Remember Microsoft's Recall? The first implementation was never released and was met with strong criticism from privacy advocates and the infosec/security community. Guess what? Microsoft has doubled down, and its controversial Recall scraper is finally entering the public preview stage. If you care about privacy, please think twice before using this on your AI-enabled PCs (Snapdragon-powered Copilot+ PCs) blogs.windows.com/windows-insi…

#privacy #infosec #security #windows11 #DoNotWant

Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel

Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26120.2415 (KB5046723) to the Dev Channel. With this update, we welcome Windows Insiders with Snapdragon-powered

^{Windows Insider Blog}

I was just chatting with a blind person in an online forum and they posted some gibberish, then apologized because they'd had their fingers misplaced when they started typing. Which made me think "I should write a python function to fix assorted off-by-X typing errors." followed by "...that'd be a simple but fun CTF gimmick..."

#ctf
#InfoSec

#Google's AI tool, OSS-Fuzz, has detected 26 #vulnerabilities in #opensource projects, including a significant flaw in #OpenSSL.

This flaw, which could lead to application crashes or remote code execution, has existed for nearly 20 years and was only found thanks to AI-generated testing methods.

#infosec #cybersecurity #tech #AI #genAI

thehackernews.com/2024/11/goog…

Hello kind readers!

I'm in desperate need of a job and need your help connecting with hiring managers. I'm looking for the following (or related) roles:

1. technical program manager
2. security engineer/analyst
3. network security engineer/analyst
4. privacy engineer/analyst
5. SOC/NOC engineer/analyst
6. data center technician manager/engineer

CV: https://[yawnbox.is]/docs/cv-priv.pdf

I live in The Hague (NL) and i'm from Seattle (WA, USA). Remote jobs will allow my partner and I to continue to exist in NL. Freelance jobs in NL are also great. I would need work visa sponsorship anywhere outside of USA. I would relocate anywhere for a great job.

Things are desperate for us. Please help.

#GetFediHired #infosec #cybersecurity #Netherlands #Seattle

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 2 new zero-days that may have been actively exploited.

🐛 CVE-2024-44308 (JavaScriptCore),
🐛 CVE-2024-44309 (WebKit):
- iOS and iPadOS 17.7.2
- iOS and iPadOS 18.1.1
- macOS Sequoia 15.1.1

#apple #cybersecurity #infosec #security #ios

Interboro School District in PA was added to #RansomHub leak site today with a few screencaps as POC. The screencaps are internal files and what appear to be two employee-related pieces of personal information. There is nothing on Interboro's website about any #databreach at this time.

#EduSec #databreach #ransom #infosec #cybersecurity

@douglevin @funnymonkey @brett

So, apparently Thames Water is still using IT systems from the 1980s, which doesn't seem very ideal or secure for a critical infrastructure operator in 2024.

“The software we use is older than me, and some of the hardware is older than my dad,” says Siddharth*. He is one of a team fighting a daily battle to sustain ancient IT infrastructure at Thames Water."

Then later...

"The use of Lotus Notes is a signal of how starved of investment technology at the company has been since it was privatised in the late 1980s. Other examples of obsolete or near obsolete technology include wide reliance on 2G technologies, arrays of meters that remain analogue and require manual checks, and hardware that is often more than 30 years old." #infosec

theguardian.com/business/2024/…

Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim

Exclusive: Company relies on obsolete tech and there are troubling security gaps, Guardian investigation suggests

^{Anna Isaac (The Guardian)}

A great guide for anyone interested in improving their #privacy posture.

(TL;DR in the comments.)

"Whatever platforms you're on, whatever devices you have, you need to have a sense of what kind of data you're generating and then use the controls available to limit who can see what you're doing."

wired.com/story/the-wired-guid…

#infosec #e2ee #security

If you are a US-based organisation working in support of human rights and/or the environment looking to swiftly migrate your server infrastructure and data to safer soil, get in touch.

We have extensive experience helping frontline at-risk orgs find a safer home for their work, on their terms and under their control, with a particular focus on hosting in jurisdictions with robust data-protection laws.

nikau.io

Pass it on.

#infosec #opsec

#China Connected #SaltTyphoon Compromised AT&T / #Verizon / #LawfulIntercept #Backdoors

Installed #Windows Kernel Rootkit

"backdoors protect kids"....

Don't buy into this #propaganda.

#privacy #News #infosec #cybersecurity #USA #Telecom #CISA #ATT

heise.de/en/news/China-s-cyber…

China's cyber spies intercept phone data and calls from US network operators

Chinese cyber spies infiltrated US network operators. Conversations and data from government and politicians were intercepted, as were police wiretaps.

^{Frank Schräer (heise online)}

#HowTo Selfhosting Nearly Any Site On The Darkweb Using I2PD (light option ideal for single board computers and more

SECURITY BENEFIT: end-to-end #encryption overlay (no #https needed) & w/network range/IP not viewable, more challenge to attack other server services

READ / WATCH ON I2P: righttoprivacy.i2p/selfhost-da…

#i2pd #darknet #darkweb #development #webDev #encryption #infosec #cybersecurity

#Peertube

tube.tchncs.de/w/brDxfhZNeMDbj…

Selfhosting Darknet Websites Using I2PD

HOWTO: Selfhost Nearly ANY Website On The Darkweb - Easier Than You Think! We begin by installing NGINX webserver, for self-hosting our website code, and gain the added benefit of end-to-end encry...

^tchncs

Interesting. Hackers are mistaking Mastodon user profile account addresses for email addresses and sending fake roundcube phishing emails to the few accounts I have on my self-hosted instance in hopes of getting credentials.

