med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

364
active users

#InfoSec

227 posts166 participants15 posts today

The Russians aren't coming, they are already here. Without most anyone realizing, they've created an entire malicious adtech industry whose story is just as complex as the Chinese organized crime we're now realizing from their ventures into pig butchering.

VexTrio is just one Russian organized crime group in the malicious adtech world, but they are a critical one. They have a very "special" relationship with website hackers that defies logic. I'd put my money on a contractual one. all your bases belong to russian adtech hackers.

Today we've released the first piece of research that may eventually prove whether I am right. This paper is hard. i've been told. I know. We've condensed thousands of hours of research into about 30 pages. @briankrebs tried to make the main points a lot more consumable -- and wrote a fabulous complimentary article : read both!

There's so much more to say... but at the same time, between ourselves and Brian, we've released a lot of lead material ... and there's more to come. I've emphasized the Russian (technically Eastern European) crime here, but as Brian's article points out there is a whole Italian side too. and more.

We've given SURBL, Spamhaus, Cloudflare, Domain Tools, several registrars, and many security companies over 100k domains. They are also posted on our open github.

Super thanks to our collaborators at Qurium, GoDaddy Sucuri Security, and elsewhere.

#threatintel #scam #tds #vextrio #cybercrime #cybersecurity #infosec #dns #infoblox #InfobloxThreatIntel #malware #phishing #spam

blogs.infoblox.com/threat-inte

krebsonsecurity.com/2025/06/in

Infoblox Blog · What is the Real Relationship between WordPress Hackers and Malicious Adtech?A cabal of Russian-nexus adtech companies are the cybercriminal choice to drive users to scams and malware from millions of compromised sites.

WestJet is dealing with a cybersecurity incident on internal systems and the WestJet app.

Press release: westjet.com/en-ca/news/2025/ad
Article: cbc.ca/news/canada/calgary/wes
- - -
WestJet est aux prises avec un incident de cyber sécurité sur leurs systèmes internes et l’app WestJet.

Communiqué de presse: westjet.com/fr-ca/nouvelles/20

www.westjet.comAdvisory: Cybersecurity incident

This dumb password rule is from Getin Bank.

The new password should contain at least 10 and a maximum of 20 characters.
The password must contain at least one upper case letter, one lower case
letter and one number. The password cannot contain non-ASCII Polish alphabet
characters, special characters `&<'"` or spaces.

dumbpasswordrules.com/sites/ge

dumbpasswordrules.comGetin Bank - Dumb Password RulesThe new password should contain at least 10 and a maximum of 20 characters. The password must contain at least one upper case letter, one lower case letter and one number. The password cannot contain non-ASCII Polish alphabet characters, special characters `&<'"` or spaces.

#Introduction

Hello, my name is Christoff.

I live in Illinois, USA, outside the St. Louis area. Below I'll talk about my technology and creative interests, and a bit about me personally. I'm going to hashtag the heck out of this post.

the whole "deadbeef" thing is the magic number from #Solaris for freed memory. I simply chose .monster TLD because it seemed cool and I like "extended" TLDs.

#Technology

I have been using a OpenBSD, #NetBSD, or #GNU/#Linux since the late 1990s as a primary workstation. I used macOS from 2020 to 2025, switching to the #KDE neon distro (KDE plasma is amazing and KDE isn't bloated anymore, yay!).

My current career is as a #pentester where I break into web applications, IP networks, mobile applications (especially #Android), and people to their face or over the phone; code #malware; write documentation; and enjoy helping clients in a third party contractor/consultant role. I started that job change in 2020, when I earned the #OSCP certification at the height of "#infosec twitter" when I did well there.

Previously I worked for about 20 years as a senior-level programmer, and systems, infrastructure, and database administrator. Burnout was very real and I was extremely bored/unfulfilled.

Now that programming and sysadmin stuff isn't my career, I find I enjoy programming and tinkering again.

I am a big fan of NetBSD and always have been. I am not a huge fan of GNU/Linux but I do appreciate things "just working", even if it is full of closed-source binary blobs and other garbage. It was fun in the 1990s.

I know many programming languages but have been paid professionally to code in #C, #Perl, #Python, #PHP, #Java, and #Groovy for big commercial entities like eBay, small companies, and the US government.

I've maintained 99.99% uptime for a 60MM+ platform for years, including failover and backups (that were regularly tested... you test your failover and backups, right?!).

I always wanted to be a cool C and low-level programmer, which I thought for the longest time was being a kernel programmer, but now I know that isn't the life for me.

Emacs is something I've enjoyed since the beginning and I still can't code a #Lisp well. I'd love to be a cool #lisper with #CommonLisp, but haven't gotten there yet. I'm on the #c64 and #embedded #retrocomputing train now.

#Creative

For creative stuff, I aim to do a lot but tend to hop around as interests take me. I could use some discipline there (someday?).

For #music, I have an electric #bass (Fender Jazz) and electric #guitar. I love #jambands (#GratefulDead, #Phish, #Goose) and that's the type of music I like to play along to.

For #art, I like #acrylic and #watercolor painting. I rarely do it, but think about it a lot and love it when I do it. I don't have any skill or talent, but that's not the point. It's for me and no one else.

For #computing, I am venturing into #C64 #demoscene programming and exploration. Not only was I too poor to get one when I was little but I sorta forgot about it over time. The desire to do cool things in a restricted environment where folks are playing in the sandbox, too, is very exciting and attractive to me. I don't know how to code the #Commodore64 stuff yet, but will! Learning the assembly language (I have zero desire to code in BASIC again and I can just code assembly).

I like #chess, but gave up playing a long time ago. I enjoy following the sport and ChessNetwork (Jerry) is someone I'm a big fan of and got to meet once at a chess club!

#Personal

I live with my soulmate and our five amazing cats in a small town outside St. Louis living a quiet life. Just doing our jobs, taking care of daily life stuff, and enjoying each other and life as much as we can. Ups and downs of life chaos, like anyone else, but we're doing alright!

We enjoy exploring places within driving distance and there are a lot of places to go to.

Currently, we're really into playing two-player games together and just started collecting #boardgames. Right now, we're really digging #SkyTeam, #RoyalGameOfUr, #ForrestShuffle, #SentinelsOfTheMultiverse, and this magnet game I don't know the name of. We have #SpiritIsland and #ArcNova to unwrap and learn. We tried really really hard to get into #ArkhamHorrorTheCardGame but the rules are too complicated and confusing, where it felt like we were doing the wrong thing all the time.

I am 46. I grew up loving Star Wars, Star Trek, #SciFi, reading novels non-stop, horror, and watching movies. I collect classic SciFi books from 1960s and 1970s.

I had two IQ tests as a kid and scored in the genius level. I killed a lot of brain cells from a youth finding myself, grateful for it, but thankfully made it out well. Other than being overweight, my physicals are straight down the middle perfect line (yay, genetics!) and my brain is still in top condition!

I would perhaps describe myself as an extremely curious person, that loves #puzzles and #mysteries, #exploration, figuring out #HumanBehavior like I'm an alien studying humans (I'm good at it, it turns out), that has a keen eye for detail, remembering random little things, and a good listener. I'm fairly adaptable and fluid in most things, which works well for me. My brain works differently than a lot of people, and while frustrating a lot of the time for things I don't understand fully, it is me and serves me well in niches.

Making people laugh makes me happy. I am a #hacker and #tinkerer.

I follow NCAA football #Buckeyes, professional #tennis, and #NFL #ClevelandBrowns. I enjoy it with other people and my other half, but not a huge fan for it solo.

People and public institutions are switching to Linux on the desktop in the name of digital sovereignty.

Even though it's happened before, Linux desktops didn't become attractive to malware/viruses. But now it's different, as it's part of US tradewars/imperialism. There are also far more companies and governments working on cyber attacks, so the Linux desktop is more likely to be included as a target. Microsoft would love that.

How to be proactive? Virus scanners? Software firewalls?

Ok so here's what gets me.

I go to the NoKings website. All good. nokings (dot) org.

Once I click on a location (ex: Seattle) I go without warning to mobilize (dot) us

It has it's own privacy policy.

Then there's a privacy policy for indivisible (dot) org. Not even sure when or if I end up on their website for any reason.

One event. Three (3!) places that your data gets collected.

Fairly charged data, as well.

Just one of the reasons I hate Third Parties.

1/ Saw someone talking about the Meta AI chatlogs. They posted phone screenshots of other people's conversations and claimed that all personal info was redacted.

It wasn't. Sensitive infomation was easily revealed by raising the brightness.

If you want to hide text in a screenshot, NEVER use a tool that is translucent (eg highlighter) regardless of how much you go over it. #infosec #privacy

New Open-Source Tool Spotlight 🚨🚨🚨

gVisor: a user-space application kernel designed for container isolation. It mimics a Linux kernel interface while being written in Go for memory safety, running in user space. Ideal for sandboxing workloads in Docker or Kubernetes. #Containers #Sandbox

🔗 Project link on #GitHub 👉 github.com/google/gvisor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

#Microsoft #Entra getting more unwanted attention. Didn't we hear about this a couple of months ago?

> Researchers at #Proofpoint are describing a hacking campaign that is using the team filtration pen testing framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. Blame is being placed on a threat actor called #UNK_sneakystrike. The attacks occurred from December of last year through to March.

#infosec podcasts.apple.com/us/podcast/

Microsoft Entra attack, Thursday’s Cloud outages, Mark Green retires
Apple PodcastsMicrosoft Entra attack, Thursday’s Cloud outages, Mark Green retiresPodcast Episode · Cyber Security Headlines · 06/13/2025 · 8m