#cert — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cert, aggregated by home.social.
-
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
The April 15 tornado was a warning. When the next EF3 hits Downriver, the "system" won't save you—you have to be the cavalry. It’s time to fund CERT and master the airwaves. 🌪️📻
-
I have not posted much in a while so I thought I could give a quick shout out to the EFF Foundation and their Certbot.
Anybody running their own servers should look into it. It has made my life much easier running 5 websites.I usually send them the money I would have spent on certs every year as a donation. 🙂
-
-
Das Frühstück eine Lüge
Der Kuchen eine Lüge
Später sagen sie uns noch, dass der Hase eine Lüge ist :blobfoxshocked:
#cert linge ohne Koffeinzufuhr klingt dann doch eher gefährlich
#eh23 #easterhegg2026 -
Schuko-Eier zu Ostern! #easterhegg2026 #eh23 #cert
-
SECURE 2026 i 30 lat CERT Polska
Trzy dekady pracy na rzecz bezpieczeństwa internetu i zagrożenia, których nie możemy ignorować. Opowiemy o nich na 29. konferencji SECURE, która odbędzie się 8 kwietnia 2026 roku w Warszawie. Jednym z najważniejszych punktów programu będzie premiera raportu o krajobrazie zagrożeń w polskiej cyberprzestrzeni w 2025 roku. Tegoroczna edycja wydarzenia ma...
-
#CERT basic training complete! Looking forward to more learning and volunteer opportunities with the city!
-
FIRST is featured in AUSCERT's White Paper: "Computer Emergency Response Teams in 2026: Now and Beyond"
We're honored to be part of the global conversation on CERT evolution. AUSCERT's new white paper explores the current state and future direction of Computer Emergency Response Teams worldwide — here's what it highlights about FIRST:
🌐 Foundational Global Body – Established in 1990 as a key platform for professional development, community trust-building, and knowledge exchange
📊 Global Scale – Representing 830+ affiliated teams worldwide, demonstrating the breadth of our international network
🤝 International Trust Network – A coordination forum strengthening interoperability and collective capacity-building among CERTs globally
⚙️ Ecosystem Infrastructure – Recognized as a backbone for global CERT collaboration, standards development, and mentoring
Thank you to AUSCERT for your continued partnership in strengthening cyber resilience worldwide.
📖 Read more: https://go.first.org/cyWFw
-
El lado del mal - Cloudforce ONE: Cloudflare Threat Report 2026 https://www.elladodelmal.com/2026/03/cloudforce-one-cloudflare-threat-report.html #Cloudflare #CERT #CSIRT #ThreatIntel #Cybercrime #ecrime
-
@da_667 you need a ssl/tls proxy to really see more of the traffic, don't categorize it as some sort of thing that is optional when all the big guys lean heavily on it to more fully inspect traffic flows #dpi #cert #zeek #suricata #framing
You're absolutely right to frame it this way. The "TLS kills IDS/IPS" argument is one of those oversimplifications that sounds clever but misses the point entirely. Encryption doesn't make threats invisible - it just changes where and how you look for them.
The Proxy Reality Check@da_667 hits the nail on the head - SSL/TLS inspection isn't optional if you want visibility, it's foundational. The "big guys" (Cisco, Palo Alto, Zscaler) aren't running proxies because they have money to burn - they're doing it because you can't inspect what you can't see.
But here's where Chapter 10 can really shine - showing that inspection exists on a spectrum:
Invasive Approaches (The Proxy Path)Full MITM decryption with corporate certificates
What you gain: Complete visibility into application-layer threats, data exfiltration attempts, hidden C2 channels
What you sacrifice: Performance overhead, privacy considerations, certificate management headaches
The reality check: This is how enterprises actually catch advanced threats
Non-Invasive Approaches (Metadata & Behavior)
Zeek: Still extracts certificates, SNI, JA3 fingerprints, tunnel durations - even from encrypted flows
Suricata: Can match on encrypted traffic patterns, detect known C2 fingerprints without decryption
Flow data: Connection patterns tell stories - beaconing intervals, data asymmetries, strange destination patterns
TLS handshake analysis: Cipher suite choices, certificate chains, extensions - all potential indicators
The Real Takeaway
The "TLS kills visibility" crowd forgets that threats still have to:
Establish connections (handshake analysis)
Talk to specific infrastructure (reputation/feeds)
Behave like threats (behavioral analysis)
Leave metadata trails (Zeek logs don't lie)
Your Chapter 10 should hammer home that visibility is a spectrum, not binary. Some threats require full decryption. Others get caught by the metadata they can't avoid generating. And the best detection strategies use both.
