Suche
Beiträge, die mit CYBERSECURITY getaggt sind
US Treasury says Chinese hackers stole documents in 'major incident'
> The Treasury Department said it was working with the US Cybersecurity and Infrastructure Security Agency and the #FBI to assess the hack’s impact.
https://www.euractiv.com/section/global-europe/news/us-treasury-says-chinese-hackers-stole-documents-in-major-incident/ #security #China #hacking #cybersecurity #US![The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents. [Shutterstock/Gorodenkoff]](https://friendica-leipzig.de/photo/preview/600/425674 "The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents. [Shutterstock/Gorodenkoff]")
> The Treasury Department said it was working with the US Cybersecurity and Infrastructure Security Agency and the #FBI to assess the hack’s impact.
https://www.euractiv.com/section/global-europe/news/us-treasury-says-chinese-hackers-stole-documents-in-major-incident/ #security #China #hacking #cybersecurity #US
![The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents. [Shutterstock/Gorodenkoff]](https://media.mastodon.cloud/media_attachments/files/113/817/455/926/226/831/original/97246c8ce2fcffc9.jpeg "The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents. [Shutterstock/Gorodenkoff]")
#Cybersecurity & #Privacy For Beginners: #AdBlocking
https://blog.thenewoil.org/cybersecurity-and-privacy-for-beginners-ad-blocking
#blog
https://blog.thenewoil.org/cybersecurity-and-privacy-for-beginners-ad-blocking
#blog
Cybersecurity & Privacy For Beginners: Ad Blocking
Many of us know we can do better on the internet. We know that we’re not using good security practices, and many of us know we’re being t...The New Oil
This morning LA fire officials indicate that they have become aware of false evacuation orders circulating that appear to come from the official emergency management text warning system. This maybe a cyber security incident but it's not know yet exactly how these texts were sent.
#LAFires #cybersecurity #LAFD
#LAFires #cybersecurity #LAFD
Un investigador de seguridad logró acceder a datos confidenciales del proveedor de software para guarderías #KigaRoo. Una vez notificado, el proveedor actuó de manera ejemplar y cerró la brecha de inmediato. El caso muestra que el “hacking ético” puede mejorar la seguridad informática y por qué hace falta una reforma del derecho penal informático. - https://netzpolitik.org/2025/ueber-zwei-millionen-kita-daten-im-netz/ #ciberdelincuencia #ciberseguridad #cybersecurity
Sicherheitsleck bei KigaRoo: Über zwei Millionen Kita-Daten im Netz
Einem Sicherheitsforscher ist es gelungen, auf sensible Daten des Kita-Software-Anbieters KigaRoo zuzugreifen. Einmal benachrichtigt, handelte der Anbieter vorbildlich und schloss die Lücke umgehend.netzpolitik.org
As the year wrapped up, I spent some time reflecting on my transition from a CyberSecurity engineer to Principal engineer which inspired me to write a blog about the steep learning curve of writing quality coding and—how I used #rust to reinforce my skills. Check it out and let me know what you think!
https://tilde.club/~chimbo/blog/posts/rust-learnings-and-journey.html
#RustLang, #Rust, #SoftwareEngineering, #CodingJourney, #CareerChange, #CyberSecurity, #OpenSource, #TechBlog, #blog
https://tilde.club/~chimbo/blog/posts/rust-learnings-and-journey.html
#RustLang, #Rust, #SoftwareEngineering, #CodingJourney, #CareerChange, #CyberSecurity, #OpenSource, #TechBlog, #blog
"Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"
https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"
https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Gravy Analytics has been one of the most important companies in the location data industry for years, collating smartphone location data from around the world selling some to the U.S. government. Hackers say they stole a mountain of data.Joseph Cox (404 Media)
"Some #Motorola automated #licenseplatereaders... are live-streaming video and car data to the unsecured internet where anyone can watch and scrape them... In a proof-of-concept, a privacy advocate then developed a tool that automatically scans... footage for license plates, and dumps that information into a spreadsheet, allowing someone to track... movements... in real time."
