#security

https://www.bgr.com/2010698/how-microsoft-teams-spying-on-you-live-location/

The actor dwell time inside their network is being quoted as 393 days. Let that sink in. Then consider this is being attributed to APT27 (China). I’m working from a position that they have everything (EVERYTHING) and are potentially still inside the network.

A subdivision of my team specialises in F5 devices and we talked about this issue yesterday. Our Global Competency Lead for the technology believes that F5 is pretty much cooked and they don’t even have the mechanisms to trace all the configuration files that have been stolen.

WTF!

The nerve of the Stink to show TV ads stating that AT&T provides secure business services when Toxic-T has lost hundreds of thousands of customer's data multiple times over the last few years.

The Stink thinks everyone is d-mb when the Stink is the dummy! Well, that and the Stink is a POS!

I believe this is a major concern perhaps being overlooked.

I wonder if the American public or even our government realize how vulnerable transferring sensitive american federal health data across the world globe to another country in the far east.

Please discuss. Maybe not an issue but personally it makes me a little concerned.

A former executive at a company that sells zero-day vulnerabilities and exploits to the United States and its allies pleaded guilty in federal court in Washington, DC, on Wednesday to selling trade secrets worth at least $1.3 million to a buyer in Russia, according to US prosecutors.

Peter Williams, a 39-year-old Australia native who resides in the US, faced two charges related to the theft of trade secrets. As part of the plea agreement, Williams faces between 87 and 108 months in prison and fines of up to $300,000. He must also pay restitution of $1.3 million.

Williams will be sentenced early next year. Until then, he will remain on house arrest at his apartment, must undergo electronic monitoring, and is permitted to leave his home for one hour each day, according to the plea agreement.

Williams worked for less than a year as a director at L3 Harris Trenchant—a subsidiary of the US-based defense contractor L3Harris Technologies—when he resigned in mid-August from the company for unspecified reasons, according to UK corporate records. Prior to his time at Trenchant, Williams reportedly worked for the Australian Signals Directorate, during the 2010s. The ASD is equivalent to the US National Security Agency and is responsible for the cyber defense of Australian government systems as well as the collection of foreign signals intelligence. As part of its signals intelligence work, the ASD has authority to conduct hacking operations using the kinds of tools that Trenchant and other companies sell.

This month the Justice Department accused Williams of stealing seven trade secrets from two companies and selling them to a buyer in Russia between April 2022 and June 2025, a time period that coincides in part with Williams’ employment at L3 Trenchant.

The document does not name the two companies, nor does it say whether the buyer, described by prosecutors as a software-based Russian broker, was connected to the Russian government. (L3 Trenchant faces no criminal liability.)

According to the US attorney overseeing the case, Tejpal S. Chawla, the FBI alerted L3 Trenchant sometime in 2024 that some of its software had leaked. As TechCrunch reported last week, Trenchant was investigating an alleged leak of its hacking tools by employees—an investigation that Williams, then general manager of the firm, oversaw, prosecutors said during Wednesday’s hearing.

Williams was voluntarily interviewed by the FBI multiple times this summer, including once on July 2. The same month, prosecutors say, Williams signed a contract with the unnamed Russian company worth hundreds of thousands of dollars, using the alias John Taylor and an email address with the same name. This deal followed a separate contract that prosecutors say Williams signed in June. The FBI again interviewed Williams in August and confronted him about the sale of company secrets, prosecutors said. The prosecution said Williams admitted to the sales at that time.

Prosecutors assert that Williams made at least $1.3 million from the sale of the trade secrets and have moved to seize his assets, including a home in DC, funds held in several banking and crypto accounts, and a list of luxury items that includes nearly two dozen high-end and replica watches and other designer goods.

Trenchant, known formally as L3 Harris Trenchant, develops hacking tools for the US government and its allies. L3 Trenchant was formed after L3 Technologies purchased Azimuth Security and Linchpin Labs in 2018 and combined the two companies. L3 Technologies later merged with a military communications equipment provider to form L3Harris.

