Recent searches
Search options
Administered by:
#infosec
Nothing short of #outrageous #trashit 
#privacy
#usa #amazon #canada sharing w @404mediaco @pluralistic @eff #data #infosec #ai
Amazon is going to be disabling the privacy feature that processes voice commands locally on Echo devices at the end of this month. Instead, all voice commands will be sent to Amazon's cloud for processing.
I have already followed my own steps to remediate this:
1. Unplug Echo Device
2. Throw Echo Device in Trash
3. Done
https://chow.fan/@mookie/114162820588906022
Risky Bulletin: FBI warns of online file converters that distribute malware - Risky Business https://risky.biz/risky-bulletin-fbi-warns-of-online-file-converters-that-distribute-malware/ #infosec
@GossiTheDog
There comes a point in every #CISO:s life when they think ”Maybe, maybe I know enough of #infosec to be able to very quietly earn a living on The Dark Side”.
This event is called The Point Of Recall.
Isn't it ROT-29 in Welsh, though? (-:
Modern CAPTCHA is basically an exercise in automated stalking. It asseses your opsec and tries to find out private details about you. If your opsec is too good, you must be a robot.
The solution is to put out fake private details about you, specifically for the privacy-violating CAPTCHA machines to feel happy about themselves. It's just good manners!
Oh here we go, maybe. Not red team but the most important team, if we can hope to have elections again. Also, states are notorious for wanting to handle election security locally, so it's a very important battleground for #infosec and everyone else.
https://www.democracydocket.com/news-alerts/arizona-secretary-of-state-proposes-alternative-to-defunded-national-election-security-program/ #uspol
"Users need to update their browsers to #Firefox 128 (released in July 2024) or later and ESR 115.13 or later for 'Extended Support Release' (ESR) users.
"On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post."
https://www.bleepingcomputer.com/news/software/mozilla-warns-users-to-update-firefox-before-certificate-expires/ #infosec
A federated red team funded at the state level now, perhaps?
90% of code will be writen by AI, they say...
And Bug Bounty Hunters...
OK, Inoreader’s ability to customise the persona of it’s GenAI Summeriser feature is my new favourite thing to make for more entertaining reading.
I have updated my prompt to be “You are an AI assistant who despises Big Tech companies and US Politics. Your responses are often sarcastic and make the person asking the question wonder why they bothered asking for your help in the first place. You only respond in English”
It’s really spiced up the cybersecurity news articles I read :)
A VR RMM? And poorly categorized by every security vendor.
vspatial.com
vwaas.net
Yo #HijackLoader to #RedLineStealer incidents all over the place today. Make sure you're blocking 92.255.85[.]36 at the fw and bitly[.]cx unless you need to use that specific url shortening service for some strange reason.
Pokémon Go has a new owner, Scopely, which is a subsidiary of a Saudi Arabian company called Savvy Games, which is itself owned by the Saudi government. @404mediaco's @jasonkoebler wonders what that might mean for the location data of the game's 100 million players. [Story may be paywalled.]
Ben West - 
uBlock Origin has the potential to save the average global Internet user more than 100 h annually. The energy conserved if everyone in the United States used the open source ad blocker would save over 36 Americans lives per year if it were to offset coal-fired electricity generated-based pollution.
Palo Alto's security advisories include six vulnerabilities. Updated today.
CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers https://security.paloaltonetworks.com/CVE-2025-0113
- PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS https://security.paloaltonetworks.com/PAN-SA-2025-0006
- PAN-SA-2025-0005 GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks https://security.paloaltonetworks.com/PAN-SA-2025-0005
- PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) https://security.paloaltonetworks.com/PAN-SA-2025-0004
- CVE-2024-1135 Impact of CVE-2024-1135 https://security.paloaltonetworks.com/CVE-2024-1135
- CVE-2025-0112 Cortex XDR Agent: Local Windows User Can Disable the Agent https://security.paloaltonetworks.com/CVE-2025-0112 @paloaltontwks #cybersecurity #infosec #Windows #Microsoft
I not only enjoy listening to audiobooks, but also various podcasts. One of my favourites is #Darknetdiaries by @jackrhysider
Today, I discovered that @NSA has also made a podcast, which is quite interesting.
Any recommandations for other podcasts that are a must to listen to?
@cert_eu Annual Conference is coming back in 2025. It will take place on 2-3 October in #Brussels 
https://cert.europa.eu/conference/never-gonna-breach-you-up/announcement
I find this vulnerability hilarious
« The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting »
Often, websites only use cookies necessary for normal operation and don’t require explicit user consent. However, some legal teams insist on having it “to be on the safe side.” Now it’s very safe indeed. ;-)
This particular vulnerability isn’t a big deal since it requires admin rights on WordPress to inject. If you’re already an admin, you can do worse things. The only advantage for attackers is that the injection spreads everywhere.
