@wh1skeytang0
Hey there, welcome to the #cososec community.

Hey #cososec - what encoding is this?

https://pastebin.com/bkYGU35c

We Hacked Apple for 3 Months: Here’s What We Found
https://samcurry.net/hacking-apple/

#cososec

#cososec
This is a pretty big problem.

“Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication,”

Unpatched Apple T2 Chip Flaw Plagues Macs | Threatpost
https://threatpost.com/apple-t2-flaw-macs/159866/

Stop the EARN IT Bill Before It Breaks Encryption | EFF Action Center
https://act.eff.org/action/stop-the-earn-it-bill-before-it-breaks-encryption-a7904e20-2083-4d5e-88ae-44ee5fef7a5d

#cososec

This is bad news for people who use Google services. #cososec

//

GitHub - mxrch/GHunt: 🕵️‍♂️ Investigate Google Accounts with emails.
https://github.com/mxrch/GHunt

Century Link, you've got some 'splaining to do! #cososec

The multi-state 911 outage happened because Century Link wasn't filtering bad packets. One single NIC was enough to bring down 15 datacenters.

https://twitter.com/GossiTheDog/status/1079144491238469638​

I made a guide for setting up a Pi-hole with Unbound DNS resolver. I tried to include everything you need to start from scratch.
https://txt.fyi/-/20206/2d6d8f1e/

#cososec​
#cosotech​

SAN FRANCISCO (Reuters) - Tyler Technologies (TYL.N), whose products are used by U.S. states and counties to share election data, said on Wednesday that an unknown party had hacked its internal systems.

Tyler, whose platforms are used by elections officials to display voting results, among other tasks, confirmed the breach in an email to Reuters after warning clients in an email earlier in the day.

https://www.reuters.com/article/uk-tyler-tech-cyber-idUSKCN26F02S

#cososec

Blacklight

A Real-Time Website Privacy Inspector
By Surya Mattu

Who is peeking over your shoulder while you work, watch videos, learn, explore, and shop on the internet? Enter the address of any website, and Blacklight will scan it and reveal the specific user-tracking technologies on the site—and who’s getting your data. You may be surprised at what you learn.

https://themarkup.org/blacklight

#cososec

Prepare for the Worst and Fight for the Best: A Citizen’s Guide to 2020 Electoral Interference
https://www.justsecurity.org/72491/prepare-for-the-worst-and-fight-for-the-best-a-citizens-guide-to-2020-electoral-interference/

#cososec

I wonder which ports are being scanned for a response this fast. Clearly not all of them. #cososec

///

Quickly check if your IP is exposing any ports to the Internet by visiting https://me.shodan.io

If you see a 404 page then you don't have anything exposed!

https://twitter.com/shodanhq/status/1308110245055660032

GTFO. #cososec

Microsoft Sysmon now logs data copied to the Windows Clipboard
https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-logs-data-copied-to-the-windows-clipboard/

These all sound like great changes. I'm especially looking forward to permissions reset and scoped storage.

Android 11 — 5 New Security and Privacy Features You Need to Know
https://thehackernews.com/2020/09/android-11-security-privacy.html

#cososec

Hell no. #cososec

Secure password management part 4 - Why password managers are not the best solution for everyone
https://johnopdenakker.com/secure-password-management-password-managers-not-the-best-solution-for-everyone/

#cososec

More SMS phishing.
#cososec

Sure, this looks legit. #cososec

Now you can detect malicious USB cables with this device.
#cososec

https://twitter.com/_MG_/status/1297932531640094723

Anyone else noticing a sharp increase in spam calls lately? Now I'm also getting occasional spam texts with work from home propositions.

Numbers keep changing, of course. Are there any good mitigation strategies?

#cososec