Un cybercriminel membre du célèbre gang de hackers Lockbit se cachait en Israël
https://www.numerama.com/cyberguerre/1869958-un-cybercriminel-membre-du-celebre-gang-de-hackers-lockbit-se-cachait-en-israel.html

#Infosec #Security #Cybersecurity #CeptBiro #Cybercriminel #Lockbit #Israel

Researchers find Security Flaws in Skoda Cars that may let Threat Actors remotely track them.

IT-Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the car’s location in real time.

https://pcautomotive.com/vulnerabilities-in-skoda-and-volkswagen-vehicles

#skoda #mib3 #vulnerabilities #car #it #security #privacy #engineering #media #tech #news

Oasis Security’s research team uncovered a critical vulnerability in Microsoft’s Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

The bypass was simple: it took around an hour to execute, required no user interaction, and did not generate any notification or provide the account holder with any indication of trouble.

The news surfaced now in the last week, so Microsoft has addressed the issue already. For me, though, the real news is that a global enterprise level IT company should not have had such basic guardrails missing. It appears really that Microsoft had knowingly relaxed some measures around its 2FA to allow for convenience. But surely a lack of attack rate limiting is just unforgivable. One of the basics I always employ on my servers and blog, is attack rate limiting with lengthy blocks in place. If anyone has to guess a password or 2FA more than 3 times, there is something wrong.

Microsoft has had so many security fumbles over time that it is quite amazing that their monopoly in the workplace goes unchallenged. It seems Microsoft has very little care about their customers, as long as the money is rolling in, and if that eases, they just change the licensing parameters a bit. The recent Microsoft Recall feature was just another example of completely not appreciating their customers’ privacy, and that was also only addressed after a major outcry.

Microsoft probably has too much inertia, but actually there are some pretty good alternatives around if one takes a little trouble to rise out of the deep rut. The combination of pretty admin tools, AI, and cloud services has unfortunately made many admins way too lazy today. I think the quality of our admins on the edge, is a lot weaker than it used to be two decades back. All this usually means an even greater reliance on Microsoft where it is used in a corporate environment.

Security is about keeping it simple, and having a reasonable depth of knowledge about what is being managed.

See https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
#Blog, #2fa, #security, #technology

https://www.europesays.com/1701982/ Iran Update, December 19, 2024 #Afghanistan #Conflicts #Institute #InstituteForTheStudyOfWar #Iran #IranProject #Iraq #ISW #Libya #MiddleEast #ORBAT #report #security #Study #Syria #war

EU urges release of official detained in Belarus – POLITICO https://www.byteseu.com/576229/ #AlexanderLukashenko #Belarus #Elections #HumanRights #Intelligence #IntelligenceServices #KajaKallas #Media #MEPs #PetrasAuštrevičius #Policy #Security #services

Iran Update, December 19, 2024 https://www.byteseu.com/576183/ #Afghanistan #Conflicts #Institute #InstituteForTheStudyOfWar #Iran #IranProject #Iraq #ISW #Libya #MiddleEast #ORBAT #report #Security #Study #Syria #War

Given the experience in recently #Egypt, #Libya and #Tunisia, elections in #Syria should not be held until #security is permanently guaranteed for all citizens. Otherwise elections will be the first step to the end of #democracy and the re-establishment of an #autocracy. @geopolitics

What opportunities does Israel have in Syria after Assad’s fall? https://www.byteseu.com/?p=573926 #BasharAssad #DonaldTrump #Israel #IsraelSyria #MiddleEast #Security #Syria

https://www.europesays.com/?p=1699321 What opportunities does Israel have in Syria after Assad’s fall? #BasharAssad #DonaldTrump #Israel #IsraelSyria #MiddleEast #security #Syria

https://www.europesays.com/1698796/ EU urges release of official detained in Belarus – POLITICO #AlexanderLukashenko #belarus #elections #HumanRights #intelligence #IntelligenceServices #KajaKallas #media #MEPS #PetrasAuštrevičius #policy #security #Services

EU urges release of official detained in Belarus https://www.politico.eu/article/eu-release-official-detained-belarus-political-prisonner/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication #Intelligenceservices #Intelligence #Humanrights #Elections #Security #Services #Politics #Policy #Media #MEPs

Was sind SBOMs?

Ein neuer Beitrag auf meinem Blog. Grundlagen zum Thema SBOMs.

https://blog.security-manufaktur.de/sbom/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html

#bom #sbom #sboms #software #softwaredevelopment #softwarebillofmaterials #SoftwareBillsofMaterialSBOMs #dev #devops #development #developer #blog #cybersecurity #security #cyclonedx #spdx #vex

New stealthy Pumakit Linux Rootkit Malware spotted in the Wild.

IT-security researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files & directories, and conceal itself from system tools, while simultaneously evading detection.

https://www.elastic.co/security-labs/declawing-pumakit

#linux #pumakit #malware #it #security #privacy #engineer #media #tech #news

Germany cuts Threat Actors Access to over 30,000 Android Devices pre-loaded with BadBox Malware.

