The fancy “AI” can’t tell the difference between a human, a gnome miniature, and a giant red bouncy ball for toddlers. Oh, and a white door… #falsePositive #sophisticated

#Gesichtserkennung fehlgeschlagen: Hochschwangere fälschlicherweise festgenommen | heise online https://www.heise.de/news/Gesichtserkennung-fehlgeschlagen-Hochschwangere-faelschlicherweise-festgenommen-9236436.html #FacialRecognition #Datenschutz #privacy #Überwachung #surveillance #FalsePositive #Biometrie #biometrics

⚠️ 'Anybody else get "Trojan:Win32/Randet.A!plock" from Windows Defender using the latest VSCodium 1.80.1.23194?

I can't stand updating my devices anymore - it's such a PITA 😒 🙄

Is this legit, or is Microsoft trying to scare me from using VSCodium with a false positive instead of using VSCode where it can track everything I do?

#Microsoft #VSCodium #VSCode #Trojan #Legit #FalsePositive #SWDev #WebDev #AppDev #MobileDev #GameDev #Infosec #Windows #Defender

Wired: How to Spot Fake Reviews on Amazon (2023): Tools and Advice https://www.wired.com/story/how-to-spot-fake-reviews-amazon/ #Tech #wired #TechNews #IT #Technology via @morganeogerbc #Gear/HowToandAdvice #AmazonPrimeDayDeals #FalsePositive #eCommerce #Shopping #Amazon #Retail #how-to #Gear

Wired: How to Spot Fake Reviews on Amazon (2023): Tools and Advice https://www.wired.com/story/how-to-spot-fake-reviews-amazon/ #Gear/HowToandAdvice #AmazonPrimeDayDeals #FalsePositive #eCommerce #Shopping #Amazon #Retail #how-to #Gear

🎢⛷️💃🕺 ... Welche #FalsePositive kommen als nächstes?

#Apple|s Autounfallerkennung: Ungewollte #iPhone-Notrufe bei Musikfestival | Mac & i https://www.heise.de/news/Apples-Autounfallerkennng-Ungewollte-iPhone-Notrufe-bei-Musikfestival-9198629.html

Trojaner-Fehlalarm: #MicrosoftDefender warnt vor Browser-Plug-ins von Metamask | Security https://www.heise.de/news/Microsoft-Defender-Fehlalarm-auf-Krypto-Wallet-Metamask-9154897.html #FalsePositive #Microsoft

#20yrsago @eff analysis of the #SuperDMCA https://web.archive.org/web/20030425210736/https://www.eff.org/IP/DMCA/states/200304_sdmca_eff_analysis.php

#20yrsago Terrorism databases and the fallacy of the #FalsePositive https://www.schneier.com/crypto-gram/archives/2003/0415.html#7

#20yrsago #KimStanleyRobinson on adventure travel https://web.archive.org/web/20030422230305/https://gorp.com/gorp/features/visionary/robinson.htm

#15yrsago #MagicJack net-phone: swollen pustule of crappy terms of service and spyware https://web.archive.org/web/20080415200725/http://gadgets.boingboing.net/2008/04/14/magicjacks-eula-says.html

#15yrsago #ElitePanic: why rich people think all people are monsters https://web.archive.org/web/20090902045448/https://bombsite.com/issues/109/articles/3327

5/

#MicrosoftDefender: Achtung, Klick auf das gefährliche zoom.us festgestellt | heise online https://www.heise.de/news/Microsoft-Defender-Zoom-und-Google-sind-zu-boese-8245303.html #FalsePositive #Google #Zoom #Microsoft

Hast du in den letzten 6 Monaten eine Spam-Email bekommen oder eine Email wurde als Spam erkannt auch wenn sie tatsächlichen Inhalt hatte? Die Systeme die versuchen anhand vorheriger Entscheidungen und bekannten Daten nervige Werbe-Emails filtern werden dafür eingesetzt Gesichtserkennung an Bahnhöfen durchzuführen, oder Entscheidungen vermeindlich autonomer Fahrzeuge zu treffen. Nur dass an einer Station nicht ein paar 100 Menschen durch gehen sondern tausende... #falsepositive #falsenegative

The burden of false positives is sometimes too heavy to bear! 😮‍💨

Along with the WAF features, look for a vendor who owns the false positives and fixes them for you.

After all, focusing on your business is your main priority. 😊

#falsepositive #waf #firewall #appsec #cybersecurity #applicationsecurity #applicationfirewall #apptrana #indusface

#iCloud: #Apple-Anmeldewarnung verschreckt #iPhone-Nutzer | heise online https://www.heise.de/news/iCloud-Apple-Anmeldewarnung-verschreckt-iPhone-Nutzer-7495560.html #FalsePositive

Der Mastodon Server home.social ist neuerdings scheinbar in der Filterliste 1Hosts (Xtra) eingetragen, welche von diversen Adblockern und Filtertools verwendet wird.

Hab mich gestern und heute gewundert warum es nicht erreichbar war. Meine NextDNS Konfiguration greift auf 1Hosts (Xtra) zu.

Hier kann man ein Issue eröffnen um die Seite zu entsperren:
https://github.com/badmojr/1Hosts/issues

@ralf @admin

#meta #mastodon #falsepositive

"Die neue Edeka-Teuer-Aktion"

#verhoert
#falsepositive

Experiencing false positives, a DDoS attack or something else?
 
As many have read at Reuters, hivepro and other sources there was (or is?) a DDoS attack against several organizations going on, which also targeted the danish financial sector. 
 
On 2023-01-02 our analytics identified a danish banking site as false positive in multiple different CTI sources. It is absolutely clear that this is a benign website, but these sources still claim it's a phishing URL - even after 2 weeks. 

Interestingly one of the sources is a very prominent CTI source - operated by a large cybersecurity company and this URL has been verfied as phishing by multiple people from the community. As this is such an obvious false positive and in combination of reading the articles about the cyber attack targeting also the banks in Denmark, we are wondering if this could also be an attempt of that group? Or symphatisants? And if so - why is the community verification not effective here?  
 
Sure, chance is high this is just coincidence. But what if not? Supply chain attacks on CTI sources - could this be a new attack vector we need to worry about? 
 
At least it's a good example how valuable a good false positive analytics is - for CTI provider and consumers.
 
See also: 
https://www.hivepro.com/pro-russian-hacktivist-group-noname05716-launches-cyber-attacks-on-ukraine-and-nato-organizations/

https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/
 
#cti #threatintelligence #ticura #falsepositive #falsepositiveprevention #banking #infrastructure #vulnerable

We're getting into "silly season" at the end of the year. With that in mind, I've thought about the things I did in 2022 that I found most interesting, helpful, or potentially impactful.

First, there's the paper on #CTI-driven #ThreatHunting I wrote and presented on at several events:
https://www.gigamon.com/content/dam/resource-library/english/white-paper/wp-intelligence-driven-threat-hunting-methodology.pdf

Then, there was my @VirusBulletin paper on the #XENOTIME actor responsible for the #Triton event, which I thought was neat as a deep-dive into organizational relationships that get masked in our tracking a single "adversary:"
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Zeroing-in-on-XENOTIME-analysis-of-the-entities-responsible-for-the-Triton-event.pdf

On a personal front, I wrote up some prelimianry analysis on the #Industroyer2 attempted (?) #ICS #OT incident as part of the conflict in #Ukraine - and there are still some items raised there for which we don't have answers several months after the incident was discovered:
https://pylos.co/2022/04/23/industroyer2-in-perspective/

Finally, I wrote a blog for my employer diving into the idea of the #FalsePositive in #DetectionEngineering and #SecurityMonitoring that I think is helpful for analysts from #IR to the #SOC
https://blog.gigamon.com/2022/08/05/revisiting-the-idea-of-the-false-positive/

I need to think this over a bit, but look for something covering the most insightful work of others, from my perspective, from the past year!

@chronos

I donate to a local group.

As they prohibited a cishet man I know from donating for several months due to a positive HIV test (#FalsePositive), I'm pretty sure they test every donation, every time. There is zero reason to prohibit based on sexual behavior.

Microsoft Defender just flagged the PowerDVD updater as malicious.

No sorry. That's as designed. It's just that sketchy a program.

#MDE #FalsePositive #Cyberlink

Leider alles nicht korrekt. Ja, es verleitet dazu Nutzerdaten einzugeben und sich einzuloggen. Aber ja, dass muss auch so sein! #google #safebrowsing #falsepositive

Hey anyone who has #problems with #email to #microsoft accounts, which is marked as #junk ?
Looks like their anti spam inbound filter is #AI based crap. Seems to be a combination of mailclient/signature/domain.

It's now the second time I fight a fight against this broken system because emails are #falsepositive marked as junk only in the microsoft office world, which is sadly business relevant....

Additionally even as business account admin it is hard to get support for such problem and they really don't want to do anything. 😡

Conclusion: PLS everyone get rid off microsoft