Information about the UK #cybersecurity Bill coming out today:

Missing:

* Protections for encryption
* Explicit discussion of #digitalsovereignty and the need to transition to #opensource #foss
* Safeguards against future self inflicted cybersecurity disasters through hiding vulnerabilities leading to incidents like WannaCry

@openrightsgroup will be making the case for these changes

gov.uk/government/publications…

Cyber Security and Resilience Bill - policy statement

^{Department for Science, Innovation and Technology (GOV.UK)}

#Tuta birthday sale: 62% off Legend plan

tuta.com/special-offer/?t-src=…

#email #privacy #cybersecurity

Tuta: Turn ON privacy for free with secure emails, calendars & contacts | Tuta

Tuta guarantees your data stays private for free & without ads. Quantum-resistant encryption makes Tuta the best secure technology solution to protect your privacy.

^Tuta

President Donald #Trump, asked yesterday afternoon about the same matter, said, “It wasn’t classified #information.” - so here is the full #Signal #chat with the attack plans ...

source: theatlantic.com/politics/archi…

#usa #government #politics #military #Yemen #warfare #war #cybersecurity #fail #communication

Here Are the Attack Plans That Trump’s Advisers Shared on Signal

The administration has downplayed the importance of the text messages inadvertently sent to The Atlantic’s editor in chief.

^{Jeffrey Goldberg (The Atlantic)}

If you also use BlueSky I have provided you a Short Stack there:

tisiphone.net/2025/03/25/blues…

It is mostly a duplicate of the Short Stack here:

tisiphone.net/2025/03/18/updat…

These are intel-ish news feeds mostly consisting of people who post a lot of relevant articles, commentary, and punditry. tldr; follow these and keep updated on cyber stuff.

#cybersecurity #infosec

Updated InfoSec Mastodon Lists!

I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff. Pancakes Short Stack,jerry@infosec.exchange Pancakes Short Stack,spacero…

^{Lesley Carhart's Cybersecurity Blog}

December 2023: US District Attorney Jessica Aber indicts 4 Russians for war crimes in #Ukraine

September 2024: US District Attorney Jessica Aber indicts Russian cryptocurrency money launderer / cybercriminal #SergeyIvanov

November 2024: US District Attorney Jessica Aber accuses Virginia based companies of running "three different schemes to illegally transship sensitive American technology to Russia," including sending equipment to a Russian telecommunications company linked to the #Kremlin and Russia's notorious #FSB security agency.

March 2025: Former US District Attorney Jessica Aber found dead at age 43

More: newsweek.com/jessica-aber-deat…

#Putin #VladimirPutin #JessicaAber #Russia #UkraineWar #Virginia #Vapol #crime #alexandria #TrueCrime #uspol #eupol #eu #AsifRahman #infosec #ransomware #cybersecurity

#Microsoft tells #Windows10 users to just trade in their PC for a newer one, because how hard can it be?

xda-developers.com/microsoft-t…

#cybersecurity #Windows11

Microsoft tells Windows 10 users to just trade in their PC for a newer one, because how hard can it be?

I'll give you five bucks for it.

^{Simon Batt (XDA)}

Apple patched CVE-2024-54471, a macOS vulnerability that allowed NetAuthAgent to leak file server credentials and iCloud API tokens due to missing sender verification. Update to macOS 15.1, 14.7.1, or 13.7.1 to stay protected.

wts.dev/posts/password-leak/

#macOS #CyberSecurity #Apple #InfoSec

Leaking Passwords (and more!) on macOS | Watch This Space

A security research blog.

^{Watch This Space}

This dumb password rule is from Hetzner.

- 8 or more characters
- At least one uppercase and one lowercase letter
- At least one number or special character

Okay, fair enough, but after putting in a password with some special characters this message appears:
- Invalid characters, allowed are: A-Z a-z 0-9 ä ö ü ß Ä Ö Ü ^ ! $ % / ( ) = ?...

dumbpasswordrules.com/sites/he…

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Hetzner - Dumb Password Rules

- 8 or more characters - At least one uppercase and one lowercase letter - At least one number or special character Okay, fair enough, but after putting in a password with some special characters this message appears: - Invalid characters, allowed a…

^{dumbpasswordrules.com}

People use already compromised passwords 41% of the time when logging into email, streaming services, social networks, or any other online services, Cloudflare’s analysis reveals.

#password #Cloudflare #cybersecurity #privacy

cnews.link/half-login-attempts…

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: benjojo.co.uk/u/benjojo/h/cR4d…]

blog.cloudflare.com/password-r…

#cloudflare #password #cybersecurity

Password reuse is rampant: nearly half of observed user logins are compromised

Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.