Researcher Turns Insecure License Plate Cams Into Open Source #Surveillance Tool
https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool/ #CyberSecurity
Researcher Turns Insecure License Plate Cams Into Open Source #Surveillance Tool
https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool/ #CyberSecurity
Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool
Privacy advocate draws attention to the fact that hundreds of police surveillance cameras are streaming directly to the open internet.Jason Koebler (404 Media)
"A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests.
What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."
https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how
#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB
What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."
https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how
#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB
Since I more or less follow the news in #privacy and #cybersecurity a lot and already curate specific news items here, I figured I would round them up and post them on the website weekly. I’ll still post some items here, especially the ones that generate more buzz throughout the community.
One of my goals for 2025 is to publish more regularly on the site, but the catch is I don’t always have things I want to blog about week after week. So, enter the Privacy Roundup.
Note: people who subscribe to the RSS feed and/or the newsletter get it hot off the press usually. 😇
#privacymatters #security #blog
https://avoidthehack.com/privacy-week1-2025
Newsletter, hosted by @buttondown, can be found at: https://buttondown.email/avoidthehack
The RSS feed is at: https://avoidthehack.com/home.rss
One of my goals for 2025 is to publish more regularly on the site, but the catch is I don’t always have things I want to blog about week after week. So, enter the Privacy Roundup.
Note: people who subscribe to the RSS feed and/or the newsletter get it hot off the press usually. 😇
#privacymatters #security #blog
https://avoidthehack.com/privacy-week1-2025
Newsletter, hosted by @buttondown, can be found at: https://buttondown.email/avoidthehack
The RSS feed is at: https://avoidthehack.com/home.rss
Privacy Roundup: Week 1 of Year 2025
Week 1 of 2025 of the Privacy Roundup. This edition includes news items covering: identity documents leaked to the public internet, Apple settling a privacy-related lawsuit concerning Siri, US Treasury hacked by China-connected APTs, and moreAvoid the Hack (avoidthehack!)
Marketing for cybersecurity tech is often fear-based. Here’s how that backfires
https://www.fastcompany.com/91254772/marketing-cybersecurity-tech-often-fear-based-heres-how-backfires
#CYBERSECURITY #MARKETING #KEWLNEWS #PRESS
https://www.fastcompany.com/91254772/marketing-cybersecurity-tech-often-fear-based-heres-how-backfires
#CYBERSECURITY #MARKETING #KEWLNEWS #PRESS
"In tumultuous times, we believe in being prepared, not scared. Sound digital security practice often involves forming and relying on good habits. Building these reflexes now will help keep you better protected. This is why we’ve distilled advice our trainers have shared with thousands of journalists over the years into the actionable, concrete steps below.
Before you dive in, know that there are many ways to shore up your safety and privacy. It’s OK to take them on slowly but surely, one at a time. If you run into any challenges, remember: the Digital Security Training team at Freedom of the Press Foundation (FPF) is here to help. Reach out here."
https://freedom.press/digisec/blog/journalists-digital-security-checklist/
#USA #PressFreedom #Journalism #CyberSecurity #Privacy #DataProtection
Before you dive in, know that there are many ways to shore up your safety and privacy. It’s OK to take them on slowly but surely, one at a time. If you run into any challenges, remember: the Digital Security Training team at Freedom of the Press Foundation (FPF) is here to help. Reach out here."
