Notices by Christoffer S. (nopatience@swecyb.com), page 2

@anderseknert
For wherever it's worth, I'm a swede and this did indeed happen.

I would like to see the fact checking process of the mods to reach the stated conclusion.

I appreciate that many do this on a volunteer basis, but then we need to be even more considerate and ensure we work together.

Of course it will be reported by some as fake news, or course. But... No.

@GossiTheDog @dangoodin

If you perhaps remember the attack against TietoEvry in Sweden... there has been speculation that it was executed because of exactly this.

Attacker escaped from VM into the entire VMware cluster... which led to pretty much a full compromise of the entire datacenter.

Now it's NOT KNOWN whether this was the actual flaw that led to the successful attack, but it certainly is a very plausible (and viable) vector.

@aral ... and I just realized that before switching to nvim as my main editor, I used Sublime Text AND Merge.

I probably have a license around here somewhere... that's a good idea, I could use Sublime Merge for git management, and continue my nvim usage.

Thanks for reminding me about Merge 🙂

@aral Yeah, sorry... I should have made that clear.

I do have some basic "skills" in using git for local versioning, but because I also split my work between two computers I wanted to a reasonably simple way of getting the source code synced between devices using git. I have used syncthing previously but found myself more times than I'd like with some incomplete syncs between devices.

So the PRs is when i push to git, probably (very likely) incorrectly.

I'm a complete noob when it comes to source code management through git (one developer only).

Are there any good "for dummies" resources with clear and systematic workflows for how a single developer can work?

I'm trying to wrap my head around "branching/committing" often, tags and what not.

Right now I'm doing something wrong because I'm getting PRs on my own repo, I don't get it.

Need to learn.

#Git #SourceCode #Single #Developer #Python

Volexity: https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/

Multiple Russian threat actors have been identified targeting Microsoft 365 accounts through Device Code Authentication phishing campaigns, according to Volexity. These attacks, which began in mid-January 2025, involve social engineering and spear-phishing tactics, often masquerading as communications from reputable organizations like the U.S. Department of State and the Ukrainian Ministry of Defence.

#ThreatIntel #CyberSecurity #Russia

@dansup There is one thing I really liked from the G+ days - Circles.

It made sense. You have a circle of friends, coworkers, or hobby friends. Organizing in terms of circles made sense.

Even if Circles is more or less equivalent to Lists... it has a psychological effect or calling them Circles, more human.

And then having the option to decide access rights depending on Circles etc.

TL;DR - Circles from G+ was a neat idea, I miss it.

@Viss @cR0w @chillybot @jerry @lerg

haha... I feel I need to contribute.

I have seen Airwolf and ultimately feel qualified to assert that helicopters and airplanes should in fact attempt to avoid colliding.

I enjoy reading articles written by humans, because most often ... they read like as if a human had written it.

Tell me what you think of this one from Fortinet:

https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code

To me this reads like an LLM has generated the output based on some technical indicators.

What's your take? I really, really dislike it. Please dont write like this if you are a human.

#CybeeSecurity

Huntress: https://www.huntress.com/blog/analyzing-initial-access-across-todays-business-environment

Thorough analysis of initial access and the distribution of various techniques. Exploitation of 0days, contrary to reporting is not an especially common technique but using stolen creds and logging in, however, is.

Good read for sure and certainly helps with prioritization of defensive countermeasures.

#CyberSecurity #ThreatIntel

Pay for it Friday! Use this toot as an excuse to support your #Fediverse instance home. Perhaps that's #Mastodon, #Pixelfed or any of the other wonderful software projects enabling us all to communicate across platforms.

Setup a recurring donation, anything and everything really counts. I'm personally supporting Mastodon with a $20/monthly donation (and have done so since 2023!). In addition to running a Swedish cybersecurity instance.

Boost if you believe in the fediverse ideal. 🙂

Another thought regarding #OpenSource software. There is a pervasive mentality that such software cannot be associated with money. It appears hard to reconcile paying for something that is free.

This mentality must change. We must foster and support the idea that great software is costly to develop. How can we ensure that more people financially contribute to OSS if it supports them?

I believe that we should highlight those paying and supporting OSS. 1/x

How about a website/portal/system where we could aggregate and display how people could contribute and support various software packages. Where we encourage support, provide tools and guides to how one can support projects.

Perhaps (as a starting point) it could be a simple collection of popular projects where you can contribute financially, orgs enabling such support and how to connect with those?

I so fucking wish there were more hours available during each day...

I have been perhaps somewhat knowingly ignorant of Amazon practices as it relates to price blackmailing regarding books and the authors producing them.

Giving up Kindle is not easy, the comfort and ease with which to buy... license books, is well smooth.

How do people read digitally without Kindle? What are the alternatives?

I credit my enlightenment to @mwl when he in passing explained the reason for not selling through Amazon.

#Books #Kindle #Alternative

I wish some technically inclined and adept people could develop a browser, which I could also pay for.

This would allow them to align their interests with mine much more closely. I'm forking out quite a bit or money each month to various free software projects but there are literally no browsers building their business around just doing that, providing a browser.

Surely if #Kagi can succeed so must a #WebBrowser ?

Fork something and get started. I will be the first paying customer. $50/month.

A little embarrassed to admit that I had forgotten about @Vivaldi

They actually allow donations now. So I'm going to take Vivaldi for a more serious spin for a few months and also setup, during this time, a recurring monthly donation. And I guess I have to eat my own words and pay $50.

I discovered this because of a Toot from @jon and having read through much of what's on Vivaldi homepage... we have somewhat aligned incentives and "values".

Let's do this!

#SilentSunday

@BeAware ... that... could yeah... be useful.

I was kind of thinking like a note next to the export of a mute. So that it's more closely connected with the actual mute/block whatever.

But yeah... perhaps that could work as an intermediate solution!

It would be quite useful, when muting a user, that I could provide myself a note for future reference of why I muted the account in the first place.

#Mastodon #Features #Moderation #Tools

Guess memory only resident malware got entirely fucked today. Shame on all those backdoors and established C2-channels. Real shame.

#CyberSecurity #CrowdStrike