If you use Dropbox you should probably change your password.

Headline: #Dropbox Hacked! Threat Actor Accessed Passwords and Phone Numbers

Snippet: A quick analysis revealed that a threat actor had broken in to access customer information such as emails, usernames, phone numbers and hashed passwords, as well as general account settings and certain authentication information (API keys, OAuth tokens, and multi-factor authentication).

https://www.bitdefender.com/blog/hotforsecurity/dropbox-hacked-threat-actor-accessed-phone-numbers-and-passwords/

#Privacy #Security #Cybersecurity

Dropbox Hacked! Threat Actor Accessed Passwords and Phone Numbers

File hosting service Dropbox says a threat actor breached its e-signature service and accessed customer data, including phone numbers and passwords.

^{Hot for Security}

Oh, great. Computer security researchers have developed a proof-of-concept for a type of ransomware that would act when you try to *upload* a file. It would be able to encrypt any files in the folder you uploaded from, and any subfolders of it.

This is a proof-of-concept; the researchers have not seen any such attacks in the wild. But stay careful out there, okay?

Affects Chrome and Edge, but *not* Firefox or Safari!

https://theconversation.com/cybersecurity-researchers-spotlight-a-new-ransomware-threat-be-careful-where-you-upload-files-219560

#security #cybersecurity #malware #ransomware

Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files

Modern web browsers are increasingly becoming like virtual computers, able to send email and play music and videos. The downside is it’s a new way for hackers to get into your computer.

^{The Conversation}

Millions of #Docker repos found pushing #malware, #phishing sites

https://www.bleepingcomputer.com/news/security/millions-of-docker-repos-found-pushing-malware-phishing-sites/

#cybersecurity #FOSS

I don't think I have many Fediverse connections to the #cybersecurity community in #Sweden, but maybe this can get boosted by someone who does?

A friend just left their job (for reasons unrelated to the position), and in a moment of weakness, as the only one around with my own Fediverse server, I may have volunteered to see if anyone wants to #GetFediHired as their replacement. Technical cybersecurity, incident response, mostly Windows, Swedish language proficiency and in-person attendance (mid-southern Sweden) required. https://liu.se/jobba-pa-liu/lediga-jobb/23904

Cybersäkerhetsexpert

^liu.se

#Networks like #I2P serve useful to #OSINT #investigations, #Journalism, and #activism (#clearnet conns can be more private using #outproxy in I2P).

You can customize your routing experience, even change number of hops, banning and unbanning routers based on suspicious behavior! 😎

💡 TIP: take advantage of using both I2P & #Tor browser set up - spreading the risk to personal #privacy / #anonymity (+ avoid blocks).

Right now I2P is under attack: help by running i2p!

#infosec #cybersecurity

I had an unsettling discovery about some family history on Monday that threw me through a loop and prevented me from being in the right mind to start streaming and making content again.

Tonight I am breaking Passover with family, so I am hoping tomorrow I can finally get back on the wagon to make content and get back to streaming my tinkering and Gaming on Linux stuff. But the first stream will be a "what happened in the past two months" hangout

#InfoSec #Cybersecurity #Twitch #Linux

NEW: female army officers that reported sexual harassment... were hacked with #Pegasus.

Official confirmations from #Poland's AG keep shedding light on more apparent spyware abuses by past gov.

Link [in PL]: https://wiadomosci.onet.pl/kraj/zglosily-molestowanie-w-zandarmerii-wojskowej-byly-inwigilowane-pegasusem/dylyrsv

#Poland #spyware #cybersecurity #infosec #hacking #malware #polska #polish #surveillance #intelligence

🚨 I2P Is Under DDoS Attack By Zombie Routers

#I2P #networking #infosec #cybersecurity #HumanRights #Journalism #activism #surveillance #Privacy #Sybil #ddos #dos #video #proxy #encryption #crypto #e2ee

Watch In I2P

http://invidious.qwik.i2p/watch?v=XfVdxbtTZ5A

#Peertube

https://tube.tchncs.de/w/fMpkjUnNcaKqPchXUPkgV9

🚨 I2P Under Attack By Zombies! 😮

I2P Network Is Currently Under Heavy DDoS Attack (Distributed Denial Of Service) By Spoofed Routers, Spawning By The Thousands - Some Locations Spinning Up 100+ Routers In A Single Hour. Networks L...

