Show more
ᏤⵁŁ₮ƦⵁИł€  

These bank phishing emails are getting convincing. I just got one that looked like it came from my bank, saying my online access was suspended temporarily because of too many incorrect password entries. It asked me to log in and confirm my info.

I could definitely see a lot of people falling for this, but there were some clear red flags:

1. It was sent from some random email account.
2. It was sent to an email that has not been associated with my bank account for a very long time.

1+
ᏤⵁŁ₮ƦⵁИł€  

Need to send files securely? Check out this excellent fork of Send, originally a Mozilla project:

github.com/timvisee/send

Here are the instances, each of which have different capabilities. Two of them allow transfers of up to 20 GB!!

github.com/timvisee/send-insta

1+
ᏤⵁŁ₮ƦⵁИł€  

Well this could keep you busy for a long time.

Don't do anything stupid, friends.

github.com/Z4nzu/hackingtool

1+
ᏤⵁŁ₮ƦⵁИł€  

The August LastPass breach is worse than we thought. I've seen enough. If you use this service, time to dump them.

twitter.com/SwiftOnSecurity/st

1+
ᏤⵁŁ₮ƦⵁИł€  

SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking

A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.

darkreading.com/application-se

1
ᏤⵁŁ₮ƦⵁИł€  

Here is a great way to remove all kinds of bloatware and other packages from your phone or tablet. It requires a little bit of technical knowledge, but very simple if you read the directions.

Basically it reads all the installed packages on your phone. You click one to get a description, and can remove individually or in bulk. You could use adb commands in the console, but would not get the helpful descriptions so this way may be safer.

forum.xda-developers.com/t/202

1
ᏤⵁŁ₮ƦⵁИł€  

Apple iOS analytics are shown to *personally identify* users, despite Apple's statements to the contrary.

"Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you."

threadreaderapp.com/thread/159

0
ᏤⵁŁ₮ƦⵁИł€  

DraftKings accounts have been compromised, even with 2FA enabled and no evidence of SIM swaps

twitter.com/RachelTobac/status

1
ᏤⵁŁ₮ƦⵁИł€  

Google Pixel vulnerability allows lock screen bypass using a pin-locked SIM.

Patched in November 5 2022 security update. Pixel owners: Make sure you are on the latest update!

bugs.xdavidhu.me/google/2022/1

1+
ᏤⵁŁ₮ƦⵁИł€  

Someone nearby has a network-connected fridge.

Seongji is a Korean electronic components manufacturer, so I assume the refrigerator is a Samsung.

The string after [fridge] isn't a model number. Maybe the serial?

I'm going to go out on a limb and assume this person doesn't have the fridge on an isolated VLAN.

1+
ᏤⵁŁ₮ƦⵁИł€  

Google has agreed to a $391.5 million settlement with 40 states in connection with an investigation into how the company tracked users' locations, state attorneys general announced Monday, calling it the largest multistate privacy settlement in U.S history.

apnews.com/article/google-priv

0
ᏤⵁŁ₮ƦⵁИł€  

🚨

TransUnion LLC Confirms Recent Data Breach with State Attorney General’s Office | Console and Associates, P.C. - JDSupra
jdsupra.com/legalnews/transuni

1+
ᏤⵁŁ₮ƦⵁИł€  

👋Welcome, new CoSoNauts!

Time to crack those eggs. Upload a profile pic, and say hello. Check out the user guide:
counter.social/userguide.pdf

Some tags to follow:
Infosec discussion: .

Music lovers and musicians: check out , , , and .

If you love good drinks, follow and .

Animal lovers: , , .

We're glad you made it here. Enjoy the realness!

0
ᏤⵁŁ₮ƦⵁИł€  

Guess what? Twitter's Blue vs. Verified checkmarks are done in a lame way that can be manipulated on the user side using JS. So if you have Blue, you can easily make yourself Verified!

Surely NO ONE is going to take advantage of this.

Thread:
twitter.com/shadowbIood/status

Script
gist.github.com/busybox11/53c7


nosanitize

1+
ᏤⵁŁ₮ƦⵁИł€  

PSA for anyone who still has a Twitter account:

If you do not have 2FA enabled for your account, you should enable it ASAP. (You should use 2FA on all your accounts anyway.)

Settings > Security and Account Access > Security > Two Factor Authentication

Also, de-authorize any third-party apps you have previously granted access.

Settings > Security and Account Access > Apps and Sessions > Connected Apps

1+
ᏤⵁŁ₮ƦⵁИł€  

For those participating in - Do this to remove all of your content there instead of deactivating your account.

counter.social/@voltronic/1092

Be aware that you cannot ever truly delete your data there, but you can remove it from public view.

1+
ᏤⵁŁ₮ƦⵁИł€  

📢 Welcome, new CoSoNauts! 👋

Time to crack those eggs. Upload a profile pic, and say hello. Check out the user guide:
counter.social/userguide.pdf

Some tags to follow:
Infosec discussion: .

Music lovers and musicians: check out , , , and .

If you love good drinks, follow and .

Animal lovers: , , .

We're glad you made it here. Enjoy the realness!

0
ᏤⵁŁ₮ƦⵁИł€  

Since we've had a bunch of new infosec people join recently, I would like to revive our fun posts.

Share cringe-worthy infosec incidents from your personal experience using the above tag. No need to reply to this thread; just tag them. Bonus points if you were responsible for said fail.

Hit the tag for past examples.

1+
ᏤⵁŁ₮ƦⵁИł€  

Hundreds of U.S. news sites hit in SocGholish supply-chain attack

Threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.

bleepingcomputer.com/news/secu

1
ᏤⵁŁ₮ƦⵁИł€  

👋Welcome, new CoSoNauts!

Time to crack those eggs. Upload a profile pic, and say hello. Check out the user guide:
counter.social/userguide.pdf

Some tags to follow:
Infosec discussion: .

Music lovers and musicians: check out , , , and .

If you love good drinks, follow and .

Animal lovers: , , .

We're glad you made it here. Enjoy the realness!

1
Show more

ᏤⵁŁ₮ƦⵁИł€
@[email protected]

cosomusic

720

cososec

622

cosoclassical

347

musictheory

138

cosoteachers

59

caffeineclub

42

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…