Azimuth was a developer of zero-day exploits based in Australia, and Linchpin Labs was a software firm founded by former intelligence officials from Five Eyes countries. (Five Eyes is a surveillance partnership formed by the US, the UK, Canada, Australia and New Zealand.) Trenchant develops various forms of hacking tools for browsers such as Chrome, as well as Apple’s iOS, Android, and desktop and network computing systems.

In this thread we talk about how Corpo is spying on you. I'll start:

• FortiClient
• SentinelOne
• SentinelOne plugin for browsers
• ZScaler (even when it's Off) - fun fact, this website is banned!
• LinkedIn "compliance" - yes, they're going through the information on the LinkedIn profiles - both FTE and Contractors

Typically logging into the Windows work profile does the trick, but today there was an extra step to log into Outlook. A few others mentioned this as well, but it didn’t happen to every person on our team.

This is the easy cut, the next phase will be in tech. Target plans to outsource all of tech, engineering, and security, what does not get moved to India will be outsourced to a contract here in the US. So this is just the start, pretty much everyone in IT in MN will eventually loos their jobs.

I understand we should not have personal documents on work laptop but if you have them, how are you transferring them? Is email the best way to go

I sent several legitimate personal documents to my own email today and noticed something in my Mac Finder under “locations” I’ve never seen before.

Under iCloud Drive and OneDrive, there was a network icon titled “my first name” in all lowercase

Spooky

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.”

“I was panicking,” Jay Gibson, who asked that we don’t use his real name over fears of retaliation, told TechCrunch.

Gibson, who until recently built surveillance technologies for Western government hacking tools maker Trenchant, may be the first documented case of someone who builds exploits and spyware being themselves targeted with spyware.

“What the he-l is going on? I really didn’t know what to think of it,” said Gibson, adding that he turned off his phone and put it away on that day, March 5. “I went immediately to buy a new phone. I called my dad. It was a mess. It was a huge mess.”

At Trenchant, Gibson worked on developing iOS zero-days, meaning finding vulnerabilities and developing tools capable of exploiting them that are not known to the vendor who makes the affected hardware or software, such as Apple.

“I have mixed feelings of how pathetic this is, and then extreme fear because once things hit this level, you never know what’s going to happen,” he told TechCrunch.

But the ex-Trenchant employee may not be the only exploit developer targeted with spyware. According to three sources who have direct knowledge of these cases, there have been other spyware and exploit developers in the last few months who have received notifications from Apple alerting them that they were targeted with spyware.

Apple did not respond to a request for comment from TechCrunch.

The targeting of Gibson’s iPhone shows that the proliferation of zero-days and spyware is starting to ensnare more types of victims.

Spyware and zero-day makers have historically claimed their tools are only deployed by vetted government customers against criminals and te------ts. But for the past decade, researchers at the University of Toronto’s digital rights group Citizen Lab, Amnesty International, and other organizations have found dozens of cases where governments used these tools to target dissidents, journalists, human rights defenders, and political rivals all over the world.

The closest public cases of security researchers being targeted by hackers happened in 2021 and 2023, when North Korean government hackers were caught targeting security researchers working in vulnerability research and development.

Two days after receiving the Apple threat notification, Gibson contacted a forensic expert who has extensive experience investigating spyware attacks. After performing an initial analysis of Gibson’s phone, the expert did not find any signs of infection, but still recommended a deeper forensic analysis of the exploit developer’s phone.

A forensic analysis would have entailed sending the expert a complete backup of the device, something Gibson said he was not comfortable with.

“Recent cases are getting tougher forensically, and some we find nothing on. It may also be that the attack was not actually fully sent after the initial stages, we don’t know,” the expert told TechCrunch.

Without a full forensic analysis of Gibson’s phone, ideally one where investigators found traces of the spyware and who made it, it’s impossible to know why he was targeted or who targeted him.

But Gibson told TechCrunch that he believes the threat notification he received from Apple is connected to the circumstances of his departure from Trenchant, where he claims the company designated him as a scapegoat for a damaging leak of internal tools.

Apple sends out threat notifications specifically for when it has evidence that a person was targeted by a mercenary spyware attack. This kind of surveillance technology is often invisibly and remotely planted on someone’s phone without their knowledge by exploiting vulnerabilities in the phone’s software, exploits that can be worth millions of dollars and can take months to develop. Law enforcement and intelligence agencies typically have the legal authority to deploy spyware on targets, not the spyware makers themselves.

Sara Banda, a spokesperson for Trenchant’s parent company L3Harris, declined to comment for this story when reached by TechCrunch before publication.

A month before he received Apple’s threat notification, when Gibson was still working at Trenchant, he said he was invited to go to the company’s London office for a team-building event.

When Gibson arrived on February 3, he was immediately summoned into a meeting room to speak via video call with Peter Williams, Trenchant’s then-general manager who was known inside the company as “Doogie.” (In 2018, defense contractor L3Harris acquired zero-day makers Azimuth and Linchpin Labs, two sister startups that merged to become Trenchant.)

Williams told Gibson the company suspected he was double employed and was thus suspending him. All of Gibson’s work devices would be confiscated and analyzed as part of an internal investigation into the allegations. Williams could not be reached for comment.

“I was in shock. I didn’t really know how to react because I couldn’t really believe what I was hearing,” said Gibson, who explained that a Trenchant IT employee then went to his apartment to pick up his company-issued equipment.

Around two weeks later, Gibson said Williams called and told him that following the investigation, the company was firing him and offering him a settlement agreement and payment. Gibson said Williams declined to explain what the forensic analysis of his devices had found, and essentially told him he had no choice but to sign the agreement and depart the company.

Feeling like he had no alternative, Gibson said he went along with the offer and signed.

Gibson told TechCrunch he later heard from former colleagues that Trenchant suspected he had leaked some unknown vulnerabilities in Google’s Chrome browser, tools that Trenchant had developed. Gibson, and three former colleagues of his, however, told TechCrunch he did not have access to Trenchant’s Chrome zero-days, given that he was part of the team exclusively developing iOS zero-days and spyware. Trenchant teams only have strictly compartmentalized access to tools related to the platforms they are working on, the people said.

“I know I was a scapegoat. I wasn’t guilty. It’s very simple,” said Gibson. “I didn’t do absolutely anything other than working my a-s off for them.”

The story of the accusations against Gibson and his subsequent suspension and firing was independently corroborated by three former Trenchant employees with knowledge.

Two of the other former Trenchant employees said they knew details of Gibson’s London trip and were aware of suspected leaks of sensitive company tools.

All of them asked not to be named but believe Trenchant got it wrong.

If you value any anonymity, you should not be browsing or posting here from your work computer.

HR and security teams are monitoring Slack, scanning channels and messages for content related to layoffs, and forcing people to delete messages that they deem unacceptable, citing vague security reasons (there is already one thread where messages were forced to be edited/removed). The same is being done for emails.

Did anyone else lose access to Slack tonight? I was logged out and can’t log back in

Another reorganization — new names, the same long-entrenched inept leadership.

No real changes. No products. Quality keeps sliding while the company waits for someone — anyone — to make sense of AI, since the so-called AI teams clearly can’t.

Directionless “AI strategy” built on vaporware, riddled with defects, and outsourced to contractors following Chinese-grade security practices — meaning none at all.

VPN went out awhile back — word is Charlotte teammates working from home and the “permanent” telecommuters decided to come into the office with their kids in tow (because who needs childcare when you’ve got badge access, right?).

Naturally, it turned into a full-blown security circus

Big thanks to leadership for taking the lesson to heart and rewarding us with a 5-day-a-week RTO in January. Appreciate y’all alpaca-ing us back to the office.