^tchncs

#Windows #vulnerability reported by the #NSA exploited to install Russian #malware

Source: https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.

#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker

Windows vulnerability reported by the NSA exploited to install Russian malware

Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.

^{Ars Technica}

"Citizen, leave a copy of your home keys at the police station."

Hmm, people won't like that.

How about, "home-builders have a social responsibility ...[and must give police copies of all house keys]"

Much better.

#Europol taking another stab at the encryption fight.

#Encryption #privacy #infosec #cybersecurity #europe #surveillance

Advanced #Phishing Kit Adds #LastPass Branding for Use in Phishing Campaigns

Threat actors using phishing kits are pretending to be LastPass in phone calls and emails to steal user credentials.

Actual phishing site: “help-lastpass[.]com”

Shortened URL Embedded in Email: shorturl[.]at/glvT0

Phishing Email Subject Line: We’re here for you

Spoofed Sender: Shows as LastPass Support <support@lastpass>

#security #cybersecurity #passwords

https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns - The LastPass Blog

^{blog.lastpass.com}

#Microsoft is a national #security threat, says ex-#WhiteHouse cyber policy director

Source: https://www.theregister.com/2024/04/21/microsoft_national_security_risk/

Microsoft has a shocking level of #control over IT within the US federal #government

#technology #CyberSecurity #economy #politics #software #problem #usa #news

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer

^{Brandon Vigliarolo (The Register)}

🗝️Encoding vs Encryption vs Hashing

🔖#infosec #cybersecurity #hacking #pentesting #security

#followfriday is back (after I missed it last week). Once again, here's some cool #infosec / #cybersecurity accounts I've discovered and followed recently...

- @Omkhar
- @zh4ck
- @pietrushnic
- @freddy
- @zerotypic
- @jeFF0Falltrades
- @13reak
- @WPalant

Plus a few cool accounts I've discovered from fun instances around the #fediverse...

- @Shrigglepuss
- @tonicfunk
- @stephan

I've also updated my site's #blogroll with Fediverse handles for each site entry's author - https://shellsharks.com/blogroll

Blogroll

A list of blogs I read and recommend.

^shellsharks

#LLM Agents can Autonomously #Exploit One-day Vulnerabilities

Source: https://arxiv.org/abs/2404.08144

To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).

#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity

LLM Agents can Autonomously Exploit One-day Vulnerabilities

LLMs have becoming increasingly powerful, both in their benign and malicious uses. With the increase in capabilities, researchers have been increasingly interested in their ability to exploit cybersecurity vulnerabilities.

^arXiv.org

A #crypto wallet maker's warning about an #iMessage bug sounds like a false alarm

https://techcrunch.com/2024/04/16/a-crypto-wallet-makers-warning-about-an-imessage-bug-sounds-like-a-false-alarm/

#cybersecurity #iOS #iPhone #Apple #cryptocurrency #web3

📡 HACKRF PORTAPACK H2: What's New Latest Mayhem Firmware v2.0.1

#radio #sdr #Signals #firmware #mayhem #portapack #HackRF #infosec #cybersecurity #privacy #hardware

https://tube.tchncs.de/w/xvj2ZwbFepkHVginNs4H7n

What's New #HackRF Mayhem #Portapack Firmware v2.0.1 / Upgrading

how to upgrade portapack mayhem firmware and showing first look at NEW APPS: Foxhunt / Wardriver Geotag log BLOG / SUPPORT: https://bmc.link/politictech http://righttoprovacy.i2p #hackrf #portapack...

^tchncs

Let's use @protonprivacy and @Tutanota products.

When will the two largest providers of secure encrypted email make it the default for messages sent between them to be securely encrypted? If even they can't manage it what hope is there for the rest of the email world?

Apple has notified iPhone users in 92 countries about a mercenary spyware attack attempting to compromise their devices.

Apple says the attack is likely targeting the victims because of who they are or what they do.

Apple suggests having the latest software updates, enabling lockdown mode and seeking help from specialized experts.

#cybersecurity #threatintel #Apple #iPhone

https://www.bleepingcomputer.com/news/security/apple-mercenary-spyware-attacks-target-iphone-users-in-92-countries/

Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.

https://www.wired.com/story/house-section-702-vote/

#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle

House Votes to Extend—and Expand—a Major US Spy Program

The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

^{Dell Cameron (WIRED)}

Time for a #jobSearch post!

