This dumb password rule is from Fidelity National Information Services.

White label online banking provider. Typically appears as `BANK.ibanking-services.com` or `BANK.ebanking-services.com`. If your small local bank has a crappy online banking experience, these guys probably provide it.

`\<>'` and spaces prohibited, upper bound. Passwords of exactly the maximum len...

https://dumbpasswordrules.com/sites/fidelity-national-information-services/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Mindware.

You "*may use special characters*", but only some of them - and we won't
necessarily tell you which ones.

https://dumbpasswordrules.com/sites/mindware/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Solid reporting on some serious security vulnerabilities found in all Coros devices that Coros initially did not address appropriately. They have now provided a timeline for updates which hopefully they can hit. Not a great look, and, as the article mentions, pretty typical reactive security versus proactive security that is way too common in this day and age. https://www.dcrainmaker.com/2025/06/coros-confirms-substantial-watch-security-vulnerablity-says-fixes-are-coming.html #cybersecurity #coros

This dumb password rule is from Vietnam Airlines.

`[[:alnum:]]{6,8}`

https://dumbpasswordrules.com/sites/vietnam-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

11. Limited protocol privacy behavior by default responds to certain protocol events unless in specific mode (client_hidden). But they still leak data sometimes, possibly bugs???
12. Lack of strategy on #11 means once you know a node's ID you can track it trivially both via MQTT or physically or even via BLE or Wifi.

And if you've seen my defcon talk.... you probably can figure out what I can do with #1, #2 #11 and #12 🤔

#meshtastic #cybersecurity

#13 No conversation privacy in default scalable configuration. Anyone can see your to/from fields and bc #1 it's great metadata.

Need to verify how bad #13 is, I think you can mitigate but most people use a public channel. The header I think its technically encrypted BUT with a known public key so everyone can see whose talking to whom. I think you can get encrypted headers on the public channel but docs aren't clear and probably limits your hops.

#meshtastic #cybersecurity

Finally I suspect that IF meshtastic ever does fix their routing algo they will suffer from MITM exploits due to issues around #1, #6, #8, and #9.

Bc when you have MAC as the root of trust I can respond to your MAC and poison the routing table.

There might even by a solid security downgrade attack here too bc they have backwards compatibility for insecure DMs. So once I clone your MAC I can also downgrade security and ppl are trained to accept downgrades.

#meshtastic #cybersecurity #mitm

This dumb password rule is from BinckBank.

Between 10 and 16 letters and/or digits. No special characters are allowed.
Must be renewed at least every 180 days, but you can configure to let the password expire sooner.
When changing the password, the new password cannot be too similar to the existing password.

https://dumbpasswordrules.com/sites/binckbank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Man, this seems really bad.

But at least our government isn’t pulling back on the #cybersecurity we need to protect this information!

Whew!

#CISA #infosec

https://www.npr.org/2025/06/29/nx-s1-5409608/citizenship-trump-privacy-voting-database

This dumb password rule is from Cigna.

A max of 12 characters... Can't handle most symbols (only 5 supported). At least they have two factor auth via email or sms **sigh**

https://dumbpasswordrules.com/sites/cigna/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from LepidaID.

Password must:
- be 8 to 16 characters in length
- contain at least 1 upper-case character
- contain at least 1 lower-case character
- contain at least 1 number
- contain at least 1 non-alphanumeric character
- not contain more than 2 of the same consecutive characters
- not contain any public da...

https://dumbpasswordrules.com/sites/lepidaid/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IHG.

4, yes 4, digits only.

https://dumbpasswordrules.com/sites/ihg/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Microsoft security advisories, posted yesterday, affecting six Chromium-based Edge vulnerabilities.

Microsoft security update guide: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec #Chromium

This dumb password rule is from Arlo.

Your password contains characters not listed. Therefore, they do not
match.

https://dumbpasswordrules.com/sites/arlo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from EON.

By the time I'd finished reading the rules I've forgotten all of them.

https://dumbpasswordrules.com/sites/eon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from T-Mobile.

We prefer to not tell you which characters you can use up front.

https://dumbpasswordrules.com/sites/t-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Threat group Educated Manticore targets academia and cybersecurity experts

CheckPoint reports that the Iranian state-sponsored threat group "Educated Manticore" has escalated cyber espionage operations since mid-June 2025, targeting Israeli academics, journalists, and cybersecurity professionals through social engineering campaigns via email and WhatsApp that exploit Iran-Israel tensions to create urgency. The attacks feature advanced phishing infrastructure with multi-factor authentication bypass capabilities and real-time keystroke logging via WebSocket connections.

**Whatever the attack motivation or the initial social engineering, all these attacks end up with an insistence for you to click on something and enter credentials. Be extremely suspicious of unexpected emails or messages, and verify independently - all or email the organization through official contact channel on the official site. NEVER click on links or call numbers in the unexpected message.**
#cybersecurity #infosec #scam #phishing #activephishing
https://beyondmachines.net/event_details/threat-group-educated-manticore-targets-academia-and-cybersecurity-experts-9-t-u-x-y/gD2P6Ple2L

Vulnerabilities reported in Brother printers and other vendors, at least one critical

Brother Industries and four other major printer manufacturers have disclosed eight security vulnerabilities affecting 748 models of multifunction printers, including a critical authentication bypass flaw (CVE-2024-51978) that allows unauthenticated attackers to generate default administrator passwords using a predictable algorithm and cannot be fully patched through firmware updates.

**If you have Brother printers (or multifunction devices from FUJIFILM, Ricoh, Toshiba Tec, or Konica Minolta), immediately change all default administrator passwords since they probably have a flaw that allows attackers to generate these passwords and can't be fully patched. Alsom, make sure the printer are not accessible from the internet. Then apply the latest firmware updates to fix the other flaws.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-reported-in-brother-printers-at-least-one-critical-h-5-x-s-1/gD2P6Ple2L

This dumb password rule is from Techcombank.

Your password must:
- Be between 6 and 8 characters long
- Contains at least 1 number character
- Contains at least 1 lowercase character
- Contains at least 1 uppercase character
- Neither space nor unicode character is allowed. In fact,
NO special characters is allowed
- Must be changed every 9...

https://dumbpasswordrules.com/sites/techcombank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Ticketmaster.de.

Your password length is limited between 8 and 32 characters.

https://dumbpasswordrules.com/sites/ticketmaster-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MySwissLife.

User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.

https://dumbpasswordrules.com/sites/myswisslife/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Fun times ahead in Europe 🙄

"The @EUCommission has set out its plans to give #police access to digital information, including by cracking down on “non-cooperative” messaging services [like @signalapp and #Telegram] and helping build technologies to break #encryption."

#DigitalRights #privacy #HumanRights #confidentiality #cybersecurity

🆕 blog! “Reading NFC Passport Chips in Linux”

For boring and totally not nefarious reasons, I want to read all the data contained in my passport's NFC chip using Linux. After a long and annoying search, I settled on roeften's pypassport.

I can now read all the passport information, including biometrics.

👀 Read more: https://shkspr.mobi/blog/2025/06/reading-nfc-passport-chips-in-linux/
⸻
#CyberSecurity #hacking #linux #nfc #rfid

This dumb password rule is from BMW ConnectedDrive.

Although the prompt suggests good things, after many failed attempts to
set a new password, it turns out you can ONLY use the special characters
shown in the prompt

https://dumbpasswordrules.com/sites/bmw-connecteddrive/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Irodoricomics.

A website to buy english-localized doujins. The password must be between 4 and 20 characters long

https://dumbpasswordrules.com/sites/irodoricomics/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from University of Western Australia (Pheme).

Passwords:
1. Must contain at least 8 characters;
2. Must contain at least 3 out of 4 types of characters
(uppercase letters, lowercase letters, digits, special characters);
and
3. Must not contain
"the user's account name or parts of the user's full name
that exceed two consecutive characters".
...

https://dumbpasswordrules.com/sites/university-of-western-australia-pheme/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sharekhan.

- At least 8 characters.
- At most 12 characters.

https://dumbpasswordrules.com/sites/sharekhan/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

For ORG's 20th birthday, our partners Surfshark VPN are offering a special gift 🎁

The first 20 new members will get a free Surfshark One package – VPN, Antivirus, Alternative ID and Alert & Search services, plus much more!

Join ORG today and support the fight for digital rights in the UK.

➡️ https://www.openrightsgroup.org/join/

#ORG20 #digitalrights #VPN #Surfshark #privacy #cybersecurity #dataprotection #DigitalRightsAreHumanRights #VPN

Alt...

Typographic image of 'ORG20' in a 3D perspective with a green overlay of the text offset and '20 years' above it. Background of a patterned texture in hot pink and blue. The Open Rights Group logo in the bottom right corner.

This dumb password rule is from Alibaba.

- At least 2 uppercase letters
- Plus 2 lowercase letters
- Plus 2 numbers
- Plus 2 punctuation marks

Phew, too many rules, because why not, if [Ma thinks AI stands for Alibaba Intelligence](https://www.youtube.com/watch?v=f3lUEnMaiAU),
then password rules can be equally intelligent too.

Also, ...

https://dumbpasswordrules.com/sites/alibaba/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Wheee

Axios: Massive data breach reportedly leaks 16 billion passwords

https://www.axios.com/2025/06/20/data-breach-passwords-leaked-google-apple-meta?

#cybersecurity #passwords

Aflac notifies SEC of breach suspected to be work of Scattered Spider:

https://databreaches.net/2025/06/20/aflac-notifies-sec-of-breach-suspected-to-be-work-of-scattered-spider/

They're the third U.S. insurer breach we know about this month.

#databreach #ScatteredSpider #cybersecurity #insurance

Here's my go-to cheatsheet for troubleshooting issues in Fedora:

1. Disable SELinux

Thanks for reading!

#linux #fedora #productivity #wow #disruption #hyperscale #ai #innovation #quantum #nextgen #cybersecurity #business #numbers

The disclosure post was published today, June 20. The intrusion was "detected" on June 12. But nowhere does it say WHEN the intrusion began. And the company probably doesn't even know that yet.

"Preliminary findings indicate that the unauthorized party used social engineering tactics to gain access to our network."

"Potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business."

The Record: Aflac says it stopped attack launched by ‘sophisticated cybercrime group’ https://therecord.media/aflac-cyberattack-potential-data-breach @therecord_media @jgreig #cybersecurity #Infoec #Google

Posted today, Aflac Incorporated Discloses Cybersecurity Incident https://www.prnewswire.com/news-releases/aflac-incorporated-discloses-cybersecurity-incident-302487036.html?tc=eml_cleartime

If I make tabletop exercise scenarios should I just make a public repo for all to enjoy, or is there somewhere that can get more reach? I just wanna make something cool

#InfoSec #CyberSecurity #NotDnD