Search
Items tagged with: cybersecurity
Get ready for the transition to @thunderbird mobile!
blog.iode.tech/get-ready-for-t…
#thunderbird #android #rom #privacy #cybersecurity #adblocker #iodé #degoogle #opensource
Get ready for the transition to Thunderbird mobile! - iodé
We will replace p≡p (pretty easy privacy), our default email app, with Thunderbird. Here's all you need to know for the transition.antoine (iodé)
Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!
> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!
So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.
So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…
Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).
@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…
#tor #infosec #cybersecurity #threatintel #privacy
[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…Tor Project Forum
Happy birthday to ARPANET, the forerunner of the modern internet! 53 years ago, the first message was sent over this pioneering network, paving the way for a world of interconnection and innovation.
As a tech enthusiast, I am constantly amazed by the ways the internet has transformed our lives, allowing us to communicate, learn and share ideas across boundaries and borders. From social media to e-commerce, from telemedicine to remote work, the internet has become an essential part of our daily routines, enabling us to connect with others and access a wealth of information at our fingertips.
#ARPANET #InternetAnniversary #Transhumanism #TechInnovation
#InternetHistory #Networking #DigitalRevolution #Innovation #Communication #Cyberculture #OnlineCommunity #TechHerstory #NetNeutrality #OpenSource #Decentralization #DataPrivacy #Cybersecurity #DigitalRights #Accessibility #Inclusion #SocialImpact #DigitalTransformation #FutureTech #TechOptimism #InternetOfThings #AI
🔗 ethw.org/Milestones:Birthplace…
🦾6 AI Tos Used by Hackers
🔹Poisongpt
🔹Wormgpt
🔹Speechif.ai
🔹Deepl.ai
🔹Freedom.ai
🔹Passgan.ai
🔖#infosec #cybersecurity #hacking #pentesting #security
Should the CISOs role be split into two functions? - Help Net Security
To better manage growing responsibilities, 84% of CISOs believe the role should be split into technical (CISO) and business-focused roles.Help Net Security
ICYMI: Internet Archive hacked, data breach impacts 31 million users
1. Nobody is safe.
2. A non-profit is using bcrypt to hash passwords, no reason why your for-profit company can't do the same.
American Water shuts down online services after #cyberattack
American Water is the largest water and wastewater treatment utility in the US…
OT systems not affected - so appears this only affects their IT systems. Suspected nation state activity (Russia).
(I encourage everyone sharing this with their friends because cyber attacks absolutely can have direct “real world” consequences.)
T-Mobile reaches $31.5 million settlement with FCC over past data breaches
Apparently, T-mobile is now mandated to implement better cybersecurity controls, such as properly segmenting networks and using phishing resistant #MFA.
This settlement covers the breaches in 2021, 2022, and 2023. Will we get a 2024 special? 💀
Today I made my threat hunt book publicly known on LinkedIn. So far the feedback has been overwhelming. I do hope my efforts will contribute to educate both threat hunters and SOC analysts!
puri.sm/posts/quantum-safe-com…
Tor insists its #network is safe after German cops convict CSAM dark-web admin
Kind of boils down to opsec fail here. Using outdated software, which in this case didn’t properly secure Tor connections.
Timing attacks are still viable (especially with hostile nodes), but this reads as an #opsec fail to me.
Remember: a major part of anonymity is maintaining great opsec.
Obligatory: Tor is not “just for criminals,” despite one getting caught in this case (glad he did tbh). Regular people use Tor everyday.
#cybersecurity #security #privacy
theregister.com/2024/09/19/tor…
Tor insists its network is safe after German cops convict CSAM dark-web admin
Outdated software blamed for cracks in the armorIain Thomson (The Register)
puri.sm/posts/the-liberty-phon…
#LibertyPhone #SecureGovMobile #MadeInUSA #SupplyChainSecurity #OpenSource #PureOS #EndToEndEncryption #HardwareSecurity #GOTSSolution #CyberSecurity
Say it with me...
Network vulnerability!!!
A quick story/rant.. my cousin got my mother a new coffee maker. I don't expect my mom to use the WiFi functionality, but I'm still concerned about why we would need a whole coffee maker to have a small computer in it... I understand the versatility of not having a hub, and that hubs are also a single point of access for any malicious actors, but I'm sure a hub for multiple devices instead of a thing for a coffee maker would be updated much more frequently, and supported for longer.
If nothing else, maybe I can pull it into my janky Home Assistant setup somehow.
Even if it doesn't end up being a gateway for snooping on home network, it is quite silly, in my opinion.
Now, I must go check to see if anyone's hacked at these yet lol...