I'm looking for a #typeScript / #python / #RustLang 100% #remote #softwareDev position, both contract and permanent, GMT+2 timezone.

I previously worked as a Senior / Lead / Principal #fullStack developer with #cyberSecurity , #softwareArchitecture and #devOps experience.

I specialize in #react , #nodejs , #django , #fastAPI , #pandas , #postgresql , #docker , #kubernetes , #AWS and #digitalOcean .

https://www.linkedin.com/in/paul-ngei/

#fediHire #fediHired #jobHunt #software

The White House is apparently considering a full ban of Kaspersky software throughout the United States, citing national security concerns.

https://edition.cnn.com/2024/04/09/politics/biden-administration-americans-russian-software/index.html

#cybersecurity #kaspersky #russia

Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach:

https://thenevadaindependent.com/article/judge-clark-county-schools-may-have-immunity-in-lawsuit-over-2023-cybersecurity-breach

Does Nevada state law provide them with a "Get Out of Jail Free" pass? It sounds like it may.

@douglevin @funnymonkey @brett @mkeierleber

#databreach #EduSec #cybersecurity #edtech #accountability #infosec

Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach

A Clark County judge said she’s leaning toward granting the Clark County School District’s motion to dismiss a class action lawsuit related to a 2023 cyberattack.

^{Rocio Hernandez (The Nevada Independent)}

CrankySec versus HN
https://crankysec.com/blog/hn/

#cybersecurity

###
#Microsoft employees exposed internal passwords in #security lapse

source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/

Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.

#fail #password #leak #problem #news

#Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/

Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”

#internet #fail #security #phishing #cybersecurity #twitter #news

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft…

^{krebsonsecurity.com}

Leader Of Israel's Unit 8200 (equivalent to NSA) OPSEC Mistake Exposed Long Held Identity

#News #Privacy #OPSEC #Unit8200 #Israel #SIGINT #NSA #OSINT #intelligence #infosec #Cybersecurity

https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse

Top Israeli spy chief exposes his true identity in online security lapse

Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google account

^{Harry Davies (The Guardian)}

When #security matters: working with #Qubes OS at the #Guardian

Source: https://www.theguardian.com/info/2024/apr/04/when-security-matters-working-with-qubes-os-at-the-guardian

Configuring a Qubes workstation was a new challenge for the team as we abandoned years of experience writing Infrastructure as Code for the cloud and started learning how to write #Salt #configuration. Salt (also know as SaltStack) is a management engine available by default in Qubes.

#cybersecurity #news #journalism #linux #technology #software #securedrop

When security matters: working with Qubes OS at the Guardian

The latest version of the whistleblowing platform SecureDrop runs on the Qubes operating system. At the Guardian we used the Salt management engine to set up a Qubes environment where journalists could safely interrogate sensitive documents.

^{Philip McMahon (The Guardian)}

Exclusive: #YossiSariel unmasked as head of #Unit8200 and architect of #AI #strategy after book written under pen name reveals his #Google account

Source: https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse

The embarrassing #security lapse is linked to a book he published on #Amazon, which left a digital trail to a private Google account created in his name, along with his unique ID and links to the #account’s maps and calendar profiles.

#Israel #internet #Anonymity #privacy #spy #military #CyberSecurity #news #online #leak #identity

Top Israeli spy chief exposes his true identity in online security lapse

Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google account

^{Harry Davies (The Guardian)}

📰 XZ Utils Backdoor Attribution Analysis

#News #Linux #XZutils #backdoor #ssh #infosec #cybersecurity #privacy #video #peertube #APT

https://tube.tchncs.de/w/ca2iuxmdqfBE98PwZYY6wh

📰 Linux XZ Utils Backdoor Attribution Analysis

🚨 ALERT: * Linux Backdoored XZ Utils (xz-utils)* How This Was Pulled Off, And Who May Have Done It? This Was A Backdoor In Layers - Many Changes Of Lesser Alarm, Together, Critical Remote Access, ...

^tchncs

@anonymiss

ever hear of https://www.zangi.com?

ever hear of https://Simplex.Chat?

#encryption #communication #messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes