs.microsoft.com/on-the-issue...
Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
Microsoft and partners disrupted Lumma Stealer, malware used to steal data and enable cybercrime. Legal action was filed on May 13 by Microsoft DCU
blogs.microsoft.com
May 21, 2025 at 5:19 PM
Background info if you've no idea wtf I'm talking about:
blogs.microsoft.com/on-the-issue...
blogs.microsoft.com/on-the-issue...
Reposted by Manuel Urueña
Well this doesn't look good:
www.akamai.com/blog/securit...
www.akamai.com/blog/securit...
www.akamai.com
May 21, 2025 at 5:36 PM
Well this doesn't look good:
www.akamai.com/blog/securit...
www.akamai.com/blog/securit...