#NetSec #Networking #cybersecurity #cybersec #IoT #smarthome #coffee #keurig #hacking
An important nuance I haven't seen so far though is that even within a marginalized group, opinions can vary wildly about to what degree something is considered "a problem". The fact #twitch tried to get rid of "blind playthrough" in 2020 because it was considered ablist language is a great example of this: nobody in my circle thought this was problematic, we all had a good laugh and basically said they probably had bigger problems to worry about.
Now however, only a few years later, I see more and more sentiments shifting where that is concerned, asking writers not to use blind as synonymous for ignorant, stupid or incompetent. Same with terms like crippling debt. And as opposed to the Twitch example, this time it's actually #PWD who are making these points.
The question now becomes: Did times change, and did people get more offended by this / more hurt by this? Or is this simply yet another example of people finally coming forward about something that's irked them for decades?
I myself know where I stand on this, but I'd be a hypocrite if I decided to, in this case, decide everybody thinks as I do, where I normally always preach caution about homogenizing #accessibility.
This post doesn't really go anywhere, I just thought it was an interesting bit of contemplating :))
Privacy-focused Tuta Mail Opens Second Office in Munich:
See how Tuta stacks up with other email providers in keeping your information private:
The city of Columbus Ohio got hacked by a ransomware gang, they didn't pay the ransom so the gang released half of the stolen data which included secret police and prosecutor files. The leak exposed countless victims, witness and confidential informants personal info and communications with the city.
The city claimed NO info was leaked. A cyber security enthusiast went to the media and proved otherwise.
Tu je niekoľko populárnych hashtagov týkajúcich sa rôznych tém v oblasti kybernetickej bezpečnosti:
- #CyberSecurity - General cybersecurity topics
- #InfoSec - Information security
- #PenTesting - Penetration testing
- #OSINT - Open-source intelligence
- #ThreatHunting - Identifying and responding to threats
- #MalwareAnalysis - Analyzing and understanding malware
- #IncidentResponse - Responding to cyber incidents
- #ZeroDay - Zero-day vulnerabilities and exploits
- #CyberThreats - Cyber threat intelligence
- #EthicalHacking - Hacking for ethical purposes
- #RedTeam - Offensive security testing
- #BlueTeam - Defensive security operations
- #CloudSecurity - Securing cloud environments
- #IoTSecurity - Security for Internet of Things devices
- #DataProtection - Protecting sensitive data
- #SOC - Security Operations Center practices
- #Phishing - Phishing attacks and prevention
- #Ransomware - Ransomware threats and defenses
- #CryptoSecurity - Cryptography and encryption
- #AppSec - Application security
- #BugBounty - Programs for finding and reporting security bugs
- #DigitalForensics - Investigating cyber crimes
- #Privacy - Protecting personal and organizational privacy
- #CISO - Chief Information Security Officer topics
- #GDPR - General Data Protection Regulation compliance
Môžete ich používať na platformách sociálnych médií, aby ste objavili obsah, zapojili sa do diskusií a zostali informovaní o najnovších poznatkoch v oblasti kybernetickej bezpečnosti.
When you search for "identita občana" (Citizen Identity, ID for the Czech e-government), the first link #Google gives you (as an ad) is to a malicious website.
I wonder if companies like Google will ever be held accountable for spreading dangerous scams and getting paid for it.
I learned about secure software development on the job, but like ethical computing (which I've talked about before), this should also be included in formal education. Because of the current threat models, topics like security by design and zero-trust frameworks are critical when developing Internet systems. linuxfoundation.org/press/linu…
#securitybydesign #security #softwaredevelopment #zerotrust #infosec #cybersecurity #education
The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development
Findings show nearly one-third of industry professionals are not familiar with secure software development practicesThe Linux Foundation
#WhatsApp for #Windows lets Python, PHP scripts execute with no warning
Granted, Python needs to be installed on the system prior.
Meta says they will not bother to fix this, despite maintaining a built-in list of potentially dangerous file types (ex: .exe)
We've partnered with Abside to create a groundbreaking secure communication solution for government agencies. Our Liberty phone, featuring Made in USA Electronics and running our non-Android PureOS, now integrates with Abside's N79 5G private network. The result? A fully American-made, ultra-secure platform for government personnel to communicate and access critical data on the move. Privacy, security, and performance – all in one package. #Purism #Cybersecurity #Abside
puri.sm/posts/abside-and-puris…
Abside and Purism Partner to Deliver Secure Mobile Solution for U.S. Government and NATO Countries – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.Purism SPC
This dumb password rule is from SecureAccess Washington.
Central authentication for all Washington State services
(DoL, ESD, etc).
Password must have *exactly* 10 characters, but form happily
lets you enter more and only throws errors after submit,
providing no useful feedback.
dumbpasswordrules.com/sites/se…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
SecureAccess Washington - Dumb Password Rules
Central authentication for all Washington State services (DoL, ESD, etc). Password must have *exactly* 10 characters, but form happily lets you enter more and only throws errors after submit, providing no useful feedback.dumbpasswordrules.com
This dumb password rule is from Virgin Media.
