gcluley, 7 months ago to Cybersecurity

One of the world's largest online travel agencies, Booking.com, is being used by fraudsters to trick hotel guests into handing over their payment card details.

How do I know? The fraudsters tried the trick with me.

https://grahamcluley.com/fraudsters-target-booking-com-customers-claiming-hotel-stay-could-be-cancelled/

#cybersecurity #phishing

retrohistories, 7 months ago to random

To protect your privacy and shield yourself against 0-days and malicious advertisers, an adblocker is an important part of your security stance.

The FBI, NSA, CISA, and UK National Cyber Security Centre all recommend adblocking as a protective measure.

You'd never disable your firewall or antivirus because a site asked you to. NEVER DO THIS WITH YOUR ADBLOCKER.

That's the only pertinent point here. Everything else is noise.

#adblock

bsi, 7 months ago to random German

it-sa 2023 in Nürnberg: Großer Andrang in unserer Speaker’s Corner beim Vortrag „Cyber-Angriffe abwehren: Wie auch KMU sich effektiv schützen können“

Manuel Bach, Leiter des Referates „Cyber-Sicherheit für KMU“, stellte die aktuelle Bedrohungslage für kleine und mittlere Unternehmen dar, gab Tipps und Tricks zum Schutz vor Cyber-Angriffen und stellte den neuen CyberRisiko-Check vor. Den Vortrag gibt’s noch einmal am Donnerstag, 12.10.2023 um 11.15 Uhr live beim BSI, Halle 7a, Stand 618.

mattblaze, 7 months ago to random

Reminder about Mastodon "private" messages. Aside from not being end-end-encrypted (and so visible to instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).

They are now called "private mentions" rather than "private messages", but if you don't fully understand the semantics, this behavior may be unexpected and/or cause unpleasant side effects.

monkeyflower, 7 months ago to tech

Tech workers perspective 🙃

#tech #smartHome #iot #privacy #security #opsec #meme #funny #notFunny

michael, 7 months ago to iOS

Huh. iOS 17 allows you to keep using your old passcode for 72 hours after you’ve changed it.

That seems like a non-ideal thing to do by default. And it certainly seems like something that should be highlighted really prominently when changing the passcode 🤔

https://support.apple.com/en-us/HT213849

#ios #apple #password #InfoSec #opsec

gmate8, 7 months ago to opsec

Don't forget to update your stuff, especially regarding image related software #webp #vulnerability #opsec

larusargentatus, 8 months ago to BadInternetBills

Currently trying to build a Threat Intelligence compilation from diferent resources for Activists and Journalist (RSS feeds).

Right Now:

• Counter-Surveillance Resource Center (https://www.csrc.link/rss.xml)
• Freedom of the Press Foundation (https://freedom.press/news/feed/)
• Lucy Parson Labs (https://lucyparsonslabs.com/feed.xml)
• Privacy International (https://privacyinternational.org/rss.xml)
• The Citizen Lab (https://citizenlab.ca/feed/)

I am trying to compile specially around: legislation, surveillance, police tactics against opositors

Does anyone have other suggestions add?

#threatintel #activism #journalism #opsec #security

ianonymous3000, 8 months ago to privacy

Check out @GrapheneOS, DivestOS, @LineageOS, @iode, @e_mydata comparison chart by Sandbag6736 from Techlore forum. Personal preferences play a big role. 🔍📱 #AndroidROMs #privacy #opsec #cybersecurityawareness

Feel free to comment if there’s any inaccuracies.

noelreports, 8 months ago to random Dutch

gerowen, 8 months ago to Facebook

If you ever want to feel depressed about humanity, just do a search for things like #newbadge on your social media platform of choice. I found this one on #Facebook. This guy works for a bank.

Don't be this guy. He could be impersonated, or this picture could be used as a template to forge a fake ID complete with a valid barcode to gain access to bank facilities or infrastructure.

I censored the bar code and ID#, they were visible in the original.

#OPSEC #OSINT #Privacy #Security

monkeyflower, 8 months ago to Canada

"Canada Post breaking law by gathering info from envelopes and parcels, privacy watchdog says"

And also breaking my Canadian heart. 🍁💔

https://www.theglobeandmail.com/canada/article-canada-post-breaking-law-by-gathering-info-from-envelopes-parcels/

#Canada #privacy #infosec #opsec

avoidthehack, 8 months ago to privacy

Inside #ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players

What a piece by @404mediaco

ShadowDragon: Feeding the mass surveillance machine by tracking people who play Fortnite (and probably, I guess, other popular online games), scraping images from BabyCenter (a site for expectant parents), and social media sites for the Black community, the bodybuilding community, and others.

ShadowDragon also has the capability to monitor/scrape information from hundreds of social media sites/games/websites. Who plays a game and expects to end up in an ICE database?

This is insane.

You are being watched.

#privacy #privacymatters #opsec

https://www.404media.co/inside-shadowdragon-ice-babycenter-pregnancy-fortnite-black-planet/

gianmarcogg03, 8 months ago to telegram

#Telegram strikes again with documents from Dutch authorities saying that they can request hidden phone numbers and IP addresses at any time. Again, Telegram still claims on their homepage that they never gave up any data when that's not true at all, also for past requests like the one from the German police a while back.

https://cyberwarzone.com/dutch-police-can-access-hidden-telegram-numbers/

#Security #Privacy #OpSec #FreeSoftware #OpenSource

avoidthehack, 8 months ago to privacy

Revealed: The Country that Secretly Wiretapped the World for the FBI

Lithuania.

#privacy #cybersecurity #opsec

https://www.404media.co/revealed-the-country-that-secretly-wiretapped-the-world-for-the-fbi/

runarcn, 8 months ago to Cybersecurity

Any of you fedi wizards that know of good account to follow to learn more about #cybersecurity, #infosec, #opsec etc? I'd follow the tags, but I've often found that following big tags drowns my entire feed in one topic

netzpolitik_feed, 8 months ago to random German

Der Digital Markets Act der EU soll sicherstellen, dass große IT-Firmen ihre Marktmacht gegenüber anderen nicht unfair ausnutzen. Nun hat die EU-Kommission 6 Firmen zu "Gatekeepern" erklärt. Ein IT-Riese glänzt durch Abwesenheit. https://netzpolitik.org/2023/digitale-gatekeeper-einer-fehlt-im-club-der-grossen/

arstechnica, 8 months ago to random

Hack of a Microsoft corporate account led to Azure breach by Chinese hackers

Other failures along the way included a signing key improperly appearing in a crash dump.

https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

skykiss, 8 months ago to adsb

Dear Xi,

We are watching you.

The Wing Loong-10 is a series of ChiCom unmanned aerial vehicles of the High-Altitude Long Endurance type, featuring some stealth characteristics. As of 2017, it is being developed by the Chengdu Aircraft Industry Group for reconnaissance and precision strike missions.

1. Looks to have landed at Foshan (ZGFS)

2. CAIG Wing Loong-10 UAV using callsign 00CA6181 and hex code #783132 passing over Hezhou

3. Chi likes to fly it at 39,400 next to Taiwan. At that altitude, this platform had a complete view of the entire island of Taiwan for about an hour and a half. 1/2 #ADSB #783132

#Dod #Defense #NatSec

image/png
image/png

thegrugq, 8 months ago to opsec

If you’re interested in OPSEC you’ll find this talk extremely informative. Lots of important information on how to operate safely.

https://www.youtube.com/watch?v=9XaYdCdwiWU

#OpSec

geist, 8 months ago to random German

"Wir müssen in der Detektion umfassend und in der Reaktion schneller werden".
Bla Blubb. Macht mal mit Microschrott und allen Daten auf US Servern auch noch.
Thema Cyberangriffe auf die deutsche kapitale Idiotie im DLF. Muss doch lachen.

sqrt2, 8 months ago to random

no comment

avoidthehack, 8 months ago to Cybersecurity

U.S. Hacks QakBot, Quietly Removes Botnet Infections

@briankrebs

Qakbot has been... dismantled?

Qakbot was originally a banking trojan but is (was?) the most popular malware loader (1st stage/dropper/however you want to call it).

FBI and company got access to the Qakbot botnet + recovered over 6.5 million stolen #passwords and credentials. Data shared with @haveibeenpwned

#cybersecurity #security #opsec

https://krebsonsecurity.com/2023/08/u-s-hacks-qakbot-quietly-removes-botnet-infections/

threatresearch, 9 months ago to infosec

I'd really like to know why some of the most important and influential #infosec conferences have decided that it's totally a-OK to host their event in the kingdom of Saudi Arabia, whose leader personally ordered his security staff to detain, and torture to death a US-based reporter who exposed corruption in the kingdom.

If you feel strongly that the #infosec industry should stand by its principles, demand that Informa PLC end the practice of hosting #BlackHat in Saudi Arabia.

kzimmermann, 9 months ago to opsec

Sounds like Luigi needs to level up on his #opsec skills...

#password