https://freedom.press/digisec/blog/journalists-digital-security-checklist/
#USA #PressFreedom #Journalism #CyberSecurity #Privacy #DataProtection
The 2025 journalist’s digital security checklist
Our digital security training team's checklist to help journalists secure their digital life.Freedom of the Press
Hi there! Another article for Dark Reading, this one focused on how to help avoid burnout. There was so much to cover and so much interesting work being done that I could only scratch the surface. My biggest takeaway is that work-related burnout is in WHO's book of disorders. That's real legitimacy, and I expect more scholarly work to come. Thanks endlessly to @neurovagrant and @Edent for providing their experiences and strategies. #DarkReading #cybersecurity #journalism #burnout #JobRelatedBurnout #selfPromotion
https://www.darkreading.com/vulnerabilities-threats/defining-defying-cybersecurity-staff-burnout
https://www.darkreading.com/vulnerabilities-threats/defining-defying-cybersecurity-staff-burnout
Defining & Defying Cybersecurity Staff Burnout
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.Karen Spiegelman, Features Editor (Dark Reading)
Myanmar enacts cybersecurity law that aims to restrict use of VPNs
https://rfa.org/english/myanmar/2025/01/02/cybersecurity-law-vpn/
#CYBERSECURITY #LAW #MYANMAR #KEWLNEWS #PRESS
https://rfa.org/english/myanmar/2025/01/02/cybersecurity-law-vpn/
#CYBERSECURITY #LAW #MYANMAR #KEWLNEWS #PRESS
Myanmar enacts cybersecurity law that aims to restrict use of VPNs
The law also states that Myanmar citizens abroad are liable to punishment.Radio Free Asia
"In the years to come, the federal government and many state governments might engage in surveillance and data gathering as they round up immigrants, punish people for seeking, providing, or assisting abortions, and attack gender-affirming health care. The government might use personal data in its effort to retaliate against those who stand in its way. Such efforts might be assisted by mobs of vigilantes who will use personal data to dox, threaten, embarrass, and harm anyone they don’t like — much like the way many people eagerly assisted totalitarian regimes in finding “undesirables” and rooting out and punishing dissenters.
Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws."
https://teachprivacy.com/privacy-in-authoritarian-times/
#Privacy #CyberSecurity #Surveillance #Authoritarianism #DataProtection
Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws."
https://teachprivacy.com/privacy-in-authoritarian-times/
#Privacy #CyberSecurity #Surveillance #Authoritarianism #DataProtection
Privacy in Authoritarian Times - TeachPrivacy
I just published an op-ed in the Boston Globe entitled "States can fight authoritarianism by shoring up privacy laws." Boston Globe (Dec. 23, 2024). It'sDaniel Solove (TeachPrivacy)
"Chinese state-sponsored hackers breached the U.S. Treasury Department's computer security guardrails this month and stole documents in what Treasury called a "major incident," according to a letter to lawmakers, opens new tab that Treasury officials provided to Reuters on Monday.
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."
"Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor," the letter said."
https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
#USA #China #StateHacking #CyberSecurity #USTreasury #BeyondTrust
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."
"Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor," the letter said."
https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
#USA #China #StateHacking #CyberSecurity #USTreasury #BeyondTrust
"In her remarks, Neuberger confirmed that nine telecommunications providers were impacted by the breaches, adding one more firm to the eight she acknowledged earlier this month. She noted that guidance was given to key U.S. telecommunications firms early on — a “hunting guide” and a “hardening guide” — that detailed Chinese hacking methods and allowed companies to “look for those techniques in their networks and call for help if they discover it.” This led to the determination that a ninth telco provider had been impacted by the same Salt Typhoon breach, alongside Lumen Technologies, AT&T, Verizon and others.
It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.
Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"
https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082
#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking
It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.
Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"
https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082
#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking
"Quien sí piensa que Pegasus se debe prohibir es Claudiu Dan Gheorghe, exingeniero jefe de WhatsApp. Pero el software de espionaje comercial funciona precisamente porque trabaja sobre monocultivos: un agujero de seguridad en WhatsApp abre la puerta a 2.000 millones de usuarios. Un fallo de seguridad en Android abre 2.500 millones de teléfonos a la vez. Las empresas como Google, Apple y Meta invierten mucho presupuesto luchando contra estos ataques y comprando agujeros de seguridad en un mercado caliente y competitivo. Al final, Pegasus está en el mismo negocio que WhatsApp —espiar al usuario a través de sus propios dispositivos—, pero no existiría sin él. Los dos son la verdadera amenaza contra nuestro modelo de sociedad."
https://elpais.com/opinion/2024-12-30/la-vigilancia-que-devoro-occidente.html
#CyberSecurity #Surveillance #Spyware #NSOGroup #Pegasus #WhatsApp
https://elpais.com/opinion/2024-12-30/la-vigilancia-que-devoro-occidente.html
#CyberSecurity #Surveillance #Spyware #NSOGroup #Pegasus #WhatsApp
La vigilancia que devoró Occidente
El ‘caso Pegasus’ demuestra que los gobiernos siempre usarán la tecnología en secreto para vulnerar derechos ciudadanosMarta Peirano (Ediciones EL PAÍS S.L.)
