Search
Items tagged with: security
What Happens When a #Romance #Writer Gets Locked Out of #Google Docs
In March, an aspiring author got a troubling message: All of her works in progress were no longer accessible. What happened next is every writer’s worst fear.
Google never specified which of her 222,000 words was inappropriate.
...
Generally speaking, files containing #violence, #abuse, child sexual abuse material, and gore violate the terms of service for Google Drive and its associated products, like Docs and Sheets.
Now many of you will be thinking, who is stupid enough to store everything in the Google #cloud? The problem is we know that, but many people out there don't. We urgently need to do more educational work and warn people about companies like Google and their practices. Tell all your friends and acquaintances and don't use the clouds of the big corporations.
#news #problem #fail #warning #danger #service #customer #internet #economy #security #wtf #omg #disaster
In case you missed it, what's new in the latest release from SimpleX Chat, v5.7:
Quantum resistant end-to-end encryption enabled for all contacts, forward and save messages without revealing the source, in-call sound effects and switching sound sources, and better network connection management.
Coming soon: UI improvements is a major priority.
#Privacy #Security #Messengers
If you use Dropbox you should probably change your password.
Headline: #Dropbox Hacked! Threat Actor Accessed Passwords and Phone Numbers
Snippet: A quick analysis revealed that a threat actor had broken in to access customer information such as emails, usernames, phone numbers and hashed passwords, as well as general account settings and certain authentication information (API keys, OAuth tokens, and multi-factor authentication).
#Privacy #Security #Cybersecurity
Dropbox Hacked! Threat Actor Accessed Passwords and Phone Numbers
File hosting service Dropbox says a threat actor breached its e-signature service and accessed customer data, including phone numbers and passwords.Hot for Security
Oh, great. Computer security researchers have developed a proof-of-concept for a type of ransomware that would act when you try to *upload* a file. It would be able to encrypt any files in the folder you uploaded from, and any subfolders of it.
This is a proof-of-concept; the researchers have not seen any such attacks in the wild. But stay careful out there, okay?
Affects Chrome and Edge, but *not* Firefox or Safari!
#security #cybersecurity #malware #ransomware
Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
Modern web browsers are increasingly becoming like virtual computers, able to send email and play music and videos. The downside is it’s a new way for hackers to get into your computer.The Conversation
Hackers claim to have infiltrated #Belarus’ main #security service
Source: https://apnews.com/article/belarus-cyberattack-kgb-dissent-efc7e6acd9dfe8a118e1d2f526c4d6fa
A Belarusian #hacker activist group claims to have infiltrated the network of the country’s main #KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name.
#hack #news #politics #cyberwar
Hackers claim to have infiltrated Belarus' main security service
A Belarusian hacker activist group claims to have infiltrated the network of the country’s main security agency and obtained access to personal files of over 8,600 staffers of the KGB, the security service that still goes under its Soviet name.YURAS KARMANAU (AP News)
Delta Chat: FAQ
What is Delta Chat? Delta Chat is a new chat app that sends messages via e-mails, encrypted if possible, with Autocrypt. You do not have to sign up anywhere, just use your existing e-mail account w...delta.chat
#Safari on #iOS features device #tracking
source: https://mastodon.social/@mysk/112340023465073147
#Apple recently introduced a new URI scheme so that #iOS users in the #EU can install marketplace apps from the browser. #Safari handles the scheme insecurely leaving users exposed to tracking.
#surveillance #politics #europe #software #security #privacy #news #problem #fail #smartphone #warning
Mysk🇨🇦🇩🇪 (@mysk@mastodon.social)
PSA: #Apple recently introduced a new URI scheme so that #iOS users in the #EU can install marketplace apps from the browser. #Safari handles the scheme insecurely leaving users exposed to tracking.Mastodon
Google is out of their mind. There are so many other options for a "more secure" browser. Especially one that doesn't have Google tied to it.
https://infosec.exchange/@happygeek/112337847581863603
happygeek :unverified: + :verified: = $0 (@happygeek@infosec.exchange)
By me @Forbes: Would you pay $6 a month for a more secure version of Chrome? Google is banking on it. #infosec #Google #Chrome #Enterprise https://www.forbes.Infosec Exchange
#Windows #vulnerability reported by the #NSA exploited to install Russian #malware
When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.Ars Technica
A Stateless Workstation
In this article, I explain the rational and experiment about my project of a stateless workstation
https://dataswamp.org/~solene/2024-04-20-workstation-going-stateless.html
gemini://perso.pw/blog/articles/workstation-going-stateless.gmi
#security #linux #openbsd #unix
This is such a brilliantly simple flaw, I can't believe I didn't think of it.
Maybe because it is brilliant. And simple.
https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
Researchers claim Windows Defender can be fooled into deleting databases
Two rounds of reports and patches may not have completely closed this holeLaura Dobberstein (The Register)
#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted codeAaron Thacker (LRQA Nettitude Labs)
Friends don't let friends use Discord.
