Sebastian Paul
@sebastian-paul.bsky.social
Interested in all things Security, Security Governance and AppSec. Occasional conference speaker. Opinions are my own, and not afraid to change them.
"For the entrance to this cave is guarded by a creature so foul, so cruel that no man yet has fought with it and lived. Bones of full fifty men lie strewn about its lair."
August 3, 2025 at 9:15 AM
"For the entrance to this cave is guarded by a creature so foul, so cruel that no man yet has fought with it and lived. Bones of full fifty men lie strewn about its lair."
Reposted by Sebastian Paul
NEW: In an 11th hour move, CISA spokesperson says the agency extended the contract for the MITRE-backed CVE Program last night:
April 16, 2025 at 12:11 PM
NEW: In an 11th hour move, CISA spokesperson says the agency extended the contract for the MITRE-backed CVE Program last night:
Fortinet just announced that multiple patches from the past 3 years were incomplete and leave you exposed. They will not tell you how to detect if or when you've been compromised. For your own good.
FortiGate customers w. SSL-VPN are in for a rough time...
www.linkedin.com/pulse/fortin...
FortiGate customers w. SSL-VPN are in for a rough time...
www.linkedin.com/pulse/fortin...
Fortinet is going the way of Oracle
Not that this is surprising for anyone in cybersecurity. Fortinet have made it very hard in recent years to love them.
www.linkedin.com
April 11, 2025 at 2:39 PM
Fortinet just announced that multiple patches from the past 3 years were incomplete and leave you exposed. They will not tell you how to detect if or when you've been compromised. For your own good.
FortiGate customers w. SSL-VPN are in for a rough time...
www.linkedin.com/pulse/fortin...
FortiGate customers w. SSL-VPN are in for a rough time...
www.linkedin.com/pulse/fortin...
In the past, malware on mobile devices was not a major concern. The tide seems to be turning now, and companies will need to start paying more attention to this. After all, whatever you can access from your company laptop, you can access it from a mobile too.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Counterfeit Android devices found preloaded with Triada malware
A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up.
www.bleepingcomputer.com
April 7, 2025 at 12:16 PM
In the past, malware on mobile devices was not a major concern. The tide seems to be turning now, and companies will need to start paying more attention to this. After all, whatever you can access from your company laptop, you can access it from a mobile too.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Always was.
Nuclear Is Now 'Clean Energy' In Colorado
https://hardware.slashdot.org/story/25/04/02/027233/nuclear-is-now-clean-energy-in-colorado?utm_source=rss1.0mainlinkanon&utm_medium=feed
Nuclear Is Now 'Clean Energy' In Colorado
With the signing of HB25-1040 on Monday, Colorado now defines nuclear as a "clean energy resource" since it doesn't release large amounts of climate-warming emissions. "The category was previously reserved for renewables like wind, solar and geothermal, which don't carry the radioactive stigma that'...
hardware.slashdot.org
April 2, 2025 at 1:13 PM
Always was.
Oracle is going to release all the details about their data breach!
April 1, 2025 at 4:02 PM
Oracle is going to release all the details about their data breach!
So it begins... The MASSIVE Oracle breach is all but confirmed. Oracle is still keeping weirdly quiet, even though they appear to have known for a month. Everyone will be scrambling to reset credentials for now, but lawsuits will not be far behind.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associat...
www.bleepingcomputer.com
March 26, 2025 at 10:03 PM
So it begins... The MASSIVE Oracle breach is all but confirmed. Oracle is still keeping weirdly quiet, even though they appear to have known for a month. Everyone will be scrambling to reset credentials for now, but lawsuits will not be far behind.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Anyone can become a phishing victim. But the way in which @troyhunt.com owned it and was fully transparent about the situation is a very good example of how we should act in such situations and how to prioritize your customers.
(Oracle, you might want to take notes.)
www.troyhunt.com/a-sneaky-phi...
(Oracle, you might want to take notes.)
www.troyhunt.com/a-sneaky-phi...
A Sneaky Phish Just Grabbed my Mailchimp Mailing List
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish h...
www.troyhunt.com
March 25, 2025 at 2:14 PM
Anyone can become a phishing victim. But the way in which @troyhunt.com owned it and was fully transparent about the situation is a very good example of how we should act in such situations and how to prioritize your customers.
(Oracle, you might want to take notes.)
www.troyhunt.com/a-sneaky-phi...
(Oracle, you might want to take notes.)
www.troyhunt.com/a-sneaky-phi...
Apple getting sued about misrepresenting/falsely advertising AI features in Siri. This should be a wake-up call for any company over-promising on AI. Which is like... almost everyone.
www.theregister.com/2025/03/21/a...
www.theregister.com/2025/03/21/a...
Apple hallucinated Siri AI features, lawsuit claims
: Broken commitment to deliver hyped Intelligence upgrade branded false advertising
www.theregister.com
March 24, 2025 at 6:48 PM
Apple getting sued about misrepresenting/falsely advertising AI features in Siri. This should be a wake-up call for any company over-promising on AI. Which is like... almost everyone.
www.theregister.com/2025/03/21/a...
www.theregister.com/2025/03/21/a...
