Hello I Am Both Angry And Cybersecurity @angrycybersecurity - Tumblr Blog

#have a family password yo #and teach your grandparents to hang up and call back on your real number #vishing #cybersecurity

cosmogenous

jobs for girls who can't focus and are tired all the time and aren't rlly that good looking and get startled easily

#cybersecurity #it feels like I work with every autistic woman in the city rn #regular IT doesn’t have this many women

fixyourwritinghabits

Hey, so this may be a weird place to put this, but if your college or school uses Canvas, it was likely affected by the recent data breach. As of right now, the most likely personal information swept up in this hack is names and email addresses. Login and financial information were not included in the breach (as far as we know).

Right now, as a student you should beware of phishing attempts. Do not click on links seeking your login or financial information. Do not respond to emails about financial aid until verifying the email is legitimate first. Call your school or go speak to an admin in person if you have to. Report any suspicious emails to your school's IT department.

louisinart-like-cuisinart

took me a minute to find, but the company that owns canvas has confirmed a "cybersecurity incident"

its being reported on by mashable, some smaller tech outlets, and Inside Higher Ed. i was also able to find a local news station reporting on their scool district's response to the attack

fixyourwritinghabits

Huge apologies, I swear I had sources linked but Tumblr mobile loves stripping my links for some reason.

(Also for clarity to some reblogs - Canvas is an Learning Management System in which online classes are hosted. Canva is the graphic design website. They are not the same, despite being frustratingly similarly named.)

fixyourwritinghabits

The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools

Whelp.

fixyourwritinghabits

Just as an update on this, Instructure agreed to pay the ransom, which... is not great, but seems to indicate your data is not going to be leaked. As before, the biggest thing you have to be on the lookout for as a Canvas user are phishing attacks.

#cybersecurity #q

ms-demeanor

Do not attempt to out-malicious-compliance the staff at the malicious compliance conference.

ms-demeanor

Some dipshit decided to pay the conference fee ($250) in quarters. He handed us a wrapped plastic bag full of loose change. "It's all there," he said with a shit-eating grin, "you can count it."

Oh buddy. We're going to count it. What were you expecting?

At about the time I got to $60, he offered to give us $300 collateral so he could get his badge and go to the conference.

No, bud. You get to watch the most dyscalculic staffer count to a thousand while all your friends go in to the breakfast and find seats for the first talk.

ms-demeanor

"Ruining someone's day" is the favorite hobby of everyone here. Why would you hand us the perfect opportunity to wreck your shit and think that was an own? Half the con is calling him "Untraceable," the other half is calling him "Quarter Boy" and nobody cares what he says his handle is.

I spent an hour counting that and made him go fetch me baggies to hold it every fifty dollars.

ms-demeanor

This ended up being a good bonus prank for me too, because when the counting was done I wrapped the bags in gaffer's tape and spent the rest of the day handing it to people very casually while saying "oh here, hold this for a sec" and then watching they weren't ready for the weight (I only did this to people I know well enough to know this wouldn't hurt them).

ms-demeanor

It's an infosec conference, so it's a weekend in a hotel full of people whose favorite thing is breaking the law and whose second favorite thing is following the letter of the law while cheerfully violating the spirit.

ms-demeanor

Thank you, that means a lot coming from you, @unyanizedcatboys

#it do be like that #cybersecurity #q

existennialmemes

Every Website right now: Give us a scan of your driver's license or be banished. It's for safety.

Every Website for the last 10 years: Oopsies we had another massive data breach! Tee-hee!

#cries in cybersecurity #q

juneiper-art

real talk i have become a problem recently. the hospital wanted my fingerprint and i said no. the receptionist was like: but its such a convenient way to check in! and i said ok i dont want you to have my biometric data. and she was so baffled. i said, can you not check me in using an id card?

well of course but dont you want to provide your biometric data for your convenience?

nope thanks!

juneiper-art

fuck this happened again i was buying some LPs and the clerk was like: can i have your email? and i was like no.

she full on stared at me. she was like: but i need to put you into the system.

and i was like: need to? you NEED to? i don't want to give my email

and she was like: but...how are you going to return items without an account?

and i was like, with a fucking receipt??? wtf is going on right now. if i can't return them i guess i'll die??whatever

gayingupspace

Hit them with the "if you need my email to return these items I am not buying them" and see how fast they reassure you that they don't need your email

#the less data they have the less they can lose #privacy #cybersecurity

sistertaxon

why are there so many posts about asexuals being immune to sirens. people. sirens don’t lure you in with sex (necessarily). they sing about whatever it is that you want most. they could sing about mothman or cinnamon toast crunch and guess what then your asexual pirate is fucking dead

thesylverlining

this is the only kind of ace discourse i ever want to see on my dash. the only kind. ever again. good job

kittyknowsthings

Do you think the sirens would be grateful that they finally get some variety?

systlin

“Oh my god we can finally just sing about pasta thank the fucking gods.”

totohoy-blog

I’m not asexual but I’m fairly certain sirens would do a far better job luring me into the depths with a song about pasta rather than sex…

systlin

I mean.

