Content warning: death threats, violence, update on fedi spam Click to open/close

Anyway, a throwback for anyone wanting a little more.

These guys have been sending bomb threats to the Japanese government impersonating as KuronekoServer developers before the attack went big. #spam#infrastructure#fediblockmeta#cybersec#cybersecurity#infosec#spam#infrastructure#fediblockmeta#cybersec#cybersecurity#infosec

NEW: WhatsApp will soon make it possible to chat with people who use other messaging apps. It's revealed some more details on how that will work.

— Apps will need to sign an agreement with Meta, then connect to its servers.
— Meta wants people to use the Signal Protocol, but also says other encryption protocols can be used if they can meet WhatsApp's standards
— WhatsApp has been testing with Matrix in recent months, although nothing is agreed yet. Swiss app Threema says it won't become interoperable

https://www.wired.com/story/whatsapp-interoperability-messaging/ #tech #whatsapp #dma #infosec #news #technology

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work.

^{Matt Burgess (WIRED)}

Fuck it. #YOLO

#Bluesky continues to be entirely non-responsive to the numerous security vulnerabilities I've reported to them, so I spent the evening writing up a nice README and a framework with exploit modules, and just made it all public.

Have fun.

https://github.com/qwell/bsky-exploits

#infosec #security

🚨 cuidado con las urls de sitios apócrifos

Este caso de suplantación de sitio del #sat 👇

#infosec #cibersecurity #ciberseguridad

🇲🇽 Cuidado, sitio activo suplantando la identidad de #SATMX

El sitio distribuye malware para realizar ataques Man-in-the-Browser, es decir, intercepta y manipula la info/actividades del usuario en el navegador infectado
Archivo descargado: SAT_Complemento_Seguridad.zip

vía hiramcoop en ✖️ antes 🐦

If companies like #Microsoft keep sending out emails with big login buttons in them, how do they expect people to learn not to click buttons and links in #phishing emails. Corporate marketing people need to be fired for sending emails like this. Period. No second chances. Send a link in an email, lose your job. Immediately.

#infosec #marketing

🪤 From @BleepingComputer:

「 The German researchers analyzed 337,171 images from Docker Hub and thousands of private registries and found that roughly 8.5% contain sensitive data such as private keys and API secrets.

The paper further shows that many of the exposed keys are actively used, undermining the security of elements that depend on them, like hundreds of certificates 」

#Docker #Infosec #Devops
https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/

Thousands of images on Docker Hub leak auth secrets, private keys

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.

^{Bill Toulas (BleepingComputer)}

/r/netsec is down too:

https://reddit/r/netsec

#reddit #redditBlackout #infosec

Fun stuff within some of the infosec subreddits:

https://www.reddit.com/r/ModCoord/comments/148ks6u/comment/jo0v7sf/

#reddit #redditBlackout #infosec

#Intel Deploys Undisclosed #Microcode Security Update For CPUs Going Back To Coffee Lake (2017 launched CPUs)

Intel released CPU microcode updates for processors all the way back to Coffee Lake on Friday afternoon. Unfortunately, the changelog doesn't delve into details other than that the new microcode fixes an undisclosed security issue.

#InfoSec
https://www.tomshardware.com/news/intel-microcode-security-update

Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake

The security issue affects a wide range of CPUs spanning from mobile to server lineups.

^{Zhiye Liu (Tom's Hardware)}

Today on #Wikipedia

https://en.wikipedia.org/wiki/User_talk:%27;_DROP_TABLE_users;_DROP_DATABASE_PROD;_--

I guess that username qualifies as 'otherwise disruptive'

#sql #infosec

So Google is now preventing people from removing location data from photos taken with Pixel phones.

Remember when Google's corporate motto was "don't be evil?"

Obviously, accurate location data on photos is more useful to a data mining operation like Google.

From Google: "Important: You can only update or remove estimated locations. If the location of a photo or video was automatically added by your camera, you can't edit or remove the location."

It's enshitification in action.

Source: https://support.google.com/photos/answer/6153599?hl=en&sjid=8103501961576262529-AP

#technology #tech @technology #business #enshitification #Android #Google @pluralistic #infosec