cybersecurity
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:
1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement
#Privacy #privacymatters #CyberSecurity #infosec
https://defcon.social/@mysk/110262313275622023
Texas hack may be first disruption of U.S. water system by Russia
Via @nakashimae Ellen Nakashima
#CyberCivilDefense #cybersecurity
https://wapo.st/4aSNeLq
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
Coming to #RSAC? Please join us at the Cyber Nonprofits Reception Tuesday, May 7th 6PM-7:30PM to chat with us and others on the role nonprofits play in making the Internet more secure for everyone. All are welcome! #RSAC2024 #cybersecurity
A hacker group has claimed responsibility for a cyberattack that targeted auction house Christie’s earlier this month.
The attack took place just before the start of its high-profile spring sales event involving more than $850 million worth of art. Online bidding was suspended, but the group claims it has accessed sensitive information about wealthy art collectors around the world, and is threatening to release it unless “an agreement” is reached. Digital Trends has more.
We need deeper public-private partnerships & more investment to make #infrastructure more resilient. Join @AspenDigital 6/10, 11-12 ET, for "Managing Your Worst Digital Day" to hear from @cdurkovich, @vishaal_h, @pueshkumar & @philvenables: https://www.aspendigital.org/event/managing-your-worst-digital-day/ #cybersecurity
This is very much for real!
NEW: Details of people's therapy sessions—including reports, video and audio recordings—have been exposed by a healthcare company.
These included people mentioning sexual abuse and highly sensitive subjects. The exposed database has now been closed down
https://www.wired.com/story/confidant-health-therapy-records-database-exposure/ #cybersecurity #privacy #news #technology
We need to protect water supplies and other vulnerable infrastructure from cyber security related attacks
Memory safety problems are a huge #cybersecurity problem for the Internet, but it doesn’t have to be.
Make a transition to memory safety part of your #CyberCivilDefense plan.
Read about orgs doing that today: https://www.memorysafety.org/blog/rustls-adoption-grows/
Some news...I’ll be spending $100M to make us safer online and to protect our infrastructure, like water and power supplies.
A big part will be a PSA campaign - online and in old-fashioned ways. We all got a role to play, like everyone did in WW2, including my Dad and Mom.
I’ll start by putting my money where my mouth is. Folks can check it out here: https://pausetake9.org.
#CyberCivilDefense #cybersecurity
It's time for a re- #introduction since this instance has changed a lot since being launched.
This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.
I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.
In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc
Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.
I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.
I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.
All of my other links and socials can be found at https://linktr.ee/northantara
Collaborations between @hackclub and @girlswhocode leads to more opportunities for young women, in technology areas including
#CyberCivilDefense #cybersecurity like Reem featured here
https://www.instagram.com/reel/DBPKpcMSZY-/?igsh=bzhocWkxbDVjcTgy
pausetake9.org
The New Oil is not slowing down in 2025, and you can help us keep going!
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:
🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 👇
Hi there! Another article for Dark Reading, this one focused on how to help avoid burnout. There was so much to cover and so much interesting work being done that I could only scratch the surface. My biggest takeaway is that work-related burnout is in WHO's book of disorders. That's real legitimacy, and I expect more scholarly work to come. Thanks endlessly to @neurovagrant and @Edent for providing their experiences and strategies. #DarkReading #cybersecurity #journalism #burnout #JobRelatedBurnout #selfPromotion
https://www.darkreading.com/vulnerabilities-threats/defining-defying-cybersecurity-staff-burnout
Hi, I'm new to Mastodon. Interested in privacy and security, US Healthcare reform and SciFi. Cheers.
Since the newest update to @surf, links to feeds can be opened directly in the app.
I have created a #Cybersecurity feed on #Surf for anyone on the beta. The feed includes posts, etc., regarding Cybersecurity information. You can even contribute to the feed using the hashtag #CyberSecBrief.
https://surf.social/feed/surf%2Fcustom%2F01jfjvb3ntxvjtaze9xf08vb3f
If you have any recommendations for a source that I can add to the feed, just let me know.
If you are not in the Surf beta, I have an invite code that can get you in. Just DM me, and I will share it with you. This is all due to the huge thanks of @marci, @mike, and all of the @surf team. They are such great people.
You can learn more about Surf by is from this great article from The Verge.
https://www.theverge.com/2024/12/18/24323903/flipboard-surf-fediverse-social-web-app
🚨 Time is Running Out to Save Encryption 🔐
Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.
This would break end-to-end encryption on the messaging apps we all use!
⏰ CLOSES Monday 10 March, 5pm.
Use our tool to tell Ofcom #PracticeSafeText 💬
ACT NOW ⬇️
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
#e2ee #encryption #OnlineSafetyAct #ukpolitics #ukpol #privacy #ofcom #security #cybersecurity #whatsapp #signal
Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII
#Cybersecurity tip: don't forward texts, emails, or links without pausing!
✋ #Take9 #CyberCivilDefense @paustake9
Adobe is now processing all your PDFs in the cloud, by default. The setting to “Enable generative AI features in Acrobat” was on, and I didn’t know it until I opened a document and Adobe asked me if I wanted a document summary. It’s annoying to have to click “No,” so I opened settings to disable the prompt.
THE PROBLEM
I sign Non-Disclosure Agreements for many of my clients. Adobe is a potential leak of protected information. I don’t know what Adobe does with this information. I don’t know what they store, or for how long. I don’t know what country (or countries) the data is stored in. I don’t know what LLMs are trained with this data. And I don’t need to know. What I need to know is that they won’t use default opt-in as a legal excuse to wiretap my information.
I recommend that you check your Adobe settings on all devices, for all Adobe accounts.
