Gal Shpantzer

Availability is the new confidentiality(TM). Gal Shpantzer, 2016

I’m with Jason on this.

Reposting some ransomware stuff from years ago, thinking about how this stuff evolved and how many are still vulnerable to/surprised by ye olde ways

Ransomware uses full-screen Windows updates progress UI to get user to wait while it encrypts their files blog.kaspersky.com/fantom-ransomw…

This #ransomware has no Word macro. It tricks users to run the embedded OLE package and delete their backups.

⚠️ Update: It has now been 24 hours since #Iran implemented a nationwide internet shutdown, with connectivity flatlining at 1% of ordinary levels. The ongoing digital blackout violates the fundamental rights and liberties of Iranians while masking regime violence ⏱

This one here is a goodie! A customer called us because they had several incidents where the system time "magically" jumped days, sometimes even months, back and forth (see screenshot). You can imagine the issues inflicted by this behavior. So the question was.. Cyber? Attacker? Misconfiguration? If you have never heard of Secure Time Seeding, you might want to read the article on Ars Technica. It might save your day eventually. [1] Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order. “You may ask - why doesn’t the device ask the nearest time server for the current time over the network?” Microsoft engineers wrote. “Since the device is not in a state to communicate securely over the network, it cannot obtain time securely over the network as well, unless you choose to ignore network security or at least punch some holes into it by making exceptions.” To avoid making security exceptions, Secure Time Seeding sets the time based on data inside an SSL handshake the machine makes with remote servers. Despite the checks and balances built into STS to ensure it provides accurate time estimates, the time jumps indicate the feature sometimes makes wild guesses that are off by days, weeks, months, or even years. 🤯 You can turn this feature off, as our client did. [2] [1] arstechnica.com/security/2023/… [2] #secure-time-seeding" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/windows-…

In various business email compromise (BEC) cases, we later discovered that although the customer had set up a conditional access (CA) policy to enforce multi-factor authentication, mistakes had been made during the implementation of said policies. For example, certain resources were excluded, allowing attackers to access data despite the policy. In other cases, specific user agents were excluded. The list is relatively long. There are various tools that allow you to automatically test different login processes, user agents, and resources. I briefly tried NoPrompt over the weekend, and it was super easy to use. [1] This is also a simple step that I, as a cloud administrator, can take to identify low-hanging fruit for attackers. Otherwise, you might lull yourself into a false sense of security that can be easily circumvented. [1] claranet.com/us/blog/noprom…

@bettersafetynet @DFS_JasonJ Remember SOAR? It was gonna do all those things… just add dot ai and it’s already half way to automating all the things

@DFS_JasonJ or... more disturbingly, those teams have been chronically under performing. There's a vast difference between good and... not. ;-)

The problem here? These AI grifters are doing some insane damage. I had a chat w/ the cyber security director of REDACTED. They wanted to have AI fully automate all level 1 activity, CTI, and detection creation. When I explored what current state is w/ them, they got mad. 1

@anton_chuvakin Drink water, eat more fiber, eat less salt, wash your hands. The treadmill won’t stop.

Quick weird #question: is it valuable to continue giving the same security advice that people have been giving for 30+ years, IF you believe that it is philosophically correct? (1/2)

@RSnake @visegrad24 She’s Not Incorrect (TM)

@visegrad24 @Shpantzer What say you?

Sweden Deputy Prime Minister and Minister of Energy Ebba Busch stated today that "she's furious with Germany" for dismantling its nuclear power plants, causing a spike in energy prices in Sweden. Southern Sweden has record-high energy prices today due to having send electricity to Germany via undersea power cables today. Cold weather coupled with no wind has driven up the demand in Germany from other sources than wind. EU regulations force Sweden to send that electricity to Germany, driving up prices in southern Sweden today to be nearly 200 times higher than they are in northern Sweden. A 10-minute shower in southern Sweden costs around USD 5 during today's price spike. Ebba Busch added that Germany's decision to dismantle its nuclear power plants has also other detrimental effects for Europe: "I'm furious with the Germans. They have made a decision for their country, which they have the right to make; it's their right to decide. But it has had very serious consequences, also for the EU's competitiveness because we see that German competitiveness has dropped significantly." She said that Germany's actions have also reduced its ability to help Ukraine. - “After Russia's invasion of Ukraine, they still chose to dismantle their nuclear power plants... I respect that people can have different opinions about nuclear power plants, but we could have kept it. They are important because they are baseload power plants. Having access to such baseload power plants would have increased the transmission capacity from Germany to other electricity price areas in Europe, driving down prices for all of us"

Kinda wild that this "AI coding assistant" that creates GitHub PRs according to changes I request was almost entirely written by me prompting ChatGPT. About 700 lines of code, and really just two evenings performing iterated prompting & some cut/paste & some minor edits.

@skamille Pre-ordered, says Nov 12 ETA

Got to connect with @RachelTobac on some of the latest AI deepfake news about Taylor Swift. Rachel is one of the top experts in all things social engineering and we decided to start recording our side chats for you all.

This.

Everyone: Telegram is encrypted. Experts: Telegram IS NOT an encrypted messaging app <CEO gets arrested> News: Telegram is an encrypted messaging app. Experts: Telegram IS NOT an encrypted messaging app.

This is what it looks and sounds like when your child breaks the world record at the Olympics. This is shot live from my perspective.

Please make this happen. I would love nothing more than to have an image parser run during a bugcheck

Has anyone in my network deployed Copilot for Microsoft 365 and users feel they're getting $30/mo value from it?

Dear Platforms: Stored blind XSS is NOT social engineering