#security
Vanadium version 112.0.5615.48.0 released: https://github.com/GrapheneOS/Vanadium/releases/tag/112.0.5615.48.0.
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/4184-vanadium-version-11205615480-released
Srsly Risky Biz: Army. Navy. Air Force. Cyber Force? https://cyberfeed.io/article/6928207f9491eabae9b7ca5f736edf55 #cybersec #security #infosec #cybersecurity
I'm someone very concerned about the focus that web dev community gives to security/privacy. We talk about WebPerf, UI Tools, and APIs, but barely anything about #Security and #Privacy.
So I started "security-fns" to help #JavaScript Developers to add more security and privacy on their web apps.
It’s in alpha, but soon more docs and functions will be available.
🔗: https://github.com/obetomuniz/security-fns
PS: I’m not an #CyberSec expert. Contributions will be highly appreciated.
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT https://cyberfeed.io/article/b2efb95afc48c239cd94dd38b2d928cd #cybersec #security #infosec #cybersecurity
Surfshark VPN Review,Offers,Speedtests,Plus How To Install & Use!
Privacy, no-logs VPN, perfect for torrenting and you can connect unlimited devices, like computers, smartphones & tablets. Get the 82% off + 2 months free offer, before it expires on March 31st,2023.
#vpn, #surfshark, #privacy, #security, #anonymity, #Linux,#LMDE5, #Debian, #Windows.
Read more here: https://www.linuxexperten.com/gallery/surfshark-review-2023-vpn-debianubuntulmde5
I hacked into a Bing CMS, altered search results and took over millions of O365 accounts https://nitter.net/hillai/status/1641146508639600646#m #security
"Bing is allowed to issue Office tokens for any logged-on user"
https://twitter.com/hillai/status/1641146523990753290
I hacked into a Bing CMS, altered search results and took over millions of O365 accounts https://nitter.net/hillai/status/1641146508639600646#m | https://lobste.rs/s/77r2oy #security
The US Is Sending Money to Countries Devastated by Cyberattacks - The White House is providing $25 million to Costa Rica, after giving Albania similar aid ... - https://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/ #security/cyberattacksandhacks #security/nationalsecurity #techsupport #security
Wired: The US Is Sending Money to Countries Devastated by Cyberattacks https://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/ #Tech #wired #TechNews #IT #Technology via @morganeogerbc #Security/CyberattacksandHacks #Security/NationalSecurity #nationalsecurity #TechSupport #ransomware #Security #security #malware
2023-03-29 RDP #Honeypot IOCs - 807 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.173.204.143 - 446
43.156.9.187 - 113
103.104.84.129 - 68
Top ASNs:
AS146940 - 446
AS132203 - 113
AS133933 - 68
Top Accounts:
hello - 757
Administr - 20
Domain - 19
Top ISPs:
Natsav - 446
Shenzhen Tencent Computer Systems Company Limited - 113
NetSat Private Limited - 68
Top Clients:
Unknown - 807
Top Software:
Unknown - 807
Top Keyboards:
Unknown - 807
Top IP Classification:
Unknown - 639
hosting - 163
proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/rPE0Y6WN
DR.Web For Linux.
Dr.Web is a Russian anti-malware company and with the same name on its software suite that was first released in 1992 and became the first anti-virus service in Russia. The latest Dr.Web software blocks viruses and malware from accessing the protected system and will cure the malignant programs that have already penetrated it.
#drweb, #antivirus, #Linux, #Debian, #LMDE5, #security.
Read more here: https://www.linuxexperten.com/gallery/drweb-linux
Hackers compromise 3CX desktop app in a supply chain attack https://cyberfeed.io/article/0d19b3e9dc3fe180731fc383a2cbcd09 #cybersec #security #infosec #cybersecurity
#Cybersecurity #researchers have discovered a fundamental #security flaw in the design of the IEEE 802.11 #WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. https://tchlp.com/3lNTD74
So people can say that the Wifi vulnerability don't touch #unify #ubiquity device
#security #cybersecurity #cyberdefence #wifi
Why De-privileging?
This post starts a series explaining why we at Microsoft Security Services for Incident Response recommend some of our favorite protections. Our first post in the series talks about identity hygiene.