Plot thickens. CloudSEK published a follow-up blog indicating the leak is likely real.
Oracle, your move.
How about a clear statement "The claims are false"? No wordsmitting, just a clear denial. Or confirmation. Anything that's unequivocal, we'll take it.
www.cloudsek.com/blog/part-2-...
Oracle, your move.
How about a clear statement "The claims are false"? No wordsmitting, just a clear denial. Or confirmation. Anything that's unequivocal, we'll take it.
www.cloudsek.com/blog/part-2-...
Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up Analysis | CloudSEK
On March 21, 2025, CloudSEK’s XVigil platform flagged a significant threat—a threat actor offering 6 million exfiltrated records from Oracle Cloud for sale. Despite Oracle’s public denial, our deep-di...
www.cloudsek.com
March 24, 2025 at 6:34 PM
Plot thickens. CloudSEK published a follow-up blog indicating the leak is likely real.
Oracle, your move.
How about a clear statement "The claims are false"? No wordsmitting, just a clear denial. Or confirmation. Anything that's unequivocal, we'll take it.
www.cloudsek.com/blog/part-2-...
Oracle, your move.
How about a clear statement "The claims are false"? No wordsmitting, just a clear denial. Or confirmation. Anything that's unequivocal, we'll take it.
www.cloudsek.com/blog/part-2-...
The Oracle breach story is getting more complicated. Oracle denies it, but then the threat actor posts again claiming it's the real deal: x.com/rose87168. They also claim to have dumped DHL data from the Oracle supposed leak, but not verified yet (t.co/fyjUpeiDNj).
March 24, 2025 at 5:02 PM
The Oracle breach story is getting more complicated. Oracle denies it, but then the threat actor posts again claiming it's the real deal: x.com/rose87168. They also claim to have dumped DHL data from the Oracle supposed leak, but not verified yet (t.co/fyjUpeiDNj).
Reposted by Sebastian Paul
Reposted by Sebastian Paul
The BlackBasta ransomware gang developed and used its own custom tool to brute-force enterprise firewalls and VPN remote-access products.
Named Bruted, the tool was written in PHP and could brute-force the following products (see image)
blog.eclecticiq.com/inside-brute...
Named Bruted, the tool was written in PHP and could brute-force the following products (see image)
blog.eclecticiq.com/inside-brute...
March 16, 2025 at 10:41 AM
The BlackBasta ransomware gang developed and used its own custom tool to brute-force enterprise firewalls and VPN remote-access products.
Named Bruted, the tool was written in PHP and could brute-force the following products (see image)
blog.eclecticiq.com/inside-brute...
Named Bruted, the tool was written in PHP and could brute-force the following products (see image)
blog.eclecticiq.com/inside-brute...
Reposted by Sebastian Paul
"A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code."
"Security Alert: Unusual Access Attempt We have […]
"Security Alert: Unusual Access Attempt We have […]
Original post on infosec.exchange
infosec.exchange
March 17, 2025 at 1:33 PM
"A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code."
"Security Alert: Unusual Access Attempt We have […]
"Security Alert: Unusual Access Attempt We have […]
People, it's finally happening! Shift+Ctrl+V is beginning to work in (some) Office applications to paste text without formatting! Notable exception: Outlook.
Thanks @microsft.bsky.social for finally implementing this. And please do Outlook too.
Thanks @microsft.bsky.social for finally implementing this. And please do Outlook too.
a man is making a funny face with his mouth open and a fist in his hand .
ALT: a man is making a funny face with his mouth open and a fist in his hand .
media.tenor.com
March 17, 2025 at 11:57 AM
People, it's finally happening! Shift+Ctrl+V is beginning to work in (some) Office applications to paste text without formatting! Notable exception: Outlook.
Thanks @microsft.bsky.social for finally implementing this. And please do Outlook too.
Thanks @microsft.bsky.social for finally implementing this. And please do Outlook too.
@NS_online, I'm also saddened by the inexorable passing of the time...
March 15, 2025 at 10:03 AM
@NS_online, I'm also saddened by the inexorable passing of the time...
"In the fields the bodies burning
as the war machine keeps turning"
"Politicians hide themselves away
they only started the war
Why should they go out to fight?
They leave that role to the poor"
Timeless...
youtu.be/K3b6SGoN6dA?...
as the war machine keeps turning"
"Politicians hide themselves away
they only started the war
Why should they go out to fight?
They leave that role to the poor"
Timeless...
youtu.be/K3b6SGoN6dA?...
BLACK SABBATH - "War Pigs" (Live Video)
YouTube video by Black Sabbath
youtu.be
March 15, 2025 at 7:05 AM
"In the fields the bodies burning
as the war machine keeps turning"
"Politicians hide themselves away
they only started the war
Why should they go out to fight?
They leave that role to the poor"
Timeless...
youtu.be/K3b6SGoN6dA?...
as the war machine keeps turning"
"Politicians hide themselves away
they only started the war
Why should they go out to fight?
They leave that role to the poor"
Timeless...
youtu.be/K3b6SGoN6dA?...