^{The Cloudflare Blog}

"Google refuses to deny it received encryption order from UK government"

The UK’s encryption-breaking order for a backdoor into iCloud isn’t a one-off.

The secret hearing happening RIGHT NOW is bigger than just Apple. If the government wins, our right to privacy and security falls.

Other services will be hit.

therecord.media/google-refuses…

Sign our petition ➡️ you.38degrees.org.uk/petitions…

#e2ee #encryption #apple #google #privacy #security #cybersecurity #ukpol #ukpolitics #tech

Google refuses to deny it received encryption order from UK government

U.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K. — a mechanism to access encrypted messages that Apple reportedly received.

^{therecord.media}

Oh really it was Ukraine that took down X on March 10? Not so fast.

Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. wired.com/story/x-ddos-attack-… #X #Musk #DDoS #cyberattack #cybersecurity #security #Ukraine #BotNet #Internet

🚨 BREAKING 🚨

ORG, Big Brother Watch and Index on Censorship call for the secret Tribunal into the UK Home Office's encryption-breaching order against Apple to be held in PUBLIC 🧑‍⚖️

There's a significant public interest in knowing why the UK government believes it can compel a private company to undermine the privacy and security of its users.

Read our joint letter ⬇️

openrightsgroup.org/press-rele…

#encryption #e2ee #Apple #investigatorypowersact #privacy #security #cybersecurity #ukpolitics #ukpol

Make the Investigatory Powers Tribunal on Apple Encryption a Public Hearing

Rights groups call for Apple’s closed appeal against the Home Office’s encryption-breaching order to be opened to the public.

^{Open Rights Group}

Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️

🤐 A secret tribunal will hear the appeal against the UK government’s order to carve a backdoor into Apple’s encrypted services.

🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.

computerweekly.com/news/366620…

#encryption #Apple #privacy #cybersecurity #security #e2ee #ukpolitics #ukpol

Secret London tribunal to hear appeal in Apple vs government battle over encryption

Campaigners call for High Court hearing to be held in public as tech giant appeals against UK government order to open a backdoor into its encrypted iCloud service

^{Bill Goodwin (ComputerWeekly.com)}

Comment: We are digitally unsovereign

The chaotic US policy is making Germany and Europe aware of their own dependency. We must finally act, says iX editor-in-chief Oliver Diedrich.

heise.de/en/opinion/Comment-We…

#saukontrovers #CloudDienste #Cybersecurity #Datenschutz #Digitalisierung #DonaldTrump #ElonMusk #Netzpolitik #Politik #Security #news

Comment: We are digitally unsovereign

^{Werner Pluta (heise online)}

Swedish Armed Forces: “Use #Signal to defend against interception of calls & messages”

tuta.com/blog/swedish-armed-fo…

#privacy #cybersecurity #politics #Sweden

Swedish Armed Forces: “Use Signal to defend against interception of calls & messages” | Tuta

First the US agency CISA, now the Swedish Armed Forces: Officials start to understand the importance of encryption in the face of increased tension and surveillance.

^Tuta

How to generate random #passwords from the #Linux command line

source: zdnet.com/article/how-to-gener…

#password #security #cybersecurity #commandline #command #software #pwgen #knowhow #knowledge #tutorial

How to generate random passwords from the Linux command line

Need a strong, random password? Linux makes it incredibly easy to generate one - no password manager required.

^{Jack Wallen (ZDNET)}

Non-Gecko (Firefox), non-Blink (Chromium) and non-Webkit (Safari) browsers:

Servo (browser engine)
servo.org/

Ladybird
ladybird.org/

They don't seem ready for use yet though.

#Browsers #DataPrivacy #CyberSecurity #Gecko #Firefox #Chromium #Webkit #Tech #Web #Servo #Ladybird

Ladybird

Ladybird is a truly independent web browser, backed by a non-profit.

^ladybird.org

🔐 If Privacy is outlawed...

Here's how you can stop them: 👉 t.co/8z8lI9eRDo

#PrivacyMatters #Encryption #CyberSecurity #TurnOnPrivacy #PGP

#Research finds 12,000 ‘Live’ #API Keys and ßPasswords in #DeepSeek's #Training Data

Source: trufflesecurity.com/blog/resea…

#ai #technology #security #privacy #fail #password #Problem #cybersecurity #news #Software

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data ◆ Truffle Security Co.

We scanned Common Crawl - a massive dataset used to train LLMs like DeepSeek - and found ~12,000 hardcoded live API keys and passwords. This highlights a growing issue: LLMs trained on insecure code may inadvertently generate unsafe outputs.

^{trufflesecurity.com}