Show more
⇄ Σ = Mᄃ² ⇆  

A performance-sapping conflict between Mozilla Firefox and Microsoft Defender was first discussed on Bugzilla half a decade ago.

However, Firefox users can now rejoice, as Mozilla devs and Microsoft worked together to release an update to MsMpEng.exe (a core process of Windows Defender), which is currently being rolled out

/nosanitize

bugzilla.mozilla.org/show_bug.

1
⇄ Σ = Mᄃ² ⇆  

While car hacking is hardly new, in a blog post published April 3, Ken Tindell, CTO of Canis Automotive Labs, described how attackers manipulated an electronic control unit (ECU) in a Toyota RAV4's headlight to gain access to its CAN bus, through which they were able to, ultimately, steal the vehicle

kentindell.github.io/2023/04/0

That's an approach that hasn't been seen before

1
⇄ Σ = Mᄃ² ⇆  

After Meta (Facebook and Instagram) switched the legal basis for targeting advertising from automatic consent to opt-out, privacy watchdog noyb has built a tool for users to opt out of targeted advertising and various other claims made by Meta in an easy and legally sound way.

noyb.eu/en/no-bullsht-opt-out-

1
⇄ Σ = Mᄃ² ⇆  

A new kind of arms race is underway to develop technologies that leverage generative AI to create thousands of malicious text and voice messages, Web links, attachments, and video files. The hackers are seeking to exploit vulnerable targets by expanding their range of social engineering tricks.

It Takes AI Security to Fight AI Cyberattacks

New threats from generative AI demand a generative AI security response.

darkreading.com/attacks-breach

1
⇄ Σ = Mᄃ² ⇆  

Police arrested 119 individuals and conducted 208 searches and interviews across the globe,

Cops put the squeeze on Genesis crime souk denizens, not just the admins this time

theregister.com/2023/04/05/gen

Also today, in a related action the US Treasury issued sanctions against Genesis Market

home.treasury.gov/news/press-r

1+
⇄ Σ = Mᄃ² ⇆  

“Operation Cookie Monster”

Genesis - shop closed

therecord.media/genesis-market

Alexander Leslie, an associate threat intelligence analyst with Recorded Future, wrote in a Twitter thread Tuesday that Genesis was “one of the world’s largest ‘log’ shops,”

twitter.com/aejleslie/status/1

In an February 2020 analysis, Israeli security researcher Alon Gal reported that, at the time, the site was offering 230,000 “infected computers you can buy the logs from.”

underthebreach.medium.com/gene

1
⇄ Σ = Mᄃ² ⇆  

Hackers Can Remotely Open Smart Garage Doors Across the World

security researcher found a series of vulnerabilities with the Nexx brand of smart garage openers. says he could remotely find garages to target, and then open them across the internet.


vice.com/en/article/pkadqy/hac

0
⇄ Σ = Mᄃ² ⇆  

Uber faces various cyber attacks that result in the disclosure of employee email addresses, company reports, and information related to IT assets.

The servers of Genova Burns, a legal services firm, have been compromised, resulting in the theft of driver data belonging to the company

gbhackers.com/uber-driver-data

0
⇄ Σ = Mᄃ² ⇆  

Scammers Can Use AI to Fake Anyone’s Voice

It didn't take long for scammers to start using AI "voice cloning" to fool people.

As you can see from this NBC News report, it’s easy to grab samples of a person’s voice from social media and use it to generate anything you want to say

nbcnews.com/nightly-news/video

1+
⇄ Σ = Mᄃ² ⇆  

Good news for those seeking online privacy and anonymity as Mullvad Browser is now available for free download.

and the Tor Project have partnered to launch the Mullvad Browser, a new privacy-focused web browser. The browser has been developed to offer users a secure browsing experience and to minimize tracking and fingerprinting.

The Mullvad browser is available for free and can be downloaded on Windows, MacOS, and Linux platforms.

mullvad.net/download

1+
⇄ Σ = Mᄃ² ⇆  

Western Digital shuts down several of its services after discovering a network security breach.

status.mycloud.com/os4

impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.

In a press release issued on April 3, the company said it’s responding to an ongoing network security incident that involves an unauthorized third party gaining access to “a number” of its systems.

securityweek.com/western-digit

0
⇄ Σ = Mᄃ² ⇆  

New ‘Hack the Pentagon’ website helps DoD organizations launch bug bounty programs and recruit security researchers.

hackthepentagon.mil/

launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), is meant as a companion for the DoD’s long-running bug bounty program with the same name.

securityweek.com/us-defense-de

0
⇄ Σ = Mᄃ² ⇆  

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

thehackernews.com/2023/04/cryp

0
⇄ Σ = Mᄃ² ⇆  

a Sim-Swap tail - credit card & phone theft

businessinsider.com/credit-car

How to Protect Yourself Against a SIM Swap Attack

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

wired.com/story/sim-swap-attac

0
⇄ Σ = Mᄃ² ⇆  

On Wednesday night, news broke that VoIP communications company 3CX was compromised

A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.

bleepingcomputer.com/news/micr

0
⇄ Σ = Mᄃ² ⇆  

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.

Wiz researchers found that when creating an application in Azure App Services and Azure Functions, the app can be mistakenly configured to allow users from any Microsoft tenant, including public users, to log in to the application.

wiz.io/blog/bingbang

1
⇄ Σ = Mᄃ² ⇆  

Hackers compromise 3CX desktop app in a supply chain attack

3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

bleepingcomputer.com/news/secu

1
⇄ Σ = Mᄃ² ⇆  

Researchers from Google's Threat Analysis Group (TAG) have discovered two separate, highly-targeted campaigns that use various, unpatched zero-day exploits against users of both iPhone and Android smartphones to deploy spyware.(Chrome also)

initial access attempts that affect both Android and iOS that were delivered via bit.ly links sent over SMS

Also Samsung Browser Cyber-Espionage Campaign includes a complete exploit chain

blog.google/threat-analysis-gr

1
⇄ Σ = Mᄃ² ⇆  

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022.

thehackernews.com/2023/03/troj

0
⇄ Σ = Mᄃ² ⇆  

Apple patches everything, including a zero-day fix for iOS 15 users

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too

nakedsecurity.sophos.com/2023/

0
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

300

ai

209

linux

88

podcasts

78

cybercrime

38

scotspolitics

23

cosotips

20

privacy

14

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…