Senate Bill to Ban TikTok https://cyberfeed.io/article/68b362250e92da5a2d2f1deb9162cb97 #tech #security #infosec #cybersecurity
📢 #Google’s Threat Analysis Group (TAG) has uncovered "highly-targeted" mobile spyware campaigns using #0day exploits to deploy spyware against iOS and Android devices.
Read: https://www.hackread.com/google-spyware-attack-android-ios-chrome/
Cybersecurity firms warn of 3CX desktop app supply chain attack https://cyberfeed.io/article/047ae29a2192f1e84c3ad7d3bb3a4582 #cybersec #security #infosec #cybersecurity
UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....
I have no words.
Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.
But even so, this is terrible.
Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.
And, yes, you will absolutely find a lot of exceptions to that. Well done.
But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.
It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.
But this is a significant problem. It really is.
If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.
For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.
I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.
Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.
That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.
Back to being a bluffer.
The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.
I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.
Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...
I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security
Make Use Of: How to Recognize and Avoid Free Gift Card Scams: 7 Warning Signs https://www.makeuseof.com/tag/how-to-recognize-and-avoid-free-gift-card-scams/ #Tech #MakeUseOf #TechNews #IT via @morganeogerbc #OnlineSecurity #GiftCards #Security #Malware #Scams
Pause Giant AI Experiments: An Open Letter https://cyberfeed.io/article/49e38043bdbdb6e2b386bc067f5180b3 #tech #security #infosec #cybersecurity
[de] E-Voting CH: Prof. A. Appel: "Von Hand" ist einzig sichere Methode
"Der aktuelle Stand der IT-Security-Wissenschaften lässt uns ... auf absehbare Zeit zum Schluss kommen, dass bei Wahlen Papierstimmzettel, die von Hand ausgefüllt ... nachgezählt ..., die einzig sichere Methode sind ..."
"... Eine Schwachstelle, die es Hackern ermöglicht, Schadsoftware auf Tausenden von Geräten von Wählern zu installieren."
https://www.inside-it.ch/e-voting-reihe-wie-sicher-ist-sicher-genug-20230328
Matthias Wübbeling looks at the DNS protocol and investigates whether DNS over HTTPS could be the solution to ensure the confidentiality of DNS requests https://www.fosslife.org/understanding-dns-over-https #DNS #networking #SystemAdministration #HTTPS #sysadmin #security
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App https://cyberfeed.io/article/acbf6fb9767d5573150d41b436ee32c8 #cybersec #security #infosec #cybersecurity
The cybersecurity community lost a giant this week with the passing of Kelly Lum, aka "Aloria". She was a tech pioneer, a woman at a time when the community included few women, and an #advocate for destigmatizing mental health. She also passionarely loved jokes and silly memes. Our sincere condolences to family, friends, and all affected by the loss of this bright light. https://techcrunch.com/2023/03/22/kelly-aloria-lum-passes-away-at-41-obituary/ #security #problemsolver #womensmonth #mentalhealth #bipolar #tumblr #infosecreactions #shineon
#China isn't doing anything with #TikTok that the #US isn't doing with #Facebook and #Twitter. Why is nobody mentioning the levels of #surveillance the US conducts on their own citizens? This is #gaslighting, pure and simple. The #Democrats AND the #Republicans AND the #President are guilty of it.
#USPol #Politics #Congress #Biden #BothSides #Internet #Encryption #Privacy #Security
https://beincrypto.com/vpn-users-risk-20-year-jail-sentences-us-restrict-act/
#VPN Users Could Face Decades in Jail Under New #RESTRICTAct | beincrypto.com
[en] Online voting provider paid for academic research in attempt to sway U.S. lawmakers
According to Cyberscoop, "Democracy Live [a voting technology company] directed academic research aimed at demonstrating its product's security and used that material in lobbying campaigns."
https://cyberscoop.com/democracy-live-research-online-voting/
#onlinevoting #evoting #ictsecurity #infosec #security #democracylive
S. 686, also known as the RESTRICT Act, is about WAY more than TikTok. It leaves WIDE authority for the U.S. government to monitor, control and force the handing over of private data.
Among many other issues, it mentions fines and prison time for things like using VPNs, which is insane.
There's a lot in it to unpack. Just please, stay informed, and call your congresspeople if you can.
RESIST this dangerous garbage.
