Ubiquiti customers - heads up.

I really hate linking to this person's site, this is apparently an exclusive story. #cososec

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Rachel mentions a nice side benefit of using a password manager.

#cososec

PSA: Never do personal business on an enterprise managed device. These are the management permissions for Chrome on all our organization's devices. There is likely much more behind the scenes.

#cososec

Android Users: Are you experiencing multiple unexplained app crashes today?

Here is the solution that worked for me:

https://www.reddit.com/r/techsupport/comments/mb24zj/multiple_apps_keep_crashing_on_android_phone/

#cososec
#cosotech

Oh, wow. The cover of the new issue of 2600 is quite on point.
#cososec

https://twitter.com/JamesConley/status/1374037816007659520

The Problem With Privacy

Trapped in a global surveillance society, we’ve lost sight of what privacy actually means. To reclaim its value, we must reconsider what we want to protect.

https://theprivacyissue.com/privacy-and-society/problem-with-privacy

#cososec

🚨 #CoSoSec 🚨

A Hacker Got All My Texts for $16

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber

It's that time once again where my IT department is making us change our passwords. I really wish they would abandon this outmoded practice and enforce better password requirements and MFA instead.

#cososec

This is why I only use Chrome Browser when forced to. #cososec

(Yes, I know this is a promoted tweet, but the content is important.)

https://twitter.com/DuckDuckGo/status/1371509053613084679

Bitwarden now has an encrypted text / file sharing service. Only the sender needs to have a Bitwarden account.

Bitwarden Send | Bitwarden
https://bitwarden.com/products/send/

#cososec

Question for the #cososec and hacking community here:

Do you think this is a risky thing to make this much noise about? I suspected it was more than a data scrape, but I am surprised to see her come out with this level of detail.
https://twitter.com/donk_enby/status/1370053545857323018

Anyone who runs a Roku and has a Pi-hole on their network:

I came across some good regex blocking for it. Let me know if you want it, and I'll toss it in a paste as it can't be posted here.

#cososec

Google SEO algorithm tricked by malware to legitimise fake sites

A five-year old malware strain is tricking Google's famed Search Engine Optimisation (SEO) algorithm into believing that fake sites are legitimate, thereby enabling such sites to climb to the top of search results.

https://www.computing.co.uk/news/4027928/google-seo-algorithm-tricked-malware-legitimise-fake-sites

#cososec

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app? • The Register
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

#cososec

^
https://francoisbest.com/horcrux

#cososec

Finally, Bitwarden gets some love from one of the tech blogs. This is a pretty decent startup guide.

I recommend adding two-step login. I use Authy, which can be used with a free BW account.

//

Why You Should Switch From LastPass to Bitward's Password Manager
https://lifehacker.com/bitwarden-is-now-the-best-free-alternative-to-lastpass-1846289833

#cososec

Kia Motors Hit With $20M Ransomware Attack

https://threatpost.com/kia-motors-ransomware-attack/164085/

#cososec

A few more details on the Parler > SkySilk > CloudRoute connection.

//

Parler says it’s back without “Big Tech” after being kicked off Amazon | Ars Technica
https://arstechnica.com/tech-policy/2021/02/parler-says-its-back-without-big-tech-after-being-kicked-off-amazon/

#cososec

Does anyone know if any of the major LMS systems have been attacked over the past year? I feel like it wouldn't take much to knock them over given the high loads they are already under.

White I hope that it doesn't happen, it feels inevitable.

#cososec

Signal ignores proxy censorship vulnerability, bans researchers
https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/

#cososec