Search
Items tagged with: security
#Windows #vulnerability reported by the #NSA exploited to install Russian #malware
When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.Ars Technica
A Stateless Workstation
In this article, I explain the rational and experiment about my project of a stateless workstation
https://dataswamp.org/~solene/2024-04-20-workstation-going-stateless.html
gemini://perso.pw/blog/articles/workstation-going-stateless.gmi
#security #linux #openbsd #unix
This is such a brilliantly simple flaw, I can't believe I didn't think of it.
Maybe because it is brilliant. And simple.
https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
Researchers claim Windows Defender can be fooled into deleting databases
Two rounds of reports and patches may not have completely closed this holeLaura Dobberstein (The Register)
#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted codeAaron Thacker (LRQA Nettitude Labs)
Friends don't let friends use Discord.
Message History of 600 Million Discord Users Can be Accessed For $5
https://80.lv/articles/message-history-of-600-million-discord-users-can-be-accessed-for-usd5/
Message History of 600 Million Discord Users Can be Accessed For $5
A new report sheds light on a scraping service that lets anyone view your message history across different Discord servers.Theodore McKenzie (80lv)
Advanced #Phishing Kit Adds #LastPass Branding for Use in Phishing Campaigns
Threat actors using phishing kits are pretending to be LastPass in phone calls and emails to steal user credentials.
Actual phishing site: “help-lastpass[.]com”
Shortened URL Embedded in Email: shorturl[.]at/glvT0
Phishing Email Subject Line: We’re here for you
Spoofed Sender: Shows as LastPass Support <support@lastpass>
#Microsoft is a national #security threat, says ex-#WhiteHouse cyber policy director
Source: https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
Microsoft has a shocking level of #control over IT within the US federal #government
#technology #CyberSecurity #economy #politics #software #problem #usa #news
Microsoft is a national security threat, says ex-White House cyber policy director
With little competition at the goverment level, Windows giant has no incentive to make its systems saferBrandon Vigliarolo (The Register)
to me, #biometric unlocking, is unsafe, you see a lot of unauthorised unlocking from restrained, sleeping, dead, or drunken people from either face or fingerprint to unlock a device.
it was established a few years ago that law enforcement in the usa do not need a warrant for biometric unlocking, but need warrant if a password is enabled, to unlock a device.
#phone #thumbprint #court #usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance
Cops can force suspect to unlock #phone with #thumbprint, US #court rules
#usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance
Cops can force suspect to unlock phone with thumbprint, US court rules
Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."Ars Technica
Telegram and Signal - two other foreign messaging apps - were also removed from the store on Friday, according to app tracking firms Qimai and AppMagic.'
https://www.reuters.com/technology/apple-removes-whatsapp-threads-china-app-store-wsj-reports-2024-04-19/
#apple #tech #Facebook #politics #china #security
Hallo @BSI wieso ist denn das #BSI im Vergleich zu den Behörden in den USA so zaghaft, wenn es um das Thema #Microsoft geht?
Meine Frage bezieht sich auf folgenden lesenswerten Artikel:
https://www.heise.de/meinung/Kommentar-Microsofts-Sicherheitspraxis-wird-zur-Gefahr-und-das-BSI-schweigt-9686629.html
Kommentar: Die gefährliche Beißhemmung des BSI gegenüber Microsoft
Nach den Vorfällen bei Microsoft greifen die US-Behörden durch. Das passive BSI sollte sich ein Beispiel an den US-Kollegen nehmen, meint Jürgen Schmidt.Security
The #press is barred from covering aspects of the trial related to the #jury, for understandable #security reasons. At the same time, the judge is taking another 5 days to hold a hearing on whether #Trump has violated the #GagOrder that was placed on him w/ repeated social media posts about a key #witness & #jurors.
This is 1 of many ways in which despite Trump's complaints that he is being treated unfairly, the judge is bending over backwards to be fair to him in this #trial.
Ukrainian journalists say state #security spied on them
#sbu #spy #news #media #press #freedom #journalism #justice #politics #hunanrights
Ukrainian journalists say state security spied on them
SBU used some 30 officers to wiretap media outlet.Veronika Melkozerova (POLITICO)
Login • Instagram
Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.www.instagram.com
If you use Discord, you might wanna know this.
A service called Spy Pet is scraping Discord servers, archiving and tracking users' messages and activity, and then selling access to that data.
Spy Pet scrapes more than 10,000 Discord servers, and besides selling access to anyone with cryptocurrency, it offers the data for training AI models or to assist law enforcement agencies, according to its website.
Spy Pet claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.
(The article is paywalled probably, etc but it's here) https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages
#Discord #security #SpyPet #privacy #scams #scammers #crypto #cryptocurrency #AI
A Spy Site Is Scraping Discord and Selling Users’ Messages
404 Media tested the service, called Spy Pet, and verified it is collecting information on Discord users, including the messages they post across usually disparate servers.Joseph Cox (404 Media)
What we need to take away from the XZ Backdoor
A lot has been written about the XZ Backdoor in the last few weeks, so it is time to look forward. Before doing so, we share further details about what happe...openSUSE News
We had the same problem in Canada.
Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
🇺🇸
The FTC accused it of sloppy data handling and sharing patient data with third parties like TikTok without consent
#News #Healthcare #Security #Privacy
https://www.theverge.com/2024/4/16/24131881/ftc-fine-cerebral-telehealth
Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
Cerebral will owe $7 million after the FTC accused it of careless data practices and sharing private patient info with third parties like TikTok for advertising purposes.Wes Davis (The Verge)
A hacking #skimmer inside an #ATM machine
https://youtube.com/shorts/29Uc_7bGcRE
#hack #security #money #technology
A hacking skimmer inside an ATM machine #shorts
That's how you hackers crack your cards. Using this skimmer device. Watch the short to know more.#skimmer #hacking #sumsub #shorts Sumsub — empowering compli...YouTube
ALL CLEAR for Fedora Rawhide and Fedora 40 Beta builds regarding the xz exploit. 👍
Things had stabilized soon after the initial security advisory, but we're now confirming that you can use Rawhide and Fedora 40 Beta safely as long as you have the latest updates or reinstall (which is not a bad idea to be safe).
Fedora 38 and 39 were never affected.
Learn more: https://fedoramagazine.org/cve-2024-3094-all-clear/
#Fedora #Security #Privacy #InfoSec #Linux #OpenSource
CVE-2024-3094: All Clear - Fedora Magazine
The XZ backdoor was foiled by Andres Freund.Matthew Miller (Fedora Project)
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.
https://www.wired.com/story/house-section-702-vote/
#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle
House Votes to Extend—and Expand—a Major US Spy Program
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.Dell Cameron (WIRED)
Microsoft starts testing ads in the Windows 11 Start menu
The first ads in the Windows 11 Start menu will be very similar to the app recommendations Microsoft used in Windows 10.Tom Warren (The Verge)
###
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.
#Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”
#internet #fail #security #phishing #cybersecurity #twitter #news
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft…krebsonsecurity.com
#google #money #security #browser #chrome #internet #economy #news
♲ Digital Angel - 2024-04-10 22:01:30 GMT
#Google: If you want #browser #security, it will cost you something.https://chromeenterprise.google/products/chrome-enterprise-premium/
#software #internet #enterprise #economy #money #business #chrome #news
(Nitter addon enabled: Twitter links via https://nitter.privacytools.io)
I find this argument a bit problematic. Just because software like @Team KeePassXC gives users control and choice over their passkeys, which Apple / Google / ... currently don't, doesn't mean they are irresponsible. From what I can tell KeePassXC devs were not involved in the discussions around transfer of passkeys.
Big tech wanted to get passkeys into user hands, which is a great thing, as are passkeys in general. But the statement that it is somewhat of a lock-in situation currently is not false.
And finger-pointing at software that does give users the option to transfer passkeys at their desire is not helping I think. Especially when that aspect has not yet been standardized.
If transfer can happen in encrypted form, that is clearly preferable. You filed https://github.com/keepassxreboot/keepassxc/issues/10407 which is a good thing. The discussion shows however, that the way the debate was going on so far was not ideal.
#passkeys #security #passwordless
[Passkeys] should never be exported in clear text · Issue #10407 · keepassxreboot/keepassxc
Overview Passkeys should never be allowed to be exported in clear text. There is significant work going on across the industry on a secure migration protocol for credentials like passkeys. Please c...GitHub
#ThreatWire these days is presented by @endingwithali
Bringing us the latest on our #security, #privacy & #InternetFreedom
Give her a follow
When #security matters: working with #Qubes OS at the #Guardian
Configuring a Qubes workstation was a new challenge for the team as we abandoned years of experience writing Infrastructure as Code for the cloud and started learning how to write #Salt #configuration. Salt (also know as SaltStack) is a management engine available by default in Qubes.
#cybersecurity #news #journalism #linux #technology #software #securedrop
When security matters: working with Qubes OS at the Guardian
The latest version of the whistleblowing platform SecureDrop runs on the Qubes operating system. At the Guardian we used the Salt management engine to set up a Qubes environment where journalists could safely interrogate sensitive documents.Philip McMahon (The Guardian)
Exclusive: #YossiSariel unmasked as head of #Unit8200 and architect of #AI #strategy after book written under pen name reveals his #Google account
The embarrassing #security lapse is linked to a book he published on #Amazon, which left a digital trail to a private Google account created in his name, along with his unique ID and links to the #account’s maps and calendar profiles.
#Israel #internet #Anonymity #privacy #spy #military #CyberSecurity #news #online #leak #identity
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google accountHarry Davies (The Guardian)
ever hear of https://www.zangi.com?
ever hear of https://Simplex.Chat?
#encryption #communication #messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes