<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018
Sigh.
Samsung: Make sure you scan your TV for malware regularly using the only antivirus software available to scan your TV because we can't verify that your TV is malware free if you don't.
https://arstechnica.com/gadgets/2019/06/samsung-please-virus-scan-your-tv/
Every single contributor to #CoSoSec has said it before.
Don't plug random sticks into your USB ports! Even if you get them from a company you trust.
https://www.vice.com/en_us/article/pajv5k/john-deere-promotional-usb-drive-hijacks-your-keyboard
#CoSoSec
Taken from a security vendor.
Don't give out any info to customer service accounts on twitter. Even if they are verified: the account could still be compromised.
This is unnerving, but not necessarily scary, yet.
"On the scale of security threats, hackers scanning potential targets for vulnerabilities seems low. But when the hackers in question executed one of the most reckless cyberattacks in history, one that could have had easily turned destructive or even lethal, that reconnaissance has a more foreboding edge. Especially when the target of their scanning is the US power grid."
https://www.wired.com/story/triton-hackers-scan-us-power-grid/
Troy Hunt is selling Have I Been Pwned.
https://gizmodo.com/for-sale-have-i-been-pwned-1835413945
I hope for the best, but after the sale, be careful before using it.
(redraft due to broken link)
FFS, these are infosec guys giving up their info!
https://betanews.com/2019/06/07/data-for-donuts/
Here's a little #SecurityHygiene tip. You *can* be tricked into giving personal info up, so don't use it to create a password. Don't use real personal information to fill in those stupid account recovery questions.
For both of those, use a password manager with a strong password generator and an encrypted vault to put the recovery question answers into.
Bug in MacOS code signing allows an attacker to create a synthetic click which would allow an attacker to start the camera or microphone or even add kernel extensions.
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
^^ probably should have tagged with #CoSoSec
This won't be the last you hear of this:
Hackers Breach Company That Makes License Plate Readers for U.S. Government
https://www.vice.com/en_us/article/qv7zxx/perceptics-license-plate-readers-hacked
Amazon customer: <enters room>
Alexa: I sense that you're depressed
AC: yeah?
Alexa: perhaps some retail therapy would work. would you like me to order a bunch of junk to help you fill that soul-crushing void in your life?
The moral of the story: Friends don't let friends allow retailers to know if they are depressed.
https://gizmodo.com/amazon-is-getting-closer-to-building-a-wearable-that-kn-1834973513
Be careful when you pick out a pen tester: you might get a report bullets like these
MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.
Fixing the configuration will no longer allow evil connections by evil connection for configuration of server.
There could be ramifications of the test on this database server that have serious ramifications.
(there's more in the link)
You may or may not have heard
Google has cut ties with Huawei, no longer licensing Android to them. This (I believe) has to do with the new exec. order forbidding US companies from doing business with them (and other companies).
If you currently have a Huawei phone, then you will get security updates, but I'd suggest moving off them as soon as possible anyway.
Asus uses unencrypted connections for it's cloud storage solution, which allows a MitM attack to compromise Asus computers.
Google's Titan security keys recalled due to Bluetooth pairing bug. They're still better than nothing, but current owners should be receiving a free replacement soon.
those looking for KeePass Pwd manager beware: The official site is https://keepass.info/
"keepass(dot)com spreading malware acting as the official site for KeePass password manager. Download for .dmg and .exe files are available on the site."
3 yet to be named antivirus products are about to be almost useless
Hackers breached 3 US antivirus companies.
Source code, network access being sold online.
Wow, US Cyber Command actually penetrated other countries' networks to proactively detect potential threats to our election.
I don't know how legal this is at a state level, but I'm not really complaining too much.
Bruce Schneier uncharacteristically giving up... but still give you some good advice on securing what little identity you have left.
* Enable two-factor authentication
* Don't reuse passwords
* Get a password manager
* Disable the "secret questions" and other backup authentication mechanisms
* Watch your credit reports and your bank accounts for suspicious activity
* Set up credit freezes
* Be wary of email and phone calls you get
https://www.schneier.com/blog/archives/2019/05/protecting_your_2.html
This is a new one
People are being woken up in the middle of the night by a single ring on their phone.
The scammers are hoping that people call the number back out of curiosity or alarm.
The phone number is an African version of a 900 pay per minute number.
https://www.broadcastingcable.com/news/fcc-warns-about-one-ring-calls-that-ring-false
Some of you may have noticed that #CoSoSec has been reporting fewer breaches of late.
It's not that they haven't been happening, it's that they aren't newsworthy anymore.
They're happening at such a rate that only "the biggest ever" would get reported now... and that's a pretty high bar. (equifax et al.)
But you know what? Breaches are still happening. Your passwords are still being compromised.
Credential stuffing (https://en.wikipedia.org/wiki/Credential_stuffing) is still happening.
<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018