Skip to main content

Search

Items tagged with: Cybersecurity


Cybercriminals break into #AndrewTate’s online ‘university,’ steal user data and flood chats with emojis

techcrunch.com/2024/11/21/hack…

#cybersecurity #privacy #DataBreach


Put your usernames and passwords in your will, advises Japan's government go.theregister.com/feed/www.th… #cybersecurity #infosec


#Google's AI tool, OSS-Fuzz, has detected 26 #vulnerabilities in #opensource projects, including a significant flaw in #OpenSSL.

This flaw, which could lead to application crashes or remote code execution, has existed for nearly 20 years and was only found thanks to AI-generated testing methods.

#infosec #cybersecurity #tech #AI #genAI

thehackernews.com/2024/11/goog…


Hello kind readers!

I'm in desperate need of a job and need your help connecting with hiring managers. I'm looking for the following (or related) roles:

1. technical program manager
2. security engineer/analyst
3. network security engineer/analyst
4. privacy engineer/analyst
5. SOC/NOC engineer/analyst
6. data center technician manager/engineer

CV: https://[yawnbox.is]/docs/cv-priv.pdf

I live in The Hague (NL) and i'm from Seattle (WA, USA). Remote jobs will allow my partner and I to continue to exist in NL. Freelance jobs in NL are also great. I would need work visa sponsorship anywhere outside of USA. I would relocate anywhere for a great job.

Things are desperate for us. Please help.

#GetFediHired #infosec #cybersecurity #Netherlands #Seattle


📣 EMERGENCY UPDATES 📣

Apple pushed updates for 2 new zero-days that may have been actively exploited.

🐛 CVE-2024-44308 (JavaScriptCore),
🐛 CVE-2024-44309 (WebKit):
- iOS and iPadOS 17.7.2
- iOS and iPadOS 18.1.1
- macOS Sequoia 15.1.1

#apple #cybersecurity #infosec #security #ios


Interboro School District in PA was added to #RansomHub leak site today with a few screencaps as POC. The screencaps are internal files and what appear to be two employee-related pieces of personal information. There is nothing on Interboro's website about any #databreach at this time.

#EduSec #databreach #ransom #infosec #cybersecurity

@douglevin @funnymonkey @brett



Sometime ago somebody shared a screenshot of a service with a cookie message along the lines of:
"We take your privacy seriously" while there also was a list of 600+ vendors with whom data would be shared. Does anyone have this screenshot & the source? I think this was by Microsoft MS365?

#Privacy #Cookies #Tech #TechPolicy #OpenSource #Data #GDPR #bigtech #Security #CyberSecurity


#China Connected #SaltTyphoon Compromised AT&T / #Verizon / #LawfulIntercept #Backdoors

Installed #Windows Kernel Rootkit

"backdoors protect kids"....

Don't buy into this #propaganda.

#privacy #News #infosec #cybersecurity #USA #Telecom #CISA #ATT

heise.de/en/news/China-s-cyber…


China's cyber spies intercept phone data and calls from US network operators

Chinese cyber spies infiltrated US network operators. Conversations and data from government and politicians were intercepted, as were police wiretaps.

heise.de/en/news/China-s-cyber…

#ATT #Cybersecurity #Cyberspionage #DonaldTrump #FBI #Provider #Security #Spionage #Verizon #news


#HowTo Selfhosting Nearly Any Site On The Darkweb Using I2PD (light option ideal for single board computers and more

SECURITY BENEFIT: end-to-end #encryption overlay (no #https needed) & w/network range/IP not viewable, more challenge to attack other server services

READ / WATCH ON I2P: righttoprivacy.i2p/selfhost-da…

#i2pd #darknet #darkweb #development #webDev #encryption #infosec #cybersecurity

#Peertube

tube.tchncs.de/w/brDxfhZNeMDbj…


Pregnancy Tracking #App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover

What to Expect is a popular pregnancy tracking app available for #ios and #android.

An exposed API endpoint handling password reset requests for the app does not require authentication or enforce rate limits and is vulnerable to brute force attacks.

#privacy #security #cybersecurity

404media.co/pregnancy-tracking…


Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison:

databreaches.net/2024/11/13/id…

This is a case that started because the threat actor, "Lifelock," contacted DataBreaches to try to get DataBreaches.net to report on victims who hadn't paid his ransom demands.

Some of his court filings tried to blame me for the FBI raiding him and seizing his devices. The FBI did their own investigation but yes, it was my reporting that initially made the FBI aware of Lifelock (real name Robert Purbeck).