#RESTRICTAct #NoToRESTRICTAct #TikTok #privacy #security #surveillance #VPN #VPNs #s686
500K Subscriber Celebration! https://cyberfeed.io/article/4fc3f32a75a00868ff8c5ad415c12edd #cybersec #security #infosec #cybersecurity
Novel way of handling integer overflow, which actually follows Liskov Substitution Principle (2021) https://blog.polybdenum.com/2021/10/03/implicit-overflow-considered-harmful-and-how-to-fix-it.html #security #rust #plt
Novel way of handling integer overflow, which actually follows Liskov Substitution Principle (2021) https://blog.polybdenum.com/2021/10/03/implicit-overflow-considered-harmful-and-how-to-fix-it.html | https://lobste.rs/s/qyislj #plt #rust #security
Nice solution for storage security and compliance 👉 Retrieving previous versions of S3 bucket policies https://aws.amazon.com/blogs/storage/retrieving-previous-versions-of-s3-bucket-policies/ #AWS #Security #Compliance #Storage
Steam will drop support for Windows 7 and 8 in January 2024 https://cyberfeed.io/article/41d98135b75ff251407be342c8e9888d #cybersec #security #infosec #cybersecurity
OpenAI Patches Account Takeover Vulnerabilities in ChatGPT - #Security #AI https://www.securityweek.com/openai-patches-account-takeover-vulnerabilities-in-chatgpt/
Once you have the MDTI Connector and Solution working, this will show the TI only from the MDTI connector https://rodtrent.com/w2w
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #MicrosoftDefender #MDTI #MustLearnKQL #KQL
Thunderbird-Update
Es gibt mal wieder ein Update des Donnervogels ohne daß – wie normalerweise üblich – ein Update des kleinen, roten Pandas (aka Feuerfuchs) vorausgegangen war. Die Entwickler des Mozilla Thunderbird haben außer der Reihe das Update auf die Version 102.9.1 freigegeben und damit auch Sicherheitslücken behoben. https://kantel.github.io/posts/2023032901_thunderbird_update/ #Mozilla #Thunderbird #Update #Security
macOS Ventura 13.3, Monterey 12.6.4 and Big Sur 11.7.5 bring firmware updates for all supported Macs https://cyberfeed.io/article/1c88049c587547bcdee5589aed07b071 #cybersec #security #infosec #cybersecurity
"@Splunk releases #security & #observability platform to help build secure #digital #enterprise"
https://www.itopstimes.com/monitoring/splunk-releases-security-and-observability-platform-to-help-build-secure-digital-enterprises/ via @ITOpsTimes
Interesting to see $SPLK conflate #cybersecurity w/ #DevOps tech in one PR.
#DevSecOps anyone? Can they (finally) break Conway's Law?
Hrrm
Having trouble getting MDTI Solution working? Here's a step-by-step process of how to install the solution and then enable the MDTI data connector https://rodtrent.com/ffp
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
From the birdside by Oliver Hader:
🛡️Watch the new Content-Security-Policy module of #TYPO3 v12.3 in action (Google Maps integration demo)... https://typo3.org/article/typo3-v123-freeze #security
Beaxy exchange shutters after SEC presses multiple charges against founder, execs - The regulator is throwing the book at Beaxy and people associated... - https://cointelegraph.com/news/beaxy-exchange-shutters-after-sec-presses-multiple-charges-against-founder-execs #cryptocurrencyexchange #security #sec
What's New: MDTI Microsoft Sentinel Playbooks https://rodtrent.com/7oz
#MicrosoftSentinel #MicrosoftDefender #Cybersecurity #MicrosoftSecurity #Security
Multi-cloud Cyberattack Response | How Microsoft's SIEM & XDR work together https://rodtrent.com/sdu
#MicrosoftSentinel #MicrosoftDefender #Cybersecurity #MicrosoftSecurity #Security
Get Ahead of Cyberattacks with Microsoft Defender Threat Intelligence https://rodtrent.com/v3u
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
What's New: Intel Profiles Deliver Crucial Information, Context About Threats https://rodtrent.com/m2c
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
Power BI Activity Workbook for Microsoft Sentinel https://rodtrent.com/my2
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #PowerBI
Microsoft Sentinel — Azure OpenAI Incident Response Playbook https://rodtrent.com/721
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #OpenAI #AI
New Restrictions in #LockdownMode in #Safari #WebKit in #iOS #iPadOS 16.4 and #macOS 13.3
https://webkit.org/blog/13966/webkit-features-in-safari-16-4/
HT @Aranjedeath
Why You Should Use a Password Manager Instead of Browser-Based Ones, and How to Get Started
