security
/security299
Discussion on all things web3 security and auditing
Recently I've received multiple calls that show up as Google on Caller ID
The 'person' on the other end sounds like an employee of Google and responds in a believably human way - I almost believed them when they said my Google account had been compromised
BUT thankfully I am 99% always suspicious of any calls on my cell phone except for those from a very select few people
TL;DR: ignore calls from anyone purporting to be Google - more details on how things could go horribly wrong if you don't https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/
The 'person' on the other end sounds like an employee of Google and responds in a believably human way - I almost believed them when they said my Google account had been compromised
BUT thankfully I am 99% always suspicious of any calls on my cell phone except for those from a very select few people
TL;DR: ignore calls from anyone purporting to be Google - more details on how things could go horribly wrong if you don't https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/
It’s strange to me that emails are allowed to show one url and direct to a different one (browsers too). I suppose because they need to track clicks. Seems like it should be a solved thing by now.
How has the web3 auditing landscape changed in 2024 in your opinion?
👮♀ 10 Cybersecurity Blogs/Websites for Cybersecurity Professionals/Hackers
1. Daniel Missler
https://danielmiessler.com
2. Graham Kewley
https://grahamcluley.com/about-this-site/
3. Security Weekly
https://scmagazine.com/security-weekly-blog
4. Infosecurity Logs
https://infosecurity-magazine.com
5. Hacker news
https://thehackernews.com
6. Intigriti
https://medium.com/intigriti
7. Hakluke
https://hakluke.com
8. Hacker 1
https://hackerone.com/hacktivity
9. BugCrowd
https://bugcrowd.com/crowdstream?filter=disclosures
10. IT Security Guru
https://itsecurityguru.org
1. Daniel Missler
https://danielmiessler.com
2. Graham Kewley
https://grahamcluley.com/about-this-site/
3. Security Weekly
https://scmagazine.com/security-weekly-blog
4. Infosecurity Logs
https://infosecurity-magazine.com
5. Hacker news
https://thehackernews.com
6. Intigriti
https://medium.com/intigriti
7. Hakluke
https://hakluke.com
8. Hacker 1
https://hackerone.com/hacktivity
9. BugCrowd
https://bugcrowd.com/crowdstream?filter=disclosures
10. IT Security Guru
https://itsecurityguru.org
Android malware (.apk) can be spread through a fake video by manipulating the telegram file extension. 0x6rss (X App) showed how it is done in the video below!
By @officercia
• x.com/officer_cia/status/1811176228918817226
By @officercia
• x.com/officer_cia/status/1811176228918817226
Think twice before clicking (suspicious) links.
The “interview” attack is so smart because so many legitimate companies have you install and run sketchy software when interviewing.
Side note - Perhaps a good interview method is to insert something that could be potentially malicious and see if prospective employee picks up on it.
Side note - Perhaps a good interview method is to insert something that could be potentially malicious and see if prospective employee picks up on it.
Hello, guys!
My wallet just got drained and I don't know what to do anymore. Can someone help me do it step by step? My mind won't work now. I can't process things.
My wallet just got drained and I don't know what to do anymore. Can someone help me do it step by step? My mind won't work now. I can't process things.
Getting hacked will continue to move in the direction of property crime or home crime. Where security is always the third-rate solution, necessary, yet not sufficient.
Shamelessly stealing memes I completely relate to 😭
Recently from rekt news involving the CertiK x Kraken incident: https://rekt.news/whitehat-grayarea/
(Another) if you missed it post!
@hatsfinance hosted a great space on X about becoming a security researcher.
Find it here: https://x.com/hatsfinance/status/1806284016254902592?s=46
And if it’s down for w/e reason I backed the audio up to TG: https://t.me/exosphere_eth
@hatsfinance hosted a great space on X about becoming a security researcher.
Find it here: https://x.com/hatsfinance/status/1806284016254902592?s=46
And if it’s down for w/e reason I backed the audio up to TG: https://t.me/exosphere_eth
If you missed it, DeFi Security Summit had a CrowdCast w/ Daniel Von Fange about the @krakenweb3 hack involving CertiK.
Give it a listen here: https://t.co/B7gW1Hy3xU
Give it a listen here: https://t.co/B7gW1Hy3xU
⚠️ please practice good cyber security. major organizations use threat modeling to protect their assets. don't neglect your assets
auditing from flights is a real thing
The more I read microsoft, aws and other big companies webpages the more I am convinced the people making decisions to purchase know nothing.
No technical explainers, no matrix to know if you're compatible. It "just works" but every tech person knows thats false, many vague statements like "this is secure"
sadge :(
No technical explainers, no matrix to know if you're compatible. It "just works" but every tech person knows thats false, many vague statements like "this is secure"
sadge :(
PSA: Don’t forget if you successfully participated in audit contests (Cantina, C4 and CodeHawks) before the March 24th snapshot, you may be eligible for ~16k ZK from the Zksync airdrop
It just occurred to me, I haven't yet stumbled upon any Security Researcher's post on farcaster
Though they are quite active on Twitter / X
Though they are quite active on Twitter / X
Microsoft Will Switch Off Recall by Default After Security Backlash
https://www.wired.com/story/microsoft-recall-off-default-security-concerns/
https://www.wired.com/story/microsoft-recall-off-default-security-concerns/
Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall
Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed
https://github.com/xaitax/TotalRecall
Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed
https://github.com/xaitax/TotalRecall
Everyone loves web3 until their assets start being drained off, then immediately requests come in - can we block the transfer? 😅
DMM Exchange confirms a $300M Bitcoin hack, valuing the loss at 48.2 billion yen.
They promise to cover all user losses, funded by DMM group companies if needed.
Services suspended include new account screenings, cryptocurrency withdrawals, and buying orders for spot trading.
They promise to cover all user losses, funded by DMM group companies if needed.
Services suspended include new account screenings, cryptocurrency withdrawals, and buying orders for spot trading.