Search
Items tagged with: Security
"Bad actors" are not just bank robbers with bandit masks. You are far more likely to be harmed by proper, legitimated institutions like banks, police, prosecutors, employers, schools, or border enforcement agencies, especially if you're a member of a structurally marginalized group. That is always the most important issue with corporations stockpiling data about you. Recovering from the theft of your credit card number is peanuts by comparison.
"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns...
The concern with Recall is that it’s keeping a digital record of everything you do and, no matter how secure, the record is there for bad actors to find."
tomshardware.com/software/wind…
#Privacy #Data #InfoSec #Security #Microsoft #AI #Tech
Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled
Despite promising to filter personal data out, Recall still captures it.Avram Piltch (Tom's Hardware)
Researchers find #security flaws in #Skoda cars that may let hackers remotely track them
Source: techcrunch.com/2024/12/12/rese…
The vulnerabilities, discovered in the vehicle’s MIB3 infotainment unit, could allow attackers to achieve unrestricted code execution and run malicious code every time the unit starts. This could let an attacker obtain live vehicle #GPS coordinates and speed data, record conversations via the in-car #microphone, take screenshots of the infotainment display, and play arbitrary sounds in the car, according to PCAutomotive.
#news #car #surveillance #tracking #software #cybersecurity #fail
Researchers find security flaws in Skoda cars that may let hackers remotely track them | TechCrunch
Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors toCarly Page (TechCrunch)
#Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it
Source: oasis.security/resources/blog/…
The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.
#news #software #cybersecurity #cloud #security #hacker #fail #mfa
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.Tal Hason (Oasis Security)
Large language models are terrible if you need reasoning or actual understanding.
Big #OpenSource projects are being hammered with stupid #security bug reports. It appears that dim people are relying on dumb #AI chatbots to generate “spammy, hallucinated” #vulnerability reports. Inevitably, it hurts the ability of teams to work on actual security bugs.
Self-described “Pythonista” Seth Larson (pictured) is as mad as hell. In #SBBlogwatch, we’re not gonna take this any more. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/12/…
AI Slop is Hurting Security — LLMs are Dumb and People are Dim - Security Boulevard
Artificial stupidity: Large language models are terrible if you need reasoning or actual understanding.Richi Jennings (Security Boulevard)
Russian programmer says #FSB agents planted #spyware on his #Android phone
Source: techcrunch.com/2024/12/05/russ…
According to the report, the fake app was able to access location information, read and send text messages, install other applications, read the calendar, take screenshots and record from the video camera, see a list of other applications, answer phone calls, and view user account details — all permissions that the real Cube Call Recorder does not have.
#spy #surveillance #russia #policestate #news #technology #smartphone #Trojan #Software #cybersecurity #security #privacy #Monokle #spyware #Moskow #app
Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch
Security researchers confirmed the programmer's phone had spyware, likely during a spell in Russian detention. The programmer told his story to TechCrunch.Lorenzo Franceschi-Bicchierai (TechCrunch)
#Security
Das sehe ich genauso.
Im UK sind bereits massenhaft Daten des #NHS ausgerechnet an den #Palantir-Eigner und #Musk-Mentor #PeterThiel gegangen.
Angesichts zunehmender Pandemie-Gefahren, Antibioka- und Fungizid-Resistenzen sowie Alterskrankheiten ist eine bessere medizinische Datenlage wichtiger denn je.
Aus meiner Sicht müssten jedoch die Daten von Anfang an anonymisiert werden.
Quantencomputer werden z.B. immer verlässlicher. Alles lässt sich wohl in Zukunft rückrechnen.
#URL File #NTLM Hash Disclosure #Vulnerability (0day) - and Free #Micropatches for it
Source: blog.0patch.com/2024/12/url-fi…
#bug #Patch #Microsoft #Windows #Software #os #cybersecurity #0day #security #news
URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it
Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest...blog.0patch.com
#fbi #cisa #calea programs admitted to be some of the vectors for #salttyphoon compromise of US telecommunications infrastructure.
FBI is advising people to use encrypted messengers for text and voice communications!!
Same FBI (+other three letter agencies) which forever advocated for backdoors, now admit this compromise is in part their doing!!!
#signal and others for the win! #security
virtru.com/blog/file-encryptio…
FBI Urges Americans to Adopt Encryption Amid Ongoing “Salt Typhoon” Cyber Attack
The FBI and CISA advise end-to-end encryption to protect data continually targeted by China's Salt Typhoon cyber attack.Megan Leader (Virtru)
Perhaps companies and CEOs should take this time to reflect on why they should be afraid, what is causing the public to look so disapprovingly at them and, most of all, how they can change themselves.
apnews.com/article/unitedhealt…
Killing of UnitedHealthcare CEO spotlights complex challenge companies face in protecting top brass
In an era when online anger and social tensions are increasingly directed at the businesses consumers count on, Meta last year spent $24.4 million to surround CEO Mark Zuckerberg with security.ADAM GELLER (AP News)
Reuters: Healthcare industry rethinks risk after murder of UnitedHealth exec
"CVS Health removed photos of executive leadership from its site
Security experts say healthcare companies will consider increasing physical security"
reuters.com/business/healthcar… #insurance #healthcare #security
‼️ Die EU will #Messenger-Dienste wie #Signal oder #Telegram per Sanktionen zur Zusammenarbeit mit #Strafverfolgungsbehörden zwingen.
derstandard.at/story/300000024…
Ein neuer Bericht der "Going Dark"-Gruppe fordert strikte Maßnahmen, darunter App-Sperren oder #Haftstrafen für unkooperative Anbieter.
#Datenschützer warnen vor einem massiven Eingriff in #Grundrechte, während #Verschlüsselung als größte Herausforderung bleibt. 🔒⚖️
#Datenschutz #EU #Privatsphäre #Privacy #Security
EU-Strafverfolger wollen Signal und Co zur Überwachung zwingen
In ihrem Abschlussbericht fordert die umstrittene Expertengruppe drastische Sanktionen für Anbieter, die sich nicht kooperativ zeigenDER STANDARD
This new proposed rule by the CFPB would treat #data brokers as de facto credit bureaus, holding them to the same standards of care, transparency, and liability.
Fantastic, long-needed #policy to protect Americans' #privacy and #security
Unfortunately, it'll never happen under Trump.
consumerfinance.gov/about-us/n…
CFPB Proposes Rule to Stop Data Brokers from Selling Sensitive Personal Data to Scammers, Stalkers, and Spies | Consumer Financial Protection Bureau
The CFPB today proposed a rule to rein in data brokers that sell Americans' sensitive personal and financial information.Consumer Financial Protection Bureau
Gmail and Outlook are popular but not necessarily the best - especially when it comes to #privacy and #security.
In this in-depth guide we review #Gmail vs #Outlook and fill you in on the best email provider that's ad-free, private, and secure. 😉
👉 Read more: tuta.com/blog/outlook-vs-gmail
Outlook vs Gmail: Which is best in 2024? | Tuta
When looking to create a free email address with Outlook or Gmail, we've got a few tips to help you choose the best provider for top privacy and security.Tuta
巴西的 CA 發出 google.com 的 TLS 憑證
在「A Brazilian CA trusted only by Microsoft has issued a certificate for google.com (agwa.name)」這邊看到的,原文在作者的 Fediverse 上:「Andrew Ayer in the Fediverse」。
這次出事的 C
blog.gslin.org/archives/2024/1…
#Computer #Murmuring #Network #Privacy #Security #authority #brasil #ca #certificate #google #icp #microsoft #network #root #security
巴西的 CA 發出 google.com 的 TLS 憑證
在「A Brazilian CA trusted only by Microsoft has issued a certificate for google.com (agwa.name)」這邊看到的,原文在作者的 Fediverse 上:「Andrew Ayer in the Fediverse」。 這次出事的 CA 是巴西政府自己的 ICP-Brasil,這組 CA 被 Microsoft 信任但沒有被 Google 與 Mozilla 信任。 但即使如此,因為 Microsoft 信任 I…Gea-Suan Lin (Gea-Suan Lin's BLOG)
At Tuta, we believe that best security must be free for everyone.
We are happy to announce that in December all existing Tuta accounts will be upgraded to quantum-safe encryption! 🥳🎉
With TutaCrypt your data is safe - now and in the future. ⚛️ 🔒
Learn more about this quantum leap in #security: tuta.com/blog/post-quantum-cry…
Tuta Launches Post Quantum Cryptography For Email | Tuta
Tuta Mail enables TutaCrypt, a protocol to exchange messages using quantum-safe encryption.Tuta
#Bootkitty: Analyzing the first #UEFI #bootkit for #Linux
Source: welivesecurity.com/en/eset-res…
#Software #cybersecurity #security #news #boot
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.www.welivesecurity.com
Israel-Hezbollah #ceasefire takes effect
Source: nbcnews.com/news/world/israel-…
Israeli troops in #Lebanon will hold their positions and a 60-day period will start in which the Lebanese #military and #security forces will begin their deployment toward the south, the official said, adding that the process will not happen overnight or in several days.