"Roundcube Found Several Undelivered Messages"

I only received it because my domain has catch-all email turned on that will forward any email for email accounts that don't exist to a special email address.

The emails come from "Restoredesk.oldfriends.live <info@ecmtincinc.live>", pass spf and ip 79.141.160.47. Link below, which is Dropbox owned "DocSendDotCom"

Be careful if you host your own instance and have catch-all email setup and this slips past your little grey cells.

#Infosec #Spam #Phishing #Spoofing #MastoAdmin

Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison:

databreaches.net/2024/11/13/id…

This is a case that started because the threat actor, "Lifelock," contacted DataBreaches to try to get DataBreaches.net to report on victims who hadn't paid his ransom demands.

Some of his court filings tried to blame me for the FBI raiding him and seizing his devices. The FBI did their own investigation but yes, it was my reporting that initially made the FBI aware of Lifelock (real name Robert Purbeck).

#databreach #healthsec #cybersecurity #infosec #extortion

@euroinfosec @campuscodi @gcluley @zackwhittaker

Kali Linux NetHunter install in 8 minutes (rootless) and includes Android 15

YouTube video: youtu.be/Lqu-G7sqClA

#android #kalilinux #cyber #infosec #cybersecurity #nmap #hack #hacker #hacking #nethunter Kali Linux

Seeing how the Trumpists are about to take charge of the government (including our intelligence agencies), it's probably best to start familiarizing yourself with things like the 5/9/14 Eyes agreements and adjust your online behavior accordingly.

protonvpn.com/blog/5-eyes-glob…

#infosec #Trump #security

What countries are in the 5 Eyes, 9 Eyes, and 14 Eyes agreements?

A list of the Five Eyes countries of the UKUSA and other intelligence-sharing agreements, including the Nine Eyes and Fourteen Eyes.

^{Richie Koch (Proton VPN)}

Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy

[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…

^{Tor Project Forum}

🚀 Staff Security Engineer, Vulnerability Management
🏢 Coinbase
📍 Multiple remote locations

🔗 Apply now: totalcyber.io/jobs/coinbase/st…

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

🚀 Comcast Cybersecurity: Penetration Tester 3
🏢 Comcast
📍 Philadelphia, United States

🔗 Apply now: totalcyber.io/jobs/comcast/com…

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

Comcast Cybersecurity: Penetration Tester 3 at Comcast | TotalCyber.io

Apply now on totalcyber.io/jobs

^{Comcast Cybersecurity: Penetration Tester 3 at Comcast | TotalCyber.io}

🚀 Cybersecurity Engineering Manager
🏢 RTX Corporation
📍 Lane Cove West, Australia

🔗 Apply now: totalcyber.io/jobs/rtx-corpora…

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

Sverige går verkligen baklänges när det gäller mänskliga rättigheter på så många sätt, inte minst i den digitala världen 🤬😑

"Grönt ljus för FRA att hacka mobiler och datorer"

dn.se/sverige/gront-ljus-for-f…

#fra #svpol #sverige #cybersec #itsec #infosec #chatcontrol #privacy #dataskydd

FRA kan få hacka mobiler och datorer

Försvarets radioanstalt, FRA, ska få ett tydligare lagstöd för att hacka sig in i datorer och mobiltelefoner, enligt en ny utredning.

^{Bo Torbjörn Ek (Dagens Nyheter)}

🚀 Senior Risk Governance Manager - CIO
🏢 Aviva
📍 Multiple locations

🔗 Apply now: totalcyber.io/jobs/aviva/senio…

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

On my blog: One weird trick to get the whole planet to send abuse complaints to your best friend(s)

delroth.net/posts/spoofed-mass…

Summary of my adventures from last evening, as read in this Mastodon thread: mastodon.delroth.net/@delroth/…

#infosec #networking #tor

I recently found out that my department at work is being shut down, so I'm looking for a new position!

I spent the last 6 years building advanced security assessment capabilities around hardware/IoT, industrial, marine OT, and x86 platforms. Before that I spent 5 years as a pentester. I excel at weird and novel stuff where there's no template.

I'm based in the UK and I'm looking for a remote full-time role.

CV: poly.nomial.co.uk/graham_suthe…

Thanks!

#getfedihired #fedihire #fedihired #infosec

CCCS (Canada): Statement on People's Republic of China reconnaissance of Canadian systems
This got overlooked Friday: The Canadian Centre for Cyber Security (CCCS) warned Canadian organizations to harden their networks against reconnaissance scanning, performed by a Chinese state-sponsored threat actor over several months. Targets were multiple organizations across multiple sectors including:

• Government of Canada departments and agencies
• federal political parties
• the House of Commons and Senate
• democratic institutions
• critical infrastructure
• defense sector
• media organizations
• think tanks
• Non Governmental Organizations (NGOs)

h/t: @campuscodi

#china #cyberespionage #canada #cccs #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

Statement on People's Republic of China reconnaissance of Canadian systems - Canadian Centre for Cyber Security

^{Canadian Centre for Cyber Security}

Freeradical.zone is a Mastodon server for people interested in infosec, privacy, technology, leftward politics, cats, dogs etc.

freeradical.zone

You can find out more at freeradical.zone or contact the admin @tek

#FeaturedServer #Infosec #Privacy #Tech #Technology #Mastodon #Fediverse #FreeFediverse

Free Radical

Infosec and privacy and technology and leftward politics and cats and dogs and...

^{Mastodon hosted on freeradical.zone}