#databreach #healthsec #cybersecurity #infosec #extortion

@euroinfosec @campuscodi @gcluley @zackwhittaker


#Amazon confirms #employee data stolen after #hacker claims #MOVEit #breach


source: techcrunch.com/2024/11/11/amaz…

“Amazon and AWS systems remain secure, and we have not experienced a #security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.


If not even a company like Amazon can store its data securely, is there any security at all? Amazon doesn't lack money or experts, but it does seem to lack secure software.

#fail #cybersecurity #problem #software #internet #news #economy #hack #cloud


A malicious #Python package named 'fabrice' has been present in the Python Package Index (#PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. #CyberSecurity #infosec
bleepingcomputer.com/news/secu…


Kali Linux NetHunter install in 8 minutes (rootless) and includes Android 15

YouTube video: youtu.be/Lqu-G7sqClA

#android #kalilinux #cyber #infosec #cybersecurity #nmap #hack #hacker #hacking #nethunter Kali Linux


Suspected #Snowflake #Hacker Arrested in #Canada


source: 404media.co/suspected-snowflak…

For more than a week #Judische, the hacker linked to the #AT&T, #Ticketmaster and other breaches, has not been responding to messages. That's because he's been arrested.


#police #jail #cybercrime #cybersecurity #hack #news


Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy


Hundreds of #code #libraries posted to #NPM try to #install #malware on dev machines


source: arstechnica.com/security/2024/…

The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with #cryptocurrency.


Dependency hell 👎👿


#software #problem #development #library #dependency #security #cybersecurity #news #cybercrime #attack


#Mudita Kompakt: A minimalist E Ink® #phone for more life, less screen time, and fewer distractions. Essential features with clear UI and #privacy focus.


Source: kickstarter.com/projects/mudit…

No #Google apps onboard 👍

#news #smartphone #android #mobile #technology #cybersecurity


Have you heard that social engineering is the new hotness in #cybersecurity ? You can have great defenses but if you allow your users to be tricked into using a threat actor’s Remote Monitoring and Management (RMM) tool badness will happen. Examples of #RMM tools include ScreenConnect and AnyDesk. I highly recommend reviewing this list and proactively blocking the tools not used by your organization

lolrmm.io


Medusa Ransomware attack impacts 1.8 million patients
#cybersecurity #cysec #insiders #infosec
cybersecurity-insiders.com/med…


Threat actors are stepping up their tactics to bypass email protections helpnetsecurity.com/2024/11/01… #AbnormalSecurity #cybersecurity #emailsecurity #Cofense #Video #email #video #News


Join #BSidesPhilly on Dec 6th at LIVE! Casino and Hotel to hear this and all of our exciting talks!

Click the link to grab your tickets today! buff.ly/47onQwU
Early Bird sale! All tickets $50 until November 16th. Regularly priced tickets $65.

#BSP2024 #cybersecurity


Fraudsters Exploit US General Election Fever, FBI Warns.

Read more in my article on the Tripwire blog: tripwire.com/state-of-security…

#cybersecurity #scam #politics #election


“It’s no longer just identifying a best-in-class solution or something off the shelf that is technically feasible and affordable - now the cybersecurity professional needs to understand what the implications of that are and needs to be able to reasonably assert back to the business." - Casey Marks, Chief Qualifications Officer at ISC2.

As more organizations adopt services, they're also opening a new attack vector. In this feature for The Inference, I examine how cloud #cybersecurity professionals are working to keep us safe - and the skills they require. (Spoiler: It isn't all technical skills)

darktrace.com/the-inference/th…


Never ending story about the #security of fitness app...


Source: thehindu.com/sci-tech/technolo…

#news #stava #cybersecurity #sports #Problem #Software #privacy #politics #fail #online #cloude #surveillance #bigdata #economy


CCCS (Canada): Statement on People's Republic of China reconnaissance of Canadian systems
This got overlooked Friday: The Canadian Centre for Cyber Security (CCCS) warned Canadian organizations to harden their networks against reconnaissance scanning, performed by a Chinese state-sponsored threat actor over several months. Targets were multiple organizations across multiple sectors including:

  • Government of Canada departments and agencies
  • federal political parties
  • the House of Commons and Senate
  • democratic institutions
  • critical infrastructure
  • defense sector
  • media organizations
  • think tanks
  • Non Governmental Organizations (NGOs)

h/t: @campuscodi

#china #cyberespionage #canada #cccs #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI


Now live: the discussion I had with Chris Hughes and @caseyjohnellis on systemic issues in #cybersecurity:

resilientcyber.io/p/resilient-…

In which I pulled a “Legally Blonde” on Casey; see if you can catch it 😉