Today I was half a second away from tapping a link in an SMS that was informing me I need to renew my credit card details because my CC was expiring.
My CC IS expiring this month. I updated my CC details on two other services yesterday. Through sheer dumb luck the scammer happened to bait their hook correctly.
I must not be complacent.
Complacency is the opsec-killer.
Complacency is the little death that brings identity theft.
put device in bag 2) put bagged device in another bag 3) pour in a mixture of different colored beans, forming a visual mosaic 4) send picture of mosaic to recipient
If your first instinct is to try and find blame when a security vulnerability is pointed out...
...you have already created an environment where everyone will hide issues from you.
You currently live in a fake reality where you think everything is fine and you have no idea the rot that is underneath you.
If you fire or punish a person every time a vulnerability is found, you will have no one left. Hell, fire yourself first to save us all the trouble.
Vulnerabilities exist. The world changes. Software changes. Attacks change. Business needs change.
Life is fucking impermanence.
So create an environment where folks come to you quickly and tell you what needs to be fixed as they find it.
How do you do that?! Reward vulnerability discovery. Reward mitigations. Reward patch management. Reward security improvement. Reward safety improvement.
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.
📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️
Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.
ShadowDragon: Feeding the mass surveillance machine by tracking people who play Fortnite (and probably, I guess, other popular online games), scraping images from BabyCenter (a site for expectant parents), and social media sites for the Black community, the bodybuilding community, and others.
ShadowDragon also has the capability to monitor/scrape information from hundreds of social media sites/games/websites. Who plays a game and expects to end up in an ICE database?
"The self-styled furry hackers meanwhile have offered to remove the staff records if the lab performs experiments that at best could be described as highly irregular.
"We're willing to make a deal with INL. If they research creating IRL catgirls we will take down this post," the group said. The creation of real cat-human female hybrids is a frequently posted meme in certain corners of the internet, but it's not the laboratory's specialty.
According to the hacktivists, the invaders gained access to "hundreds of thousands of user, employee and citizen data," among it full names, dates of birth, email addresses, social security numbers, employment info and "lots lots more!"
INL employs more than 6,100 people in and around Idaho Falls at its massive 890-square mile site, which houses the densest concentration of nuclear reactors in the world. The 70-year-old facility has been instrumental in the development of nuclear power, was the home of the first nuclear generator to provide a usable amount of electricity, and developed the first nuclear propulsion system for US Navy submarines.
It's unclear what motivated SiegedSec's attack on INL. In its previous network penetration of NATO the group attributed its actions to the military org's "attacks on human rights," adding that it's also "fun to leak documents." ®"
If you ever want to feel depressed about humanity, just do a search for things like #newbadge on your social media platform of choice. I found this one on #Facebook. This guy works for a bank.
Don't be this guy. He could be impersonated, or this picture could be used as a template to forge a fake ID complete with a valid barcode to gain access to bank facilities or infrastructure.
I censored the bar code and ID#, they were visible in the original.
#opsec wird bei unseren Behörden groß geschrieben:
„Für Aufregung in Sicherheitskreisen sorgte am Nachmittag eine vorzeitige Meldung von Bundesjustizminister Marco Buschmann. Seine Pressestelle verbreitete ein Statement zu den Festnahmen bereits zu einem Zeitpunkt, als die GSG9 noch nicht alle Beschuldigten überwältigt hatte und der Polizeieinsatz noch nicht abgeschlossen war.“
Google Threatens to Kill #opensource#youtube Front-End Invidious for Letting You Watch Videos without Tracking or Ads
Not a conspiracy theorist... but now all of a sudden, after years (or rather, the "rise of #ai "), Big Tech wants to change/enforce API rules/pricing/you name it. Hmmm...
Over 60,000 #Android apps secretly installed #adware for past six months
Fake security software - to include (not limited to) #VPN, game cheats, Netflix, and other utility apps. These in particular not directly found in the Google Play store.
Be wary when installing new apps - whether from the Google Play store or manually via APK.
I got a DM about how to host a Website as anonymous as possible, especially viewed from the outside with as little attack surface as possible. I already threw a bunch of my ideas in the room, but maybe you can think of something I haven't thought of...
Please just answer to this post if something crosses your mind from security over hoster to the website itself, I will link it to the person.
mics (machine identification code) are nearly invisible marks most printers add to anything they print, as a means of tracking where each peice of printed material was printed from - down to the exact printer. not model, the individual printer
it's allegedly to curb counterfeit money, but obviously it can be used to connect material you print for, say, activism or political stuff down to the exact printer you used. if you're going to bureau en gros to print, or if you used a printer you bought, it can be traced to you
the @eff has some material that tried to identify printers that do or do not use mics, but it's no longer maintained: