moton

@moton

a.k.a Matt has been a hacker event director at avtokyo.org since 2006. buymeacoffee.com/moton

Joined October 2007

581 Following

543 Followers

moton’s Tweets

moton

@moton

SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - SecurityWeek -

securityweek.com

SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022

More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

moton

@moton

VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability - SecurityWeek -

securityweek.com

Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

moton

@moton

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability -

thehackernews.com

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

OpenSSH releases update to fix multiple security bugs, including a pre-authentication double free vulnerability (CVE-2023-25136). Upgrade now!

moton

@moton

Dashlane password manager open-sourced its Android and iOS apps -

bleepingcomputer.com

Dashlane password manager open-sourced its Android and iOS apps

Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative Commons Attribution-NonCommercial 4.0 license.

moton

@moton

Linux version of Royal Ransomware targets VMware ESXi servers -

bleepingcomputer.com

Linux version of Royal Ransomware targets VMware ESXi servers

Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.

moton

@moton

The 20 Coolest Cloud Security Companies Of The 2023 Cloud 100 | CRN -

crn.com

The 20 Coolest Cloud Security Companies Of The 2023 Cloud 100 | CRN

Cloud security companies making cybersecurity jobs easier and driving innovation around stopping ransomware attacks, hackers and other data security issues include Check Point, Fortinet, Netskope,...

moton

@moton

Feb 4

MITRE CREF Navigator empowers enterprises to improve cyber resiliency strategies - Help Net Security -

helpnetsecurity.com

MITRE CREF Navigator empowers enterprises to improve cyber resiliency strategies - Help Net Security

MITRE's CREF Navigator allows organizations to customize their cyber resiliency goals , objectives and techniques.

moton

@moton

Feb 4

Business Email Compromise attack imitates vendors, targets supply chains -

malwarebytes.com

Business Email Compromise attack imitates vendors, targets supply chains

We take a look at a smart social engineering ploy being used in Vendor Email Compromise attacks.

moton

@moton

Feb 4

How the CISA catalog of vulnerabilities can help your organization -

malwarebytes.com

How the CISA catalog of vulnerabilities can help your organization

The CISA catalog of known exploited vulnerabilities is designed for the federal government and useful to everyone.

moton

@moton

Feb 4

Supply Chain Security: What is the SLSA? (Part I) -

blog.gitguardian.com

Supply Chain Security: What is the SLSA? (Part I)

Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain...

moton

@moton

Feb 4

EXPLOITATION ATTEMPTS FOR ORACLE E-BUSINESS SUITE FLAW OBSERVED AFTER POC RELEASE -

securityaffairs.com

Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release

Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published.

moton

@moton

Feb 3

MITRE Releases Tool to Design Cyber Resilient Systems -

darkreading.com

MITRE Releases Tool to Design Cyber Resilient Systems

Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber resiliency capabilities.

moton

@moton

Feb 3

PoC Exploit for Adobe Acrobat Reader DC RCE Vulnerability (CVE-2023-21608) Released -

securityonline.info

PoC Exploit for Adobe Acrobat Reader DC RCE Vulnerability (CVE-2023-21608) Released • Penetration...

A security researcher has released proof-of-concept (PoC) exploit code for a recently patched code execution vulnerability affecting Adobe Acrobat Reader DC software. Tracked as CVE-2023-21608 (CVSS...

moton

@moton

Feb 3

Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability -

thehackernews.com

Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability

A new critical authentication vulnerability has been discovered in Atlassian's Jira Service Management Server and Data Center products.

moton

@moton

Feb 3

Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security -

helpnetsecurity.com

Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Enterprises are finding it increasingly difficult to gain visibility into cloud activities and comply with various stringent regulations.

moton

@moton

Feb 2

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter -

darkreading.com

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

Analysts find that 98% of QNAP NAS are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.

moton

@moton

Feb 2

What is an OSINT Tool - Best OSINT Tools 2023 -

hackread.com

What is an OSINT Tool - Best OSINT Tools 2023

moton

@moton

Feb 2

Phishing Resistance – Protecting the Keys to Your Kingdom | NIST -

nist.gov

Phishing Resistance – Protecting the Keys to Your Kingdom

moton

@moton

Feb 2

API MANAGEMENT (APIM): WHAT IT IS AND WHERE IT’S GOING -

securityaffairs.com

API management (APIM): What It Is and Where It’s Going

Analyzing the concept of API management (APIM), its benefits, and what it will look like as the API landscape continues to evolve.