You do need some sort of proper password manager today, mainly because you cannot re-use the same passwords across different websites. So having a unique password, as well as a unique user ID/Email for each one, means you cannot remember 500+ combinations acr ...continues
We should move beyond a combat-oriented mindset and language. Here's why and how: https://zeltser.com/shift-your-mindset-from-conflict-to-collaboration-to-succeed-in-security/
Stream Google Cloud Platform logs into Microsoft Sentinel https://rodtrent.com/5sx
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
Why You Should Use a Password Manager Instead of Browser-Based Ones, and How to Get Started
Password login prompt mentioning two-factor authentication is available You do need some sort of proper password manager today, mainly because you cannot re-use the same passwords across different websites. So having a unique password, as well as a unique user ID/Email for each […]
https://squeet.me/display/962c3e10-4ac0cd6e-75dc8a0d6c2d306f
cURL and Pre-notification dilemmas https://daniel.haxx.se/blog/2023/03/29/pre-notification-dilemmas/ | https://lobste.rs/s/ok7h12 #linux #security
Remote PowerShell: Einfallstor bei Exchange Online jetzt mit Gnadenfrist
Ein halbes Jahr länger bleibt Administratoren, bis sie sich von ihren unsicheren PowerShell-cmdlets für Exchange Online verabschieden müssen.
#Systemverwaltung #EMail #Microsoft #MicrosoftExchange #PowerShell #Security #Server #news
Microsoft Sentinel Pricing and Monitoring https://rodtrent.com/4ca
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
STAT : Medical device companies now need to prove to FDA they’re protected against cyber attacks
The law, which goes into effect Wednesday, explicitly states that companies cannot sell their connected medical devices without first showing the Food and Drug Administration a solid cybersecurity plan.
https://www.statnews.com/2023/03/29/fda-medical-devices-cybersecurity-hack/
Malicious Actors Use Unicode Support in Python to Evade Detection https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection | https://lobste.rs/s/dbpzp6 #python #security
Azure OpenAI Sentinel Use Cases - Incident Enrichment with AI-generated KQL queries https://rodtrent.com/x30
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
Der heise Security Crashkurs zum Schutz vor Ransomware
Dieses praxisorientierte Webinar erklärt in zwei halben Tagen, wie die Angreifer aktuell vorgehen und wie Sie ihre Unternehmens-IT bestmöglich davor schützen.
NIST nimmt Rust in die Liste der sichereren Programmiersprachen auf
Das National Institute for Standards and Technology (NIST) nimmt Rust wegen seines Ownership-Konzepts in die Liste der sichereren Programmiersprachen auf.
#NIST #Programmiersprachen #Rust #Security #Softwareentwicklung #news
Did you know that #Windows doesn't have effective full disk #encryption (#FDE) by default even when #BitLocker is activated?
The #TPM-only-method is as "secure" as an unencrypted disk because your disk is automatically unlocked when booting that system.
You need to enable a mandatory PIN for booting your system in order to prevent data theft when your device gets stolen.
That's bad #security theater & tells you something about security decisions by MS. 🤷
How to fix: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/
Rust Identified as Safer Coding Tool by NIST https://foundation.rust-lang.org/news/rust-identified-as-safer-coding-tool-by-nist/ | https://lobste.rs/s/8zlltk #rust #security
Manage the most critical data security risks inside your organization with intelligent automation
Data security incidents are often caused by insider actions and account for nearly 35% of all unauthorized incidents*. Even the strongest cybersecurity programs can be undermined by insiders who either intentionally or unintentionally put an organization at risk.
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/manage-the-most-critical-data-security-risks-inside-your/ba-p/3778245
Microsoft macht den KI-Copiloten für Security verfügbar
Der Copilot soll auch im Bereich Security aushelfen. Er lernt, nutzt die Microsoft Defender Threat Intelligence Database und kann Reverse Engineering.
#Ciberdelincuencia contra la #Mujer
Créditos: asianlaws.org
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #bugbounty #bugbountytips
#vtc #volgatc #volgatechconsulting
There is a flaw in Wifi protocol, some hardware are vulnerable, disable power save feature on AP (if you can) and use WPA3 (if you can) to reduce the possibility of being taken.
