Stop using Facebook and Instagram.

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ | Threatpost
https://threatpost.com/facebook-ios-tracks-anything/180395/

#cososec

I gotta say, Wireguard wipes the floor with OpenVPN. So glad I switched.

#cososec

This post addresses the "eggs in one basket" argument people make against using password managers.

About eggs and baskets - password managers
https://johnopdenakker.com/about-eggs-and-baskets-password-managers/

#cososec

Someone on my street made their exact street address their SSID.

Also, a lot of nearby Bluetooth Low Energy devices aren't nearly "low energy" enough.

#cososec

Hacker selling Twitter account data of 5.4 million users for $30k
https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/

#cososec

The sent/received metadata but with the actual messages missing on the USSS agents' phones could have two possible explanations:

1. They were using a messaging app with the disappearing / exploding messages feature turned on. Most of the popular encrypted messaging apps have this option.

2. If not option 1 - whether they used an encrypted messenger or regular SMS, the messages were specifically and intentionally deleted.

#cososec #jan6 #hearings

New documents reveal ‘huge’ scale of US government’s cell phone location data tracking | TechCrunch
https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking/

#cososec

To anyone out there still using face unlock, STOP. #cososec

The FBI Forced A Suspect To Unlock Amazon’s Encrypted App Wickr With Their Face
https://www.forbes.com/sites/thomasbrewster/2022/07/19/fbi-forces-open-amazon-wickr-app-with-a-suspects-face/

Paging COSO Hive Mind:

I am interested in installing a WiFi thermostat for remote control, scheduling, multiple users, and potential energy savings.

Google Nest Thermostat ticks all the boxes, and for a good price. Are there any serious security concerns with current models beyond the usual Google stuff? The exploits I'm reading about are all from 2014-2016.

It would be on an isolated VLAN, and my pi-hole would minimize the data sent to the Googleship.

Thoughts? Better options?

#cososec

OK, infosec pros: Is this the panacea so many are making it out to be? I understand the benefits, but I am concerned with the greater reliance on biometrics. Unless they bring back iris scanning on phones [pouring one out for my GS8].

//

Tech giants want to kill off passwords. Here's why they think passkeys will change the world, and what that means for you - ABC News
https://www.abc.net.au/news/2022-07-14/tech-giants-passwords-passkeys-apple-google-microsoft/101184382

#cososec

This is a comprehensive data security audit of iOS and Android devices.
#cososec

Data Security on Mobile Devices
https://securephones.io/

It bears repeating: If you care about your privacy, STOP USING CHROME.
#cososec

Google 'private browsing' mode not really private, Texas lawsuit says | Reuters
https://www.reuters.com/legal/litigation/google-private-browsing-mode-not-really-private-texas-lawsuit-says-2022-05-19/

U.S. Healthcare Orgs Targeted with Maui Ransomware | Threatpost

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks.

https://threatpost.com/healthcare-maui-ransomware/180154/

#cososec

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday.

https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/

#cososec

I'm doing a required phishing awareness training from my school district this morning. Should be fun. #cososec

If your car gets broken into with no sign of forced entry, this may be how it was done.
#cososec

RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems - Black Hat USA 2022 | Briefings Schedule
https://www.blackhat.com/us-22/briefings/schedule/index.html#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185

Twitter insists you add an email to your account in order to enable 2FA. Nope. I'm not giving them my phone number or email.

The workaround is to use an email forwarding service. I've been using https://simplelogin.io/ which is dead simple to use, and the free tier gives you quite a lot to work with.

Boom. 2FA enabled, and without Twitter ever knowing my real email address.

#cososec

Paying Ransomware Paints Bigger Bullseye on Target’s Back | Threatpost
https://threatpost.com/paying-ransomware-bullseye-back/179915/

#cososec

🚨
Marriott Data Breach Exposes PII, Credit Cards
https://www.darkreading.com/attacks-breaches/marriott-data-breach-pii-credit-cards

#cososec

Holy hell. TikTok is way worse than we thought it was. #cososec

https://twitter.com/BrendanCarrFCC/status/1541823585957707776