Show more
⇄ Σ = Mᄃ² ⇆  

ICYMI

EU cancels vote on child sexual abuse law amid encryption concerns

politico.eu/article/eu-council

the breaking of encryption to allow client-side scanning will not be possible.

This is a huge win for online privacy and digital security!

dozens of Parliament members wrote to the EU Council to express their opposition to the proposal

netzpolitik.org/2024/chatkontr

1
⇄ Σ = Mᄃ² ⇆  

Australia could be the first of the Five Eyes to abolish end-to-end encryption.

Tuta signed a joint statement defending end-to-end encryption in the EU

tuta.com/blog/joint-statement-

which was under threat again by Chat Control

tuta.com/blog/chat-control

but yesterday failed to get the needed majority in the EU Council! Now Tuata hope to have a similar impact on the reviewing process of the Australian Online Safety Act

Joint statement/press release

accessnow.org/press-release/jo

1
⇄ Σ = Mᄃ² ⇆  

Coding error in forgotten API blamed for massive data breach

Australian telco Optus allegedly left redundant website with poor access controls online for years

theregister.com/2024/06/21/opt

Wednesday court filing [PDF]

comcourts.gov.au/file/Federal/

includes an account of the incident penned by Australia's Communications and Media Authority (ACMA), which is using its regulatory powers to pursue Optus.

0
⇄ Σ = Mᄃ² ⇆  

Meanwhile:

The US has announced plans to ban the sale of antivirus software made by Russian firm Kaspersky due to its alleged links to the Kremlin.

bbc.com/news/articles/ceqq7663

The plan will effectively bar downloads of software updates, resales and licensing of the product from 29 September and new business will be restricted within 30 days of the announcement.

0
⇄ Σ = Mᄃ² ⇆  

Social Engineering Scams Help Spark Uptick in Cybercrime

Notably, Gen Z and millennial employees are less confident identifying and responding to cyber threats than their older colleagues.

wired.com/sponsored/story/soci

1
⇄ Σ = Mᄃ² ⇆  

oh forgot this one

This application acts as an intermediary when opening url links. When you do so, a window containing information about the url is displayed, allowing you to make changes to it as well.
Specially useful when you need to open an external link either from an email, a social network app or others.

github.com/TrianguloY/UrlCheck

1
⇄ Σ = Mᄃ² ⇆  

An offline password manager - peace of mind that your data won't ever be involved in a data breach - KeepassDX which stores the vault in the keepass format just on my device (offline). I'm just using Syncthing to sync the vault to my other devices and also backup :)

download

github.com/Kunzisoft/KeePassDX

website

keepassdx.com/

1
⇄ Σ = Mᄃ² ⇆  

Ransomware criminals have quickly weaponized an easy-to-exploit vulnerability in the PHP programming language that executes malicious code on web servers, security researchers said.

affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing

censys.com/cve-2024-4577-pt2/

This configuration is extremely rare, with the exception of the XAMPP platform, which uses it by default

1
⇄ Σ = Mᄃ² ⇆  

A recently developed phishing campaign has emerged, leveraging the Windows Search protocol to deliver malicious scripts to unsuspecting users. This sophisticated attack uses HTML attachments to exploit the search-ms URI, pushing harmful batch files hosted on remote servers.

trustwave.com/en-us/resources/

The Windows Search protocol is a Uniform Resource Identifier (URI) that allows applications to open Windows Explorer and perform searches with specific parameters.

0
⇄ Σ = Mᄃ² ⇆  

Meanwhile:

(APK teardown) While digging through the Play Store (version 41.4.19), seems Google is working on a way to further protect users from malicious APKs. If the Play Store is suspicious of an APK, you’ll now be required to enter a PIN or submit biometric authentication before you’ll be able to install the APK.

This be for for APKs that Google thinks are malicious that didn’t come from the Play Store itself mostly - It's unclear when Google will roll the feature out.

1
⇄ Σ = Mᄃ² ⇆  

ICYMI

Update now! Google Pixel vulnerability is under active exploitation

malwarebytes.com/blog/news/202

Updates to address this issue are available for supported Pixel devices, such as Pixel 5a with 5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, and Pixel Fold.

0
⇄ Σ = Mᄃ² ⇆  

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day.

source.android.com/docs/securi

The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.

The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be under limited, targeted exploitation."

1+
⇄ Σ = Mᄃ² ⇆  

ProTip: -If you change your username inform the company you work at << 101

cautionary tale

twitter.com/zachxbt/status/180

0
⇄ Σ = Mᄃ² ⇆  

GitHub phishing campaign wipes repos, extorts victims

The phishing comments purport to be from GitHub staff offering the user a job or alerting the user to a supposed security breach

scmagazine.com/news/github-phi

0
⇄ Σ = Mᄃ² ⇆  

A special phone, made from top-to-bottom with privacy, hidden apps and encryption to protect your data from prying eyes. Sounds great, right? There's only one problem: It has a secret back door that funnels everything you do to law enforcement.

Privacy journalist Joseph Cox shares the complicated story of how a secret operation to stop drug traffickers and murderers only lead to a cycle of more crime - and a massive invasion of privacy.

youtu.be/YSWZYu3wpG8

1
⇄ Σ = Mᄃ² ⇆  

Microsoft’s Recall Feature Is Even More Hackable Than You Thought

James Forshaw, a researcher with Google's Project Zero vulnerability research team, published an update to a blog post pointing out that he had found methods for accessing Recall data without administrator privileges

tiraniddo.dev/2024/06/working-

1
⇄ Σ = Mᄃ² ⇆  

Anyhooooo another day another breach/leak

Billions of personal records on millions of Americans may soon end up on the internet as attackers are planning to leak info stolen from a background check and person lookup and verification company.

cybernews.com/news/americans-h

Attackers supposedly provided Vx-underground with a massive data sample weighing over 277GB, which included what appears to be legitimate data

1+
⇄ Σ = Mᄃ² ⇆  

Thousands of documents, which appear to come from Google’s internal Content API Warehouse, were released March 13 on Github by an automated bot called yoshi-code-bot

github.com/yoshi-code-bot/elix

Google Search document leak reveals inner workings of ranking algorithm
The documents reveal how Google Search is using, or has used, clicks, links, content, entities, Chrome data and more for ranking.

1
⇄ Σ = Mᄃ² ⇆  

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span(back in October)

report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain

The Pumpkin Eclipse

blog.lumen.com/the-pumpkin-ecl

1
⇄ Σ = Mᄃ² ⇆  

The US and Europe have separately announced major takedowns of cybercrime networks that defrauded people of billions.

databreaches.net/2024/05/31/op

1
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

298

ai

209

linux

88

podcasts

75

cybercrime

38

scotspolitics

23

cosotips

20

privacy

13

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…