Which privacy-centric Android OS is best for the average non-techie user?

#Android #CyberSecurity #DataPrivacy #GrapheneOS #LineageOS #CalyxOS #FOSS #OpenSource

• Graphene OS (0 votes)
• /e/ OS (0 votes)
• Lineage OS (0 votes)
• Calyx OS (0 votes)

#followfriday! Here's some #infosec / #cybersecurity accounts I've discovered from the past week to check out!

- @an00brektn
- @dieg0

Plus! Here's some folks from across the Fediverse who's instance names are awesome.

- @pointlessone
- @prettygood
- @markiplier
- @split
- @kopper
- @nev
- @z
- @president
- @EmilyK

All previous follow friday posts: https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack#for-infosec-folks

Giant list of cool instance names (and those from said instances) here: https://shellsharks.com/notes/2024/03/29/the-whimsical-corners-of-the-fediverse

Mastodon starter pack

Cybersecurity Research and More

^shellsharks

How Researchers Cracked an 11-Year-Old #Password to a $3 Million #Crypto #Wallet

Source: https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/

He cracked the #Trezor wallet in 2022 using complex #hardware techniques that forced the USB-style wallet to reveal its password.

#security #cybersecurity #news #bitcoin #btc

"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested. I guess he won't be getting much use of that Ferrari and Rolls Royce for a while...

Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/largest-botnet-ever-disrupted-911-s5s-alleged-mastermind-arrested

#cybersecurity #botnet

"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested

Global law enforcement disrupts the "911 S5" botnet, seizing assets and arresting the alleged mastermind. Over 19M compromised devices, millions in damages, and profits.

^{www.tripwire.com}

STORY: Police have a new cybercrime fighting tactic: getting into the heads of Russian hackers.

Recent law enforcement takedowns of cybercrime groups have increasingly used psychological tactics as part of their disruption.

https://www.wired.com/story/cop-cybercriminal-hacker-psyops/

#cybersecurity #cybercrime #hacking #infosec

A hacker group has claimed responsibility for a cyberattack that targeted auction house Christie’s earlier this month.

The attack took place just before the start of its high-profile spring sales event involving more than $850 million worth of art. Online bidding was suspended, but the group claims it has accessed sensitive information about wealthy art collectors around the world, and is threatening to release it unless “an agreement” is reached. Digital Trends has more.

https://flip.it/at-MY2

#Hacking #Cybersecurity #Christies #Art #Tech

Hacker group says it carried out Christie’s cyberattack

^{Trevor Mogg (Digital Trends)}

#Keylogger in #Microsoft #Exchange Server Steals #Login Credentials From Login Page

Source: https://cybersecuritynews.com/keylogger-embedded-microsoft-exchange-server/

#Microsoft #Exchange #security #CyberSecurity #news #password

Keylogger in Microsoft Exchange Server Steals Login Credentials From Login Page

Positive Technologies' Expert Security Centre (PT ESC) found a sophisticated keylogger hidden on the main page of Microsoft Exchange Servers. This is a major security breach that affects businesses and government bodies around the world.

^{Guru Baran (CybersecurityNews)}

"I'm going to #DEFCON32 this year. Maybe I should enter one of the contests, that should test my expensive #cybersecurity skills and winning will advance my #infosec career!"

The Contests At @defcon:

#nahamsec is still going strong!

Watch on the #DCG201 LIVE STREAM or on these direct links:

#Twitch: https://twitch.tv/namhamsec
#YouTube: https://www.youtube.com/live/76mNNVVBht0

#hacking #infosec #cybersecurity @defcon

Where People Go When They Want to Hack You?

source:

#ZeroDay #Hack #Hacker #Exploit #cybersecurity #software #security #bug #SocialEngineering

NEW: second judge in #Poland reportedly confirmed as #Pegasus spyware victim.

Appeals court judge told reporter her responsibilities included classified cases where wiretapping was used.

Poland's spyware reckoning continues.

