Show more
<invalid character>  

If you run Oracle Web Logic servers, immediately patch them and block 188.166.74[.]218 and 45.55.211[.]79.

arstechnica.com/information-te

0
<invalid character>  

Got a newer Hyundai? Be careful what you stick into that USP port.

twitter.com/realJamesClick/sta

1
<invalid character>  

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies

motherboard.vice.com/en_us/art

The dump is "scheduled" to be made public on April 31st [sic]

1
<invalid character>  

When you start dropping 0 days, you've crossed that line from "White hat security researcher" to "black hat" I don't effing care what your motivations are.

Also, as a dev or site owner/operator, supply chain attacks like this are rife. Always carefully vet your plugins.

arstechnica.com/information-te

1+
<invalid character>  

Massive Govt-backed APT takes control of DNS

forbes.com/sites/thomasbrewste

0
<invalid character>  

any other web-defenders on the US east coast gonna try to be here?

Global AppSec DC
Sept 9-13, 2019
Washington, D.C.

0
<invalid character>  

Residential D-Link routers have been attacked and have been sending some DNS requests to malicious sites.

For the non-technical, DNS is the internet address book.
What this attack could be doing (in a brick and mortar analogy) is when you ask for the street address of your bank, it's returning an address of an attacker-owned building that looks just like your bank so when you go there and deposit money, you're just giving the criminals $ rather than the bank.

zdnet.com/article/hacker-group

0
<invalid character>  

If you've filled out an online form to contact your elected officials, there's a good chance that you'll be getting calls and spam soon to attempt to change your mind, or phishing attempts to play off your political concern.

And FFS, companies need to start protecting web storage... this is becoming 1 story an hour regarding this sort of thing.

techcrunch.com/2019/04/04/vote

0
<invalid character>  

Another step in the right direction:

Security researcher (@evacide on twitter) convinces AV company to start flagging stalkerware as an actual threat. This should cascade to the other AV vendors in short order.

wired.com/story/eva-galperin-s

0
<invalid character>  

GA tech breach exposed 1.3M current and former student records.

ajc.com/news/breaking-news/bre

Details are still light and we don't know who's been effected yet.

0
<invalid character>  

Huawei laptops found to come pre-installed with an NSA-inspired attack vector.

Mistake? Bad coding? Purposefully malicious? I won't speculate aloud. (And I wouldn't speculate at all if it weren't Huawei.)

arstechnica.com/gadgets/2019/0

0
<invalid character>  

A gentle / reminder.

Don't let your browser save your passwords, use a full password manager.

techrepublic.com/article/why-y

The article misses one point... if you're using chrome and signed in to google, then it *does* prompt you with a password request, however, this comes with another attack vector. If your gmail password is compromised, then your passwords are too.

(myself, my chrome passwords are all fake - a sort of honeypot)

0
<invalid character>  

Wow, even respected brick-and-mortar retailers are doing the tech support scam shimmy.

engadget.com/2019/03/28/office

0
<invalid character>  

RU is sending "cybersecurity personnel" to Venezuela to aid the incumbent govt. in "protecting infrastructure assets"

oodaloop.com/briefs/2019/03/27

0
<invalid character>  

Good news everybody!

It's not just US, ex-Soviet states, East Asia and Middle East countries being hacked at a country level.

Spain joins the club now too!

reuters.com/article/us-spain-s

0
<invalid character>  

❗Anybody with an ASUS Computer❗

It looks like a supply-chain-attack installed backdoors on nearly every active ASUS computer getting updates.

motherboard.vice.com/en_us/art

0
<invalid character>  

What's creepier than creepy?
What's worse than being stalked?

how about a stalker app that left it's database unprotected online....

and refuses to even acknowledge that it's unprotected.

motherboard.vice.com/en_us/art

0
<invalid character>  

I hate that this always happens, and I'm sure CoSoNauts are smart enough to see through it, but please remind those who are not so savy in the ways of phishers that events like what happened in NZ tend to attract scum.

Tell them to vet any charity asking for donations. Don't click on the links from emails to donation pages.

And this one sickens me, but tell them just don't watch anything purporting to be the video... it could be a trojan.

portswigger.net/daily-swig/chr

0
<invalid character>  

The most popular walled garden in history exposed plaintext passwords to "only" a couple thousand "trusted" employees.

*and*

"Welp, maybe they were incidentally accessed, but we can't prove that they were abused, so, we're going to say case closed, and we didn't do anything wrong."

F**K YOU FACEBOOK!

krebsonsecurity.com/2019/03/fa

0
<invalid character>  

This is good. Any step to reempower consumers with thier own privacy is a step in the right direction.

NJ is trying to give residents more control over their information amid data breaches

northjersey.com/story/news/new

0
Show more

<invalid character>
@[email protected]

cososec

314

securityhygiene

60

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…