#Israel #Hezbollah #war #terror #politics #diplomacy #news #Palestine
Israel-Hezbollah ceasefire takes effect
President Joe Biden announced Tuesday that Israel and Hezbollah had agreed to a United States-brokered ceasefire in Lebanon that took effect hours later.Mirna Alsharif (NBC News)
Copilot let you read the emails of your boss 😱
Source: businessinsider.com/microsoft-…
Now the software giant is trying to fix the #problem. On Tuesday, #Microsoft released new tools and a guide to help customers mitigate a #Copilot #security issue that inadvertently let employees access sensitive information such as CEO emails and HR documents.
#fail #Software #ai #technology #Windows #news #omg #wtf #privacy #bug
Microsoft is trying to fix Copilot's oversharing problem
Microsoft released tools to address security issues with Copilot, which indexes internal data and sometimes shares sensitive customer information.Ashley Stewart (Business Insider)
I decided to test the GrapheneOS web installer to see just how safe it is.
Russia Is Freaked: NATO in Europe Is Spending $380,000,000,000 on Defense - EUROPE SAYS
What You Need to Know: NATO allies are significantly ramping up their support for Ukraine. Denmark and theEUROPE SAYS (EUROPESAYS.COM)
Within this assessment, the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security #assessment.
Source: cisa.gov/news-events/cybersecu…
Today's #security measures therefore tend to reduce security rather than increase it. 🤔😖
#news #Software #vulnerability #bug #fail #cybersecurity #Problem #omg #wtf #web #webshell #internet
Remember Microsoft's Recall? The first implementation was never released and was met with strong criticism from privacy advocates and the infosec/security community. Guess what? Microsoft has doubled down, and its controversial Recall scraper is finally entering the public preview stage. If you care about privacy, please think twice before using this on your AI-enabled PCs (Snapdragon-powered Copilot+ PCs) blogs.windows.com/windows-insi…
#privacy #infosec #security #windows11 #DoNotWant
Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26120.2415 (KB5046723) to the Dev Channel. With this update, we welcome Windows Insiders with Snapdragon-poweredWindows Insider Blog
#Android will soon instantly log you in to your apps on new devices
#security
arstechnica.com/gadgets/2024/1…
Android will soon instantly log you in to your apps on new devices
New phone day for Android users should get a whole bunch easier.Kevin Purdy (Ars Technica)
And Signal app is FREE 😁
#security #encrypted #message
lifehacker.com/tech/signal-is-…
Signal Is Now a Great Encrypted Alternative to Zoom and Google Meet
You can make free and encrypted group video calls with up to 50 participants.Pranay Parab (Lifehacker)
Have you heard about the latest losers? theregister.com/2024/11/20/dli…
#dlink #cybersecurity #Router #vpn #internet #Software #Firmware #fail #bug #economy #Problem #security #news
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Vendor offers 20% discount on new model, but not patchesConnor Jones (The Register)
Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free
#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG
Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our nonprofit work this year in our 2023 Annual Report.letsencrypt.org
A great guide for anyone interested in improving their #privacy posture.
(TL;DR in the comments.)
"Whatever platforms you're on, whatever devices you have, you need to have a sense of what kind of data you're generating and then use the controls available to limit who can see what you're doing."
GitHub - FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. - FiloSottile/ageGitHub
China's cyber spies intercept phone data and calls from US network operators
Chinese cyber spies infiltrated US network operators. Conversations and data from government and politicians were intercepted, as were police wiretaps.
heise.de/en/news/China-s-cyber…
#ATT #Cybersecurity #Cyberspionage #DonaldTrump #FBI #Provider #Security #Spionage #Verizon #news
Pregnancy Tracking #App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover
What to Expect is a popular pregnancy tracking app available for #ios and #android.
An exposed API endpoint handling password reset requests for the app does not require authentication or enforce rate limits and is vulnerable to brute force attacks.
#privacy #security #cybersecurity
404media.co/pregnancy-tracking…
Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover
Vulnerabilities in the popular What to Expect app include one that allows a full account take over, and another that exposes that email address of forum admins.Joseph Cox (404 Media)