Two surveys today in email and neither one works. Are they trying to trick us?

FLD - You Have A Decision To Make By The End Of October 2025

Do you continue the financial charades to keep the stock price up for maybe another 6 to 8 months, or do you do what is necessary to make F5 a world class Security Firm.

There are many of us that were RIFd over the last many years that would like to come back and make F5 a world class Security Firm.

Wait longer than 10 days and it will be beyond the timeline to make F5 a world class Security Firm.

I know people are getting new security badges. People are telling me these are being used to track time in-office. Is that correct? Why wouldn't they just track your time connected to the office network?

Maybe Newsweek should look at that a little closer. How do you get ranked a high CS company when their internal security is complete garbage, they have customer apps that have clear passwords stored and can easily be bypassed, nothing is written to follow standards, best practice as far as design or security and you have Directors mandating their staff NOT use corporate approved communication applications, that are by the way Chinese based. Would be one of the LAST companies Id pin "one of the best" on.

Dozens of Oracle customers impacted by Clop data theft for extortion campaign: Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

Clop, the notorious ransomware group, began targeting Oracle E-Business Suite customers three months ago and started exploiting a zero-day affecting the enterprise platform to steal massive amounts of data from victims as early as Aug. 9, Google Threat Intelligence Group and Mandiant said in a report Thursday.

Was the WF rush to the cloud Risky? This risk averse employee thinks all of our data is at risk everyday it is on a cloud. Stupid is as stupid does.

I can only imagine how many people will experience identity theft as a result of this.

“ LOUISVILLE, Ky.--(BUSINESS WIRE)-- Humana Inc. (NYSE: HUM) and Providence, a Washington-based health system, today announced a pioneering initiative to streamline and secure data exchange between payers and providers – setting a new standard for interoperability in support of value-based care.”

I bet in coming days, we will hear about lawsuits where major data breaches occurred as a result to this. Mark your calendars.

Not sure what defines highly sophisticated hacker or not but clearly they went for the Jackpot Bingo. Application Delivery Controller or ADC is a single point of exposure of all traffic that goes through F5 that would be a magnet for hackers. It breaks all norms of security by concentrating in the same venue all the secret keys for every service that is on-boarded to the ADC. It is a matter of time until someone gets its hands on it. Otherwise no hacker would bother to go to break F5 if the traffic that goes through it is end to end encrypted. It was unwise and d-mb idea from the begining and only to support security of lax architecture in the back end. Now those all that were calling that is the only secure way to go about it are reaping their fruits. It was not at all driven from security point of view but more about sales, project check mark and also about sniffing transfers in the internal network for data loss prevention or DLP. Well those who pushed it all are not anymore around to be asked about it. Next all the secret vaults and smillar things.

https://forums.theregister.com/forum/all/2025/10/15/highly_sophisticated_government_hackers_breached/

Chuckie is in hot water, expecting federal government agencies to remove Cisco equipment

US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach "at least one federal agency."

Cassidy's letter [PDF] to Cisco CEO Chuck Robbins demands clarity around the company's knowledge of and response to the critical flaws – namely CVE-2025-20333 and CVE-2025-20362 – that prompted the US government to issue an emergency patching directive for federal civilian agencies.

Cassidy says "at least one federal agency has already been breached as a result of this vulnerability," a claim Cisco has not publicly confirmed or denied.

any know why?

How is Hypershied and Canvas seeing these days?

An article on the Entrepreneur site states for JP Morgan staff wanting to access their new $3B headquarters building, they will need to provide their biometric data.

Considering how much of a crush RK has on JP Morgan's CEO, Stifel should be breaking ground on a new headquarters soon that can only be accessed with biometrics.

My boss set up a casual coffee chat to catch up in one of the corner meeting rooms. Halfway through the conversation HR and security walks in and I’m told I’m being let go.