Your password needs to be between 8 and 10 characters long, with no
spaces, and must contain only numbers and letters. The first character
must be a letter.
Feb 2020 Update: policy remains the same but the description is hidden
leaving you to guess the acceptable length/chars. Users are now lef...
dumbpasswordrules.com/sites/vi…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Virgin Media - Dumb Password Rules
Your password needs to be between 8 and 10 characters long, with no spaces, and must contain only numbers and letters. The first character must be a letter.dumbpasswordrules.com
This dumb password rule is from Banque de Tahiti.
You have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e.g. `µ`).
No accessible version available.
dumbpasswordrules.com/sites/ba…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Banque de Tahiti - Dumb Password Rules
You have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e…dumbpasswordrules.com
Today's stream will be more #tryHackMe content, with a look at #HackTheBox Academy next week. Anyone who wants this kind of feedback, and doesn't mind constructive, but thorough, feedback, come talk to me :) We'll be going live today at 3 PMeST over at https;//twitch.tv/ic_null and youtube.com/@lindlyCoding #infoSEc #cybersecurity #accessibility #selfPromo #twitch #youtube #streaming
STAGGERING: Nearly all #ATT customers' text & call records breached.
An unnamed entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers on the network.
And of course, third party #Snowflake makes an appearance.
cnn.com/2024/07/12/business/at…
#infosec #cybersecurity #telco #cellular #privacy #security #breach
Computer hardware maker #Zotac exposed customers' RMA info on Google Search
Misconfiguration of permissions folders holding customer info related to RMAs have been indexed by search engines like #Google. As a result, it has shown up on SERPs.
Information leaked includes invoices, addresses, and contact information.
Fun fact: Security Misconfiguration is number 6 on the OWASP Top 10 Web app Security Risks.
Do you want to help secure GNOME and get a reward? 🏅
We are testing a new program in which people get a payment for reporting and/or solving vulnerabilities.
yeswehack.com/programs/gnome-b…
From €500 to €10,000 depending on criticality 💶
For now only GLib is in scope but we will expand the list of modules and advertise as the program grows.
In partnership with @yeswehack and @sovtechfund
#GNOME #infosec #FreeSoftware #security #bugBounty #OpenSource #cybersecurity
GNOME Bug Bounty Program bug bounty program - YesWeHack
GNOME Bug Bounty Program bug bounty program detailsYesWeHack #1 Bug Bounty Platform in Europe
In an hour, we resume our explorations of #burpsuite, @zaproxy and other such fun tools, through a #tryHackMe lens. More theory last week, more practicals this week. Come see, you'll be glad you did! :) twitch.tv/ic_null or youtube.com/@blindlyCoding, pick your poison :) #selfPromo #hacking #cybersecurity #allThatJazz :P
This dumb password rule is from CenturyLink Residential.
Your password is too long. But how long can it be? Oh, we won't tell you.
dumbpasswordrules.com/sites/ce…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Russian hackers read the emails you sent us, Microsoft warns more customers.
Read more in my article on the @Bitdefender blog:
bitdefender.com/blog/hotforsec…
#cybersecurity #databreach #microsoft
Russian hackers read your emails to us, Microsoft warns more customers
More of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes.Hot for Security
ID Verification Service for #TikTok, #Uber, X Exposed Driver Licenses
In this case, the ID verification vendor leaked admin credentials and exposed people’s information (sensitive documents and status of verification) for over a year.
All for “age verification” we introduce another EZ mode way for people’s real life identities to be compromised. Companies want you to provide sensitive documents to prove you’re real/your age but can’t be bothered to invest money/time/effort in basic #security to secure what you give them.
404media.co/id-verification-se…
ID Verification Service for TikTok, Uber, X Exposed Driver Licenses
As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.Joseph Cox (404 Media)
Wait...What?
microsoft.com/en-us/security/b…
Mitigating Skeleton Key, a new type of generative AI jailbreak technique | Microsoft Security Blog
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models.Mark Russinovich (Microsoft Security Blog)
Textual Analysis for Network Attack Recognition — Background
The background of the network attack threat environment — what is happening, and what should we worry about?Bob Cromwell: Travel, Linux, Cybersecurity
#Tutanota and #protonmail
#protonvpn
#dashlane and #protonsecurity
#portmaster
#joplin and #standardnotes
#firefox and #duckduckgo #brave
#signal and #element
#duomobile #authy
If anyone out there is looking for some #infosec / #cybersecurity-related training, feel free to peruse this giant list I've been putting together over time ⬇️
shellsharks.com/online-trainin…
Know of a training that isn’t listed here? Let me know about it and I can add!
We're truly in a golden age of resources for learning infosec/IT, the hardest part becomes choosing the best thing!