Search
Items tagged with: infosec
Remember Microsoft's Recall? The first implementation was never released and was met with strong criticism from privacy advocates and the infosec/security community. Guess what? Microsoft has doubled down, and its controversial Recall scraper is finally entering the public preview stage. If you care about privacy, please think twice before using this on your AI-enabled PCs (Snapdragon-powered Copilot+ PCs) blogs.windows.com/windows-insi…
#privacy #infosec #security #windows11 #DoNotWant
Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26120.2415 (KB5046723) to the Dev Channel. With this update, we welcome Windows Insiders with Snapdragon-poweredWindows Insider Blog
#Privacy
#infosec #privacymatters
I was just chatting with a blind person in an online forum and they posted some gibberish, then apologized because they'd had their fingers misplaced when they started typing. Which made me think "I should write a python function to fix assorted off-by-X typing errors." followed by "...that'd be a simple but fun CTF gimmick..."
FinCEN.gov
#block-sidebar-menu { display: none !important; } iframe { position: relative; margin: 10px auto; display: block; } /* New */ .ui-accordion .ui-accordion-header { display: block; cursor: pointer; position: relative; margin: 2px 0 0 0; padding: 0.FinCEN.gov
#Google's AI tool, OSS-Fuzz, has detected 26 #vulnerabilities in #opensource projects, including a significant flaw in #OpenSSL.
This flaw, which could lead to application crashes or remote code execution, has existed for nearly 20 years and was only found thanks to AI-generated testing methods.
#infosec #cybersecurity #tech #AI #genAI
Hello kind readers!
I'm in desperate need of a job and need your help connecting with hiring managers. I'm looking for the following (or related) roles:
1. technical program manager
2. security engineer/analyst
3. network security engineer/analyst
4. privacy engineer/analyst
5. SOC/NOC engineer/analyst
6. data center technician manager/engineer
CV: https://[yawnbox.is]/docs/cv-priv.pdf
I live in The Hague (NL) and i'm from Seattle (WA, USA). Remote jobs will allow my partner and I to continue to exist in NL. Freelance jobs in NL are also great. I would need work visa sponsorship anywhere outside of USA. I would relocate anywhere for a great job.
Things are desperate for us. Please help.
📣 EMERGENCY UPDATES 📣
Apple pushed updates for 2 new zero-days that may have been actively exploited.
🐛 CVE-2024-44308 (JavaScriptCore),
🐛 CVE-2024-44309 (WebKit):
- iOS and iPadOS 17.7.2
- iOS and iPadOS 18.1.1
- macOS Sequoia 15.1.1
#apple #cybersecurity #infosec #security #ios
Interboro School District in PA was added to #RansomHub leak site today with a few screencaps as POC. The screencaps are internal files and what appear to be two employee-related pieces of personal information. There is nothing on Interboro's website about any #databreach at this time.
So, apparently Thames Water is still using IT systems from the 1980s, which doesn't seem very ideal or secure for a critical infrastructure operator in 2024.
“The software we use is older than me, and some of the hardware is older than my dad,” says Siddharth*. He is one of a team fighting a daily battle to sustain ancient IT infrastructure at Thames Water."
Then later...
"The use of Lotus Notes is a signal of how starved of investment technology at the company has been since it was privatised in the late 1980s. Other examples of obsolete or near obsolete technology include wide reliance on 2G technologies, arrays of meters that remain analogue and require manual checks, and hardware that is often more than 30 years old." #infosec
theguardian.com/business/2024/…
Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim
Exclusive: Company relies on obsolete tech and there are troubling security gaps, Guardian investigation suggestsAnna Isaac (The Guardian)
A great guide for anyone interested in improving their #privacy posture.
(TL;DR in the comments.)
"Whatever platforms you're on, whatever devices you have, you need to have a sense of what kind of data you're generating and then use the controls available to limit who can see what you're doing."
If you are a US-based organisation working in support of human rights and/or the environment looking to swiftly migrate your server infrastructure and data to safer soil, get in touch.
We have extensive experience helping frontline at-risk orgs find a safer home for their work, on their terms and under their control, with a particular focus on hosting in jurisdictions with robust data-protection laws.
Pass it on.
#China Connected #SaltTyphoon Compromised AT&T / #Verizon / #LawfulIntercept #Backdoors
Installed #Windows Kernel Rootkit
"backdoors protect kids"....
Don't buy into this #propaganda.
#privacy #News #infosec #cybersecurity #USA #Telecom #CISA #ATT
heise.de/en/news/China-s-cyber…
China's cyber spies intercept phone data and calls from US network operators
Chinese cyber spies infiltrated US network operators. Conversations and data from government and politicians were intercepted, as were police wiretaps.Frank Schräer (heise online)
#HowTo Selfhosting Nearly Any Site On The Darkweb Using I2PD (light option ideal for single board computers and more
SECURITY BENEFIT: end-to-end #encryption overlay (no #https needed) & w/network range/IP not viewable, more challenge to attack other server services
READ / WATCH ON I2P: righttoprivacy.i2p/selfhost-da…
#i2pd #darknet #darkweb #development #webDev #encryption #infosec #cybersecurity
tube.tchncs.de/w/brDxfhZNeMDbj…
Selfhosting Darknet Websites Using I2PD
HOWTO: Selfhost Nearly ANY Website On The Darkweb - Easier Than You Think! We begin by installing NGINX webserver, for self-hosting our website code, and gain the added benefit of end-to-end encry...tchncs
Interesting. Hackers are mistaking Mastodon user profile account addresses for email addresses and sending fake roundcube phishing emails to the few accounts I have on my self-hosted instance in hopes of getting credentials.
