🚨 AMAZON DEVICE OWNERS 🚨

You have 10 days to opt out!

Amazon devices will soon automatically share your Internet with neighbors | Ars Technica
https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/

#cososec

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/

#cososec

Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
https://github.com/pluja/awesome-privacy

#cososec

Cryptography quiz questions and answers: Test your smarts - Quiz from WhatIs.com
https://searchsecurity.techtarget.com/definition/Quiz-Cryptography

#cososec

This looks VERY cool:

WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
https://github.com/IAmStoxe/wirehole

#cososec

Samsung needs to calm the F down with their smart TV telemetry.
#cososec

Servers of Colonial Pipeline hacker Darkside forced down: security firm
https://news.yahoo.com/servers-colonial-pipeline-hacker-darkside-135655617.html

#cososec

Cross-browser tracking vulnerablity in Tor, Safari, Chrome and Firefox - FingerprintJS

In our research into anti-fraud techniques, we have discovered a vulnerability that allows websites to identify users reliably across different desktop browsers and link their identities together. The desktop versions of Tor Browser, Safari, Chrome, and Firefox are all affected.

https://fingerprintjs.com/blog/external-protocol-flooding/

#cososec

Swiiiiiiiiiing and a miss!!!
#cososec

Finally, I can tag #musictheory and #cososec in the same post.

Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it | Ars Technica
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it/

#cososec

Welp, our IT dept is requiring us to change our passwords again next week. Why are we still using such outdated practices?

#cososec

How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks : NPR
https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack

#cososec

^ #cososec

This is an extensive site dedicated to understanding the many risks to your personal security and privacy.

Defensive Computing Checklist

This is a list of both things to be aware of and specific defensive steps that we can take in response to the common threats of 2019. No list like this can ever be complete, nor would anyone want it to be complete as that list would never end. I tried to limit this to the most important issues, still its long (25,000 words).

https://defensivecomputingchecklist.com/

#cososec

Here are more details on the Apple Mail zero-click vulnerability:

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping | Threatpost
https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/

#cososec

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack | Threatpost

Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities.

https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/

#cososec

Hacked companies had backup plans. But they didn't print them out before the attack. | ZDNet

New NCSC chief says businesses need to take cybersecurity more seriously.

https://www.zdnet.com/article/hacked-companies-had-backup-plans-but-didnt-print-them-out-why-cybersecurity-still-isnt-being-taken-seriously/

#cososec

Interview With a Hacker: Rachel Tobac Tells You How to Defend Yourself From...Well, Her! - Dashlane Blog
https://blog.dashlane.com/interview-hacker-rachel-tobac/

#cososec

Zero click vulnerability in Apple’s macOS Mail | by Mikko Kenttälä | Apr, 2021 | Medium
https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c

#cososec