Skip to main content

Search

Items tagged with: cybersecurity



#Research finds 12,000 ‘Live’ #API Keys and ßPasswords in #DeepSeek's #Training Data


Source: https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data

#ai #technology #security #privacy #fail #password #Problem #cybersecurity #news #Software


Major privacy alert for Android users.

https://mastodon.sdf.org/@jack/113952225452466068

@jack #Privacy #Android #cybersecurity


You remember #Apple scanning all images on your #mobile device?

If you have an #Android #phone, a new app that doesn't appear in your menu has been automatically and silently installed (or soon will be) by #Google. It is called #AndroidSystemSafetyCore and does exactly the same - scan all images on your device as well as all incoming ones (via messaging). The new spin is that it does so "to protect your #privacy".

You can uninstall this app safely via System -> Apps.

https://developers.google.com/android/binary_transparency/google1p/overview


You remember #Apple scanning all images on your #mobile device?

If you have an #Android #phone, a new app that doesn't appear in your menu has been automatically and silently installed (or soon will be) by #Google. It is called #AndroidSystemSafetyCore and does exactly the same - scan all images on your device as well as all incoming ones (via messaging). The new spin is that it does so "to protect your #privacy".

You can uninstall this app safely via System -> Apps.


#Google begins requiring #JavaScript for Google #Search


search: https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/

“Enabling JavaScript allows us to better protect our services and users from bots and evolving forms of abuse and spam,” the spokesperson told TechCrunch, “and to provide the most relevant and up-to-date information.”


In other words it is for better tracking and surveillance ... 🙁

#web #www #security #news #internet #browser #tracking #cybersecurity



Millions of Accounts Vulnerable due to sGoogle’s #OAuth Flaw

Source: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

#cybersecurity #security #identity #login #fail #Software #Problem #internet #news #identification #configuration



Tell you a secret about red team #cybersecurity work:

Almost everyone wants to pretend to be a red teamer; almost nobody has the willingness to put in the real work to become one.

Responsible Red Teaming is @thetaggartinstitute 's most enrolled course by a wide margin.

It is also the least-completed.

The course content is not more technical than any other offensive security course. Indeed, most of it is far less, instead requiring you to think about the human impact of the work. This course discusses how to operate in a safe, appropriate manner. It is not about popping shells.

Once most folks discover this, they bail.

If you want to do offensive security solely because you want to "hack stuff," you're a liability. You must understand your role in hardening defenses and working with defenders to improve operational security.

The job is not a CTF. If you can't hack that, please find another line of work.


Recent #cybersecurity incident around #CrowdStrike and #Windows #Azure shows the problem around monocultures and control over its one technology.

It is important for Europe to evaluate own dependencies and support administrations, business and citizens alike to run secure IT. For this #softwarefreedom plays an important role.


Turgid members of parliament are excited about their imminent election, but what's that waiting for them in WhatsApp? AI healthcare horrors, and Drew Barrymore.

All this and more in the latest episode of the "Smashing Security" podcast, with me, Carole Theriault, and special guest John Hawes.

Find it in all good podcast apps, or at https://grahamcluley.com/smashing-security-podcast-367/

Thanks to this episode's sponsors - Kolide by 1Password, Kiteworks, and Vanta - for their support!

#cybersecurity #podcast


Great news! Amazon has got back to me about the £700 iPhone they failed to deliver (and wouldn't refund or replace) Bad news: what they told me...

Based on this experience, why would anyone buy anything expensive from Amazon ever again? Please share, like and comment if you agree.

Watch my #video.

#amazon #delivery #scam #jeffbezos #cybersecurity


New podcast alert! "Smashing Security" ep 361 is out now, with special guest Paul Ducklin, yours truly, and my erstwhile co-host Carole Theriault.

We discuss how your smartphone may be toast – if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps.

https://grahamcluley.com/smashing-security-podcast-361/

@smashingsecurity

#cybersecurity #podcast #malware #ransomware #privacy #romance


#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:

*please* write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)

the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief


What's that? A brand new episode of "Smashing Security"?

Oh, go on then...

https://www.smashingsecurity.com/335

#cybersecurity #podcast


Going for a jog can be bad for your privacy (but even worse for your health), and Britain's consumer finance champion finds his face is being faked.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

https://grahamcluley.com/smashing-security-podcast-330-deepfake-martin-lewis-and-a-deadly-jog-in-the-park/

#cybersecurity #podcast #deepfake #martinlewis #ukraine #russia
Smashing Security 332: Deepfake Martin Lewis, and a deadly jog in the park.