"Hackers have compromised several different companies' Chrome browser extensions in a series of intrusions dating back to mid-December, according to one of the victims and experts who have examined the campaign.
Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday.
"Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension," the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was "part of a wider campaign to target Chrome extension developers across a wide range of companies."
Cyberhaven added: "We are actively cooperating with federal law enforcement.""
https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/
#CyberSecurity #GoogleChrome #Chrome #Cyberhaven
Among the victims was the California-based Cyberhaven, a data protection company that confirmed the breach in a statement to Reuters on Friday.
"Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension," the statement said. It cited public comments from cybersecurity experts. These comments, said Cyberhaven, suggested that the attack was "part of a wider campaign to target Chrome extension developers across a wide range of companies."
Cyberhaven added: "We are actively cooperating with federal law enforcement.""
https://www.reuters.com/technology/cybersecurity/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says-2024-12-27/
#CyberSecurity #GoogleChrome #Chrome #Cyberhaven
Beware of sympathy scams. Every conflict brings scammers tugging at heartstrings to get donations. This has been happening for years. Always research campaigns asking for money—sadly, your generosity might not be helping the actual victims. Stay vigilant. #Cybersecurity #InfoSec #Scam #Ukraine #Gaza
"Barcelona has become the cyber offensive capital of Europe, and Haaretz has learned that at least three teams of Israeli researchers focused on facilitating advanced hacking capabilities have relocated to the Catalonian capital in the past year and a half, the latest of them in recent months.
Haaretz Podcast
"There are roughly six such groups of Israelis who are the elite in the field – and half of them have moved to Spain," says an industry executive.
In the past two months, a team of Israeli vulnerability researchers - an industry term for hackers specializing in identifying weaknesses in digital defenses, known as "exploits" - arrived in Barcelona from Singapore. The team specializes in finding breaches in smartphone defenses through which spyware can be remotely installed."
https://www.haaretz.com/israel-news/security-aviation/2024-12-26/ty-article/.premium/israeli-hackers-flock-to-barcelona-as-spyware-industry-shifts/00000193-fec4-df5b-a9b3-fec5d9dc0000
#Israel #CyberSecurity #Hacking #Spyware #Spain #Barcelona
Haaretz Podcast
"There are roughly six such groups of Israelis who are the elite in the field – and half of them have moved to Spain," says an industry executive.
In the past two months, a team of Israeli vulnerability researchers - an industry term for hackers specializing in identifying weaknesses in digital defenses, known as "exploits" - arrived in Barcelona from Singapore. The team specializes in finding breaches in smartphone defenses through which spyware can be remotely installed."
https://www.haaretz.com/israel-news/security-aviation/2024-12-26/ty-article/.premium/israeli-hackers-flock-to-barcelona-as-spyware-industry-shifts/00000193-fec4-df5b-a9b3-fec5d9dc0000
#Israel #CyberSecurity #Hacking #Spyware #Spain #Barcelona
https://www.europesays.com/1708570/ In 2024, Israel Became A Global Leader In Applied AI Innovation #AI #ArtificialIntelligence #ClimateTech #Cybersecurity #HealthTech #Israel #IsraeliStartups
In 2024, Israel Became A Global Leader In Applied AI Innovation - EUROPE SAYS
Sam Altman (C), US entrepreneur, investor, programmer, and founder and CEO of artificial ... intelligence company OpenAI,EUROPE SAYS (EUROPESAYS.COM)
#Ascension: Health data of 5.6 million stolen in #ransomware attack
https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/
#cybersecurity #DataBreach #healthcare #privacy
https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/
#cybersecurity #DataBreach #healthcare #privacy
Un cybercriminel membre du célèbre gang de hackers Lockbit se cachait en Israël
https://www.numerama.com/cyberguerre/1869958-un-cybercriminel-membre-du-celebre-gang-de-hackers-lockbit-se-cachait-en-israel.html
#Infosec #Security #Cybersecurity #CeptBiro #Cybercriminel #Lockbit #Israel
https://www.numerama.com/cyberguerre/1869958-un-cybercriminel-membre-du-celebre-gang-de-hackers-lockbit-se-cachait-en-israel.html
#Infosec #Security #Cybersecurity #CeptBiro #Cybercriminel #Lockbit #Israel
Un cybercriminel membre du célèbre gang de hackers Lockbit se cachait en Israël - Numerama
Un membre du groupe de hackers Lockbit, responsable de cyberattaques contre la France, a été arrêté en Israël. Il était chargé de développer des moyens de pression pour forcer à payer la rançon.Bogdan Bodnar (Numerama)
"Every year, countless emails hit our inboxes telling us that our personal information was accessed, shared, or stolen in a data breach. In many cases, there is little we can do. Most of us can assume that at least our phone numbers, emails, addresses, credit card numbers, and social security numbers are all available somewhere on the internet.
