photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

242
active users

#networksecurity

3 posts3 participants0 posts today

Your UPS might be a silent security risk.

Watch our new video to see how a standard uninterruptible power supply (UPS) became the gateway to hacking a real bank.

We walk you through:

▪ How UPS devices connect to networks—and why that matters
▪ The danger of default credentials on embedded systems
▪ How spoofed email servers let attackers steal domain credentials
▪ The exact steps that led to full network compromise

Watch now! youtu.be/Ru5RR9COqYw

youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Replied in thread

@VXShare @StarkRG @jay @vildis @vxunderground OFC, if their corporate firewall didn't blocklist your domain, most #MITM-based "#NetworkSecurity" solutions and "#EndpointProtection" will checksum files and instantly yeet them into the shadow realm.

  • Researchers should OFC only run those said malware only for research purposes and on #airgapped, sanctioned systems but they need to get their hands on them in the first place.

And lets be honest: Like with chemistry and medicine, one wants to have a supplier that isn't shady af but actually transparent.

  • The "alternative" would be to go into some "dark corners" and risk getting something else entirely.

More information on printer security, since they are often a cybersecurity blind spot!

Last week, we shared a warning about the unpatchable Brother printer vulnerability (CVE-2024-51978) that puts millions of devices at risk. If you haven’t updated your default admin passwords, do it now.

Since there was a lot of interest in this topic, we're sharing our classic, but still very relevant, on-demand webinar, "How I met your printer": youtu.be/b6d6RO2AFgw

@tompohl shares real-world techniques attackers use to exploit printers for initial access and lateral movement—exactly what we see in our penetration tests all the time.

If you haven’t tested your print infrastructure, now’s the time. Need help? Our pentest team can assess your network and highlight hidden vulnerabilities.

#Cybersecurity #CISO #PrinterSecurity #PenetrationTesting #LMGSecurity #NetworkSecurity #Infosec #ITsecurity
#penetrationtesting #pentest #pentesting

A single misstep in AD CS can hand attackers the keys to your entire domain—no passwords needed.

If your team installed Active Directory Certificate Services more than six months ago, your organization could be at risk.

Watch our new 4-minute video to see how a default setting enables low-privilege users to escalate all the way to domain admin and what you can do to reduce your risk. youtu.be/S59dNEPnJ4M

Hey #InfoSec and #Cybersecurity folks. My company's conference, LogicON 2025, is coming up in Dublin, OH.

It's a solid event with practical tracks on compliance, automation, & security ops. Also, you can earn up to 16 CPE credits toward your ISC2 certification renewal.

No marketing fluff, just good info from fellow engineers & IT leaders. It's a great opportunity to learn something new.

Check out the agenda and register here: whova.com/portal/registration/

Ever wonder how hackers really get in?

We sat down with LMG Security’s Penetration Testing Manager, @tompohl, to get penetration tester secrets from the front lines. From overlooked credentials to forgotten assets, these are the weak spots attackers love—and how to fix them.

We'll cover:

• The top entry points that attackers exploit
• Real-life examples from professional penetration testers
• Actionable tips to eliminate common network vulnerabilities

Don’t miss this behind-the-scenes breakdown: lmgsecurity.com/penetration-te

LMG SecurityPenetration Tester Secrets: How Hackers Really Get In | LMG SecurityDiscover real-world penetration tester secrets in this insider’s guide to how hackers break into networks. Learn common vulnerabilities and how to defend your organization.

🚨 Call for Papers 📢📃

💡 Submissions for the upcoming volume of Applied Cybersecurity & Internet Governance – an #openAccess peer-reviewed journal on #cybersecurity and new technologies – are still open!
💡 We invite all researchers writing on the technical, political, and legal aspects of new communication technologies, #networkSecurity, online #privacy, and cyberwarfare to participate. Learn more at acigjournal.com/For-Authors,45 and submit your paper via editorialsystem.com/acig.
💡 We follow the best practices of scientific publishing. Submitted articles undergo double-blind peer review, revision, and resubmission, and the approved research is published free of charge with no delay. ACIG is indexed by leading scientific databases and lists whose number continues to grow; just recently we have been accepted to be included in the Scopus database.

🚀 My new #DDoS book "DDoS: Understanding Real-Life Attacks and Mitigation Strategies" is now also available as an eBook! 🎉

Check it out here: ddos-book.com/

I’ve packed in everything I’ve learned from defending major German government sites against groups like Anonymous, Killnet, and NoName057(16).

It covers mitigations against #AI #crawlers and many other defenses for all network layers.

If you find it useful, I’d love it if you could boost and share to help more people defend themselves. ❤️

Thank you! 🙏

Sunday, June 1, 2025

UK identifies Russia as an ‘immediate and pressing’ threat in new defense review — Ukraine’s enduring cyber defense: Assessing resilience and impact of shifting international support — European leaders shift focus to defending Ukraine without US support — Pompeo urges Trump not to legitimize Russia’s land grabs in Ukraine … and more

activitypub.writeworks.uk/2025

Tor has launched Oniux, a new tool for anonymizing any Linux app’s network traffic via the Tor network.

Unlike previous solutions like Torsocks, Oniux uses Linux namespaces to isolate apps at the kernel level, ensuring leak-proof anonymity even with malicious apps.

Though experimental, Oniux could be a game-changer for enhanced privacy on Linux.

bleepingcomputer.com/news/secu

#Tor#Oniux#Linux

The FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.

Watch the full Cyberside Chats episode to hear @sherridavidoff and @MDurrin 's insights on:

🔹 The FBI’s May 2025 alert
🔹 TheMoon malware and the Faceless proxy service
🔹 What these botnets mean for your enterprise
🔹 What you need to do now to stay protected

🎥 Watch the video: youtu.be/x_40BlvWsHk
🎧 Listen to the podcast: chatcyberside.com/e/outdated-r

Think your network is locked down? Think again.

Register for our May 28th Cyberside Chats Live episode featuring special guest @tompohl, LMG Security’s Head of Penetration Testing, and discover the most common security gaps attackers exploit.

Tom will share how his team routinely gains domain admin access in over 90% of their engagements—and how you can stop real attackers from doing the same. He’ll break down the weak points they target, from insecure default Active Directory settings to overlooked misconfigurations—even in mature environments.

Register now: lmgsecurity.com/event/cybersid

LMG SecurityCyberside Chats: Live! How Hackers Get In: Penetration Testing Secrets from the Front Lines | LMG SecurityIn this quick, high-impact session, we’ll dive into the top three cybersecurity priorities every leader should focus on. From integrating AI into your defenses to tackling deepfake threats and tightening third-party risk management, this discussion will arm you with the insights you need to stay secure in the year ahead.

When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?

Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore?

With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past.

Dive into our new technical blog, No Exploits Needed: Using Cisco’s Own Features to Extract Credentials, for a behind-the-scenes look at how default settings can lead to a data breach.

In this post, Penetration Testing Team Manager @tompohl shares how he extracted a Cisco router’s entire running configuration—no credentials required—during a recent penetration test and offers tips for hardening your security. lmgsecurity.com/no-exploits-ne

LMG SecurityCisco SNMP Exploit Case Study: Internal Penetration Test Using Default Router Settings | LMG SecurityLearn how LMG Security penetration testers extracted a Cisco router’s running configuration using default SNMP settings and built-in features — no exploits required. See how internal tests uncover credential exposure and full network takeover risks.