Zach Vinduska

@cybersecmeg DFW, tools used to figure this out… I live here 🧐

OSINT challenge! where am i at?

So Okta is either currently breached or they were in January and never disclosed it to their company. Looks to be third party privilege rights related. Every company faces the risk of compromise, it’s how they handle it that sets them apart. Early disclosure would have been good

@JackRhysider Korn, because I’m old

What's your favorite linux shell and why?

So how bad will it be when plaid.com gets hacked. That financial data store will hurt. Stored banking credentials has to make it a target.

I thought they looked familiar.

I won’t lie, I stole this, no longer have the source but… funny

US Census Bureau hacked in January 2020 using Citrix exploit that was not patchable but had mitigating actions that failed to be done. bleepingcomputer.com/news/security/…

another day another #zeroday. #printnightmare #CyberSecurity Check in on your windows domain administrators, they are not okay today.

This will be interesting. We will see a spike on this now that it is public #CyberSecurity #ciso #Cisco #Vulnerability

credera.com/insights/shift… In a world of security talent that has no clue when it comes to DevSecOps its good to know there is a JW out there.

@jaimesbarton I hear you. I did not say Hacks, I said ransomware. The primary driver of these attacks in money. Always has been. Without the Ransom part, it will end. Hacking will never stop.

@ZachDusk i think that is far too short sighted, hacks were happening before. It needs to have another element than just to demonetize ransomware?

The only way we will see an end to #Ransomware attacks is to demonetize it. The efforts taken to deprive DarkSide of the money from the #ColonialPipeline hack has to be just the tip of the spear.

The DOJ has recovered the majority of the $4.4 million ransom Colonial Pipeline paid to the DarkSide hacking network in the wake of last month's cyberattack. "Today, we turned the tables on DarkSide," said U.S. Deputy Attorney General Lisa Monaco trib.al/l0xguot

@digitalcloudgal @Clarify360 Is that all? Seems simple, is not!

📌 Q: What are the steps in identity management? A: Provisioning, review, revocation, deletion v/ CCSP study guide Cc: @Clarify360 #cloud #cybersecurity #cio #ciso

#vulnerability in @VMware product has severity rating of 9.8 out of 10 Get to pathing even if you are not externally exposed. #CyberSecurity #CISO arstechnica.com/?post_type=pos…

Not security shaming here but I do love the use of “a limited number of files” exposed. Anything that is not unlimited is a limited amount. Sounds better than not everything was exposed, I guess. bleepingcomputer.com/news/security/…

Using Kali doesn’t mean you’re a bad hacker. Using stackoverflow doesn’t mean you’re a bad coder. Asking questions doesn’t mean you’re a bad engineer. Not knowing things doesn’t mean you’re bad at tech. Tech is about learning. Ask lots of questions & use all the resources.

A critical #vulnerability (CVE-2021-22986 / CVSS score: 9.8) affecting F5's BIG-IP and BIG-IQ products is UNDER ACTIVE ATTACKS after a PoC exploit was posted online. Read details: thehackernews.com/2021/03/latest… #infosec #cybersecurity #hacking #malware

@BradleyWCompton The best is to offer your product free for a period of time to bridge the gap created by SW issue. Then simply show your product is better and offer first year competitive price to cover partial expense of remaining SW license.

I've been a fan of the product for years but this is not a good look for #SolarWinds . As you can see from the list a lot of people were fans. Hopefully SolarWinds can see their way through this, but customers will want details or they will be gone.