GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Ravi Nayyar (ravirockks@infosec.exchange), page 4

  1. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Tuesday, 17-Dec-2024 07:48:19 JST Ravi Nayyar Ravi Nayyar
    in reply to

    Folks, this guidance on countering Salt Typhoon/Friends is not rocket science to implement if you have budget and a Board which cares about the core business.

    Question is: do you have those two things?
    https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/enhanced-visibility-and-hardening-guidance-communications-infrastructure

    In conversation about 6 months ago from infosec.exchange permalink

    Attachments


  2. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Saturday, 14-Dec-2024 10:08:59 JST Ravi Nayyar Ravi Nayyar

    UK PRA proposing major incident reporting obligations + amendments to reporting requirements re third party arrangements.

    Consultation page: https://www.bankofengland.co.uk/prudential-regulation/publication/2024/december/operational-incident-and-outsourcing-and-third-party-reporting-consultation-paper

    In conversation about 6 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/648/323/694/338/386/original/9b36fd221c4037b1.jpeg

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/648/323/694/991/837/original/428a417b4ffe10ea.jpeg

    3. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/648/323/697/465/778/original/af190b6440f597f3.jpeg
    4. Domain not in remote thumbnail source whitelist: www.bankofengland.co.uk
      CP17/24 – Operational resilience: Operational incident and outsourcing and third-party reporting
      Consultation paper 17/24
  3. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Sunday, 29-Sep-2024 07:30:03 JST Ravi Nayyar Ravi Nayyar
    in reply to
    • Kevin Beaumont

    @GossiTheDog Putting our cyber colleagues aside, why aren’t the cyber journos at specialist/mainstream outlets covering Handala?

    In conversation about 9 months ago from infosec.exchange permalink
  4. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Saturday, 14-Sep-2024 07:04:46 JST Ravi Nayyar Ravi Nayyar

    ‘… requiring accounts to enable two-factor authentication if they have direct access to the codebases that power plugins and themes’.

    AT LAST.
    https://cyberscoop.com/wordpress-two-factor-authentication-supply-chain/

    In conversation about 9 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: cyberscoop.com
      WordPress.org to require two-factor authentication for plugin developers 
      from Christian Vasquez
      The requirement begins Oct. 1. and would apply to plugin and theme authors.
  5. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Wednesday, 31-Jan-2024 12:59:55 JST Ravi Nayyar Ravi Nayyar

    'Incognito, a darknet drug marketplace, purchased the news site Darknetlive in November 2022. They have since used it to suppress criticism and steer public perception in their favor. This shift in ownership is chilling Tor journalism, ensuring that an invaluable publication will one day be seized and censored by government: DeepDotWeb’s history repeating'.

    Bit to unpack there.
    https://darkdot.com/articles/darknetlive-sold/

    In conversation Wednesday, 31-Jan-2024 12:59:55 JST from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Darknetlive Sold to Incognito Market
      Incognito, a darknet drug marketplace, purchased the news site Darknetlive in November 2022.
  6. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Sunday, 21-Jan-2024 10:35:42 JST Ravi Nayyar Ravi Nayyar

    Fundamental points by Prof Ciaran Martin about the British Library incident and its aftermath.

    = Why resilience matters.

    https://ciaranmartin.substack.com/p/on-the-matter-of-the-british-library

    In conversation Sunday, 21-Jan-2024 10:35:42 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/791/139/623/539/534/original/70680d4037a31e9d.png
  7. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Monday, 18-Dec-2023 14:18:54 JST Ravi Nayyar Ravi Nayyar
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller I hope whomever came up with the headline got a tank full of ice cream.

    In conversation Monday, 18-Dec-2023 14:18:54 JST from infosec.exchange permalink
  8. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Wednesday, 06-Dec-2023 16:08:16 JST Ravi Nayyar Ravi Nayyar

    'One highlight of the platform is the HuggingFace API ability with their Python library, which allows developers and organizations to integrate models, read, create, modify, and delete repositories or files within them.

    'In this groundbreaking research, our team has unearthed a staggering number of 1681 valid tokens laid bare through HuggingFace and GitHub, ushering us into unprecedented discoveries.

    'This massive effort enabled us to gain access to 723 organizations' accounts, with some of the most high-valued organizations, including giants like Meta, HuggingFace, Microsoft, Google, VMware, and more. Intriguingly, among these accounts, 655 users’ tokens were found to have write permissions, 77 of them to various organizations, granting us full control over the repositories of several prominent companies. Notably, some of the organizations with such extensive access included EleutherAI(Pythia), and BigScience Workshop(Bloom), highlighting the extent of our research's impact and its potential implications in the realm of supply chain attacks and organizational data integrity.

    'The gravity of the situation cannot be overstated. With control over an organization boasting millions of downloads, we now possess the capability to manipulate existing models, potentially turning them into malicious entities. This implies a dire threat, as the injection of corrupted models could affect millions of users who rely on these foundational models for their applications'.
    https://www.lasso.security/blog/1500-huggingface-api-tokens-were-exposed-leaving-millions-of-meta-llama-bloom-and-pythia-users-for-supply-chain-attacks

    In conversation Wednesday, 06-Dec-2023 16:08:16 JST from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Lasso Security Website
  9. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Friday, 03-Nov-2023 14:49:18 JST Ravi Nayyar Ravi Nayyar
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller What's an 'opposition government'?

    In conversation Friday, 03-Nov-2023 14:49:18 JST from infosec.exchange permalink
  10. Embed this notice
    Ravi Nayyar (ravirockks@infosec.exchange)'s status on Tuesday, 29-Aug-2023 13:21:34 JST Ravi Nayyar Ravi Nayyar

    🫡

    In conversation Tuesday, 29-Aug-2023 13:21:34 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosecmediaeu/media_attachments/files/110/964/348/191/378/763/original/01f60a5fd4ceef05.png
  • After

User actions

    Ravi Nayyar

    Ravi Nayyar

    Critical Software + Critical Infrastructure Law | PhD Candidate at the University of Sydney | Fellow and Research Contributor at the Australian Strategic Policy Institute | Associate Fellow at the Social Cyber Institute | Blogging at A Techno-Legal Update | Cricket, #Bloods, Bharatiyata | #StillRomancingWithLife

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          164635
          Member since
          29 Aug 2023
          Notices
          70
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.