#security #cybersecurity #cyberdefence #wifi #wpa3 #powersave
🤔 Prediction: following #microsoft security copilot announcement, every #security vendor will be launching gpt4 integration by end of 2023. We are in the era of ML infused security https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning
Get Ahead of Attacks | Microsoft Defender Threat Intelligence https://rodtrent.com/om8
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
Game changer 👍🏻 Microsoft today announced #Security Copilot, a new #ChatGPT-like assistant powered by AI that takes advantage of Microsoft's threat intelligence footprint to make faster decisions during incident response and to help with threat hunting and security reporting. Copilot answers defenders' security questions via a ChatGPT-like interface and continuously learns to adapt to each environment to advise on the best course of action. https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-gpt-4-powered-security-copilot-to-incident-response/ #infosec #machinelearning
Microsoft Puts ChatGPT to Work on Automating Cybersecurity https://cyberfeed.io/article/682c290adafd74b13eaf9f2c68a24ec8 #cybersec #security #infosec #cybersecurity
Cyber-Angriff auf IT-Dienstleister Materna
Der internationale Berater und IT-Dienstleister aus Dortmund ist Opfer einer Cyber-Attacke geworden. Systeme und Infrastruktur des Unternehmens sind gestört.
I really hate #security theatre. I have to do a password dance every 90 days to add money to my #EdmontonTransit Arc card.
Greg KH maintains Generic Kernel Image (GKI) LTS branches for the Linux kernel alongside the kernel.org LTS branch releases. GKI LTS branches include Android's stable ABI for out-of-tree modules, enabling updating the base kernel without changing out-of-tree modules.
#grapheneos #privacy #security #linux #linux-kernel #lts #gki
Journalists and human rights defenders need safe ways to receive tips from the public without exposing a source's phone number, email address, or asking them to find burner devices.
Introducing: 🤫 Hush Line - https://hushline.app - a secure suggestion box. Anyone can leave an encrypted message without downloading any software or creating an account.
Hush Line uses your public PGP key to encrypt messages to a simple text file.
#pgp #messaging #python #encryption #privacy #security #tipline
Dienstag: Microsoft Teams ganz neu, USA reduzieren Spyware
Microsoft Teams doppelt so schnell + US-Regierung schränkt Spyware ein + iOS 16.4 mit Neuerungen + EU-Rat zum Data Act + Kommentar zum geplatzten Verbrenner-Aus
#Apple #Datenschutz #EU #iOS #Microsoft #MicrosoftTeams #Pegasus #Security #Spyware #news
US-Präsident Biden verbietet den Einsatz kommerzieller Spionageprogramme
Spyware ist oft verheerend für die Menschenrechte. Das Weiße Haus schränkt nun den Einsatz durch US-Bundesbehörden ein. Es gibt allerdings Ausnahmen.
Of the folks I interacted with on the bird site, I'm noticing these migration patterns:
* #security peeps have mostly moved over here, primarily to infosec.exchange and a few to hachyderm or self-hosting
* dev & #FOSS folks have migrated en masse, primarily to hachyderm and self-hosting
* science fiction friends have mostly made the jump
* journalists are a mix - lots of folks cross-posting and lots still posting "write-only" over there, but lots still engaging too
* my #LGBTQ peeps are active in both places
* disability advocacy friends are still over there; a few #ADHD peeps are over here
* DEI type folks have depressingly mostly not moved here, but to LinkedIn
* founders & VCs have almost entirely _not_ moved
* housing/urbanist types mostly haven't moved, especially Canadians
Curious how that lines up with what others are seeing, especially among groups I haven't listed (those happen to be the groups I personally interact with – curious about your personal equivalents!)
Internews is looking for open-source digital safety and security software teams interested to participate in a fully funded program aimed at supporting teams’ strategic planning and sustainability. https://internews.org/call-for-expressions-of-interest-strategic-planning-for-open-source-software-sustainability-project-sustain/ #opensource #floss #privacy #security
We hardly talked about #security audits but there is nothing to hide!