The Federal Office for Information Security (BSI) announced that it had blocked communication between the infected Android IoT devices and the criminal’s command-and-control (C2) servers, to preventing further damage.

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/241212_Badbox_Sinkholing.html

#android #badbox #bsi #it #security #privacy #engineer #media #tech #news

Billions urgently needed to address world’s hunger hot spots, World Food Programme boss says https://www.politico.com/news/2024/12/15/billions-urgently-needed-to-address-worlds-hunger-hot-spots-cindy-mccain-says-00194457?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication #Israel-Hamaswar #Foodsecurity #Security #Politics #Crisis #Rights #Feed #War

Iran Update, December 13, 2024 https://www.byteseu.com/558473/ #Afghanistan #Conflicts #Institute #InstituteForTheStudyOfWar #Iran #IranProject #Iraq #ISW #Libya #MiddleEast #ORBAT #report #Security #Study #Syria #War

Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel
https://www.securityweek.com/iranian-hackers-use-iocontrol-malware-to-target-ot-iot-devices-in-us-israel/

#Infosec #Security #Cybersecurity #CeptBiro #IranianHackers #IOCONTROL #Malware #OT #IoTDevices #US #Israel

Microsoft holds last Patch of the Year with 72 Gifts for Admins.

Microsoft resolved 72 vulnerabilities in a variety of its products, including a zero-day [CVE-2024-49138 (CVSS score: 7.8)] that’s been exploited by attackers in the wild to execute code with higher privileges, and 16 critical vulnerabilities (all of which are remote code execution flaws).

https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

#microsoft #windows #update #it #security #privacy #engineer #media #tech #news

https://www.europesays.com/1681154/ Europe’s Syrians shaken by debate over repatriation to their war-ravaged homeland – POLITICO #asylum #austria #BasharAlAssad #belgium #borders #DemocraticParty #Doctors #elections #europe #germany #greece #healthcare #HumanRights #italy #JensSpahn #jordan #labor #markets #MarkusSöder #migration #NancyFaeser #OlafScholz #Refugees #security #Services #Syria #TheNetherlands #UnitedKingdom #war #WarInSyria

What Hamas wrought https://www.politico.eu/article/hamas-palestine-middle-east-syria-oct7-aqsa-idf-israel-war-lebanon/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication #Israeli-Palestinianconflict #Israel-Hezbollahwar #Israel-Hamaswar #MiddleEast #Conflict #Security #Kremlin #Weapons #Opinion #War

Yes, politicians and Big Corporates do twist narratives to suite their own agendas. EFF is aiming to try to give more objective and honest answers to technology questions, especially those which affect users’ privacy and security.

EFF is the leading nonprofit defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology Development. Its mission is to ensure that technology supports freedom, justice and innovation for all people of the world.

An interesting twist is that you can submit your own questions and answers too (without providing your name, e-mail address, or a completed reCaptcha).

See https://www.eff.org/press/releases/eff-launches-digital-rights-bytes-answer-tech-questions-bug-us-all
#Blog, #EFF, #privacy, #security, #technology

https://www.europesays.com/1678422/ Israel destroys targets across Syria as Russian vessels desert Tartus naval base – POLITICO #BasharAlAssad #borders #Chemicals #défense #infrastructure #Israel #Kremlin #MediterraneanSea #military #NavalVessels #News #ports #Russia #satellites #security #SergeyLavrov #Syria #Weapons #world #WorldNews #WorldTopics

Russia could test NATO loyalty to ‘mutual defense’ clause – POLITICO https://www.byteseu.com/546432/ #AirDefense #Armaments #Baltics #Conflict #Defense #DonaldTrump #Elections #Europe #EuropeanDefense #EuropeanDefensePolicy #ForeignPolicy #GermanPolitics #Germany #Intelligence #IntelligenceServices #Kremlin #Media #Military #NATO #OlafScholz #Russia #Security #Ukraine #UnitedStates #VladimirPutin #War #WarInUkraine

https://www.europesays.com/1675948/ The unlikelihood of an Asian NATO – POLITICO #AidAndDevelopment #Asia #AsiaEconomy #australia #China #cooperation #défense #DonaldTrump #EconomicSecurityStrategy #EUChinaRelations #EU27 #Europa #europe #India #Indonesia #intelligence #japan #JoeBiden #Malaysia #MarkRutte #military #nato #OTAN #Philippines #Russia #security #SouthKorea #Taiwan #trade #UnitedStates #Vietnam #WarInUkraine

« Order is the sanity of the mind, the health of the body, the peace of the city, the security of the State. »

― Robert Southey

🔗 · https://poligraf.tumblr.com/post/744610514438668288/order-is-the-sanity-of-the-mind-the-health-of-the

#quotes #RobertSouthey #order #mind #sanity #peace #security

Top Tony Blair aide becomes UK Palestine envoy https://www.politico.eu/article/tony-blair-uk-palestine-envoy-west-bank-downing-street-keir-starmer-middle-east/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication #Israel-Hamaswar #Investment #MiddleEast #Security #Services #Politics #Trade

A new Phone Scanner that detects Spyware has already found 7 Pegasus Infections.

