Cyber security news of the day – 2024 May 31

Cyber security news by Alexandre Blanc Cyber

2024 Friday 31

Here is what you should be aware of today :

BBC Breach Puts 25K Pension Scheme Members at Risk

Though information such as dates of birth, email addresses, and home addresses were compromised, « the Beeb » assures individuals that financial information is still protected. The cloud leaks, as usual, can’t trust systems you don’t own and manage ! #cloud #clowd #cybersecurity


CISA warns of actively exploited Linux privilege elevation flaw

It’s linux patch time !The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. (Oh by the way, the stupid cloud mostly runs on Linux, so you can just pray that they patch your workloads, otherwise, privilege escalation in shared hosting like public cloud, good luck ! !)


Snowflake compromised? Attackers exploit stolen credentials

Seems that the cloud is leaking and leaking and leaking again ! Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation.

The linked article share recommendation for Snowflake users to try to reduce the impact of the incident, aside of only praying, as this is the only thing you can do when you use public cloud, and it won’t fix much ! LOL … The cloud is a JOKE !

Another link on this deeply corrupted cloud topic : https://www.bleepingcomputer.com/news/security/snowflake-account-hacks-linked-to-santander-ticketmaster-breaches/


Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.

This is bad, while LinkedIn and Microsoft are busy blocking account from certified and verified security people like me, the real threat actors are taking down more than half a millions routers in the US ! (I’m a bit pissed, yes)

« More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users’ access to the internet. »


And that’s about it for now ! Thanks in advance for sharing, as I’m now the enemy No 1 on Linkedin :P Feel free to share the news yourself using the share buttons below ! Enjoy !

Loading

vendredi, mai 31st, 2024 Technologie Aucun commentaire

Alexandre Blanc Cyber Kicked out from Linkedin

Edit on 2024 June 8th, Saturday, after the involvement and support worldwide, and a pressure from an incredible amount of people, LinkedIn restored my account. They claimed I got banned because I shared a malicious link (this one : Owasp AI and Security Guide ). This is why they deleted me. And then, they claim that after verification, the link was finally not malicious.

As you can guess, it’s a power game, and they wanted to slap me for something they didn’t like. But the power of communities has been stronger. That’s my take. I can’t express how thankful I am for all the support. Love to you all. Will take a few days to get back on track fully.


Edit on Friday night, after finding a great article linked in the comment
(and here) , lately, as I started my own business, I also started to add many connections and sent a lot of requests. The linked article about LinkedIn account restriction explains that adding too many « unknown » people, will lead to this. So, it seems that looking to expand my network, actually killed my network.
Will edit the post if things move, but I think this is it. Too many connection requests sent. (about 30 I’d say)

So, hopefully you’ll learn from this, don’t fuck it up as I just did.

So I got this email, and got blocked on all my devices. I vanished from the platform, my cyber buddies told me they can’t find me anymore.

I obviously had verified ID, MFA, and all available option for security. At this point, when I try to login, I got the following message :

Which is interesting, because I don’t know what this is referring to, and this is not aligned with the email stating « fraudulent activity detected ». Well, I’m known to fight AGAINST fraud. So, that’s about it.

That’s the cloud, after all, I rant a lot about it, you own nothing, you control nothing, well, here is a plain example. No information, no way to know or recover.

I contacted support via the form 2 times, but nothing there. I’ll wait a bit, and then reach out to insiders.

Fun times ! This happened around noon on 2024 May 30th, so far no news. I guess lunch time :D

Loading

jeudi, mai 30th, 2024 Technologie 11 Comments

You’ll most likely find me on LinkedIn

LinkedIn Top Voice in technology in 2020, and many other things since then.

But what matters is bringing value, common sense, acting for good, aiming at privacy and security by design and by default.

Yet, I maintain my own server and blog here, because it allows me to own my content as well.

Anyways, to find me on LinkedIn, it’s here : https://www.linkedin.com/in/alexandre-blanc-cyber-security-88569022/

I use the domain inforeseau.com as my email domain as well, for my blog and other activities. It used to be the domain of my company in the early 2000s, and I kept it since then.

I did start my business as « Alexandre Blanc Cyber« , in cyber security and LinkedIn consulting services.

Basically splitting my time between security advisory and assessments, and consulting on LinkedIn success management.

I have a few slots for LinkedIn consulting, including LinkedIn page management, and acting as influencer etc. Obviously, this is a limited amount of slots as I commit to deliver value for my customers, but also keep time for the cyber security side of things. Feel free to reach out on LinkedIn or via email at alexandre at inforeseau.com

Loading

mercredi, mars 6th, 2024 Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
novembre 2024
L M M J V S D
 123
45678910
11121314151617
18192021222324
252627282930  
 

 
Suivez moi sur twitter - follow me on twitter
 
Follow on LinkedIn
[FSF Associate Member]
 
Free Software, Free Society
VIRTUALISATION :
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
SECURITE - FIREWALL :
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
HAUTE DISPONIBILITE :
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
STOCKAGE RESEAU :
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
OPTIMISATION WORDPRESS :
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
VPN - ROUTEUR - LAN:
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
TENDANCES - WEB:
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
Jquery
TRUCS ET ASTUCES GNU/LINUX :
Tuxmachines.org - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
MONITORING :
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
AUTRES LIENS :
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne
Inforeseau.fr