Good talk was good! Always happy when I manage to engage the audience - and the room got even more full during the talk. Everyone took something useful out of the presentation, and had many interesting conversations afterwards.
Thank you, @1ns0mn1h4ck.bsky.social, I had a great time. Will be back!
Thank you, @1ns0mn1h4ck.bsky.social, I had a great time. Will be back!
March 15, 2025 at 6:46 AM
Good talk was good! Always happy when I manage to engage the audience - and the room got even more full during the talk. Everyone took something useful out of the presentation, and had many interesting conversations afterwards.
Thank you, @1ns0mn1h4ck.bsky.social, I had a great time. Will be back!
Thank you, @1ns0mn1h4ck.bsky.social, I had a great time. Will be back!
Can I take onboard my own pocket knife with a blade shorter than 6cm? No!
But can I buy in the airport a Victorinox Explorer with a 10cm blade? Absolutely!
#SecurityTheatre
But can I buy in the airport a Victorinox Explorer with a 10cm blade? Absolutely!
#SecurityTheatre
March 15, 2025 at 6:41 AM
Can I take onboard my own pocket knife with a blade shorter than 6cm? No!
But can I buy in the airport a Victorinox Explorer with a 10cm blade? Absolutely!
#SecurityTheatre
But can I buy in the airport a Victorinox Explorer with a 10cm blade? Absolutely!
#SecurityTheatre
Reposted by Sebastian Paul
🎉 Join @sebastian-paul ’s session: "What if I told you that Security is here to help?" at Insomni'hack 2025.
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
March 7, 2025 at 8:39 AM
🎉 Join @sebastian-paul ’s session: "What if I told you that Security is here to help?" at Insomni'hack 2025.
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
Reposted by Sebastian Paul
📢 @christophetd.fr will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
March 10, 2025 at 10:18 AM
📢 @christophetd.fr will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
Reposted by Sebastian Paul
A threat actor brute-forcing the server infrastructure of Chinese and US West Coast internet service providers.
The attackers are compromising servers, stealing credentials, and then deploying cryptocurrency miners
www.splunk.com/en_us/blog/s...
The attackers are compromising servers, stealing credentials, and then deploying cryptocurrency miners
www.splunk.com/en_us/blog/s...
Infostealer Campaign against ISPs | Splunk
The Splunk Threat Research Team observed actors performing minimal intrusive operations to avoid detection, with the exception of artifacts created by accounts already compromised.
www.splunk.com
March 9, 2025 at 5:32 PM
A threat actor brute-forcing the server infrastructure of Chinese and US West Coast internet service providers.
The attackers are compromising servers, stealing credentials, and then deploying cryptocurrency miners
www.splunk.com/en_us/blog/s...
The attackers are compromising servers, stealing credentials, and then deploying cryptocurrency miners
www.splunk.com/en_us/blog/s...
So in a belated birthday present, I managed to finally do a half-marathon under 2:10 hours - a long standing but elusive goal of mine. And for the lulz, I decided to also go for a 10K run. Good day was good!
March 10, 2025 at 7:04 AM
So in a belated birthday present, I managed to finally do a half-marathon under 2:10 hours - a long standing but elusive goal of mine. And for the lulz, I decided to also go for a 10K run. Good day was good!
Reposted by Sebastian Paul
A consortium of 32 media outlets have published stories on an online fraud group they named The Scam Empire.
The group is facilitating the spread of disinformation and running a wide range of online scams, with call centers all over Europe.
www.qurium.org/scam-empire/
The group is facilitating the spread of disinformation and running a wide range of online scams, with call centers all over Europe.
www.qurium.org/scam-empire/
The Scam Empire
— A collaborative investigation by 32 media outlets around the world, is based on files leaked by a whistleblower to Swedish Television (SVT) and coordinated by OCCRP, a global investigative journalis...
www.qurium.org
March 6, 2025 at 12:49 PM
A consortium of 32 media outlets have published stories on an online fraud group they named The Scam Empire.
The group is facilitating the spread of disinformation and running a wide range of online scams, with call centers all over Europe.
www.qurium.org/scam-empire/
The group is facilitating the spread of disinformation and running a wide range of online scams, with call centers all over Europe.
www.qurium.org/scam-empire/
If you're attending @1ns0mn1h4ck.bsky.social next week, come join my session where I will be discussing practical approaches for being a more effective cybersecurity leader - while also having fun doing it!
Thursday morning, March 13 at 11:30. See you there, you won't regret it.
Thursday morning, March 13 at 11:30. See you there, you won't regret it.
🎉 Join @sebastian-paul ’s session: "What if I told you that Security is here to help?" at Insomni'hack 2025.
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📌 Last days to get your ticket: insomnihack.ch/talks/what-i...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
March 7, 2025 at 10:47 AM
If you're attending @1ns0mn1h4ck.bsky.social next week, come join my session where I will be discussing practical approaches for being a more effective cybersecurity leader - while also having fun doing it!
Thursday morning, March 13 at 11:30. See you there, you won't regret it.
Thursday morning, March 13 at 11:30. See you there, you won't regret it.