[PL, machine trans.]
Story: https://oko.press/wiemy-o-drugim-polskim-sedzi-inwigilowanym-pegasusem-to-sedzia-apelacyjna-z-krakowa-news-oko-press

#spyware #infosec #cybersecurity #polska #malware #security #intelligence #surveillance

You can deactivate #Microsoft #Defender via secret #API 😑

Source: https://github.com/es3n1n/no-defender

#Windows #software #security #CyberSecurity #fail

GitHub - es3n1n/no-defender: A slightly more fun way to disable windows defender. (through the WSC api)

A slightly more fun way to disable windows defender. (through the WSC api) - es3n1n/no-defender

^GitHub

Hey business types: Does your startup work in the cybersecurity space? If you make it to the finals of Black Hat's Startup Spotlight, you get some good stuff, plus I will write you up ahead of Black Hat USA: https://www.blackhat.com/us-24/spotlight.html

(If your company is interesting enough, I might write you up anyway. Send pitches to editors@darkreading.com)

#DarkReading #cybersecurity #startups #journalism #StartupSpotlight #BHUSA #BHUSA2024 #BlackHatUSA #BlackHatConference

Black Hat USA 2024

^{www.blackhat.com}

How the new #Microsoft #Recall feature fundamentally undermines #Windows #security

Source: https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218

#cybersecurity #news #desktop #software #ai #Technology

How the new Microsoft Recall feature fundamentally undermines Windows security

Yesterday, Microsoft CEO Satya Nadella sat down with the media to introduce a new feature called Recall, as part of their Copilot+ PCs. It takes screenshots of what you’re doing on constantly, by…

^{Kevin Beaumont (DoublePulsar)}

#Apple says #iOS17.5.1 fixes 'rare' bug that caused deleted photos to return

https://9to5mac.com/2024/05/20/apple-releases-ios-17-5-1-with-fix-for-bug-that-caused-deleted-photos-to-return/

#privacy #cybersecurity

Apple says iOS 17.5.1 fixes 'rare' bug that caused deleted photos to return - 9to5Mac

Apple has released iOS 17.5.1 for iPhone. The software update specifically addresses the issue with deleted photos reportedly returning after...

^{Zac Hall (9to5Mac)}

STORY: Thousands of listings on Eventbrite have been pushing people towards buying Gmail, Stripe accounts; escort services in India; and illegal sales of prescription drugs like Xanax, Valium, and oxycodone.

We found sales of opioids were pushed alongside events promoting drug addiction recovery and treatment. Eventbrite has investigated and says the “identified illegal and illicit activity has been removed.”

https://www.wired.com/story/sex-drugs-and-eventbrite/ #news #tech #cybercrime #cybersecurity

How to protect your #privacy with an SBC-powered #VPN #server

source: https://www.xda-developers.com/set-up-vpn-server-on-sbc/

Virtual Private Networks (VPNs) are an effective means to enhance your privacy. By disguising your IP address, a VPN prevents third-parties from tracking your #online activities on top of protecting your data from network-based hacking attacks.

#news #cybersecurity #opensource #network #internet #security

How to protect your privacy with an SBC-powered VPN server

A PiVPN server is the best way to protect your privacy without exposing your data to a third-party VPN provider

^{Ayush Pande (XDA)}

FINALLY: a 🇺🇸US official speaks the truth security researchers keep warning about...

Americans' movements being tracked with well-known weaknesses that US telcos aren't fixing.

It's remarkable how bad the problem with #SS7 & #Diameter is.

Must-read story by @josephcox
https://www.404media.co/cyber-official-speaks-out-reveals-mobile-network-attacks-in-u-s/

#infosec #cybersecurity #hacking #intelligence #surveillance #espionage

An open-source hacking #hardware platform based on the #RP2040 with #RF, #NFC, #USB, and #SD card ready for pen testing #research.

source: https://www.hackster.io/pablotrujillojuan/hackbat-1dfdbc

In the #cybersecurity field, engineers are always looking for vulnerabilities in order to fix them and prevent other actors could taking advantage of them. The tools used by these engineers can be expensive and, on many occasions, the tools don't fit exactly with the requirements that engineers need. In this project, I want to present an open-source hardware platform with some tools used in cybersecurity, especially in pen testing. The board is named Hackbat and features an RF transceiver, NFC communication, SD card, USB, and #WIFI. All of this is managed by the #RaspberryPI #microcontroller RP2040. The schematic and the PCB design are open-source and are available on GitHub. Let's take a part-by-part look at the #Hackbat.

#news #opensource #tool #pentest

Hackbat

An open-source hacking hardware platform based on the RP2040 with RF, NFC, USB, and SD card ready for pen testing research.

^Hackster.io

Purchased This Random X13 "Bug Detector" Demo "Signal Detection" Mode On Channel

Watch To See Demo Using HackRF Portapack H2 + Baofeng + Fan Remote

#Infosec #privacy #cybersecurity #hackrf #portapack #surveillance #HumanRights #X13 #baofeng #sdr #radio

https://tube.tchncs.de/w/uts6e3bEhGFLn6XBHzWaQf

X13 RF Signal Detection Demo: #HackRF #Portapack / #Baofeng /

Testing RF Signal Detection On X13 affordable bug detector device, sold on the internet. We use a baofeng, wireless remote, and HackRF + Portapack to test the sensitivity on the X13. This one claim...

^tchncs

This is intended for store shelves to inform customers before they buy. And hopefully, it will spur negligent manufacturers to do better. #cybersecurity #infosec

White House: Cyber trust label could be in place by end of the year https://therecord.media/cyber-trust-label-coming-this-year @therecord_media

Cyber trust label could be in place by end of the year, White House says

The Biden administration hopes to have consumer devices that have been approved by a voluntary cybersecurity labeling program on store shelves soon.

^{therecord.media}

New Tor Browser Download With Firefox Security Updates

#Tor #privacy #anonymous #infosec #cybersecurity #Firefox

https://blog.torproject.org/new-release-tor-browser-13015/

New Release: Tor Browser 13.0.15 | Tor Project

Tor Browser 13.0.15 is now available from the Tor Browser download page and also from our distribution directory.

^{blog.torproject.org}

Why is #Mozilla collecting our #search data?

source: https://blog.mozilla.org/en/products/firefox/firefox-search-update/

Sensitive topics, like searching for particular health care services, are categorized only under broad terms like health or society. Your search activities are handled with the same level of confidentiality as all other data regardless of any local laws surrounding certain health services.

Hello Mozilla, I use Firefox because my privacy is important to me. The best security is still achieved if you don't collect the data. That is why I will use a fork that does not collect search data. It would be nice if Mozilla took user privacy more seriously.

#privacy #news #browser #web #internet #firefox #security #cybersecurity #surveillance #statistics #bigdata #bigbrother

See what’s changing in Firefox: Better insights, same privacy

We’re ramping up our efforts to enhance search experience by developing new features like Firefox Suggestions.

^{Mozilla (The Mozilla Blog)}

Apparently Google accidentally deleted all online data from UniSuper, a superannuation fund with half a million members.

https://www.theguardian.com/australia-news/article/2024/may/09/unisuper-google-cloud-issue-account-access

UniSuper was only able to restore from backups from a different service. If they'd been solely relying on Google, then UniSuper and their members would be screwed.

Google says "This is an isolated, ‘one-of-a-kind occurrence’" But I'm seeing reports on Lemmy claiming to have dealt with similar problems with Google, suggesting this only the first *major* customer it has happened to.

In any case, don't put all your eggs in one basket. Even that that basket tries to make it ever-so-convenient for you to give them everything.

#google #cybersecurity #unisuper

Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’

Super fund boss and Google Cloud global CEO issue joint statement apologising for ‘extremely frustrating and disappointing’ outage

^{Josh Taylor (The Guardian)}

Do you want to learn how to setup an air-gapped #Nextcloud for maximum privacy and data protection?

Join me on May 22nd at 9 am EDT / 3 pm CEST on a free webinar to learn about air-gapped Nextcloud:

🔍 Critical factors to consider
🛡️ Four customizable air-gapped setups
🔧 Setting up air-gapped Nextcloud instances
💼 Best practices for Nextcloud maintenance

Register for free:
https://bit.ly/3QB2dlv

#OpenSource #GovTech #Security #CyberSecurity #infosec #privacy #sysadmin #datasecurity

[Webinar] Beyond Secure: Air-gapped Nextcloud for highly confidential data

Join us to learn how you can set up air-gapped Nextcloud for highly confidential data ideal for military, government, and large enterprises.

^Nextcloud

#Dell #API abused to steal 49 million customer records in data breach

Source: https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/

#hack #hacker #security #fail #news #cybersecurity

The conflict between Israel and Hamas is happening online as well as on the ground – with phishing attacks and hacking efforts targeting civilians on both sides.

https://theconversation.com/a-look-inside-the-cyberwar-between-israel-and-hamas-reveals-the-civilian-toll-228847
#Israel #Hamas #Technology #Cybersecurity

A look inside the cyberwar between Israel and Hamas reveals the civilian toll

The consequences of cyber conflict are primarily felt by civilians, who call for retaliation, fueling cycles of violence.

^{The Conversation}