There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the #MOVEit #hack causes consternation.

It's a brand new "Smashing Security" podcast, with special guest @bittner from The CyberWire!

Find it in all good podcast apps, or at https://www.smashingsecurity.com/326

#cybersecurity #podcast



"I can't trust online password managers, it's way better to have a self-hosted version like Keepass... I'm a proud user of...
... what. the. fuck. " https://www.bleepingcomputer.com/news/security/keepass-exploit-helps-retrieve-cleartext-master-password-fix-coming-soon/

#infosec #cybersecurity #passwordmanagers


You could not design a worse "private messaging" app than #Converso if you tried.

https://crnkovic.dev/testing-converso/

#CyberSecurity #privacy #Signal #WhatsApp


Umm... may we suggest you don't listen to our latest podcast episode in the workplace, in front of your children, or while you're busy driving a truck...

Smashing Security episode 320: "City Jerks, AI animals, and is the BBC hacking again?"

With @gcluley, Carole Theriault, and special guest @ThomLangford

https://www.smashingsecurity.com/320-city-jerks-ai-animals-and-is-the-bbc-hacking-again/

#cybersecurity #podcast


A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by @gcluley and Carole Theriault, joined this week by @varmazis
Find it in all good podcast apps, or at https://www.smashingsecurity.com/319

#cybersecurity #finland #strava #privacy #databreach #mentalhealth #tiktok
Ville Tapio of Vastaamo, pursued by the media...


Check out the latest "Smashing Security" podcast, where @gcluley and Carole discuss how Tesla employees are sharing videos of customers, and sinister Operation Fox Hunt scams targeting Chinese citizens in the United States.

Find the show in all good podcast apps, or at https://grahamcluley.com/smashing-security-podcast-318/

#cybersecurity #podcast #Tesla #scam #China
A more traditional fox hunt.


Did you know, it's now possible to fingerprint by HTTP/2?

On Firefox, I recommend you to disable the protocoll until we find a solution to either spoof it or break the fingerprinting method. It works even without #javascript.

The whitepaper 👉 https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf

#privacy #fingerprinting #infosec #opsec #cybersecurity #http #http2 #browserleaks

Test yourself at https://browserleaks.com/http2


Join me, Carole Theriault, and our special guest The CyberWire's @bittner in the latest "Smashing Security" podcast - Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?

https://grahamcluley.com/smashing-security-podcast-317/

#cybersecurity #juicejacking #ai #chatbot #chatgpt #uber #databreach #podcast
Uber car, chatbot, USB port.


In the latest @smashingsecurity podcast the irrepresible @ThomLangford joined me and Carole Theriault, as we discussed a possible aCropalypse for Google Pixel users, house buying scams, and just why TikTok is being singled out for attack by... well, everyone.

Find "Smashing Security" in your favourite podcast app such as Apple Podcasts or Spotify, or listen at
https://www.smashingsecurity.com/314

#cybersecurity #podcast #tiktok #android #vulnerability #scam
Smashing Security episode 314: Photo cropping bombshell, TikTok debates, and real estate scams.

With a relevant - if you listen to the podcast - picture of Elizabeth Hurley pouring a lovely cup of tea for naked international man of mystery Austin Powers.


The twisted tale of the two Teslas, Bollywood movies, and a deepfake sandwich.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by me and my partner-in-pod Carole Theriault.

Warning: This #cybersecurity #podcast may contain nuts, adult themes, and rude language.

https://grahamcluley.com/smashing-security-podcast-313/
Smashing Security episode 311 - picture of man unlocking a Tesla car.


The twisted tale of the two Teslas, and a deepfake sandwich.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans @gcluley and Carole Theriault.

https://player.captivate.fm/episode/721b532f-a9d8-4b0b-86cb-91f3f5b40e14/

#cybersecurity #podcast #tesla #deepfake


This #InternationalWomensDay we're celebrating the fabulous female guests we've had on the "Smashing Security" #podcast, shattering the stereotype that only men can have a successful career in #cybersecurity.

Not forgetting my co-host through over 300 episodes, Carole Theriault!

Find all their contributions at https://www.smashingsecurity.com, or in your favourite podcast app.
Smashing Security guests Anna Brading, Carolyn Crandall, Clare Blackwood, Dalia Hamzeh, Danielle Papadakis, Dinah Davis, Helen Patton, Jenny Radcliffe, Jessica Barker, Lisa Forte, Lisa Vaas, Mari DeGrazia, Maria Varmazis, Michelle Madsen, Nina Schick, Rachael Stockton, Vanessa Pegueros, Yvonne Eskenzi, Zoe Kleinman, and Zoë Rose.


The crazy story of the Ubiquiti hack! Police keep creating encrypted messaging systems for criminals! Apple Watch accused of crying wolf!

All this - and more - in the latest episode of the award-winning "Smashing Security" podcast, with me, Carole Theriault, and special guest Mark Stockley.

Thanks to our sponsors @bitwarden, NordLayer, and SecurEnvoy for their support!

https://grahamcluley.com/smashing-security-podcast-308/

#cybersecurity #podcast #ubiquti #databreach #apple #encryption #privacy


There's been a huge increase in malicious ads on Google lately. In some cases the first 4-5 search results for certain pieces of software have all been malicious ads leading to info stealers.

More details:
https://updatedsecurity.com/topic/291-huge-increase-in-malicious-advertising-on-google/?a=1
#infosec #cybersecurity #malware


Carole’s in her sick bed, which leaves Graham in charge of the SS Smashing Security as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.

With special guest @bjmendelson!

https://player.captivate.fm/episode/3db07726-f55a-4742-b2d5-e197ac4cb185/

#cybersecurity #podcast


AI-generated phishing attacks are becoming more convincing.

Read my article on the Tripwire blog:

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

#GPT3 #cybersecurity #phishing #businessemailcompromise
VOC robot in front of a GPT-3 logo.  You don't know what a VOC robot is?  Well, shame on you... I'll never leave you in charge of a sandminer...


The first "Smashing Security" podcast of 2023. Oxford’s dating disaster, cheap security robots, and faking a suicide...

It's not your typical #cybersecurity #podcast.

https://grahamcluley.com/smashing-security-podcast-304/
Smashing Security podcast #304.

Skyline of Oxford with a Dalek-like robot security guard trundling around...  It will make sense if you listen to the podcast.



First time I read about open-source "star" jacking on Github and the much more nefarious usage of open-source python packages to install malwares.

Interesting read: https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/

#Python #CyberSecurity #OpenSource


Beware your Roomba’s roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a cab in Dublin…

It's the last "Smashing Security" #podcast of the year!

Thanks to special guest @iainthomson for joining us for the fun. 😀

Find it in all good podcast apps, or at
https://grahamcluley.com/smashing-security-podcast-303/

#cybersecurity
Smashing Security episode 303.  A Roomba vacuum cleaner with large googly eyes that look deep into your soul...


This week on #osspodcast @kurtseifried and I chat about #stylometry

There's a tool to look at #HackerNews authors and see if their writing is similar to another user (sock puppets anyone?)

This of course leads to larger discussions about #privacy, #cybersecurity, #impersonation, and of course, #shakespeare

https://opensourcesecurity.io/2022/12/04/episode-352-stylometry-removes-anonymity/


In episode 300 🥳 of the "Smashing Security" podcast, original co-host @vanjasvajcer returns to the show...

We discuss why deleting your Twitter account may be a very bad idea, how the police unravelled the #iSpoof fraud gang, and take a trip into interplanetary file-systems.

Find "Smashing Security" in your favourite podcast app, or listen at https://www.smashingsecurity.com/300

Thanks to everyone who has listened, appeared on the show, or supported us! 🙏

#cybersecurity #twitter #ipfs #phishing #privacy
Smashing Security episode 300.  Picture of a spacesuited astronaut floating weightlessly above the Earth...


I reckon it's time for another episode of the "Smashing Security" podcast, don't you?

This week #deepfake shenanigans strike users of troubled crypto firm #FTX, the perils of charging your electric vehicle, and is Microsoft’s takeover of Activision good news for video game fanatics.

All this and much much more...

Find @smashingsecurity in your favourite #podcast app or listen to the latest episode at https://www.smashingsecurity.com/299

#cybersecurity #cryptocurrency
Smashing Security 299: EV Charging risks, FTX, and an ancient apocalypse


Content warning: birdsite, threat actors, reputation