Skip to main content

Search

Items tagged with: Security


"Bad actors" are not just bank robbers with bandit masks. You are far more likely to be harmed by proper, legitimated institutions like banks, police, prosecutors, employers, schools, or border enforcement agencies, especially if you're a member of a structurally marginalized group. That is always the most important issue with corporations stockpiling data about you. Recovering from the theft of your credit card number is peanuts by comparison.

"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns...

The concern with Recall is that it’s keeping a digital record of everything you do and, no matter how secure, the record is there for bad actors to find."

tomshardware.com/software/wind…

#Privacy #Data #InfoSec #Security #Microsoft #AI #Tech


Researchers find #security flaws in #Skoda cars that may let hackers remotely track them


Source: techcrunch.com/2024/12/12/rese…

The vulnerabilities, discovered in the vehicle’s MIB3 infotainment unit, could allow attackers to achieve unrestricted code execution and run malicious code every time the unit starts. This could let an attacker obtain live vehicle #GPS coordinates and speed data, record conversations via the in-car #microphone, take screenshots of the infotainment display, and play arbitrary sounds in the car, according to PCAutomotive.


#news #car #surveillance #tracking #software #cybersecurity #fail


"What's the worst password incorrect dialog box?"

🤔

#webDev #security #UI #memes


#Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it


Source: oasis.security/resources/blog/…

The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble.


#news #software #cybersecurity #cloud #security #hacker #fail #mfa


Large language models are terrible if you need reasoning or actual understanding.

Big #OpenSource projects are being hammered with stupid #security bug reports. It appears that dim people are relying on dumb #AI chatbots to generate “spammy, hallucinated” #vulnerability reports. Inevitably, it hurts the ability of teams to work on actual security bugs.

Self-described “Pythonista” Seth Larson (pictured) is as mad as hell. In #SBBlogwatch, we’re not gonna take this any more. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/12/…


BTW did they use VPN in the movie to connect to IRC?

#security


Russian programmer says #FSB agents planted #spyware on his #Android phone


Source: techcrunch.com/2024/12/05/russ…

According to the report, the fake app was able to access location information, read and send text messages, install other applications, read the calendar, take screenshots and record from the video camera, see a list of other applications, answer phone calls, and view user account details — all permissions that the real Cube Call Recorder does not have.


#spy #surveillance #russia #policestate #news #technology #smartphone #Trojan #Software #cybersecurity #security #privacy #Monokle #spyware #Moskow #app


#Security
Das sehe ich genauso.
Im UK sind bereits massenhaft Daten des #NHS ausgerechnet an den #Palantir-Eigner und #Musk-Mentor #PeterThiel gegangen.
Angesichts zunehmender Pandemie-Gefahren, Antibioka- und Fungizid-Resistenzen sowie Alterskrankheiten ist eine bessere medizinische Datenlage wichtiger denn je.

Aus meiner Sicht müssten jedoch die Daten von Anfang an anonymisiert werden.

Quantencomputer werden z.B. immer verlässlicher. Alles lässt sich wohl in Zukunft rückrechnen.


#URL File #NTLM Hash Disclosure #Vulnerability (0day) - and Free #Micropatches for it


Source: blog.0patch.com/2024/12/url-fi…

#bug #Patch #Microsoft #Windows #Software #os #cybersecurity #0day #security #news


#fbi #cisa #calea programs admitted to be some of the vectors for #salttyphoon compromise of US telecommunications infrastructure.

FBI is advising people to use encrypted messengers for text and voice communications!!

Same FBI (+other three letter agencies) which forever advocated for backdoors, now admit this compromise is in part their doing!!!

#signal and others for the win! #security

virtru.com/blog/file-encryptio…


Perhaps companies and CEOs should take this time to reflect on why they should be afraid, what is causing the public to look so disapprovingly at them and, most of all, how they can change themselves.

apnews.com/article/unitedhealt…

#ceo #executives #security


Password field which doesn't allow pasting the password. 2FA implemented with SMS.

Seriously Ho Mobile, who is your CISO ?

🙄

#security #fail


Reuters: Healthcare industry rethinks risk after murder of UnitedHealth exec

"CVS Health removed photos of executive leadership from its site
Security experts say healthcare companies will consider increasing physical security"

reuters.com/business/healthcar… #insurance #healthcare #security


‼️ Die EU will #Messenger-Dienste wie #Signal oder #Telegram per Sanktionen zur Zusammenarbeit mit #Strafverfolgungsbehörden zwingen.

derstandard.at/story/300000024…

Ein neuer Bericht der "Going Dark"-Gruppe fordert strikte Maßnahmen, darunter App-Sperren oder #Haftstrafen für unkooperative Anbieter.

#Datenschützer warnen vor einem massiven Eingriff in #Grundrechte, während #Verschlüsselung als größte Herausforderung bleibt. 🔒⚖️

#Datenschutz #EU #Privatsphäre #Privacy #Security


This new proposed rule by the CFPB would treat #data brokers as de facto credit bureaus, holding them to the same standards of care, transparency, and liability.

Fantastic, long-needed #policy to protect Americans' #privacy and #security

Unfortunately, it'll never happen under Trump.

consumerfinance.gov/about-us/n…


Gmail and Outlook are popular but not necessarily the best - especially when it comes to #privacy and #security.

In this in-depth guide we review #Gmail vs #Outlook and fill you in on the best email provider that's ad-free, private, and secure. 😉

👉 Read more: tuta.com/blog/outlook-vs-gmail


If they do not have much PII on you, they will assume you are not a GOP voter.

GOP voters give out PII like candy on halloween.

This demonstrates that one is a member of the cult.

They live in the false belief that they have nothing to hide.

#Privacy #Security


巴西的 CA 發出 google.com 的 TLS 憑證

在「A Brazilian CA trusted only by Microsoft has issued a certificate for google.com (agwa.name)」這邊看到的,原文在作者的 Fediverse 上:「Andrew Ayer in the Fediverse」。

這次出事的 C

blog.gslin.org/archives/2024/1…

#Computer #Murmuring #Network #Privacy #Security #authority #brasil #ca #certificate #google #icp #microsoft #network #root #security


At Tuta, we believe that best security must be free for everyone.

We are happy to announce that in December all existing Tuta accounts will be upgraded to quantum-safe encryption! 🥳🎉

With TutaCrypt your data is safe - now and in the future. ⚛️ 🔒

Learn more about this quantum leap in #security: tuta.com/blog/post-quantum-cry…


#Bootkitty: Analyzing the first #UEFI #bootkit for #Linux


Source: welivesecurity.com/en/eset-res…

#Software #cybersecurity #security #news #boot


Israel-Hezbollah #ceasefire takes effect


Source: nbcnews.com/news/world/israel-…

Israeli troops in #Lebanon will hold their positions and a 60-day period will start in which the Lebanese #military and #security forces will begin their deployment toward the south, the official said, adding that the process will not happen overnight or in several days.


#Israel #Hezbollah #war #terror #politics #diplomacy #news #Palestine


Copilot let you read the emails of your boss 😱


Source: businessinsider.com/microsoft-…

Now the software giant is trying to fix the #problem. On Tuesday, #Microsoft released new tools and a guide to help customers mitigate a #Copilot #security issue that inadvertently let employees access sensitive information such as CEO emails and HR documents.


#fail #Software #ai #technology #Windows #news #omg #wtf #privacy #bug


I decided to test the GrapheneOS web installer to see just how safe it is.

youtu.be/ik0AiO0WtuU

#grapheneos #android #privacy #security


europesays.com/1633994/ Russia Is Freaked: NATO in Europe Is Spending $380,000,000,000 on Defense #défense #europe #F16 #military #Russia #security #tanks #Ukraine #WarInUkraine


Within this assessment, the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security #assessment.


Source: cisa.gov/news-events/cybersecu…

Today's #security measures therefore tend to reduce security rather than increase it. 🤔😖

#news #Software #vulnerability #bug #fail #cybersecurity #Problem #omg #wtf #web #webshell #internet


Remember Microsoft's Recall? The first implementation was never released and was met with strong criticism from privacy advocates and the infosec/security community. Guess what? Microsoft has doubled down, and its controversial Recall scraper is finally entering the public preview stage. If you care about privacy, please think twice before using this on your AI-enabled PCs (Snapdragon-powered Copilot+ PCs) blogs.windows.com/windows-insi…

#privacy #infosec #security #windows11 #DoNotWant


Signal Is Now a Great Encrypted Alternative to Zoom and Google Meet
And Signal app is FREE 😁
#security #encrypted #message
lifehacker.com/tech/signal-is-…


Let's Encrypt is 10 years old today!
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Huge thanks to everyone involved in making HTTPS available to everyone for free

letsencrypt.org/

#tech #technology #security #privacy #encryption #https #letsencrypt #ISRG


A great guide for anyone interested in improving their #privacy posture.

(TL;DR in the comments.)

"Whatever platforms you're on, whatever devices you have, you need to have a sense of what kind of data you're generating and then use the controls available to limit who can see what you're doing."

wired.com/story/the-wired-guid…

#infosec #e2ee #security



China's cyber spies intercept phone data and calls from US network operators

Chinese cyber spies infiltrated US network operators. Conversations and data from government and politicians were intercepted, as were police wiretaps.

heise.de/en/news/China-s-cyber…

#ATT #Cybersecurity #Cyberspionage #DonaldTrump #FBI #Provider #Security #Spionage #Verizon #news


Pregnancy Tracking #App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover

What to Expect is a popular pregnancy tracking app available for #ios and #android.

An exposed API endpoint handling password reset requests for the app does not require authentication or enforce rate limits and is vulnerable to brute force attacks.

#privacy #security #cybersecurity

404media.co/pregnancy-tracking…