The Hacker Mind Robert Vamosi

Bots are actionable scripts that can slow your day to day business, be enlisted in denial of service attacks, or even keep you from getting those tickets Taylor Swift you desperately want.

You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info.That isn’t necessarily so.

With the recent Clop attack on customers of MoveIt, ransomware is now old news. Attackers are skipping the encryption and simply extorting the exfiltrated data, according to Thomas “Mannie” Wilken, from the Accenture Cyber Threat Intelligence Dark Web Reconnaissance Team.

Imagine a data dump of files similar to the Snowden Leaks in 2013, only this it’s not from the NSA but from NT Vulkan, a Russian contractor. And it’s a framework for targeting critical IT infrastructures.

Rather than use backdoor exploits, attackers are stealing credentials going through the front door. How are they gaining credentials. Sometimes it’s from the tools we trust. Paul Geste and Thomas Chauchefoin discuss their DEF CON 31 presentation Visual Studio Code is why I have (Workspace) Trust issues as well as the larger question of how much we should trust tools that we depend on daily. Transcript here.

What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors.