Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 07-Mar-2025 08:09:31 JST Kevin Beaumont

   Your regular reminder that BYOD and hone access is killing your enterprise security, due to infostealers. https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 07-Mar-2025 08:12:20 JST Kevin Beaumont

     in reply to

     Also, a reminder that one year ago, Microsoft thought it would be okay to build Microsoft Recall into Windows, enable it by default, and make a text based log of everything you’ve ever viewed or typed easily accessible to infostealers.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 07-Mar-2025 13:19:00 JST Kevin Beaumont

     in reply to

     • da_667
     • cR0w :cascadia:

     @cR0w @da_667 yep, big source of the problem. Chrome syncs saved passwords bidirectionally, so your work creds get synced to your home PC. And your home PC is compromised.

   • Embed this notice
     da_667 (da_667@infosec.exchange)'s status on Friday, 07-Mar-2025 13:19:01 JST da_667

     in reply to

     @GossiTheDog Been beating this drum for years. Infostealers are a huge threat because of crossing the streams. whether its byod, or wfh with a company asset, and your kid decides that downloading and running free_robux.toteslegit.exe on your work laptop with saved passwords in the browser is totally fine.

   • Embed this notice
     cR0w :cascadia: (cr0w@infosec.exchange)'s status on Friday, 07-Mar-2025 13:19:01 JST cR0w :cascadia:

     in reply to

     • da_667

     @da_667 @GossiTheDog Or allowing users to log into browsers with their personal profiles because they say it's easier for them.