[Journalists, human rights defenders, lawmakers and political officials are frequent targets of state surveillance.]

The mobile device security firm iVerify has been offering a tool that makes spyware scanning accessible to anyone.

http://iverify.io/blog/iverify-mobile-threat-investigation-uncovers-new-pegasus-samples

#android #iphone #spyware #scanner #pegasus #it #security #privacy #engineer #media #tech #news

My son brought this #music home from school. I saw it on the table and thought “I guess they’re working on the National Security Agency (#NSA) theme song?”
#security #classified #topsecret

Israel strengthens security on Syrian border after fall of Assad https://www.liberoreporter.it/2024/12/eng-news/israel-strengthens-security-on-syrian-border-after-fall-of-assad.html?utm_source=dlvr.it&utm_medium=mastodon #Israel #Syria #GolanHeights #Security #Netanyahu

https://www.europesays.com/1671799/ EU welcomes collapse of Syrian regime as Assad flees – POLITICO #america #AngelaRayner #ArabSpring #BasharAlAssad #Chemicals #Cities #défense #Development #EuropeanDefense #infrastructure #Iran #Israel #KajaKallas #policy #ports #Russia #security #stability #Syria #UnitedStates #UnitedStatesOfAmerica #US #USNews #USA #USANews #war #Weapons

#Kuwait was the world’s safest nation in 2023. #Gallup’s 2024 Global Safety Report suggests that democratic regime isn’t necessarily a guarantee of better law and order. High state control and community-based approaches are key solutions. #news #war #research #security #russia #israel #ukraine @gallup
https://www.news-cafe.eu/?go=news&n=13418

https://www.europesays.com/1664961/ Romania’s pro-Europeans fear Putin is pushing them back to dictatorship – POLITICO #AntonyBlinken #belarus #CalinGeorgescu #elections #ElectionsInEurope #ElenaLasconi #EuRussiaRelations #intelligence #IntelligenceServices #malta #media #nato #romania #RomanianElections2024 #RomanianPolitics #Russia #RussianPolitics #safety #security #Services #SocialMedia #stiri #Ukraine #UnitedStates #war #WarInUkraine

https://www.europesays.com/1663352/ The Israel-Hezbollah Ceasefire Doesn’t Mean An End To Conflict In The Region #Conflicts #Hamas #Hezbollah #Iran #Israel #IsraelDefenseForces(IDF) #security #SyrianCivilWar

FTC scolds two data brokers for allegedly selling your location to the metre

They bought logs of people's whereabouts from app developers and other companies that carried out software-based tracking of location, and then resold it.

And thisis one reason why you should not grants your apps blanket access to all of your data on your phone and if you do provided limited access, be aware of where you are using them and when.

https://www.theregister.com/2024/12/04/ftc_data_brokers/

#Privacy #Security #DataForSale #Apps #Mobile

Allegedly, the functionality was needed to counter the attacks of a competing entity.

The exact way the DDoS functionality was leveraged on the devices was not specified, but these attacks are always illegal when targeting external systems.

Moreover, users of the satellite receivers were involuntarily taking part in attacks and might have experienced reduced device performance during these occurrences.

There has been more and more of a shift towards satellite communications for civilian Internet and mobile phone use, so this is probably just a wake-up call for all of us to realise that those satellites sitting up there in plain view, are not just going to be “allowed” to be used without any interference or weaponizations.

It will be both military (and I include all nations here) who will try to intercept or even block messages, as well as the usual hacking and ransomware suspects who will try to exploit them. The military of all nations will be pushing to have their encryption back doors included, and will want to be able to disable civilian satellite services “in times of need”.

All I’m saying is, we cannot assume these satellites will all just be there functioning in our interests 100% of the time. Of all the communications mediums ever invented, satellites are the most exposed and vulnerable of all. In other words, be sure not to rely solely on satellite communications in the future. Consider them a useful supplementary tool for communications, but do not neglect your more traditional means of communications.

See https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers
#Blog, #satellites, #security, #technology, #vulnerability

Security measures will not be compromised during Winter Session: Assembly Speaker.

https://aliyesha.com/sub/articles/news/display/hp_security_measures_stiff_winter_session

#himachal #dharamshala #india #news #press #government #governance #winter #WinterSession #AssemblySession #security #surveillance

Enjoy tracker free reading with us. #privacy #privacymatters

Security measures will not be compromised during Winter Session: Assembly Speaker.

https://aliyesha.com/sub/articles/news/display/hp_security_measures_stiff_winter_session

#himachal #dharamshala #india #news #press #government #governance #winter #WinterSession #AssemblySession #security #surveillance

Enjoy tracker free reading with us. #privacy #privacymatters