Well, that is interesting turn of events ;)

Well, I mean... on the silver plate

Heh, who will guard the guards?

Beating the dead horse?

LOL. Nothing is safe.

Nothing is secure.

>TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.

>In 2016, DARPA ran a similarly styled event for artificial intelligence (AI). One hundred teams entered their systems into the Cyber Grand Challenge. After completing qualifying rounds, seven finalists competed at the DEFCON hacker convention in Las Vegas. The competition occurred in a specially designed test environment filled with custom software that had never been analyzed or tested. The AIs were given 10 hours to find vulnerabilities to exploit against the other AIs in the competition and to patch themselves against exploitation. A system called Mayhem, created by a team of Carnegie-Mellon computer security researchers, won. The researchers have since commercialized the technology, which is now busily defending networks for customers like the U.S. Department of Defense. >There was a traditional human–team capture-the-flag event at DEFCON that same year. Mayhem was invited to participate. It came in last overall, but it didn’t come in last in every category all of the time.

>Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian. It could be used to target bot accounts in particular, due to their frequent interactions with other users and their increased likelihood to be included in Jira issues or requests or receiving emails with a "View Request" link - either condition being necessary for acquiring signup tokens.

All this data somewhere in the wrong hands (I mean - ODIN intelligence) "lost"

Check your 2FA implementations

Some useful information on hw security keys

Check the comments as well

Bad luck, but good report.

>“It was disturbing that they didn’t even try to protect the data,” Mr. Marx said, referring to the U.S. military. “They didn’t care about the risk, or they ignored the risk.”

hello password managers :)

10 out of 10. Christmas is coming early this year.

Should open source it already ;)

IMHO this will be more and more frequent in the future.

Interesting..

A helpful reminder, thanks.

nice catch

Who will guard the guards?

No password - no problem

“Successful exploitation of the three vulnerabilities lets any unprivileged user gain root privileges on the vulnerable device. Qualys security researchers have verified the vulnerability, developed an exploit and obtained full root privileges on default installations of Ubuntu.”

Here goes your security.

>"You'd walk into the offices and they were closed or they were turning you away saying 'come back next week maybe, but we don't know'," > There appears to be a financial motivation. Australian newspaper The Sydney Morning Herald reported the attackers had demanded a ransom, which the Vanuatu government refused to pay.

Digging to find something creative and interesting

(Hangs on the horse hair)

My fav security newsletter, free version.

Well... I mean - damn.

If it can be abused - it will be abused.

Ready ? fight