The European Commission said on Friday that it has preliminarily found that both companies are not complying with rules of the Digital Services Act (DSA) that mandate them to give researchers adequate access to public data.

Happy Amazon Prime Day! Amazon collects mountains of data about how you use the service, but there is a setting you can change to make it harder for the company to use that data to sell you more things. #OptOutOctober www.eff.org/deeplinks/2...

It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time. I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.

Sir Toby has questions. Same here, same.

Trust but verify - yes, you should check the citations in your work before submitting it. Period. $10k is getting off lightly.

For TechCrunch, I wrote about Unit 221B, a cybersecurity company that's recently made a name for itself by tracking today's top English-speaking hacking groups, including Scattered Spider, and helping to disrupt their operations. Now the company has raised $5 million to focus on the threat.

Travelers at major European airports including Heathrow, Brussels, and Berlin faced significant delays this weekend following what Collins Aerospace described as a “cyber-related incident.”

Biology Department xkcd.com/3140/

This @consumerreports.org article by @yaelwrites.com compares the different services that scrub your name off data brokers' lists. To cut to the chase –the most expensive service is ~$249/year. You can get the same result with EasyOptOuts for $19.99. easyoptouts.com

there is good in this world u just have to know where to look

Robocop is one of the greatest films ever made and on the short list of contenders for single best dystopian satire Hollywood has produced in the last 40 years

Nice schadenfreude here, Reuters dug up Bill Pulte's father & stepmother claiming two houses as their primary residence, and when Reuters asked Michigan about it, Michigan yanked their homestead exemption.

One of the methods that I used for a fun project that I presented at #Labscon a couple of years ago - tracking which law firms worked with Russian oligarchs based on patterns in legal filings and demand letters.

Yep. Follow this kind of law firm + client copy/paste (comms, filings, letters) for all kinds of data points to run through LLM agent analysis -

X's new encrypted messaging feature, XChat, has some red flags.

Life is short and the hour of our death is a mystery, so no, I will not rate my transaction

Puppy love. Sir Toby has stolen my heart. That’s all. Carry on.

NEW: Earlier this month, two hackers published their findings in Phrack magazine after earlier breaking into the computer of a North Korean government hacker. Now, in speaking with @lorenzofb.bsky.social, the two hackers explain why they went public — even though their breach was probably illegal.

We refuse to allow Ukraine to interfere in its own internal affairs.

In the bookshop this morning: PARENTS: “Okay, we’re leaving now.” CHILD: *pulls another book from the shelf and sits down * CHILD: “Then I guess this is goodbye.”

Highlights some of the 🛰️ security challenges that the @aerospacevillage.bsky.social spotlighted at #defcon33 and beyond… apnews.com/article/spac...

I love being able to post cybersecurity wins, something I can’t do too often :( via @reuters.com

Going live is approx 30 mins www.youtube.com/watch?v=lRlC...

freak flag

Heeey NYC! Come celebrate 40 years of Phrack with @vacci.ne @guitmz.bsky.social @hackerschoice.bsky.social! We'll be at @2600.com's HOPE Conference tomorrow at 17:00! #phrack72 #phrackat40 schedule.hope.net/hope16/talk/...

If you’re interested in tinkering with LLMs to assist with incident triage, check out this demo I did with @limacharlie.io using Claude Code and the LC MCP: youtu.be/dSCmLIBkTdo?... I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...

My son walked into the room and said “I’m a Tyrannosaurus Cow!” And then roared a moo at me, so I drew this.

NEW, by me: Last week we reported TeaOnHer, a gossip dating app for men that rocketed to the top of Apple's App Store, was exposing users' data and driver's licenses, which users had to upload to sign up. The bugs now seem fixed. This is how we found the data-exposing flaws in less than 10 minutes.

I just added a copy of my slides for my "We are currently clean on OPSEC" DEFCON talk here, in case you're interested micahflee.com/we-are-curre...

When the theme is #cybersecurity in #aviation + #space & its @defcon.bsky.social , of course you dress accordingly. Great fun w/ @blueteamvillage.bsky.social + @aerospacevillage.bsky.social TTX (thx to fellow panelists for keeping it entertaining)

When Dana's son was hospitalized last year, it led her to a path of discovery about predatory online networks that groom children into harming themselves and others. Their reach is global and growing.

And my newsletter is out, featuring coverage, research and cool stuff from Black Hat and Def Con, plus stories on the data breaches at Google, Cisco, and Air France, the US courts system getting hacked (again), alarm over a new Exchange flaw, and lots more. 📩 this.weekinsecurity.com / read online:

Hundreds of United Airlines flights have been disrupted “due to a technology issue,” the airline said in a statement.

Breach at two airlines: KLM and Air France nieuws.klm.com/klm-informee...

My BSidesLV keynote is here. It touches on several difficult topics in our industry. Topics best discussed in person. As our industry spends this week in Vegas, please share this talk with your peers and discuss in person. www.youtube.com/watch?v=4CD9...

Allright. You should see my talk at 5 pm Tuesday then 😊 bsideslv.org/talks#HVRLVM

Heading to Def Con? Catch me & our panel hosted by Blue Team Village + Aerospace Village: btv-dc33.sessionize.com/session/966550

CISA has published a report from a "proactive hunt" at an unnamed US critical infrastructure operator. It's a headache-inducing report, and I'm being generous on the findings. www.cisa.gov/news-events/...

Here we go again, hacker summer camp. See y’all soon.

NEW, by me: Hackers breached U.S. insurance giant Allianz Life in July and stole the "majority" of its customers' personal information. The company confirmed the breach to TechCrunch, but wouldn't provide an accurate number of affected customers. Its parent company, Allianz, has 125 million members.

Delta flight attendant understands the assignment: he keeps bringing me extra snacks from the basket & laughs as I squirrel them away for later.

So you've decided to piss off every career intelligence officer and analyst

I missed this last week, but the Coast Guard's cybersecurity regulations for U.S.-flagged vessels and facilities took effect on July 16. www.news.uscg.mil/maritime-com... www.federalregister.gov/documents/20...

Editor, those are my emotional support "--" and "..." 😭 #writersky

✨ new substack just dropped ✨ i’ve been quiet for a minute, but i’m back with a new format, an epiphany, and a gentle promise to stop giving all my energy to things that don’t give back. Also, I'm on a biweekly schedule now! 📝 read here: open.substack.com/pub/justasec... 💛 comment if it resonates

Hot take: Threat modeling ≠ risk management Threat = possible problem Risk = quantified threat Threat modeling finds issues → we engineer them away (TLS, MFA, etc.) Risk management = when threats can't be easily fixed Most execs care more about customer impact than CVSS scores 🤷‍♂️ Full: is.gd/5QEfVJ

Per @ellenwapo.bsky.social & @joemenn.bsky.social et al, U.S. state and federal government agencies have already been breached by the SharePoint zero-day bug. Commercial sector also affected. Tens of thousands of SharePoint self-hosted servers around the world at risk.

A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations