"Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware."
Careful what you find, download, and execute from GitHub on your machine.
Over 60,000 #Android apps secretly installed #adware for past six months
Fake security software - to include (not limited to) #VPN, game cheats, Netflix, and other utility apps. These in particular not directly found in the Google Play store.
Be wary when installing new apps - whether from the Google Play store or manually via APK.
At least 18 different malicious extensions (as of 30 MAY and this post) identified by @WPalant
Remember extensions have privileged access to the browser (and data in the browser). Choose your extensions wisely... they could be #spyware or #malware in disguise.
Something must be in the water, because I just got ANOTHER flare up of people asking me about Faraday bags to prevent phone tracking.
Short answer: A Faraday bag probably doesn't solve your problem; they require great care to use effectively. and your phone can be tracked as soon as you remove it.
But if you DO need one, you want one that actually works. Here's a short writeup I did a while back on the theory and practice of testing them:
@mattblaze OK, #opsec. You are about to put phone into the bag. You've switched it off. If the phone has been subverted, I'm guessing that it is not actually possible to disable mics etc (without smashing the phone against a hard thing, - see the book Attack Surface!)
So, what does one do? Just leave phone in bag in the other room?
If you get a sales call about your information security stack, you really don't have to answer their questions about what you are using today.
I bet if I cold-called 100 companies I would have solid information about to attack 75% of them by just pretending to sell them a fake product and asking them what they are using currently and why.
Are there any interesting #redteam or offensive security reports on cracking #guix or #nixos? I've always been curious what kind of challenges it would present in practice/how much difficulty the immutable store and containerization of packages would really pose, or if there are minor faults throughout the codebase they can easily be tracked down and exploit for professionals. But haven't found any good posts on the matter.
Pretty good security advice for activists on the latest Renegade Cut video. Some of it may feel “paranoid” to the average person but it does make sense to take these steps as an activist who runs a high risk of clashing with law enforcement.
Some of it isn’t realistically possible in some countries, e.g. you can’t get a SIM card from a store without formal identification. A lot of these precautions are also pretty expensive, although some have DIY alternatives.
I’d add one thing he doesn’t mention: don’t carry your burner phone and your everyday phone together while both are active. It’s easy to correlate the two devices when they share enough of a movement profile. Turn your burner phone off (fully disconnected like described in the video) far enough away from your home and workplace so it’s not correlated to where you live.
Unless one's facing state-sponsored attackers with basically unlimited personnel hours and computing power at their disposal, most organizations will already be "unattractive to target" with too high risk and too low reward if they refuse to use shitty bloatware and unmaintainable CCSS in their #IT.
The nerd part of me was quite pleased when the recently installed smart blinds in the kitchen automagically closed at sunset last night, and opened to 50% at sunrise this morning. So whether I am home or not, between this and lighting it looks like to the outside world I am home. Also, think of the literal SECONDS I save! More time to install and configure more automations I guess.
Interesting analysis of Chinese and Russian influence operations through the lens of the recent DOJ indictments. Details include tutorials on how to setup accounts on multiple social networks, tools to gain followers, and measures on how to avoid platform detection.
"Our enemies have great capabilities and perfected tactics. On their side they have the police and justice systems, the scientists and technocrats, and in some cases the support of the general population. They control vast infrastructure networks. They have infinite memory, archives and DNA databases.
On our side, we have the informal and decentralized nature of our organizations, shadows to hide in, and solidarity to help each other in difficult times, to continue the fights of comrades who cannot do so anymore."