Message History of 600 Million Discord Users Can be Accessed For $5
https://80.lv/articles/message-history-of-600-million-discord-users-can-be-accessed-for-usd5/
Message History of 600 Million Discord Users Can be Accessed For $5
A new report sheds light on a scraping service that lets anyone view your message history across different Discord servers.Theodore McKenzie (80lv)
Advanced #Phishing Kit Adds #LastPass Branding for Use in Phishing Campaigns
Threat actors using phishing kits are pretending to be LastPass in phone calls and emails to steal user credentials.
Actual phishing site: “help-lastpass[.]com”
Shortened URL Embedded in Email: shorturl[.]at/glvT0
Phishing Email Subject Line: We’re here for you
Spoofed Sender: Shows as LastPass Support <support@lastpass>
#Microsoft is a national #security threat, says ex-#WhiteHouse cyber policy director
Source: https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
Microsoft has a shocking level of #control over IT within the US federal #government
#technology #CyberSecurity #economy #politics #software #problem #usa #news
Microsoft is a national security threat, says ex-White House cyber policy director
With little competition at the goverment level, Windows giant has no incentive to make its systems saferBrandon Vigliarolo (The Register)
to me, #biometric unlocking, is unsafe, you see a lot of unauthorised unlocking from restrained, sleeping, dead, or drunken people from either face or fingerprint to unlock a device.
it was established a few years ago that law enforcement in the usa do not need a warrant for biometric unlocking, but need warrant if a password is enabled, to unlock a device.
#phone #thumbprint #court #usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance
Cops can force suspect to unlock #phone with #thumbprint, US #court rules
#usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance
Cops can force suspect to unlock phone with thumbprint, US court rules
Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."Ars Technica
Telegram and Signal - two other foreign messaging apps - were also removed from the store on Friday, according to app tracking firms Qimai and AppMagic.'
https://www.reuters.com/technology/apple-removes-whatsapp-threads-china-app-store-wsj-reports-2024-04-19/
#apple #tech #Facebook #politics #china #security
The #press is barred from covering aspects of the trial related to the #jury, for understandable #security reasons. At the same time, the judge is taking another 5 days to hold a hearing on whether #Trump has violated the #GagOrder that was placed on him w/ repeated social media posts about a key #witness & #jurors.
This is 1 of many ways in which despite Trump's complaints that he is being treated unfairly, the judge is bending over backwards to be fair to him in this #trial.
Ukrainian journalists say state #security spied on them
#sbu #spy #news #media #press #freedom #journalism #justice #politics #hunanrights
Ukrainian journalists say state security spied on them
SBU used some 30 officers to wiretap media outlet.Veronika Melkozerova (POLITICO)
Login • Instagram
Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.www.instagram.com
If you use Discord, you might wanna know this.
A service called Spy Pet is scraping Discord servers, archiving and tracking users' messages and activity, and then selling access to that data.
Spy Pet scrapes more than 10,000 Discord servers, and besides selling access to anyone with cryptocurrency, it offers the data for training AI models or to assist law enforcement agencies, according to its website.
Spy Pet claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.
(The article is paywalled probably, etc but it's here) https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages
#Discord #security #SpyPet #privacy #scams #scammers #crypto #cryptocurrency #AI
A Spy Site Is Scraping Discord and Selling Users’ Messages
404 Media tested the service, called Spy Pet, and verified it is collecting information on Discord users, including the messages they post across usually disparate servers.Joseph Cox (404 Media)
What we need to take away from the XZ Backdoor
A lot has been written about the XZ Backdoor in the last few weeks, so it is time to look forward. Before doing so, we share further details about what happe...openSUSE News
We had the same problem in Canada.
Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
🇺🇸
The FTC accused it of sloppy data handling and sharing patient data with third parties like TikTok without consent
#News #Healthcare #Security #Privacy
https://www.theverge.com/2024/4/16/24131881/ftc-fine-cerebral-telehealth
Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
Cerebral will owe $7 million after the FTC accused it of careless data practices and sharing private patient info with third parties like TikTok for advertising purposes.Wes Davis (The Verge)
A hacking #skimmer inside an #ATM machine
https://youtube.com/shorts/29Uc_7bGcRE
#hack #security #money #technology
A hacking skimmer inside an ATM machine #shorts
That's how you hackers crack your cards. Using this skimmer device. Watch the short to know more.#skimmer #hacking #sumsub #shorts Sumsub — empowering compli...YouTube
ALL CLEAR for Fedora Rawhide and Fedora 40 Beta builds regarding the xz exploit. 👍
Things had stabilized soon after the initial security advisory, but we're now confirming that you can use Rawhide and Fedora 40 Beta safely as long as you have the latest updates or reinstall (which is not a bad idea to be safe).
Fedora 38 and 39 were never affected.
Learn more: https://fedoramagazine.org/cve-2024-3094-all-clear/
#Fedora #Security #Privacy #InfoSec #Linux #OpenSource
CVE-2024-3094: All Clear - Fedora Magazine
The XZ backdoor was foiled by Andres Freund.Matthew Miller (Fedora Project)
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.
https://www.wired.com/story/house-section-702-vote/
#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle
House Votes to Extend—and Expand—a Major US Spy Program
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.Dell Cameron (WIRED)
Microsoft starts testing ads in the Windows 11 Start menu
The first ads in the Windows 11 Start menu will be very similar to the app recommendations Microsoft used in Windows 10.Tom Warren (The Verge)
###
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.
