Remember kids lock your phone screen. Never know who might find it and get up to shenanigans.
#security

got a phishing message from "Paypal" -- actually an individual gmail account -- that Proton Mail didn't catch. Reported it to them, bit surprised b/c: obvious.
#security

Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
Uses DHCP server option to evade VPN.
#security #vpn

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

FOUR YEARS c'mon seriously? Tell me that was so we could backdoor them.

"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday."
#security #infosec

https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

Not one to preach, but this being 2024 it's high time everyone used a password manager. Doesn't need to cost anything.

Little learning curve in exchange for greatly increased security and never again needing to memorize a password.
#security #password #passwordManager
https://www.allthingssecured.com/identity-protection/how-do-password-managers-work/

“In the default configuration, Ray does not enforce authentication,”

I read that sentence in 2024.
#openai #security

Thousands of servers hacked in ongoing attack targeting Ray AI framework
https://arstechnica.com/security/2024/03/thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework/

Ars Technica used in malware campaign with never-before-seen obfuscation

"That technique spread the second stage using a text file that browsers and normal text editors showed to be blank.

Opening the same file in a hex editor—a tool for analyzing and forensically investigating binary files—showed that a combination of tabs, spaces, and new lines were arranged in a way that encoded executable code"

I hate it.
#security

https://arstechnica.com/security/2024/01/ars-technica-used-in-malware-campaign-with-never-before-seen-obfuscation/

To clarify (shot):
Okta says its support system was breached using stolen credentials

https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/

and (chaser -- maybe):
1Password discloses security incident linked to Okta breach

#security #okta #sso
https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/

FWIW Pop!_OS picked up the libcue2 update in a timely fashion

#linux #security

Not in a car, not near or far
I do not want infotainment anywhere

Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking

#security #cars #8track4ever
https://www.theregister.com/2023/08/14/ford_sync_vulnerability/

I'm just finding out that 1)Target (stores) has a tech blog and 2) they've created and open sourced a credit card skimmer-detector.

#security #skimmer
https://tech.target.com/blog/cybersecurity-easysweep

Good thing Google got out of the domain business. The .zip idea was...bad.

A simple uBlock Origin* rule can block all zip domains:
My Filters:

||zip^

*A browser extension that filters out ads, cruft, and surveillance-y web content.

https://duckduckgo.com/?q=.zip+domain+malware

nosanitize
#security #sanity #www

Pretty slick phish from what appears to be GoDaddy, confirming $400 charge for domains.

But.

I don't do business with that company under any circumstances.

PSA: keep the shields up and the laser sharks at full power.

#phishing #security #pewPew

"the Trump administration’s response to foreign threats against his communications has been unilateral disarmament. But go read Vastakis’s resignation letter—and his warnings of security risks—for yourself."

A Security Failure in the White House - Lawfare
https://www.lawfareblog.com/security-failure-white-house

#infosec #security #fail