Search
Items tagged with: infosec
Since it's Halloween...
The Malware Mash!
https://thecyberwire.com/stories/79cb0c1f7ff74f638c54fddeaa6177ae/the-malware-mash
The Malware Mash
Happy Halloween from the team at N2K Networks! We hope you will join us in our Halloween tradition of listening to the Malware Mash.The CyberWire Staff (The CyberWire)
Krótko i treściwie, dlaczego warto używać Signala i jak go zainstalować (nadaje się do podsyłania mniej technicznym znajomym, których chcemy przekonać do jedynego słusznego komunikatora 😉)
https://www.youtube.com/watch?v=iwB_zC51KlY
PS. Czy można jeszcze liczyć na jakąś instancję Invidious, czy YouTube pokonał już wszystkie?
@signalapp @mateuszchrobok #infosec #cyberbezpieczenstwo #signal
Signal - komunikator, z którym możesz czuć się bezpiecznie
Proponuję Ci korzystanie z Signala, jednego z najlepszych, chociaż nie najpopularniejszych komunikatorów. Dlaczego? Ponieważ w bezpiecznej komunikacji nie ch...YouTube
I have a friend who is being harassed and threatened semi-anonymously via Facebook. She knows *who* it is, but Facebook and Police are characteristically being uselss.
I am kinda useless at this side of deanonymization, but does anyone have advice or resources for deanonymizing enough to get cops to move?
Reminder: As we approach Cybersecurity Awareness Month (Do not abbreviate) we need to not go down the rabbit hole when providing advice to our friends, family, and the media.
People are only likely to pay attention to personal computer security for maybe 2 minutes a year. Don't hype threats that aren't there (Public WiFi, Juice Jacking, Gen AI threats), focus on the basics that are causing most of the harm... Patch your iPhone/Android/PC/Mac/Router and use a password manager.
Ok, here's the deal on the "YubiKey cloning attack" stuff:
:eyes_opposite: Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.
But the attack *requires*:
👉 *physically opening the YubiKey enclosure*
👉 physical access to the YubiKey *while it is authenticating*
👉 non-trivial electronics lab equipment
I cannot stress this enough:
✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨
Pleased to announce the launch of Surveillance Watch, an interactive map and resource that documents the hidden connections within the opaque surveillance industry: https://www.surveillancewatch.io/
By mapping out the intricate web of surveillance companies, their subsidiaries, partners, and financial backers, we hope to expose the enablers fueling this industry's extensive rights violations, ensuring they cannot evade accountability for being complicit in this abuse.
#Privacy #Surveillance #InfoSec
Surveillance Watch: They Know Who You Are
Surveillance Watch is an interactive map revealing the intricate connections between surveillance companies, their funding sources and affiliations.Surveillance Watch
A couple things to think about here:
This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.
So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.
This is a massive breach of trust.
That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.
A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access., (Red Hat)
When interviewing a man and woman together, I will often deliberately give the woman the last word. I'm not overt about it, I simply structure the conversation that way.
I've noticed that quite often the man will then jump in with, "one more thing," he wants to share.
Men — don't do this!
Ladies, I'm wondering how often this sort of thing happens to you. I'm guessing it's common, but I'm also aware my perception might be skewed by my own annoyance by it.
In ads: Our apps mind their business. Not yours.
In court: Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.
#Privacy #Security #Cybersecurity #Apple #iPhone #InfoSec #dataprivacy
If you don’t use a password manager, what’s the reason?
Feel free to comment.
Reposts appreciated for more reach.
- Don't know how to use it (18%, 21 votes)
- Don't trust it (77%, 90 votes)
- Don't know what it is (4%, 5 votes)
The endgame is almost always #spam. LI accounts frequently have complete copies of their owners' professional address books, a valuable set of mostly high-quality addresses.
Very rarely (all day every day, but only to a tiny percentage of people) they are going after the account owner specifically or hitting contacts of their primary target to impersonate them.
I'm positively impressed by the latest shame scam I just received. It even includes a password of mine that has been reported as part of a dump several years ago, and it makes the claim that they somehow installed a trojan virus on all my devices and caught me on camera masturbating way more impactful.
I wanted to congratulate them for the marginal ingenuity but unfortunately they do indicate it's useless to reply directly to the sender email address. 😞
Fundacja IT Girls przygotowała e-booka "Bezpieczni online - twój klik ma znaczenie", warto się zapoznać
https://sklep.itgirls.org.pl/e-book-bezpieczni-online-twoj-klik-ma-znaczenie/
(pobranie za darmo wymaga podania imienia, nazwiska i adresu e-mail)
This is great news, but despite working for a cybersecurity tool creator, WTF? Anyone who cares what the law says will only make your tool safer. Anyone we should worry about doesn't care about Minnesota's law. What an odd carve-out that seems dangerously misguided. https://techhub.social/@Techmeme/110426754830120294 #InfoSec
... what. the. fuck. " https://www.bleepingcomputer.com/news/security/keepass-exploit-helps-retrieve-cleartext-master-password-fix-coming-soon/
#infosec #cybersecurity #passwordmanagers
KeePass exploit helps retrieve cleartext master password, fix coming soon
The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.Bill Toulas (BleepingComputer)
You may not reuse any of the most recent 12 faces.
#infosec #PasswordExpiration #BYOD
#OpenSource #FreeSoftware #privacy #security #infosec
🤡 #1Password becomes #spyware:
https://blog.1password.com/privacy-preserving-app-telemetry/
We're changing how we discover and prioritize improvements | 1Password
Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.1Password
Remember when Google's corporate motto was "don't be evil?"
Obviously, accurate location data on photos is more useful to a data mining operation like Google.
From Google: "Important: You can only update or remove estimated locations. If the location of a photo or video was automatically added by your camera, you can't edit or remove the location."
It's enshitification in action.
Source: https://support.google.com/photos/answer/6153599?hl=en&sjid=8103501961576262529-AP
#technology #tech @technology #business #enshitification #Android #Google @pluralistic #infosec
All the more reason Tiktok can't be trusted and that Project Texas is a sham. They have been abusing data entrusted to them by their users for years and it didn't require the data to be "in China". Data sovereignty is a sham and jingoistic bullshit to start with. Is it encrypted? No? Then it is vulnerable. China, Texas, the ISS, doesn't matter. The only safe unencrypted data is data on a Space X rocket. https://securitycafe.ca/@globeandmail@botsin.space/110234264207587278 #InfoSec #TikTok
On Firefox, I recommend you to disable the protocoll until we find a solution to either spoof it or break the fingerprinting method. It works even without #javascript.
The whitepaper 👉 https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf
#privacy #fingerprinting #infosec #opsec #cybersecurity #http #http2 #browserleaks
Test yourself at https://browserleaks.com/http2
HTTP/2 Fingerprinting
HTTP/2 Browser Fingerprinting identifies web clients by analyzing specific HTTP/2 attributes, such as SETTINGS frame values, WINDOW_UPDATE frames, stream prioritization, and the pseudo-header fields order.BrowserLeaks
—
Website of Reykjavík #Hackerspace, Hakkavélin, just got flagged by #Google Safe Browsing as "deceptive"; anyone who visits this site gets a scary red warning:
https://hakkavelin.is/
Thing is, I manage this site. It's literally a single static HTML file.
This is what we get for allowing shitty journalists to farm clicks by abusing the words "hacker" and "hack" to mean "cybercriminal" and "attack".
#FuckGoogle #Hackers #InfoSec
https://www.pcmag.com/news/openai-confirms-leak-of-chatgpt-conversation-histories
Can you guess who or what does Sam Altman from #OpenAI blame for it?
"A bug in an open source library."
Yup. #FLOSS is great for #OpenAI as a way to build on somebody else's code, and as a way to train their models on somebody else's code. But as soon as shit hits the fan, it *will* get thrown under the bus.
Wanna *bet* it's not an #AGPL library? SV hypercapitalists keep away from those!
#FOSS #InfoSec
OpenAI Confirms Leak of ChatGPT Conversation Histories
OpenAI CEO Sam Altman blames the exposure on 'a bug in an open source library.' A patch has been released, but the chat history sidebar remains inaccessible.Michael Kan (PCMag)
More details:
https://updatedsecurity.com/topic/291-huge-increase-in-malicious-advertising-on-google/?a=1
#infosec #cybersecurity #malware
Huge Increase in Malicious Advertising on Google
It seems like after Microsoft moved to limit Office Macros, there has been a resurgence in other techniques such as malvertising and iso attachments.MalwareTech (UpdatedSecurity)