Show more
Stand with 🇮🇱 🇺🇦  


🚨 Scam Alert 🚨

There’s a scam app claiming to be Midjourney, and it’s charting in the App Store.

Midjourney Scam App

mjtsai.com/blog/2022/10/10/mid

0
Stand with 🇮🇱 🇺🇦  


Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured

"This is one of the conundrums at the heart of all cybersecurity: Perfection is not possible, but risk is not easily quantifiable. ... But unless regulators are prepared to quantify how far short of perfection entities may fall in complying with a cybersecurity requirement, there is nothing to measure.

By Jim Dempsey

lawfareblog.com/cybersecurity-

0
Stand with 🇮🇱 🇺🇦  

October Is Cybersecurity Awareness Month.

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don’t think I’ve ever mentioned it before. But the memes can be funny.

Here’s a decent rundown of some of the chatter.

~ Bruce Schneier

archive.ph/PanwJ

0
Stand with 🇮🇱 🇺🇦  

New Folks

Some of my favorite Hashtags






Just type them into the search box, (just above the text entry box),
And a new column will appear on the right, you can then "pin" that and make it permeant.

1
Stand with 🇮🇱 🇺🇦  

This is a wild story.

Security Vulnerabilities in Covert CIA Websites

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.”

news.yahoo.com/cias-communicat

And

reuters.com/investigates/speci

And

citizenlab.ca/2022/09/statemen

1
Stand with 🇮🇱 🇺🇦  

Prompt Injection/Extraction Attacks against AI Systems
This is an interesting attack I had not previously considered.
The variants are interesting, and I think we’re just starting to understand their implications.

simonwillison.net/2022/Sep/16/

And

mobile.twitter.com/mkualquiera

0
Stand with 🇮🇱 🇺🇦  

Deepfake audio has a tell – researchers use fluid dynamics to spot artificial imposter voices.

"This realization demonstrates that deepfake audio, even when convincing to human listeners, is far from indistinguishable from human-generated speech. By estimating the anatomy responsible for creating the observed speech, it’s possible to identify the whether the audio was generated by a person or a computer."

By Logan Blue, Patrick Traynor

theconversation.com/deepfake-a

1+
Stand with 🇮🇱 🇺🇦  

Ya know when that lack of internal security gets noticed by the NYT's... you have really "screwed the pooch"

It looks like a pretty basic phishing attack; And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything.

This is the same thing that Mudge accuses Twitter of: too many employees have broad access within the company’s network.

archive.ph/S0qha

0
Stand with 🇮🇱 🇺🇦  

Simon Willison on GPT-3 prompt injection attacks

The raid on the Remoteli bot was hilarious, demonstrating its potential for exploits.

simonwillison.net/2022/Sep/12/

0
Stand with 🇮🇱 🇺🇦  

Even More


Mac OS only

Interpreting XProCheck’s results and problems.

With the release of XProCheck 1.1 and its new feature to perform XProtect Remediator malware scans on demand, I’m getting more experienced at interpreting their results. Here are my current suggestions.

eclecticlight.co/2022/09/16/in

0
Stand with 🇮🇱 🇺🇦  

Note this is how you handle bad reporting

Krebs on Security
Final Thoughts on Ubiquiti

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false information to the press.

(I believe they have pulled all the original reporting off their site)

krebsonsecurity.com/2022/08/fi

0
Stand with 🇮🇱 🇺🇦  

Teslas Hackers Have Found Another Unauthorized Access Vulnerability

It borrows tricks from typical radio-frequency relay attacks, but the implementation is exclusive to the most modern cars.

By Steve DaSilva

jalopnik.com/teslas-hackers-ha

And

act-on.ioactive.com/acton/atta

0
Stand with 🇮🇱 🇺🇦  

More


Mac OS only

XProCheck 1.1 can now run XProtect Remediator scans on demand.

eclecticlight.co/2022/09/15/xp

1
Stand with 🇮🇱 🇺🇦  

The Search for Dirt on the Twitter Whistle-Blower.

Many of Peiter (Mudge) Zatko’s former colleagues have received offers of payment for information about him.

By Ronan Farrow

newyorker.com/news/news-desk/t

1+
Stand with 🇮🇱 🇺🇦  

(a week old , but new to me)

New Linux malware combines unusual stealth with a full suite of capabilities.

Dubbed Shikitega by the AT&T Alien Labs researchers who discovered it, the malware is delivered through a multistage infection chain using polymorphic encoding. It also abuses legitimate cloud services to host command-and-control servers. These things make detection extremely difficult.

Dan Goodin

arstechnica.com/information-te

And

cybersecurity.att.com/blogs/la

0
Stand with 🇮🇱 🇺🇦  

From Bruce Schneier

Responsible Disclosure for Cryptocurrency Security

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software.

lawfareblog.com/rethinking-res

(He doesn’t have any good ideas to fix this. I don’t either. Just add it to the pile of blockchain’s many problems.)

schneier.com/blog/archives/201

1
Stand with 🇮🇱 🇺🇦  


Web Pages Can Overwrite Your Clipboard

Jeff Johnson:

Chrome is currently the worst offender, because the user gesture requirement for writing to the clipboard was accidentally broken in version 104. A public demonstration of the brokenness has been posted on Web Platform News. If you simply visit the demonstration page in Google Chrome or a Chromium browser, then your system clipboard will be overwritten with the text below.

lapcatsoftware.com/articles/cl

0
Stand with 🇮🇱 🇺🇦  


Mac OS only

This is a follow up on XProtect Remediator.
Here is nice little utility that examines Mac OS logs and tells you all the times XProtect Remediator has run. And what if anything it found

XProCheck: a new utility to inspect anti-malware scans

eclecticlight.co/2022/09/05/xp

1
Stand with 🇮🇱 🇺🇦  


Mac OS only

I first reported on the arrival of XProtect Remediator. Now the flames are dying down, it’s time to consider some of the more important questions all that clamour and discussion has raised.

What is considerably more concerning, though, is how the user gets to know of what XProtect Remediator is up to. Let’s say one of its scans did detect malware such as XCSSET (DubRobber), and try to remediate it. How would you know?

eclecticlight.co/2022/09/04/la

1
Stand with 🇮🇱 🇺🇦  

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics.

DoD Microelectronics: Levels of Assurance Definitions and Applications.

Author(s)
National Security Agency
Cybersecurity Directorate
Joint Federated Assurance Center

media.defense.gov/2022/Jul/14/

1
Show more

Stand with 🇮🇱 🇺🇦
@[email protected]

cosomusic

3.78K

cosobooks

1.47K

cososcience

1.27K

cososec

740

books

736

cosoenvironment

592

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…