“WHAT THE FUCK STAY AWAY FROM THE ROCKS.”

“FUCKER THEY SAID THEY HAVE FETTUCCINE CARBONARA AND HOT GARLIC BREAD OVER THERE HANG ON BITCH.”

musicalhell

This is true; Odysseus heard them promising him knowledge of the future. So the next time you see artwork like this:

Remember those sultry naked chicks are saying “We’ll tell you the winning lotto numbers.”

fuckstaffposts

Them: “We have unlimited wifi at incredible speeds~” Me: *diving headfirst into the water*

rpluvsyj

This post is a blessing

wittyusername97

Congratulations! Odysseus! You’ve been selected as a winner for the free $1000 Amazon Gift Card, Apple iPhone X 256G or Samsung Galaxy S8! Claim your prize now!

kitvalkyrie

Oh my god sirens were literally scam websites

10thingsihateabout-all-yall

Oh my god they were phishing

#oh my god they were phishing #phishing #q

rohirric-hunter

"We're gonna achieve immortality by turning ourselves into machines" buddy I want you to find yourself a 15 year old laptop and try to run a 10 year old piece of software on it please. Connect to the internet, if you can, and attempt to log into any of your online accounts

#technology #q

depsidase

#cries in cybersecurity #q

thereisselfpreservation

I'm seeing warnings about scammers trying to commission artists but the "reference sheet" for their character they want commissioned isn't an image but a .vbs file ("visual basic script"), and will run a script when you open it, probably to yoink your account(s), but I haven't seen this from anyone who's actually clicked it yet. Just be careful and never open a file like that, 'cause people suck.

thereisselfpreservation

For reference (heh)

At a glance, file name checks out. But!! Do not open a .vbs file!!!

#cybersecurity #scams

onlytiktoks

hedwig-dordt

a reCAPTCHA will not request a sequence of keys, and what to do if you got scammed

sevenoffeathers

(The basics of) what this actually does, because nothing is magic:

In the Reddit screenshot we see three instructions:

Press & hold the Win key + R

In verification window, press Ctrl key + V

Press Enter key on your keyboard

(We also see some odd grammatical errors - "Complete these verification steps use keyboard" instead of "using keyboard" or "To complete" - which should be a red flag as well.)

The first instruction - Win+R - opens the Run dialog:

You might notice that this looks like it's part of Windows; that's because it is. This dialog isn't part of the CAPTCHA but part of your own computer (a huge red flag!!)

The description says that Windows will open a file for you, but it's actually more advanced than that: this can run any command-line command you type into it. (If you don't know what that means, the command line is a way to interact with your computer by typing commands, and lets you do basically anything Windows can do.)

The second instruction - Ctrl+V - you might recognize: it pastes whatever you have copied to the clipboard.

Usually, you'd have copied this with a Ctrl+C or Ctrl+X, but websites are able to modify what's in your clipboard directly. (You might have experienced this with something like the "Share results" button in Wordle.)

In this case, they've copied a malicious command into your clipboard already, so when you hit Ctrl+V the command gets pasted directly into the Run dialog. I don't know the details of the specific command, but it has the power to do basically anything you can: download files, run programs, delete files, whatever.

The third instruction - Enter - is the same as hitting the OK button in the dialog: Windows executes the command you've pasted in for it.

In short, Win+R opens a tool to use commands, Ctrl+V pastes in a malicious command, and Enter executes it.

Many of you might be saying, hey, I already know what Ctrl+V does! That's great! I'm just trying to clarify how exactly the keyboard presses "run a command that can download malware onto your device", so you or anyone can understand what your keypresses are doing in general (not just in this specific fake CAPTCHA attack), and be aware when they might be doing something dangerous.

(That being said, if you scrolled past the entire post, don't press keyboard shortcuts that start with Win or Ctrl or Cmd or anything like that if you don't know what they're doing. That's all.)

#clickfix #cybersecurity #psa

le-tas-d-art

“Attempting To Read News In 2025” (medium: safari with ads, screencap, 2025)

biglawbear

If this shit happened in 2005 it meant your computer had a virus

#internet safety #ads

arcandoria-archived

crossposting from bsky - glad I stopped using spotify when I did and that I unlinked it from my discord, but still

[ reddit thread | bsky post ]

daysleftofsecondterm

helpful to know on 1,234 days left