"Roundcube Found Several Undelivered Messages"
I only received it because my domain has catch-all email turned on that will forward any email for email accounts that don't exist to a special email address.
The emails come from "Restoredesk.oldfriends.live <info@ecmtincinc.live>", pass spf and ip 79.141.160.47. Link below, which is Dropbox owned "DocSendDotCom"
Be careful if you host your own instance and have catch-all email setup and this slips past your little grey cells.
#Infosec #Spam #Phishing #Spoofing #MastoAdmin
Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison:
databreaches.net/2024/11/13/id…
This is a case that started because the threat actor, "Lifelock," contacted DataBreaches to try to get DataBreaches.net to report on victims who hadn't paid his ransom demands.
Some of his court filings tried to blame me for the FBI raiding him and seizing his devices. The FBI did their own investigation but yes, it was my reporting that initially made the FBI aware of Lifelock (real name Robert Purbeck).
bleepingcomputer.com/news/secu…
Seeing how the Trumpists are about to take charge of the government (including our intelligence agencies), it's probably best to start familiarizing yourself with things like the 5/9/14 Eyes agreements and adjust your online behavior accordingly.
protonvpn.com/blog/5-eyes-glob…
What countries are in the 5 Eyes, 9 Eyes, and 14 Eyes agreements?
A list of the Five Eyes countries of the UKUSA and other intelligence-sharing agreements, including the Nine Eyes and Fourteen Eyes.Richie Koch (Proton VPN)
Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!
> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!
So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.
So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…
Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).
@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…
#tor #infosec #cybersecurity #threatintel #privacy
[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…Tor Project Forum
🚀 Staff Security Engineer, Vulnerability Management
🏢 Coinbase
📍 Multiple remote locations
🔗 Apply now: totalcyber.io/jobs/coinbase/st…
#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt
#cybersecurity #cysec #insiders #infosec
cybersecurity-insiders.com/med…
Medusa Ransomware attack impacts 1.8 million patients - Cybersecurity Insiders
AI is evolving at a rapid pace, and the uptake of Generative AI (GenAI) is revolutionising the way humans interact and leverage this technology. GenAI isNaveen Goud (Cybersecurity Insiders)
🚀 Comcast Cybersecurity: Penetration Tester 3
🏢 Comcast
📍 Philadelphia, United States
🔗 Apply now: totalcyber.io/jobs/comcast/com…
#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt
🚀 Cybersecurity Engineering Manager
🏢 RTX Corporation
📍 Lane Cove West, Australia
🔗 Apply now: totalcyber.io/jobs/rtx-corpora…
#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt
Sverige går verkligen baklänges när det gäller mänskliga rättigheter på så många sätt, inte minst i den digitala världen 🤬😑
"Grönt ljus för FRA att hacka mobiler och datorer"
dn.se/sverige/gront-ljus-for-f…
#fra #svpol #sverige #cybersec #itsec #infosec #chatcontrol #privacy #dataskydd
FRA kan få hacka mobiler och datorer
Försvarets radioanstalt, FRA, ska få ett tydligare lagstöd för att hacka sig in i datorer och mobiltelefoner, enligt en ny utredning.Bo Torbjörn Ek (Dagens Nyheter)
🚀 Senior Risk Governance Manager - CIO
🏢 Aviva
📍 Multiple locations
🔗 Apply now: totalcyber.io/jobs/aviva/senio…
#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt
On my blog: One weird trick to get the whole planet to send abuse complaints to your best friend(s)
delroth.net/posts/spoofed-mass…
Summary of my adventures from last evening, as read in this Mastodon thread: mastodon.delroth.net/@delroth/…
#infosec #networking #tor
Pierre Bourdon (@delroth@delroth.net)
By any chance did anyone recently also get an abuse report from "watchdogcyberdefense.com"? Hetzner forwarded one to me claiming that my server has been ssh-scanning some random network, but uh, I've looked for a while and can't find any evidence of…Mastodon
#darkreading #infosec #cysec
darkreading.com/application-se…
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.Nate Nelson, Contributing Writer (Dark Reading)
I recently found out that my department at work is being shut down, so I'm looking for a new position!
I spent the last 6 years building advanced security assessment capabilities around hardware/IoT, industrial, marine OT, and x86 platforms. Before that I spent 5 years as a pentester. I excel at weird and novel stuff where there's no template.
I'm based in the UK and I'm looking for a remote full-time role.
CV: poly.nomial.co.uk/graham_suthe…
Thanks!
CCCS (Canada): Statement on People's Republic of China reconnaissance of Canadian systems
This got overlooked Friday: The Canadian Centre for Cyber Security (CCCS) warned Canadian organizations to harden their networks against reconnaissance scanning, performed by a Chinese state-sponsored threat actor over several months. Targets were multiple organizations across multiple sectors including:
- Government of Canada departments and agencies
- federal political parties
- the House of Commons and Senate
- democratic institutions
- critical infrastructure
- defense sector
- media organizations
- think tanks
- Non Governmental Organizations (NGOs)
h/t: @campuscodi
#china #cyberespionage #canada #cccs #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI
BHIS - Talkin' Bout [infosec] News 2024-11-11 #livestream #infosec #infosecnews
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. stories. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adja...YouTube
Freeradical.zone is a Mastodon server for people interested in infosec, privacy, technology, leftward politics, cats, dogs etc.
You can find out more at freeradical.zone or contact the admin @tek
#FeaturedServer #Infosec #Privacy #Tech #Technology #Mastodon #Fediverse #FreeFediverse
Free Radical
Infosec and privacy and technology and leftward politics and cats and dogs and...Mastodon hosted on freeradical.zone