What specific angle are you taking with the invasive vs non-invasive comparison? Are you showing them as complementary layers or competing approaches?
-
-
@BakerRL75 Good afternoon! A beautiful sunny day here with temps well above freezing. Some significant snow inbound tomorrow night, so we've shifted our plans for some visiting friends. Off to my first monthly #CERT team meeting tonight - electric power incidents, yay!
-
CERT-EU has confirmed an intrusion affecting mobile device management systems within the European Commission’s IT environment.
While containment was rapid and no devices were compromised, the potential exposure of staff contact data underscores the growing focus on management and orchestration layers as attack surfaces - especially in government environments.
Source: https://www.securityweek.com/european-commission-investigating-cyberattack/
💬 Are MDM platforms receiving enough security scrutiny today?
🔔 Follow @technadu for ongoing public-sector security insights
#InfoSec #CERT #EUCyberSecurity #GovernmentIT #IncidentResponse #CyberDefense #TechNadu
-
CERT-EU has confirmed an intrusion affecting mobile device management systems within the European Commission’s IT environment.
While containment was rapid and no devices were compromised, the potential exposure of staff contact data underscores the growing focus on management and orchestration layers as attack surfaces - especially in government environments.
Source: https://www.securityweek.com/european-commission-investigating-cyberattack/
💬 Are MDM platforms receiving enough security scrutiny today?
🔔 Follow @technadu for ongoing public-sector security insights
#InfoSec #CERT #EUCyberSecurity #GovernmentIT #IncidentResponse #CyberDefense #TechNadu
-
CERT-EU has confirmed an intrusion affecting mobile device management systems within the European Commission’s IT environment.
While containment was rapid and no devices were compromised, the potential exposure of staff contact data underscores the growing focus on management and orchestration layers as attack surfaces - especially in government environments.
Source: https://www.securityweek.com/european-commission-investigating-cyberattack/
💬 Are MDM platforms receiving enough security scrutiny today?
🔔 Follow @technadu for ongoing public-sector security insights
#InfoSec #CERT #EUCyberSecurity #GovernmentIT #IncidentResponse #CyberDefense #TechNadu
-
CERT-EU has confirmed an intrusion affecting mobile device management systems within the European Commission’s IT environment.
While containment was rapid and no devices were compromised, the potential exposure of staff contact data underscores the growing focus on management and orchestration layers as attack surfaces - especially in government environments.
Source: https://www.securityweek.com/european-commission-investigating-cyberattack/
💬 Are MDM platforms receiving enough security scrutiny today?
🔔 Follow @technadu for ongoing public-sector security insights
#InfoSec #CERT #EUCyberSecurity #GovernmentIT #IncidentResponse #CyberDefense #TechNadu
-
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) https://www.helpnetsecurity.com/2026/02/03/russian-hackers-are-exploiting-recently-patched-microsoft-office-vulnerability-cve-2026-21509/ #government-backedattacks #cyberespionage #vulnerability #Don'tmiss #Microsoft #Hotstuff #MSOffice #CERT-UA #Zscaler #News #APT
-
Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability https://thecyberexpress.com/russian-apt28-exploit-zero-day-cve-2026-21509/ #ThreatIntelligence #VulnerabilityNews #Vulnerabilities #MicrosoftOffice #ThreatActors #Backdoor #CERT-UA #Russia #APT28 #Word
-
For researchers and those trying to disclose incidents responsibly or get help:
There is an international organization called FIRST.
From the FIRST Teams website:
"This is a list of the contact information for incident response teams participating in FIRST, the Forum of Incident Response and Security Teams. The teams are responsible for providing FIRST with their latest contact information for this page. The list is alphabetized by team name. All telephone numbers are preceded with the appropriate country code."
There are 829 teams listed. Some are government CERT teams, some are corporate incident response teams.
You might want to bookmark the site to speed up your attempt to contact these teams:
-
CERT Polska has published a report detailing a coordinated cyberattack against Poland’s energy sector, including renewable energy facilities and a large CHP plant.
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf
#infosec #cybersecurity #threatintelligence #nationalsecurity #europe #energy #cert
-
Excellent bedtime read 📘 @cert_polska has just published a detailed report on attacks targeting critical infrastructure at the end of 2025. A must-read for anyone tracking cyber threats.
