mattjay.com - Profile | ThreadSky | a Reddit-style client for Bluesky

mattjay.com

Friendly neighborhood cybersecurity guy | expect infosec news, appsec, cloud, dfir. | Long Island elder emo in ATX. vulnu.com <- sign up for my weekly cybersecurity newsletter

530 posts 5,685 followers 473 following

Posts 15 Comments 35

Breaking: Apple is pulling Advanced Data Protection (ADP) from UK customers following govt demands for backdoor access. No more end to end encrypted iCloud backups - they were forced to do this by a UK law allowing the gov to spy on it's citizens.

submitted 3 days ago • 1 comment

An important update thread on this topic I covered last week: youtu.be/3rki9TvR3dQ?...

submitted 3 days ago • 0 comments

Ai broke hiring. From chatgpt answer generators to North Korean spies. Gonna get worse before it gets better. youtu.be/oLnX9ZfzAv4?...

submitted 4 days ago • 0 comments

One of the most common recommendations I have for defenders is to restrict and monitor PowerShell...New powershell processes running on Suzie in accounting's computer...that's making network connections, is probably not normal for your environment. Restrict PowerShell, baseline it, Detect bad stuff

submitted 6 days ago • 5 comments

Watching @mattjay.com on YT talk about DOGE and Treasury. This is the short. He's got a much longer video with more details. youtube.com/shorts/uLKf7...

submitted 10 days ago • 1 comment

DOGE official .gov website defaced. “These experts left their database open” left on site.

submitted 10 days ago • 3 comments

Attackers are now actively exploiting an Outlook RCE flaw that Microsoft patched a year ago. CISA is urging immediate patching (CVE-2024-21413) The exploit bypasses controls via a crafted file:// link to steal NTLM creds. 🔗 www.vulnu.com/p/expl...

submitted 13 days ago • 0 comments

Hackers are using Google Tag Manager (GTM) to inject credit card skimmers into E-commerce sites. At least 6 compromised sites identified so far. Here's what we're seeing. 👇

submitted 13 days ago • 2 comments

Watching self-inflicted damage on a scale no hackers could dream of makes it hard to care about the usual daily breaches, news, and zero-days. So instead of tilting at windmills, I’m embracing the chaos, logging off, and watch Civ 7 streams. 🫡

submitted 17 days ago • 2 comments

Breaking: UK govt has issued an unprecedented order to Apple demanding backdoor access to ALL encrypted iCloud backups Globally - not just UK users. Here's what we know 👇

submitted 17 days ago • 1 comment

This topic is infuriating for me. UK demands a backdoor into iCloud and it doesn't just impact UK citizens, its global. Great reporting by @joemenn.bsky.social as usual. (I consider him required reading in our industry) www.washingtonpost.com/technology/2...

submitted 17 days ago • 2 comments

SCOOP: The US Treasury claimed a DOGE's Marco Elez didn’t have ‘write access,’ when he actually did. Sources tell WIRED that his ability to alter code controlling trillions in federal spending was rescinded, days after officials said it didn't exist.

submitted 18 days ago • 1142 comments

Security experts are really getting under the hood of DeepSeek at this point. NowSecure found unencrypted data transmission, hardcoded encryption keys, and advanced fingerprinting—while the Pentagon, NASA, and others are banning the app. Full breakdown here: 🔗 www.vulnu.com/p/expe...

submitted 18 days ago • 0 comments

Over 3,000 ASP .NET machine keys exposed—attackers are using them for ViewState code injection and RCE Microsoft threat intel put out some good detection and mitigation steps. Here’s what you need to know and how to protect your apps: 👇 🔗 www.vulnu.com/p/thousands-...

submitted 18 days ago • 1 comment

NEW: Paragon has reportedly cut ties with Italy and disconnected two local customers from the company's surveillance systems. The decision comes after allegations that Italian government may have abused the system to spy on a journalist and an activist.

submitted 18 days ago • 0 comments