moton

@moton

Feb 2

Supply Chain Security: What You Need to Know - Part 1: On Being a Sausage Expert - Eclypsium -

eclypsium.com

Supply Chain Security: What You Need to Know - Part 1: On Being a Sausage Expert - Eclypsium

All technology has a supply chain, from the meatiest servers and cloud instances to the most humble security camera. This is because supply chains make things far easier, more efficient, and cost-e...

moton

@moton

Feb 2

North Korean hackers stole research data in two-month-long breach -

bleepingcomputer.com

North Korean hackers stole research data in two-month-long breach

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim...

moton

@moton

Feb 2

A HIGH-SEVERITY BUG IN F5 BIG-IP CAN LEAD TO CODE EXECUTION AND DOS -

securityaffairs.com

High-severity bug in F5 BIG-IP can lead to code execution and DoS

Experts warn of a high-severity vulnerability that affects F5 BIG-IP that can lead to arbitrary code execution or DoS condition.

moton

@moton

Feb 2

CISA Releases Six Industrial Control Systems Advisories | CISA - cisa.gov/uscert/ncas/cu

moton

@moton

Feb 2

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA - cisa.gov/uscert/ncas/cu

moton

@moton

Feb 2

Cisco fixes bug allowing backdoor persistence between reboots -

bleepingcomputer.com

Cisco fixes bug allowing backdoor persistence between reboots

Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks.

moton

@moton

Feb 2

NTT Partners with Palo Alto Networks to Deliver Managed Prisma SASE -

paloaltonetworks.com

NTT Partners with Palo Alto Networks to Deliver Managed Prisma SASE

Palo Alto Networks and NTT have partnered to tackle the challenges customers face today and deliver a comprehensive managed Prisma SASE service offering.

moton

@moton

Feb 2

Cyber Insights 2023: Regulations - SecurityWeek -

securityweek.com

Cyber Insights 2023: Regulations

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often in conflict with the second and third.

moton

@moton

Feb 2

Cyber Insights 2023 | Supply Chain Security - SecurityWeek -

securityweek.com

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be remediated.

moton

@moton

Feb 1

CISA to Open Supply Chain Risk Management Office -

darkreading.com

CISA to Open Supply Chain Risk Management Office

A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.

moton

@moton

Feb 1

Google Fi data breach let hackers carry out SIM swap attacks -

bleepingcomputer.com

Google Fi data breach let hackers carry out SIM swap attacks

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some...

moton

@moton

Feb 1

Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack - Infosecurity Magazine -

infosecurity-magazine.com

Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack

The company uses a combination of T-Mobile and US Cellular for network connectivity

moton

@moton

Feb 1

VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities - SecurityWeek -

securityweek.com

VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities

VMware confirms the publication of exploit code and urged VMware vRealize Log Insight users to implement mitigations immediately.

moton

@moton

Feb 1

Zero-Trust Alone Won't Save You - Security Boulevard -

securityboulevard.com

Zero-Trust Alone Won't Save You

With all the chatter surrounding zero-trust, it seems mature initiatives should be chugging along by now. But Gartner just threw a bucket of reality on

moton

@moton

Feb 1

Using a Flipper Zero to access API source code on IoT devices - Dana Epp's Blog -

danaepp.com

Using a Flipper Zero to access API source code on IoT devices - Dana Epp's Blog

Learn how to use a Flipper Zero to access the file system of an IoT device to exfiltrate API artifacts and access source code.

moton

@moton

Feb 1

Microsoft stops selling Windows 10 licenses a day early -

bleepingcomputer.com

Microsoft stops selling Windows 10 licenses a day early

Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages.

moton

@moton

Jan 31

OpenAI releases tool to detect AI-written text -

bleepingcomputer.com

OpenAI releases tool to detect AI-written text

OpenAI has released an AI text classifier that attempts to detect whether input content was generated using artificial intelligence tools like ChatGPT.

moton

@moton

Jan 31

Google's open source team layoffs: Your software supply chain security is at risk -

reversinglabs.com

Google's open source team layoffs: Your software supply chain security is at risk

Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?

moton

@moton

Jan 31

Will Cybersecurity Remain Recession-Proof in 2023? -

darkreading.com

Will Cybersecurity Remain Recession-Proof in 2023?

Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

moton

@moton

Jan 31

Microsoft Edge is getting split screen mode - here's how to enable it -

bleepingcomputer.com

Microsoft Edge is getting split screen mode - here's how to enable it

Microsoft Edge is getting a new "split screen" feature that lets you view two websites in one window by allowing you to split tabs across the screen.

moton

@moton

Jan 31

CISA Releases One Industrial Control Systems Advisory | CISA - cisa.gov/uscert/ncas/cu