❌ No safe message scanning technology exists.
⚠️ These powers would force a cybersecurity weakness onto apps like WhatsApp and Signal.
‼️ Hackers, predators and spies could crowbar their way into everything you send.
✍️ Tell Ofcom: End-to-end Encryption Means Online Safety ➡️ https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
⏰ CLOSES Monday 10 March at 5pm.
🚨 Time is Running Out to Save Encryption 🔐
Ofcom is consulting on implementing message scanning powers in the UK Online Safety Act.
This would break end-to-end encryption on the messaging apps we all use!
⏰ CLOSES Monday 10 March, 5pm.
Use our tool to tell Ofcom #PracticeSafeText 💬
ACT NOW ⬇️
https://action.openrightsgroup.org/48-hours-tell-ofcom-practice-safe-text
I asked for help here some months ago about one of the servers on this post that was hosted by Microsoft.
You can read about how that and other servers with infostealer logs ended up closed.
Hint: MSRC Portal is basically useless.
https://jltee.substack.com/p/billions-of-infostealer-logs-exposed
Well, that was quick!
I wrote about about my disappointment with @mozillaofficial changes:
https://mastodon.social/@BjornW/114032743031437841
Seems they were just starting 🙄
Read
https://blog.mozilla.org/en/products/firefox/firefox-terms-of-use/
Check
- https://www.mozilla.org/en-US/about/legal/terms/firefox/
- https://www.mozilla.org/en-US/privacy/firefox/#notice
Consider other Open Source apps you may use: aren't you sad that these lack ToS & Privacy legalese?
My advise: move away from Mozilla.
They have lost my trust.
1/N
Read this:
https://blog.mozilla.org/en/mozilla/mozilla-leadership-growth-planning-updates
👀 at this:
https://www.mozilla.org/en-US/about/leadership
I'm baffled about the myriad of @mozillaofficial structures, amount of directors / C-level people & how to rhyme 'investing in privacy-respecting advertising; with 'draw a bigger circle of supporters over the long run.'
As a long time Mozilla supporter, I was already unhappy about the direction of the last years & this does certainly not bode well for the future. 😞 😩
The NSA does not deny hacking into China's university. Great write-up and analysis by @inversecos
🇳🇿 I've had quite a few outrageous responses to my alerts, this is another one of those, sent by teammateapp.com CEO.
After my initial alert and follow up email, I get a reply lying about the severity of the exposure and telling me to stop harassing the company.
This CEO also didn't know what Proton is and thought I work for them and threatened to report me to them in case I didn't stop. :blobshrug:
Read about it here: https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security
Netskope https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor
Backdoor written in Golang using Telegram for C2-communication. Perhaps most interestingly the referenced Github repository with IoCs is not there anymore? Or will be published soon perhaps?
If you help maintain #cybersecurity on a business network you should absolutely block Telegram—there’s nothing good there. If you have a web security proxy like Netskope or Zscaler, or an NGFW, block it there. You can also block it via DNS. Blocking these domains should do the job:
telegram.me
telegram.org
t.me
cdn-telegram.org
telegram-cdn.org
From: @nopatience
Netskope https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor
Backdoor written in Golang using Telegram for C2-communication. Perhaps most interestingly the referenced Github repository with IoCs is not there anymore? Or will be published soon perhaps?
If you can completely disable device code flows using Conditional Access, you should do so. If you cannot, at least limit which user IDs can use them. If you allow any users to use device code flows, use the #KQL provided to hunt for abuse.
From: @fabian_bader
It couldn't be clearer: Encryption is online safety.
It keeps our data secure from hackers. Our systems secure from global bad actors. Our rights secure from State oppression in a digitalised society.
Sign and share our petition to save Apple encrypted data ⬇️
#encryption #surveillance #e2ee #cybersecurity #ukpolitics #ukpol #Apple
🚨 BREAKING 🚨
The UK is rogue in trying to order a backdoor to Apple encryption.
US lawmakers slam the UK's secretive order, calling it what it is:
🔥 'Dangerous' for global cybersecurity
🔥 'Effectively a foreign cyberattack'
The Home Office must back off ✋
#encryption #surveillance #e2ee #cybersecurity #ukpolitics #ukpol #Apple #privacy
Any device that needs to be off because it can't be trusted with your conversations should not exist in the first place.
Folks who studied computer security know two of its biggest perils are insider threats (where someone in an organization gets or abuses access they're not supposed to have or exploit) and social engineering (where someone without privileges acts as if they have them, fooling or intimidating others to let them in and compromise systems).
So many of us quickly recognized Musk's server takeovers as the attacks they are. Cathy Gellis spells it out:
Mastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account.
We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users.
There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster.
For our fellow security nerds... this was #vidar malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d
and a c2 IP 78[.]47[.]227[.]68 from the instance.
there is still at least one more Mastodon instance impacted that we are trying to reach.
This tactic of sending unsolicited messages and calls via Teams has an easy solution—only allow specific external domains to communicate with your end users. Review your Teams logs, see which domains your users are communicating with, add them to the allow list and enable the control. Make your end users open up a support ticket for future domain adds so you can vet them.
Forget about Zero Trust and apply best practice security configurations. Let the marketing people and the CISO worry about whether something is “zero trust” or not. #Cybersecurity
From: @screaminggoat
🇬🇧 Security company Assist Security exposed over 100,000 sensitive files publicly.
If you're curious what kind of wild excuses I get from companies, this one tried to claim only the file structure was exposed. Apparently I look at filenames and paths and figure what's there from the names only and report this to companies :blobwizard:
https://jltee.substack.com/p/security-company-assist-security-exposed-data
⚠️ During our scans we found ~70K applications exposing their VSCode SFTP config.
These are often critical and can include FTP/SSH credentials.
You can check this out here: https://leakix.net/search?q=%2Bplugin%3AVsCodeSFTPPlugin&scope=leak
Two ransomware groups claimed they attacked Rutherford County Schools. in Tennessee. One leaked sensitive records.
I skimmed the data tranche and found tens of thousands of files with sensitive student information and personnel files. Read more about it here:
All videos from The 38th Chaos Communication Congress (38C3) 2024:
https://media.ccc.de/b/congress/2024
Huntress: https://www.huntress.com/blog/analyzing-initial-access-across-todays-business-environment
Thorough analysis of initial access and the distribution of various techniques. Exploitation of 0days, contrary to reporting is not an especially common technique but using stolen creds and logging in, however, is.
Good read for sure and certainly helps with prioritization of defensive countermeasures.
🇲🇽 Cargamos.com, a package delivery company was exposing over 6 million files for over a year.
I've always opted to keep trying some other way to get a server closed instead of going public about the issue until earlier this week.
I've contacted multiple GOV/CERT emails in Mexico over multiple issues and I never got a meaningful reply.
The company ignored my contact, so I either let it go and see it posted eventually by some "ransomware" group or I make enough noise publicly that the company will get alerted about it.
Today, 2 days after an article came out on a Mexican news website, the exposure was closed down.
Read the article, in Spanish, that made the company close the server down:
lol
lmao
Sauce: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
A tip to all of you out there struggling to keep your company services accessibility to 100%, if you delete the logs that show the down time, your up time will always be 100% :ablobcool:
Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison:
This is a case that started because the threat actor, "Lifelock," contacted DataBreaches to try to get DataBreaches.net to report on victims who hadn't paid his ransom demands.
Some of his court filings tried to blame me for the FBI raiding him and seizing his devices. The FBI did their own investigation but yes, it was my reporting that initially made the FBI aware of Robert Purbeck.