Search
Items tagged with: CyberSecurity
Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"
blog.mozilla.org/netpolicy/202…
#france #browser #cybersecurity #mozilla #security #surveillance
France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy
Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.Udbhav Tiwari (Open Policy & Advocacy)
Brightly warns of SchoolDude data breach exposing credentials
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.Sergiu Gatlan (BleepingComputer)
This dumb password rule is from MySwissLife.
User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.
dumbpasswordrules.com/sites/my…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Is #Gmail killing independent email?
"Is it okay that Gmail has the power to decide whether a business is sending spam or not?"
Gmail has rigged the email game imo. It makes running a self-hosted email server hard, even after properly configuring DKIM, DMARC, and SPF.
#cybersecurity #privacy #technology
tutanota.com/blog/posts/gmail-…
Is Gmail killing independent email?
People report that self-hosted emails always end up in Gmail spam. Is there anything Google can do about it?Tutanota
Stay strong: Desperate governments worldwide want to downright criminalize #privacy and #encryption now, using laughable pretexts like #cybersecurity causing #childabuse to literally put everyone on the planet under a permanent wiretapping mandate like we're common criminals by default.
Smartphones are especially susceptible to surveillance, and among those devices we have the least control over instead of corporations merely renting them to us: It's time for that to change!
Minecraft clones stealthily load ads on millions of Android devices.
grahamcluley.com/minecraft-clo…
#cybersecurity #adware #minecraft #google #googleplay #android
Minecraft clones stealthily load ads on millions of Android devices
Boffins at McAfee have identified 38 Android apps in the Google Play store that unashamedly rip off the ever-popular gaming sensation Minecraft…Graham Cluley
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
This dumb password rule is from Banco Mercantil.
8 to 15 chars. No special chars allowed but requires special chars. Also
requires lowercase, uppercase, and numbers. Consecutive chars are
prohibited. Did I mention the page hangs while you type? That eye icon
tho.
dumbpasswordrules.com/sites/ba…
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Banco Mercantil - Dumb Password Rules
8 to 15 chars. No special chars allowed but requires special chars. Also requires lowercase, uppercase, and numbers. Consecutive chars are prohibited. Did I mention the page hangs while you type? That eye icon tho.dumbpasswordrules.com
Yours truly is looking for an #InfoSec / #Cybersecurity job in a safer state than Florida. I do pretty much all things security... like consulting, malware analysis, auditing, compliance, blue team, red team, purple team, SecDev, SecOps, SecDevOps, etc.
My kids are all grown now, so I am more than willing to travel / relocate. If you have any leads or tips on some good companies, please let me know.
#GetFediHired
[matrix] • [SimpleX]
Matrix - Decentralised and secure communication
You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversationmatrix.to
Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.🤦♂️
In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.
The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵💫
#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft
Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement
When opening Microsoft Authenticator for the first time after downloading it from the App Store, it prompts the user to accept sharing diagnostics with Micro...YouTube
Time it takes for a hacker to brute force your password.
Good to know: Tutanota checks your password upon signup and makes sure it's strong enough. Secure your emails now: mail.tutanota.com/signup
Of course, we also support 2FA on all clients.
Stay secure! 😍
Secure Emails Become a Breeze
Get your encrypted mailbox for free and show the Internet spies that you won't make it easy for them! Why? Because you simply can.Tutanota
I had quite a scary discussion with #Bing Chat which was hijacked by German security researchers and transformed into a pirate chatbot. Seconds later it asked for my personal information and sent it to the attacker. The thing is: Everyone can hijack Bing chat this way right now. It’s not even hard - you don't have to be a hacker.
Microsoft told me they had heard of the attack - and obviously weren't able to stop it from happen. My article (+German):
zeit.de/digital/2023-03/cybera…
#cybersecurity #ITSec
Please boost! We are *hiring* for *two* jobs in information security! Come work with our amazing team building solutions for the security have-nots in our world!
Red Queen Dynamics needs 1) a leader for engineering/cloud infrastructure, and 2) a product designer. We are a remote-first security company and we welcome people from all backgrounds and life journeys. #infosec #infosecjobs #hiring #cybersecurity
You can apply here! Tech Lead: linkedin.com/jobs/view/3475289…
Product Designer: linkedin.com/jobs/view/3475289…
Or stay up to date with all our job postings on our website: rqdn.io/career-opportunities
Career Opportunities
Looking for a place to stretch your wings? Check out our remote work opportunities that range from sales to product development.rqdn.io
Biden Administration Declares War On The Internet, Clears Path For Offensive Hacking Efforts By Federal Agencies
It’s impossible to be the “aggressor” of the free world. Those words just don’t make sense together. “Defender of the free world,” maybe. If you’re going o…Techdirt
Tutanota: U2F support is now also available on #Android and #iOS
U2F keys are now supported on all @Tutanota clients.
(Tutanota is also an avoidthehack recommended encrypted email provider).
#mfa #2fa #privacy #cybersecurity #infosec #infosecurity
tutanota.com/blog/posts/app-up…
U2F support is now also available on Android and iOS.
Celebrate with us the new release of Tutanota!Tutanota
#getfedihired #Dragos, industrial #cybersecurity
jobs.lever.co/dragos
Senior Pen Tester - Remote US
Principal Detection Engineer - Remote US
Senior Reverse Engineer - Remote US
Senior OT Engineering - Remote UK
Salaries are in postings.
Do you spot the trick?
This is a cookie banner shown before using Google search in some countries.
"Reject all" is a straightforward option. It appears in the same size and color as "accept all." It uses bullets, simple and concise language, and visualization. It has links for further info. So far, so good.
But there is a trick. Do you spot what is it?
#privacy #cybersecurity #securityawarenessmonth #google
Firefox Kills Another Tracking Cookie Workaround
#News #Firefox #Mozilla #privacy #cookies #infosec #Cybersecurity
theregister.com/2022/06/30/fir…
Firefox kills another tracking cookie workaround
URL query parameters won't work in version 102 of Mozilla's browserBrandon Vigliarolo (The Register)
Cyber Engineer
Cyber EngineerExperience: SeniorsLocation: Dulles, VANode is supporting a U.S. Government customer on a large mission-critical development and sustainment program to design, build, deliver, and operate a network operations environment; including …infosec-jobs.com
We need your help! 👋
Bitwarden is evaluating a new product tailored for developers and DevOps teams, to understand how they manage developer and infrastructure-oriented secrets, such as API keys, certificates, etc.
If you would like to participate, please fill out this short screener:
docs.google.com/forms/d/e/1FAI… #DevOps #developer #cybersecurity
Developer vault - Research Study Screener Survey
Thanks for your interest in participating in user research with Bitwarden! Please fill out this short screener survey, and we will reach out to you for scheduling if you qualify for the study.Google Docs