Joshua Smith

@Jhaddix Well, you didn't say "please" so I think it's a fair response!

RUDE

Interesting research from @varonis about using malicious firewall rules to delete data in Azure SQL. Microsoft fixed it partially in August and completely in April. varonis.com/blog/malicious…

Tickets are now on sale for our #bsidesboulder annual event on 13 June! Your ticket purchase comes with lunch and a t-shirt. We expect our @KC7cyber CTF workshop will sell out given the limited seats, so get your ticket now. eventbrite.com/e/bsides-bould…

CFP reviews are now done and speakers have been notified! Expect schedule updates soon on our website, ideally mid-April.

Arkana ransomware group claims to have compromised "Wide Open West - WOW!", one of the largest Internet Service Provider's in the United States. First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant. Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought. Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message. tl;dr 1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners. 2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her. 3. Share generic company information which is public, primarily shareholders, company executives, directors, etc. 4. Provide table layouts impacting 403,000 customers including: - UserId - UserName, Password - SecurityQuestion - SecurityAnswer - Email - Full name - WOW service package information 5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?). 6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?). 7. The images (as well as the video) Arkana share show intimate and detailed access to WOW. This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.

Anyone open to carpooling from Denver? 😉

"(Attackers) average just 48 minutes to move through a corporate network after gaining access"

Check-out Forrester's take on how ReliaQuest helps SecOps teams elevate maturity with 3 unique approaches in our platform, GreyMatter.

@dis0wn_ @vxunderground @movShell ❤️ ozempic is amazing - huge breakthrough to help folks out. Whatever it takes to get kick started and help get the results and live healthier / longer ! Can help kick start healthy habits by removing the urge for food.

So, I see they've chosen violence...

Our global P3 (Purpose - Plan - Perform) event continues in Dublin, Ireland, bringing together teams from London and Dublin to align on our mission and sharpen our focus on what sets us apart. 🌍 This year we’re leaning in to our unique technology that we’ve built over 15+ years working in security operations at the enterprise. By leveraging data-stitching, detection at source and agentic AI, we empower teams to stay ahead of attackers and protect critical operations. This year, it’s all about seizing opportunities, and we have just scratched the surface of what’s possible. #ReliaQuest #MakeSecurityPossible #Cybersecurity #Teamwork

Happy Valentine's folks ❤️ I am excited to share with you my recent research @TRACLabs_ on #SocGholish post-exploitation phase and delivery of #GhostWeaver backdoor. Huge thanks to @ValidinLLC and @badsectorlabs for providing great tools and labs that helped in my research. Link: trac-labs.com/dont-ghost-the… Love you all 🫶

Wondering what to do this weekend? How about writing an abstract to present at this year's #bsidesboulder event on 13 June. Previous submissions we have accepted have ranged the gamut from lessons learned/war stories in cyber security, trends in the threat landscape, how to

Just used my botnet swarm to DDoS 300 elite hackers and scrape all their personal information from the IP address when my IP address was locked

@bouldersec Couldn't see the full link in your profile, so here: bsky.app/profile/boulde…

As the sayings foretold, we will not disclose the location of this month's BoulderSec or any future one on this platform. The true acolytes of Meepy can still find our updates and announcements by following us on other platforms! Goodbye and fuck Elon✌️

3rd party breach FTW

@0xTib3rius Jokes on them, I just wipe with the roll.

You just know there was a study performed at some point to figure out just how thin they could make toilet paper at airports before people would just give up on life.

We're witnessing the evolution of ransomware. Yesterday someone informed us of the existence of the new TTP of AWS S3 extortion. More specifically, Threat Actors abusing the Amazon Key Management Service (KMS) to encrypt company AWS buckets (or any cloud provider).