#DeltaChat received three security audits in total, covering core networking #encryption as well as SMTP/IMAP protocol and end-to-end encryption, and also including an audit on our recent secure server setup guide: https://delta.chat/en/2023-03-27-third-independent-security-audit
Survey of #email #security on Mastodon servers yields disappointing results, and finds only 15 % of analyzed Mastodon domains have a published #DMARC policy with active settings:
via @Martranslations
And you can easily check this yourself using this online tool by @internet_nl:
Betrug, Fake-News, krimineller Code: Europol warnt vor Missbrauch von ChatGPT
ChatGPT sei in der Lage, eine viele kriminelle Aktivitäten zu erleichtern, beispielsweise Terrorismus und sexuelle Ausbeutung von Kindern, meint Europol.
#ChatGPT #Kriminalität #KünstlicheIntelligenz #Phishing #Security #news
GrapheneOS version 2023032600 released: https://grapheneos.org/releases#2023032600.
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/4116-grapheneos-version-2023032600-released
GrapheneOS Camera app version 61 released: https://github.com/GrapheneOS/Camera/releases/tag/61.
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/4111-grapheneos-camera-app-version-61-released
Is there an increased #security risk to buy a used Pixel Phone online instead of a new one & than install @GrapheneOS on it?
The #fdroid updates UI shows this today, putting the user against the wall and asking them to throw the baby out with the bathwater. No details as to what the #security vulnerability is (apparently affects a bunch of PDF readers out there), no CVE number, no link to a bug tracker ticket... Not the greatest #infosec #uxdesign to me.
Goanywhere-Attacke: Immer mehr Erpressungsopfer bekannt
Russische Ransomware kam über einen Admin-Zugang für den Dateiübertragungsdienst Goanywhere MFT. Die Opfer sind prominente Firmen.
#Erpressung #Fortra #Gesundheitsdaten #GoAnywhereMFT #Ransomware #Security #cl0p
A Scammer Tricked Instagram Into Banning Influencers With Millions of Followers. Then He Made Them Pay to Recover Their Accounts.
--
OBN, a mysterious fraudster, says he made hundreds of thousands of dollars by exploiting Instagram’s security gaps. He’s eluded Meta and law enforcement, but we followed his trail to Las Vegas.
#Scams #Fraud #Instagram #LasVegas #Influencers #Meta #Facebook #Security #Privacy #Hackers
@SwiftOnSecurity file this under terrible good „#badPractice“ for #admin #security
Very consequent. I like it.
Maybe the energy could have redirected better 😂
Well, get ready to hear about way more stuff like THIS with all the ChatGPT crap now. Security issues, data breaches, yeah, let's just add to all that.
https://www.theverge.com/2023/3/24/23655622/chatgpt-outage-payment-info-exposed-monday
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 43 released: https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-43.
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/4099-gmscompatconfig-version-43-released
My four-month-late #Introduction :
Work: #WordPress #hosting & #Security, #music #festival #IT, #Editor / #Filmmaker, #SmallBusiness
Life: #horror movies, music, #camping, curious and loves to learn, social justice, and to my surprise, a #runner who has #run 15,477 KM Jan 2020 - Dec 2022.
If you stop and look at something the more closely you examine it, the more amazing it becomes.
Married to the wonderful @TAV for over 25 years, furdad to Sprocket the #MinPin, (he/him) #Ottawa, #Canada
Windows Snipping-Tool anfällig für "Acropalypse"
Anfang der Woche wurde eine "Acropalypse" genannte Lücke im Screenshot-Tool von Google Pixel-Phones bekannt. Das Windows 11 Snipping-Tool verhält sich ebenso.
#Acropalypse #Security #Sicherheitslücken #SnippingTool #Windows11 #WindowsSnippingTool
Chatgpt bug revealed user chat histories, user’s first and last name, email address, payment address, the last four digits of a credit card number and credit card expiration date ...
The bug was discovered in the Redis client open-source library, redis-py
#openai #chatgpt #security #bug #opensource #redis #rediscache #rediscluster #redispy #asyncio #library #chat #payment #history
Kollaborationstool: Nextcloud mausert sich zum umfassenden MS-Teams-Konkurrenten
Nextcloud bringt Hub 4. Und das Update hat es in sich: KI-Features, eine SharePoint-Alternative, ein schnelleres Backend und mehr warten auf die Nutzer.
#ChatGPT #CloudComputing #DALLE #DeepL #EMail #KünstlicheIntelligenz #LinuxundOpenSource #MicrosoftTeams #Nextcloud #Openstreetmap #Security #SharePoint #Verschlüsselung #Videokonferenz
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 42 released: https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-42.
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/4074-gmscompatconfig-version-42-released