Rob Shapland

"Behind the scenes, it's going to be absolute chaos" Ethical hacker @rdshapland explains to Sky's @MattBarbet what might be happening at M&S amid an ongoing cyber attack More ➡️ trib.al/2IKgVVx 📺 Sky 501 and YouTube

👋Monday @TimesRadio: 7.05pm @KateMansey VE Day🇬🇧 7.15pm @Sima_Sabet Iran terror threat🇮🇷 7.25pm @rdshapland retail cyber attacks☠️ 7.35pm @ChristabelCoops @RogerGough2 @ZackPolanski local elex🗳️➡️ 8.05pm @EylonALevy Israel to seize Gaza🇮🇱 8.15pm @markysellers U16 social media📱

@joetidy Absolute nightmare. It’s surely going to cost billions. If that means lawsuits against crowdstrike then they’re in for a tough ride

If the windows outage is indeed a bug in Crowdstrike cyber security products it would be something we’ve not seen yet. Insurers would have a headache as the organisations affected did the *right* thing by having cyber protection which led to today’s disaster. Ouch

@FPL_Architect @OfficialFPL I keep hearing about analytics - how do you find them?

Analyzing the world number 1️⃣ (THREAD) This year’s FPL winner, Jonas Sand Låbakk, has obviously had an amazing season. If we take a closer look at it, how has he played to get where he finished? #FPL | @OfficialFPL |

@JPoliachik @SwiftOnSecurity @Google Could it be an open redirection vulnerability on a specific Facebook URL? I saw this on Amex, looked on google like it was taking you to the Amex site but it was actually an open redirect to a random site

Apparently @Google lets you run ads that link to a totally different page??? I ran into this scam a few days ago - very concerning

@joetidy There’s no motivation for them to delete it really. Unless they’ve run out of floppy disks

Very interesting - NCA says that whilst searching through seized servers of LockBit they found data belonging to some victims who had already paid the gang's ransom. So - more evidence that paying these criminals does not mean that your data is deleted as they promise.

“LockBit has caused enormous harm and cost. No longer”.

@_Matty723 @ToonPolls @NUFCblogcast @TheRedmenTV @afcstuff @theavfcfaithful @wearebrighton @bhabrasil @SeagullsCentral @TheAnfieldBuzz Hi Matty - I ordered the Brighton cards back in October (order 18215) but haven’t received them yet? Hoping to have them for a Christmas present

@jayesh25 Great insight. Do you focus mostly on new companies that have bug bounty programmes, so there are more potential vulns?

@SaveYourSons I work in tech, and I’d be very happy if my kids didn’t touch a phone or iPad until they’re 18. Preferably longer!

Steve Jobs, inventor of the iPad, didn't let his kids use iPads Whenever I post about this I always get comments along the lines of "good luck raising your kids without iPads, they're going to be technologically illiterate...they won't be able to get a job!" Because yes, the only way to ensure kids learn how to use technology is by giving them unfettered access to iPads starting at 2 years old. And if I want them to understand electricity, I should just hand them a fork and point them to the nearest electrical outlet. I know it's a lot easier to watch kids when they have an iPad. They're quiet and still. It's lke magic. Except it's not magic. It's dopamine firing in their tiny, developing brains. That's why they cry so much when you turn the iPad off. You took away their fix. "Sanctimonious andy griffith account stop telling me how to raise my kids!" I'm not telling you how to raise your kids. I'm saying why we raise ours the way we do. Yes there's a distinction. You can do what you want. Nobody is a perfect parent. I'm definitely not. My kids ate plain tortillas and peanut butter crackers for breakfast this morning (and they'll eat halloween candy with seed oils as a lsited ingredient tonight gasp). But I'm taking Steve Jobs' lead on the ipad issue (won't take his lead on other things parenting related, tbf).

@vysecurity Definitely the EDR! Or whoever is monitoring it. It’s like the Qualys style of making every vuln critical 😂

When you’re Red Teaming, and the EDR / Cyber solutions “miscategorize” an alert and scares the shit out of the customer. Is it your fault, or is it the EDR / Cyber solutions’ fault?

@vysecurity I’m surprised I’ve never had it happen - I guess the security team didn’t know or forgot about the change freeze. I think we’d probably try and pause the red team and resume after. Whether we charge then might depend on how important they are as a client

@rdshapland Basically we charge 0 if they freeze 😂

Thoughts from other Red Teams please? Client suddenly tells you there’s a 1 month “change freeze”, “freeze” or whatever, in the middle of a 3 month Red Team. 1) What do you do? 2) Are change freezes important when Red Teaming?

@nullenc0de Nice thread! Impressed you got them to pay for more than 5 days for an external pentest!

I spent a week on 100 subdomains and found nothing. Here is how I found more attack surface to land some serious bugs. 👇

@cybergibbons @KnowBe4 This is one of the many reasons why I’m not a fan of e-learning. And the fact that it’s just a box-ticking exercise so you can say “we’ve done our cyber training! We’re secure now!” to auditors

Recently had to do @KnowBe4's "Security Awareness Proficiency Assessment", and I've got to say, I think it's actively harmful to improving security. Let's look at the questions

‘The criminals are looking to profit on this as well.’ Cyber Expert @rdshapland discusses the growing number of scams targeting the new ULEZ payment system, and how drivers can avoid getting caught out. 🖥 GB News on YouTube bit.ly/3vAYaw0

Cyber security awareness training – it doesn’t have to be boring and ineffective 😴 Here are 5 ways to make training more interactive, fun and actually work 👇🧵

Today at 1.30pm Rob Shapland @rdshapland will be presenting at #NCSS2023 - not one to be missed!

@FPL_Architect Ben White. Southampton don’t concede much away from home, 3 ARS attackers seems overkill and it provides an easy third defender

I’m finding it really difficult to pick a 3rd defender on the FH. Trent and Trippier are 🔒, and I already have 3 LIV and 3 ARS. Castagne? Moreno? Guehi? Not really any appealing options.

I’ll be talking about the Genesis marketplace takedown on @TimesRadio tonight at 23:30, with a husky voice, in case anyone needs help falling asleep. #cyberattacks #hacking #CyberSecurity #infosec

#cyber #hacking #cyberattacks #GenesisMarket

The FBI have taken down the Genesis marketplace, which was used to sell personal details of anyone and everyone they could. I'll be on Times Radio at 23:30, but in the meantime, here's some advice on what to do:🧵