#CyberSecurity #ThreatIntelligence #CERT #CriticalInfrastructure
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf -
Atakujący infiltrowali infrastrukturę polskiej elektrociepłowni przez prawie rok (!) Znamy pełne szczegóły incydentu.
Jak donosi CERT Polska: W dniu 29 grudnia 2025 roku doszło również do ataku na jedną z polskich elektrociepłowni (…) dostarczającej ciepło dla prawie pół miliona osób (…) Destrukcyjny atak poprzedzony był długotrwałą infiltracją infrastruktury oraz kradzieżą wrażliwych informacji dotyczących działania podmiotu. W wyniku swoich działań atakujący uzyskał dostęp do...
#Aktualności #Atak #Cert #Elektrociepłowania #Energetyka #Rosja
-
#CERT #Poland Energy Sector Incident Report - 29 December 2025.
On 29 December 2025, in the morning and afternoon hours, coordinated attacks took place in Polish cyberspace. They were directed at more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant supplying heat to almost half a million customers in Poland.
https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/
Please note this is the only official and comprehensive report on the incident, previous ESET etc were mostly media hype looking at a very small fraction of the actual attack and not very reliable.
-
~13 years ago I knocked on thousands of doors locally to get ~40 homes to install free loft insulation before a government scheme (CERT) ended:
https://www.earth.org.uk/mass-loft-insulation.html
#CERT #loft #insulation #loftInsulation #home #energy #heating #efficiency #climateCrisis
-
~13 years ago I knocked on thousands of doors locally to get ~40 homes to install free loft insulation before a government scheme (CERT) ended:
https://www.earth.org.uk/mass-loft-insulation.html
#CERT #loft #insulation #loftInsulation #home #energy #heating #efficiency #climateCrisis
-
~13 years ago I knocked on thousands of doors locally to get ~40 homes to install free loft insulation before a government scheme (CERT) ended:
https://www.earth.org.uk/mass-loft-insulation.html
#CERT #loft #insulation #loftInsulation #home #energy #heating #efficiency #climateCrisis
-
~13 years ago I knocked on thousands of doors locally to get ~40 homes to install free loft insulation before a government scheme (CERT) ended:
https://www.earth.org.uk/mass-loft-insulation.html
#CERT #loft #insulation #loftInsulation #home #energy #heating #efficiency #climateCrisis
-
~13 years ago I knocked on thousands of doors locally to get ~40 homes to install free loft insulation before a government scheme (CERT) ended:
https://www.earth.org.uk/mass-loft-insulation.html
#CERT #loft #insulation #loftInsulation #home #energy #heating #efficiency #climateCrisis
-
Got some time at the end of the year? We’ve just published the SANS Institute Detection and Response Survey results.
This year I’ve pulled together a comparison from last year's data and tried to break down some of the results by organisation size.
Free Download (requires login only)
🔗 https://go.sans.org/detection-response-whitepaper#DnR #ThreatDetection #IncidentResponse #CSIRT #SOC #CERT #Cybersecurity
-
-
"Training Updates Related to FEMA Courses During Shutdown
Update from the DHSEM Training SectionFEMA Training Information impacted by the shutdown.
FEMA Courses: You cannot sign up for new FEMA training courses at this time. Getting transcripts, enrollments, approvals and course schedules (including Independent Study courses) may take longer. DHSEM also cannot see or access FEMA course transcripts right now.
Help from FEMA Staff: FEMA staff are not available to give support, answer questions or provide guidance.
State G Courses: Classes offered by the state (called G courses) are still available as normal through DHSEM.
We will keep watching the situation and share updates when we have them. Please be ready for possible delays with training and other federal programs.
Thank you for your understanding.
DHSEM Integrated Preparedness Program "https://dhsem.colorado.gov/press-release/training-updates-related-to-fema-courses-during-shutdown
-
Oto przykład bezpieczeństwa katolików w Polsce :D https://niebezpiecznik.pl/post/jak-pomoc-organistce-skonczyla-sie-zgloszeniem-cve-czyli-o-krytycznej-dziurze-w-popularnym-oprogramowaniu-dla-parafii/ plus to Base64 – T2Jhd2lhbSBzacSZLCDFvGUgamVzdGXFmyB3IGR1cGll <--odkoduj sam , padniesz !!!
