Search
Items tagged with: CyberSecurity
Seems to me that a new role has emerged for those who want a career in cybersecurity: Cybercriminal Troll.
Police around the world are making videos to scare the bejeezus out of scammers and hackers, revealing in a jaunty way how they are about to be busted.
Nice one Met Police.
#LabHost #cybersecurity #cybercrime #scam #phishing
T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMs
I still stand by this: if #sms #mfa wasn’t still massively used (especially by the financial sector), sim swaps would be less attractive to sim swappers.
It’s also crazy so much trust is placed in telecoms guarding your phone number and MFA factor for your bank. 🫨
#security #cybersecurity #simswap
T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMs
T-Mobile employees, both third-party and corporate, are receiving cash offers via text to complete SIM swaps for criminals.Jman100 (The Mobile Report)
#Sweden's public sector says goodbye to #BigTech
https://www.techradar.com/computing/cyber-security/swedens-public-sector-says-goodbye-to-big-tech
#privacy #cybersecurity #Tele2Collaborate #Matrix #Element #politics
Sweden's public sector says goodbye to Big Tech
Tele2 Collaborate is a new secure collaboration hubChiara Castro (TechRadar pro)
People still staying on X is proof that toxic relationships are not easy to leave.
#SocialMedia #MicroBlogging #Mobile #OnlineSafety #CyberSecurity
Let's use @protonprivacy and @Tutanota products.
When will the two largest providers of secure encrypted email make it the default for messages sent between them to be securely encrypted? If even they can't manage it what hope is there for the rest of the email world?
Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.
https://www.wired.com/story/house-section-702-vote/
#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle
House Votes to Extend—and Expand—a Major US Spy Program
The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.Dell Cameron (WIRED)
This piece is worth reading if you’re in tech criticism or infosec/cybersecurity and are being asked for commentary on IoT and smart home devices.
People aren’t foolish for using IoT or for wanting things to be easier in their homes. This tech makes positive and meaningful change for people of all kinds of abilities. It’s valid to worry about the privacy or security issues that IoT is riddled with, but don’t draw a direct line from there to blaming the user - some people have no alternatives that don’t involve giving up independent access to their own homes and lives. Everyone deserves to live in ways that fit their needs.
Instead, join the push to hold manufacturers and providers to account for poor security and privacy practices. Advocate for better, more respectful and accessible default configurations. Help people understand how to anticipate and mitigate the worst of these issues when they’re setting things up, and give them power and agency over their home systems.
We all deserve to have tech that works for us, in all the ways that matters.
#accessibility
#a11y #infosec
#cybersecurity
#iot #smarthome
https://www.theverge.com/24080201/smart-home-accessibility-apple-nest-alexa
How smart home technology made my home more accessible
Using one’s phone or voice to flip a light switch may be convenient since you don’t need to get up. For the author and other disabled people, this makes it accessible.Steven Aquino (The Verge)
Random strangers getting paid to 'relay' YOUR texted login codes from THEIR phone numbers.
Privacy & security nightmare fuel.
Industry is turning away from texted verification because they are insecure... so what is #telegram thinking?
https://techcrunch.com/2024/03/25/telegrams-peer-to-peer-sms-login-service-is-a-privacy-nightmare/
#cybersecurity #infosec #privacy #doxxing #stalking #surveillance
You know it's interesting that I think @thunderbird is probably the one piece of software I have been using since Windows XP as a kid and still use it to this day. I even pay $10/year for a plugin to make Thunderbird work with my Office365 I use for my content creation so I can use it seamlessly on #Linux for contacts, calendar, and mail integration.
Despite all the email providers I have hopped between I still have used Thunderbird since around 2005 or 2006 #infosec #cybersecurity #opensource
Who wants a #cybersecurity jobs AMA? My mentee session canceled! #CybersecurityCareers #Resumes #CybersecurityEducation
https://youtube.com/live/0z95pwVOiTM?feature=share
AMA Cybersecurity Careers and Resumes (and other stuff!)
My mentorship session canceled, let's chat!YouTube
This should be widely read, especially by the #cybersecurity community.
https://spectrum.ieee.org/lean-software-development
Why Bloat Is Still Software’s Biggest Vulnerability
A 2024 plea for lean softwareBert Hubert (IEEE Spectrum)
The UK government's attempts to erode your online #privacy never cease. 🇬🇧🕵️
Luckily you've got Tuta in your corner! 🥊
We've teamed up with academics, #cybersecurity researchers, & other privacy oriented companies, like @element and @brave to fight back!
Open Letter from Security Experts Voices Concerns Over the Proposed Changes to UK Investigatory Powers Act’s Notices Regime - Center for Democracy and Technology
The proposed amendments to the UK’s Investigatory Powers Act (IPA) have prompted a powerful open letter addressed to the UK Home Secretary from security experts united in their commitment to a secure, reliable, and inclusive internet.Center for Democracy and Technology
[swe] EU Cyber Resilience Act är på gång och vi har fått tillgång till den nya versionen efter förra årets förhandlingar mellan komissionen, parlamentet och rådet. På torsdag kör vi Dataföreningen ett gratis lunchseminarie där vi diskuterar CRA - senaste uppdateringarna, vad säger Open Source-grupperna och vad gäller för tillverkare av digitala produkter?
Registrera dig här:
https://dfs.se/pa_gang/prata-eu-cyber-resilience-act-med-oss-13/
Prata EU Cyber Resilience Act med oss! #13
Dags för januari månads Prata EUCRA med oss Torsdag 25/1 är det dags för årets första webinarium. * CRA - den senaste uppdateringen. Vad är nytt, vad är borta? Vi pratar om den senaste uppdateringen från EU vad gäller Cyber Resilience Act.Dataföreningen
Today, we call on all Interior, Justice & Economy ministers of EU countries, to choose the right side: #privacy or #surveillance.
Together with other privacy-first companies we call on our ministers to defend encryption & protect privacy. 🔒
Read the full text here: https://tuta.com/blog/open-letter-encryption-eu
#chatcontrol #encryption #security #cybersecurity
Open Letter Calling On EU Member States To Defend Encryption
As the trilogue is about to start, EU Member States must decide what side they are on: privacy or surveillance.Tutanota
I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:
💡 don’t shame victims
💡 UX matters, a lot
💡we should understand what we’re supposed to protect
💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one
💡 the best things a security program can invest in aren’t in the RSAC vendor hall
💡 maybe we should start actually proving outcomes??????????
¯\_(ツ)_/¯
Switch easily between work and personal Bitwarden accounts on Desktop, Mobile apps, and now the Bitwarden browser extension! Learn more in this blog: https://bitwarden.com/blog/account-switching-phased-rollout-for-bitwarden-clients/
#cybersecurity #security #passwordsecurity #passwordmanager #passwordmanagement
Switch between Bitwarden accounts quickly and easily | Bitwarden Blog
Quickly switch between multiple Bitwarden accounts in the browser extension, desktop and mobile apps.Bitwarden
curl is now a CVE Numbering Authority (CNA) assigning CVE IDs for all for all products made and managed by the curl project. This includes curl, libcurl, and trurl.
https://cve.org/Media/News/item/news/2024/01/16/curl-Added-as-CNA
#CVE #CNA #VulnerabilityManagement #Vulnerability #Cybersecurity
Critical flaw found in WordPress plugin used on over 300,000 websites.
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/critical-flaw-found-wordpress-plugin-used-over-300000-websites
#cybersecurity #wordpress #vulnerability
Critical flaw found in WordPress plugin used on over 300,000 websites
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control.www.tripwire.com
📫GREAT Reason To Both Use / Support @thunderbird #Thunderbird
New Microsoft #Outlook Collects / Shares Your Data w/Over 772 Parties
#email #communication #FOSS #Microsoft #Thunderbird #Mozilla #encryption #crypto #e2ee #infosec #Proton #surveillance #cybersecurity #privacy #News
https://proton.me/blog/outlook-is-microsofts-new-data-collection-service
Outlook is Microsoft’s new data collection service
The new Outlook now appears to be a data collection service for Microsoft’s 772 external partners for targeted advertising.Edward Komenda (Proton)
Performed Email security standards tests with
@internet_nl .
http://Internet.nl - test to check if the service supports modern internet standards like IPv6, DNSSEC, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI.
Scores:
@protonmail - 75%
@skiff - 85%
@Tutanota - 87%
#emailsecurity #privacy #cybersecurity
Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.
Test for modern Internet Standards IPv6, DNSSEC, HTTPS, HSTS, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI and security.txtinternet.nl
Infoek.cz je pod DDoS a Slowloris útoky vlastně denně, a to již od začátku války na Ukrajině. Rusům se nelíbí projev nesouhlasu s napadením suverénního státu v některých článcích. 😀
Během noci byl Slowloris útok opět masivní, ale web se drží. 😉
V geoblokaci webu jsou všichni návštěvníci z Ruska, Íránu, Palastiny a Kataru. Automaticky jsou přesměrováni na https://infoek.cz/ip-ban/. Na jiný odkaz v rámci stránky se nedostanou.
#StandWithUkraine #FckRussia #cybersecurity
If you do 1 thing today, use @Tutanota and forward your #gmail and #hotmail to your new inbox. Take back your mailbox!
For your second thing, switch to an encrypted messenger like #Signal and get your friends and family on it. It's so easy.
#cybersecurity #cybersecurityawarenessmonth #E2EE #globalencryptionday #privacy
Share this with your friends and family and spread #privacy! https://yt.artemislena.eu/watch?v=MFlFjtEKiA4 🥰
Big Tech Wants to See You Naked. Protect Your Privacy Now!
Tutanota - no tracking, no ads. Get your encrypted mailbox now: https://tutanota.com/big-tech-alternative?t-src=you Today's web is broken. You are being tracked when you search the web, shop online; even when you read your emails.Tutanota | Invidious
Undermining encryption is dangerous and puts everyone at risk.
The EU Commission now postponed a vote on #chatcontrol - a clear sign that Chat Control must fail.
Check here why Chat Control is the "most criticized law of all time":
https://tutanota.com/blog/chat-control-criticism
#CybersecurityAwarenessMonth #cybersecurity
Chat Control Criticism: Why the EU CSAM Scanning Plans Must Fail.
The EU Regulation to Prevent and Combat Child Sexual Abuse has become the "most criticized law of all time".Tutanota
I'm hiring! As a manager at IBM I have a position open in Ireland for somebody looking to start a career in offensive cybersecurity.
It would be amazing to use the Fediverse to find a new teammate!
#FediHire #fedihired #cybersecurity
Junior - HOC – Targeter | IBM Careers
Job Details: At Randori, an IBM company, we help defenders continuously assess their real-world security. Our automated attkrb-sjobs.brassring.com
Mozilla: "In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"
https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/
#france #browser #cybersecurity #mozilla #security #surveillance
France’s browser-based website blocking proposal will set a disastrous precedent for the open internet - Open Policy & Advocacy
Article 3 (para II and III) of the SREN Bill would force providers to create the means to mandatorily block websites on a government provided list encoded into the browser.Udbhav Tiwari (Open Policy & Advocacy)
Brightly warns of SchoolDude data breach exposing credentials
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.Sergiu Gatlan (BleepingComputer)
This dumb password rule is from MySwissLife.
User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.
https://dumbpasswordrules.com/sites/myswisslife/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Is #Gmail killing independent email?
"Is it okay that Gmail has the power to decide whether a business is sending spam or not?"
Gmail has rigged the email game imo. It makes running a self-hosted email server hard, even after properly configuring DKIM, DMARC, and SPF.
#cybersecurity #privacy #technology
https://tutanota.com/blog/posts/gmail-independent-email
Is Gmail killing independent email?
People report that self-hosted emails always end up in Gmail spam. Is there anything Google can do about it?Tutanota
Stay strong: Desperate governments worldwide want to downright criminalize #privacy and #encryption now, using laughable pretexts like #cybersecurity causing #childabuse to literally put everyone on the planet under a permanent wiretapping mandate like we're common criminals by default.
Smartphones are especially susceptible to surveillance, and among those devices we have the least control over instead of corporations merely renting them to us: It's time for that to change!
Minecraft clones stealthily load ads on millions of Android devices.
https://grahamcluley.com/minecraft-clones-stealthily-load-ads-on-millions-of-android-devices/
#cybersecurity #adware #minecraft #google #googleplay #android
Minecraft clones stealthily load ads on millions of Android devices
Boffins at McAfee have identified 38 Android apps in the Google Play store that unashamedly rip off the ever-popular gaming sensation Minecraft…Graham Cluley
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
This dumb password rule is from Banco Mercantil.
8 to 15 chars. No special chars allowed but requires special chars. Also
requires lowercase, uppercase, and numbers. Consecutive chars are
prohibited. Did I mention the page hangs while you type? That eye icon
tho.
https://dumbpasswordrules.com/sites/banco-mercantil/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Banco Mercantil - Dumb Password Rules
8 to 15 chars. No special chars allowed but requires special chars. Also requires lowercase, uppercase, and numbers. Consecutive chars are prohibited. Did I mention the page hangs while you type? That eye icon tho.dumbpasswordrules.com
My kids are all grown now, so I am more than willing to travel / relocate. If you have any leads or tips on some good companies, please let me know.
#GetFediHired
[matrix] • [SimpleX]
Matrix - Decentralised and secure communication
You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversationmatrix.to
In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.
The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵💫
#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft
https://youtu.be/r5456XXG6v0
Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement
When opening Microsoft Authenticator for the first time after downloading it from the App Store, it prompts the user to accept sharing diagnostics with Micro...YouTube
#Cybersecurity
Good to know: Tutanota checks your password upon signup and makes sure it's strong enough. Secure your emails now: https://mail.tutanota.com/signup
Of course, we also support 2FA on all clients.
Stay secure! 😍
Secure Emails Become a Breeze
Get your encrypted mailbox for free and show the Internet spies that you won't make it easy for them! Why? Because you simply can.Tutanota
Microsoft told me they had heard of the attack - and obviously weren't able to stop it from happen. My article (+German):
https://www.zeit.de/digital/2023-03/cyberangriffe-microsoft-bing-chat-piraten
#cybersecurity #ITSec
Red Queen Dynamics needs 1) a leader for engineering/cloud infrastructure, and 2) a product designer. We are a remote-first security company and we welcome people from all backgrounds and life journeys. #infosec #infosecjobs #hiring #cybersecurity
You can apply here! Tech Lead: https://www.linkedin.com/jobs/view/3475289250/
Product Designer: https://www.linkedin.com/jobs/view/3475289426/
Or stay up to date with all our job postings on our website: https://rqdn.io/career-opportunities
Career Opportunities
Looking for a place to stretch your wings? Check out our remote work opportunities that range from sales to product development.rqdn.io