Cybersecurity - braedach.com - Always Learning (Page 2)

braedach.com - Always Learning

Sign in Subscribe

Cybersecurity

A collection of 81 posts

Hackers using Browser Extensions

Hackers using Browser Extensions

Here we go again Chromium-based browsers, including Chrome, Edge, and Brave, manage installed extensions via JSON preference files stored under %AppData%\Google\User Data\Default\Preferences (for domain-joined machines) or Secure Preferences (for standalone systems). Synacktiv research indicates that by directly altering these files, attackers can make the browser load

The VPN Enigma

Told you. Want a VPN then your own or replace your router. If you're not technically savvy this is the best option - get one with a VPN server and a client That way you can connect to it, and if required bounce back out via say America

Australian boards not cyber mature

Australian boards not cyber mature

Nothing new here New research showed that cyber investment priorities for the past 12 months neglected third-party vulnerabilities, despite it being the “number one cyber risk for Australian organizations”, it found GCs don’t see their boards as ‘cyber mature’, report findsNew research showed that cyber investment priorities for the

The Passkey Hijack

The Passkey Hijack

What really went down? Is the savior of authentication, the bane of hackers in trouble? A quick post. It's in the link Your passkeys could be vulnerable to attack, and everyone - including you - must actWhen a clickjack attack managed to hijack a passkey authentication ceremony, were

Immutable operating systems ??

Immutable operating systems ??

What are they? It's far easier to read this post than me rabbiting on. Immutable operating systems are a blessing and a curseThe double-edged sword of the Linux ecosystemXDAAyush Pande Starting with the brass tacks, immutable distributions essentially lock down the core part of your OS. On typical

Cybersecurity - another week

Cybersecurity - another week

Never stops. 1st September – Threat Intelligence Report - Check Point ResearchFor the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of

Clickjacking Vulnerabilities Found in Major Password Managers

Clickjacking Vulnerabilities Found in Major Password Managers

I fail to see the surprise. A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can exploit these vulnerabilities to

Asian Shift Cybersecurity Requirements to Suppliers

Asian Shift Cybersecurity Requirements to Suppliers

Businesses in Asia are paying more attention to the suppliers' cybersecurity, as third parties' poor cybersecurity hygiene leads to an increasing number of breaches. Earlier this month, Japanese chipmaker Kioxia Holdings reportedly notified its 3,000 suppliers that it would begin automated scans of their cybersecurity postures, with

Cyber insurance redefining rules

Cyber insurance redefining rules

Only a matter of time really. Cyber insurers are testing out new ways to hold policyholders accountable for outdated security, limiting payouts when policyholders fall prey to attacks that use older vulnerabilities or take advantage of holes in the organizations' defenses. The limits could start showing up in companies&

Microsoft Security

Microsoft Security

Need to review this and I seriously need to get back to my little GPO project but have a few other ones on at the moment who have been bumped up, due to the last months events. Still not so bad. Trying to show that I am practicing what I

The Covert Wars

The Covert Wars

The following post is not indicative of my posture in relation to what is going on in the Levant. I am sharing it to show that hot wars are always accompanied by cyber wars as explained in the following. I would have thought it obvious but apparently it is not.

Baselining @ a new level

Baselining @ a new level

The following post is an interesting read in how "spikes" in blocked (hopefully) incoming traffic may be a prelude to an incoming attack recon or possibly a breach in progress. Spikes in malicious activity precede new security flaws in 80% of casesResearchers have found that in roughly 80%

What is Vibe Coding

What is Vibe Coding

Basically its a human idea coded by an AI, and the way its going will make anyone a developer. What Is Vibe Coding? How It Works and 5 Quick Tips to Get You StartedThese AI coding agents are as miraculous as they are error-prone, but still worth a try.PCMag

Vehicle Key Fob Hack

Vehicle Key Fob Hack

I'm so glad i still have a physical ignition system that requires a piece of metal after reading this. Still not immune though. Quote From that one captured signal, the device can apparently reverse-engineer the cryptographic sequence, allowing it to emulate all keyfob functions, including lock, unlock, and

Telstra Email Scam

Telstra Email Scam

Yikes - heads up The Telstra email scam has become one of the largest scams affecting Telstra customers. Since 2023, when Telstra switched to its latest email system, the spam filtering has been ineffective at blocking scam emails for well-known phishing scams, leading to many Telstra customers losing control of

Russian Connections

Russian Connections

When your wifes mobile starts running off and behaving in a manner that is not normal you tend to start asking questions - especially in this day and age. Basically it blew the network baseline right out of the water. Stuff like that gets my attention. Device immediately put in

PiHole breached by its WP Plugin

PiHole breached by its WP Plugin

Here we go again Pi-hole discloses data breach triggered by WordPress plugin flawPi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.BleepingComputerSergiu Gatlan Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and

Top hacker in the world - is an AI

Top hacker in the world - is an AI

A hacker named Xbow has topped a prestigious security industry US leaderboard that tracks who has found and reported the most vulnerabilities in software from large companies. Xbow isn’t a person – it’s an artificial intelligence tool developed by a company of the same name. Security researchers and hackers

MSP Sued by Client

MSP Sued by Client

Whoops Cognizant manages Clorox's internal networks, and employees who have issues with their passwords, multi-factor authentication (MFA) codes, and VPNs must coordinate with the IT provider to regain access to their system. However, Clorox alleges that the Cognizant Service Desk gave access passwords without verifying the identity of

Qantas Gets Hacked

Qantas Gets Hacked

The game is afoot. Millions could be compensated over major Qantas data breachA national law firm has lodged a representative complaint against Qantas, seeking compensation on behalf of millions of customers whose personal data was compromised in the airline’s recent cyber attack.Lawyers WeeklyGrace Robbie The OAIC has confirmed

Superbase DNS - this is new

Superbase DNS - this is new

One major update and new signature alerts - off to the AI I do but go. Absolutely, Leon—no need to apologize at all. You're diving deep into network observability, and these alerts are gold for understanding what’s moving across your wire. Let’s unpack this one:

Ubiquiti Bumps its UDM Firmware

Ubiquiti Bumps its UDM Firmware

Woke up this morning to an email saying my UDM needs a firmware update, and it's a good update, although teething problems exist. Improvements: 1. Added support for CNAME DNS Records. 2. Added support for Cloudflare Content Filtering. 3. Added support for Alarm Manager. 4. Improved the Analytics

Microsoft Group Policy

Microsoft Group Policy

I thought I better explain myself Microsoft Group policy is a way to enhance and harden your Windows systems. If you are not running Windows home edition it is already installed and available. However, it is not configured by default and requires a little knowledge. Normally group policy would be

Microsoft Defender for Business

Microsoft Defender for Business

A relatively cheap (depending on your pricing plan) extended solution Go beyond traditional antivirus with enterprise-grade protection and vulnerability management for your Windows, macOS, iOS, and Android™ devices. Microsoft Defender for Business | Microsoft SecurityLearn about Microsoft Defender for Business, an endpoint security solution built to help protect small businesses against

Jpeg: New Attack vector

Jpeg: New Attack vector

This really is becoming a pain in the butt. Not only can't you trust the ads been served up by Googles Ad servers but now you have to think twice about looking at images on or from the internet. Probably why a lot of website images are ditching