WTF is this cowardice move, at least have the decency to lay people off in a respectful manner

For the last couple of weeks there has been at least one armed security guard in the lobby in the Chicago building. He’s tall and wears regular clothes with a black jacket zipped halfway but if you pay attention you can see the outline of a we-pon on his hip. He always looks upset too which is hilarious because sir you’re the only one here packing.

The culture is in the dumps and leaders know it. But instead of listening to employees when we constantly give them the same feedback in these surveys they like to send and changing our leaders hide behind words that don’t mean anything. After the layoffs you feel like another shoe could drop whenever. People are smiling through it but you can tell they feel defeated. There’s something coming about our pto. I hear bits and pieces but something is about to happen with that.

If you work at HCSC you already know. If you don’t I won’t tell you not to take a job if you get an offer. The economy is bad and a job is a job. Just know what you’re getting yourself into by coming here. Almost none of what the recruiters say about this being a great place to work is true. I hear them every day lying to people and showing fake enthusiasm when they’re miserable themselves.

My leader is over talent and he runs talented people out of here on the regular. Recruiters have left. His admin left. The people who stay are scared to challenge him because he WILL send it up. And another leader who did challenge him got let go. Coincidence? It’s not just him though.

If anyone would listen I would tell the leaders to change the culture and stop always making these little snide comments about the office being empty. There’s a reason people don’t want to come in the office and it’s not all about money. Any mistake you make is about to be on the 10 o clock news because you’re going to get put on full blast on an email with a thousand people copied. The point isn’t to help you do your job better. They are super thirsty to make themselves look good while making you look bad.

If i really wanted to make these people look bad I could but they’d figure out who I am and I need my job. As soon as I find something better I’m out. If you all are reading this stop sending out surveys and holding town halls where you don’t say anything. Be a human being and stop treating us like we don’t matter but then always thanking us. Which is it?

And please get rid of the rent a cop. No one is trying to go to jail because of y’all.

All the signs are there, new badges , new VPN! We are watching you….

https://finance.yahoo.com/news/oracle-investigating-hacks-customers-e-214339029.html

Previously, ORCL never acknowledge a security breach !

CISA said it’s aware of hundreds of Cisco firewalls in use across the federal government that are potentially susceptible to exploitation.

https://cyberscoop.com/cisa-emergency-directive-timeline-investigation/?utm_campaign=CyberScoop%20-%20Editorial&utm_content=349198981&utm_medium=social&utm_source=twitter&hss_channel=tw-720664083767435264

ArcaneDoor continues to leverage Cisco’s strong backlog and AI capabilities..oh wait.

Anyway, see below:

These attacks on Cisco security appliances are a continuation of the ArcaneDoor campaign that Cisco announced in April 2024.

Multiple federal agencies have been hacked through this campaign, two U.S. officials tell me. One official said there's at least 10 government and private-sector victims worldwide, but that's sure to increase.

"CISA is deeply concerned about this activity," a U.S. official told me. "If agencies don’t get on this right away, it could be bad for them."

If Cisco loses those blank government checks they will not have a strong backlog and will not be able to continue to be a leader and innovator in AI. At least they’ll still be a top place to work and feature on the magic quadrant.

https://www.cybersecuritydive.com/news/cisa-emergency-directive-cisco-vulnerabilities-arcanedoor/761150/

APEGA records, pay stubs, etc. You never know.

Stop using company computers and connections to post on this damn page. Everyone has googled HCSC layoffs and ended up here. There is zero expectations of privacy on a company owned device.

Ya might as well walk yourself out if you dont think they are looking.

Has anyone received a pop up saying you need to complete your identity verification by Sept 26 or your access will be revoked?

Whoever’s bright idea it was for all of these multiple passwords and apps used to sign into various applications, especially now needing your lan and Microsoft Authenticator for baseline, congrats on your promotion you d-mb c*nt :)