#fara #bezpieczeństwo #katolik #kościół #zło #wredota #cert -
Jak pomoc organistce skończyła się zgłoszeniem CVE, czyli o krytycznej dziurze w popularnym oprogramowaniu dla parafii
Czasem najlepsze historie zaczynają się niewinnie. Jeden z naszych Czytelników poproszony o pomoc przez znajomą organistkę przy wdrożeniu programu FARA – popularnego oprogramowania do zarządzania parafią – nie spodziewał się, że to, co odkryje, zaprowadzi go na wojenną ścieżkę z producentem i skończy się oficjalnym zgłoszeniem podatności CVE koordynowanym przez CERT Polska. Z tej historii dowiecie się, jak dziwnie niektórzy z producentów oprogramowania potrafią zareagować na zgłaszane błędy i jak tego typu reakcje mogą narazić na niebezpieczeństwo tysiące osób.
Autorem niniejszego artykułu jest nasz Czytelnik Mateusz Sirko, który chciał podzielić się z nami swoją dość ciekawą historią. Do nadesłanego materiału wprowadziliśmy drobne redakcyjne poprawki. Jeśli i Ty masz jakąś historię, którą chciałbyś się podzielić z innymi, daj nam znać.
Backdoor w prezencie, czyli 1-skrypt.php
Program FARA, używany w wielu polskich parafiach do zarządzania danymi wiernych, intencjami mszalnymi czy cmentarzami, do pełnej funkcjonalności wymaga od swoich klientów umieszczenia na serwerze WWW specjalnego pliku: 1-skrypt.php. Mateusz, analizując ten skrypt, od razu zauważył, że jest to tykająca bomba.
Skrypt ten, po umieszczeniu na serwerze parafii (często pod nazwą fara_iwg.php), stawał się otwartą furtką dla każdego, kto znał jego adres. A znalezienie go nie było trudne – wystarczyło skorzystać z publicznie dostępnych list parafii.
Grzebiemy głębiej – dekompilacja i twarde hasła
To jednak był dopiero początek. Skoro tak prosty skrypt był tak niebezpieczny, co mogło kryć się w samej aplikacji desktopowej? Mateusz [...] -
🔈Monthly release of 𝐖𝐡𝐚𝐭'𝐬 𝐧𝐞𝐰 𝐢𝐧 𝐓𝐈 𝐌𝐢𝐧𝐝𝐦𝐚𝐩 | 𝐌𝐚𝐲 2024. 🔈
Article and tool co-authored with Oleksiy Meletskiy.
📢 New Features:
➡𝐖𝐫𝐢𝐭𝐞-𝐮𝐩 𝐬𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭
➡𝐕𝐢𝐫𝐮𝐬𝐓𝐨𝐭𝐚𝐥 𝐈𝐎𝐂𝐬 𝐞𝐧𝐫𝐢𝐜𝐡𝐦𝐞𝐧𝐭
➡𝐄𝐦𝐛𝐞𝐝𝐝𝐞𝐝 𝐌𝐈𝐓𝐑𝐄 𝐀𝐓𝐓&𝐂𝐊® 𝐍𝐚𝐯𝐢𝐠𝐚𝐭𝐨𝐫
➡𝐏𝐃𝐅 𝐫𝐞𝐩𝐨𝐫𝐭 𝐢𝐦𝐩𝐫𝐨𝐯𝐞𝐦𝐞𝐧𝐭𝐬📰𝐁𝐥𝐨𝐠: https://lnkd.in/dgTnd-uD
💻 𝐀𝐩𝐩: https://lnkd.in/dSVdG2B4
⏩ 𝐆𝐢𝐭𝐇𝐮𝐛: https://lnkd.in/dJDSQx8Y𝐇𝐨𝐰 𝐭𝐨 𝐠𝐞𝐭 𝐢𝐧𝐯𝐨𝐥𝐯𝐞𝐝
The project is open to external contributions.
To collaborate, please check the GitHub repository: https://lnkd.in/dJDSQx8YIf you find TI Mindmap useful, please consider starring ⭐ the repository on GitHub.
hashtag#timindmap #ti #mindmap hashtag#mistral #ai #mistralai #threatintelligence #llm #llmapp #openai #azureopenai #largelanguagemodel #cybersecurity #cyber #security #python #streamlit #infer #embedding #chat #ioc #mitre
#ttp #cyberreport #report #mermaid #genai #generativeai #cyberthreatintelligence #github #prompt #promptengineering #FewShotPrompting #gpt hashtag#gpt4 #api #DataVisualization #threat #infosec #threatreport hashtag#oai #analyst #soc #cert #thumbnail #virustotal #stix #GPTo