Show more
⇄ Σ = Mᄃ² ⇆  

🤦‍♂️

The Electoral Commission has confirmed it failed a basic cyber-security test around the same time hackers gained entry to the organisation.

A whistleblower told the BBC that the Commission was given an automatic fail during a Cyber Essentials audit.

bbc.co.uk/news/technology-6670

0
⇄ Σ = Mᄃ² ⇆  

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

youtu.be/mIx_chLuVCI

1
⇄ Σ = Mᄃ² ⇆  

Equipment manufacturers commonly employ uncomplicated passwords like "admin" or "password" for all their shipped devices, with the assumption that users will modify these passwords during the initial configuration process

always change that default password ALWAYS on everything that has one

Some customers of LogicMonitor, a network security firm, have been compromised by hacking attacks due to their use of default passwords.

cysecurity.news/2023/09/defaul

1+
⇄ Σ = Mᄃ² ⇆  

Prompt injection refers to a technique where users input specific prompts or instructions to influence the responses generated by a language model like ChatGPT.

threat actors mainly use this technique to mod the ChatGPT instances for several malicious purposes

gbhackers.com/hackers-compromi

An independent security researcher recently developed and launched a new tool “promptmap” that will enable users to test the prompt injection attacks on ChatGPT instances.

github.com/utkusen/promptmap

0
⇄ Σ = Mᄃ² ⇆  

A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens.

The group uses iMessage to send package-tracking text scams, aiming to collect personally identifying information (PII) and payment credentials for identity theft and credit card fraud.

infosecurity-magazine.com/news

1
⇄ Σ = Mᄃ² ⇆  

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

welivesecurity.com/en/eset-res

0
⇄ Σ = Mᄃ² ⇆  

How Cybercriminals Abuse For Fraudulent Activities

Among the methods employed by cyber-criminals to gain unauthorized access to user accounts, session cookies play a significant role

Cyber-criminals purchase stolen Airbnb account cookies from underground forums, granting them unauthorized entry without needing valid usernames and passwords. Though short-lived, these stolen access windows are swiftly exploited by attackers.

report

slashnext.com/blog/how-cybercr

0
⇄ Σ = Mᄃ² ⇆  

Five Eyes agencies have issued a joint report on the malware used recently by Russian state-sponsored hackers to target Android devices belonging to the Ukrainian military.

securityweek.com/five-eyes-rep

The new malware, named Infamous Chisel, is actually a collection of components designed to provide persistent backdoor access to compromised Android devices over the Tor network, and enable the attackers to collect and exfiltrate data.

(PDF URL)

ncsc.gov.uk/static-assets/docu

0
⇄ Σ = Mᄃ² ⇆  

Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.

And, the Google-owned team warned, it's not over yet

Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks

theregister.com/2023/08/30/man

1
⇄ Σ = Mᄃ² ⇆  

Hackers Can Silently Grab Your IP Through Skype.

(by simply sending a link over the Skype mobile app)

Microsoft Is In No Rush to Fix It

404media.co/hackers-find-your-

1
⇄ Σ = Mᄃ² ⇆  

VULNERABILITY:
Firefox only stores up to 1024 HSTS entries.
When the limit is reached, Firefox discards entries based on their age and recent visits to the domain in question.

.

seclists.org/fulldisclosure/20

1
⇄ Σ = Mᄃ² ⇆  

Researchers at cybersecurity company Deep Instinct developed three new attacks to elevate privileges on a Windows machine without leaving too much evidence and without being detected by numerous security products.

bleepingcomputer.com/news/secu

0
⇄ Σ = Mᄃ² ⇆  

We are excited to let you know that we have updated the hashing function in Tutanota to Argon2 - the most secure algorithm. This is the first step on our road of becoming a post-quantum secure email provider as this hashing function can generate much larger encryption keys used to secure your Tutanota emails, calendars and contacts.

tutanota.com/blog/best-encrypt

0
⇄ Σ = Mᄃ² ⇆  

Data Breach

Duolingo
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum.

bleepingcomputer.com/news/secu

1+
⇄ Σ = Mᄃ² ⇆  

Update now! WinRAR files can be abused to run malware

Users should install the latest version (WinRAR 6.23 or later) at their earliest convenience.

The update release notification states that another vulnerability was fixed, described as:

“WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive.”

win-rar.com/singlenewsview.htm

1
⇄ Σ = Mᄃ² ⇆  

Security News This Week:

US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

Plus: New research reveals the strategies hackers use to hide their malware distribution system, and companies are rushing to release mitigations for the “Downfall” processor vulnerability on Intel chips.

wired.com/story/qr-codes-phish

0
⇄ Σ = Mᄃ² ⇆  

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts.

In many of the examples we saw the new email address was linked to the Russian “rambler.ru” service. This does not necessarily mean the attack is originating from Russia

cont.....

1
⇄ Σ = Mᄃ² ⇆  

An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023.

The four-month operation spanned 25 African countries and disrupted over 20,000 cybercrime networks engaged in extortion, phishing, BEC, and online scams, responsible for financial losses of over $40,000,000.

interpol.int/en/News-and-Event

1
⇄ Σ = Mᄃ² ⇆  

Unless properly configured, most browsers contain lots of private information that can be exploited – or simply collected – by various third parties:

“private” or “incognito” browsing will not protect you

12 Secure Browsers That Protect Your Privacy in 2023

restoreprivacy.com/browser/sec

1+
⇄ Σ = Mᄃ² ⇆  

Quit MS Outlook - Now You've Got More Reason Than Ever

No other email service compares to the level of security of Tutanota email clients

security vulnerabilities discovered in Outlook and other Microsoft tools - and these are only part of a long line of security issues reported about MS Outlook.

tutanota.com/blog/quit-ms-outl

0
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

300

ai

209

linux

88

podcasts

76

cybercrime

38

scotspolitics

23

cosotips

20

privacy

14

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…