But some of these data breaches are more noteworthy than others, because they include novel information about us, are the result of particularly noteworthy security flaws, or are just so massive they’re impossible to ignore. For that reason, we are introducing the Breachies, a series of tongue-in-cheek “awards” for some of the most egregious data breaches of the year.
If these companies practiced a privacy first approach and focused on data minimization, only collecting and storing what they absolutely need to provide the services they promise, many data breaches would be far less harmful to the victims. But instead, companies gobble up as much as they can, store it for as long as possible, and inevitably at some point someone decides to poke in and steal that data."
https://www.eff.org/deeplinks/2024/12/breachies-2024-worst-weirdest-most-impactful-data-breaches-year
#CyberSecurity #Privacy #DataBreaches
But some of these data breaches are more noteworthy than others, because they include novel information about us, are the result of particularly noteworthy security flaws, or are just so massive they’re impossible to ignore. For that reason, we are introducing the Breachies, a series of tongue-in-cheek “awards” for some of the most egregious data breaches of the year.
If these companies practiced a privacy first approach and focused on data minimization, only collecting and storing what they absolutely need to provide the services they promise, many data breaches would be far less harmful to the victims. But instead, companies gobble up as much as they can, store it for as long as possible, and inevitably at some point someone decides to poke in and steal that data."
https://www.eff.org/deeplinks/2024/12/breachies-2024-worst-weirdest-most-impactful-data-breaches-year
#CyberSecurity #Privacy #DataBreaches
"U.S. authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices.
The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S. market for routers for homes and small businesses. It is also the top choice on Amazon.com, and powers internet communications for the Defense Department and other federal government agencies.
Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.
Action against the company would likely fall to the incoming Trump administration, which has signaled an aggressive approach to China."
https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6?st=oP8Bk2&reflink=desktopwebshare_permalink
#USA #CyberSecurity #China #TPLink #StateHacking #TradeWar
The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S. market for routers for homes and small businesses. It is also the top choice on Amazon.com, and powers internet communications for the Defense Department and other federal government agencies.
Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.
Action against the company would likely fall to the incoming Trump administration, which has signaled an aggressive approach to China."
https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6?st=oP8Bk2&reflink=desktopwebshare_permalink
#USA #CyberSecurity #China #TPLink #StateHacking #TradeWar
Defending those who defend us
"At TEDIC, we have been working for over a decade to defend digital rights, a commitment that led us in 2023 to become a trusted partner of Meta Inc., the company behind platforms like Facebook, Instagram, and WhatsApp. This partnership allows us to act quickly against cybersecurity threats affecting human rights defenders. These include recoverin
https://www.tedic.org/defending-those-who-defend-us/
#Blog #activists #cybersecurity #Meta #SocialNetworks
"At TEDIC, we have been working for over a decade to defend digital rights, a commitment that led us in 2023 to become a trusted partner of Meta Inc., the company behind platforms like Facebook, Instagram, and WhatsApp. This partnership allows us to act quickly against cybersecurity threats affecting human rights defenders. These include recoverin
https://www.tedic.org/defending-those-who-defend-us/
#Blog #activists #cybersecurity #Meta #SocialNetworks
Defender a quienes nos defienden
En TEDIC trabajamos desde hace más de una década en la defensa de los derechos digitales, un compromiso que nos llevó en 2023 a convertirnos en socio de confianza (trusted partner) de Meta Inc.TEDIC
#DHS Says #China, #Russia, #Iran, and #Israel Are Spying on People in #US with #SS7
https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/
#cybersecurity #privacy
https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/
#cybersecurity #privacy
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.Joseph Cox (404 Media)
"It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers.
The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.
The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.
The new guidance may have surprised consumers — but not security experts.
"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure.""
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption
#USA #FBI #SaltTyphoon #CyberSecurity #China #StateHacking
The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.
The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.
The new guidance may have surprised consumers — but not security experts.
"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure.""
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption
#USA #FBI #SaltTyphoon #CyberSecurity #China #StateHacking
FBI warns Americans to keep their text messages secure: What to know
The U.S. believes hackers affiliated with China's government are infiltrating telecoms and stealing users' data. The FBI has urged people to use end-to-end encryption to keep their info safe.NPR
"The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the “primary” countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden.
The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS’s Cybersecurity Insurance and Security Agency (CISA) broke with his department’s official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from."
https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/
#USA #CyberSecurity #DHS #SS7 #MobilePhones #Surveillance
The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS’s Cybersecurity Insurance and Security Agency (CISA) broke with his department’s official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from."
https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/
#USA #CyberSecurity #DHS #SS7 #MobilePhones #Surveillance
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.Joseph Cox (404 Media)
404 Media: DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden.
Senator Wyden’s office says the DoD confirmed it believes that all U.S. carriers are vulnerable to Signaling System 7 (SS7) and Diameter surveillance, and that DoD has not reviewed third-party audits carried out by U.S. carriers of their own networks.
The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden.
Senator Wyden’s office says the DoD confirmed it believes that all U.S. carriers are vulnerable to Signaling System 7 (SS7) and Diameter surveillance, and that DoD has not reviewed third-party audits carried out by U.S. carriers of their own networks.
SS7 is used to route messages when a phone user roams outside of their area of normal coverage. But it is also leveraged by governments, surveillance contractors, and financially motivated criminals to target phones too. These malicious parties gain access to SS7 through legitimate telecommunications companies or even operating their own. They lease access to a Global Title, which is essentially an address to route messages with. With that access, attackers may be able to track a phone and person's location, or intercept their communications armed with just their phone number. SS7 attacks are also used to deliver malware that can then infect the target’s mobile device itself.#nationalsecurity #threatintel #news #privacy #infosec #cybersecurity #russia #china #iran #israel #ss7
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.Joseph Cox (404 Media)
Was sind SBOMs?
Ein neuer Beitrag auf meinem Blog. Grundlagen zum Thema SBOMs.
https://blog.security-manufaktur.de/sbom/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html
#bom #sbom #sboms #software #softwaredevelopment #softwarebillofmaterials #SoftwareBillsofMaterialSBOMs #dev #devops #development #developer #blog #cybersecurity #security #cyclonedx #spdx #vex
Ein neuer Beitrag auf meinem Blog. Grundlagen zum Thema SBOMs.
https://blog.security-manufaktur.de/sbom/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html
#bom #sbom #sboms #software #softwaredevelopment #softwarebillofmaterials #SoftwareBillsofMaterialSBOMs #dev #devops #development #developer #blog #cybersecurity #security #cyclonedx #spdx #vex
SBOM: Die Zutatenliste für Software
SBOM – Die Zutatenliste für Softwareprodukted33pjs (Security Manufaktur Blog)
"Paragon, an Israeli spyware maker that has largely kept a low profile in recent years, was acquired last week by American private equity giant AE Industrial Partners, according to Israeli news reports.
Tech news website Calcalist reported that the investment firm bought Paragon for $500 million, and depending on how the company grows, the deal could reach $900 million. Globes reported that the upfront payment is $450 million, 20% of which will go to Paragon’s 400 employees, and 30% to the five co-founders, with the remaining 50% going to U.S. venture capital fund Battery Ventures and Israeli venture capital fund Red Dot.
In 2021, Forbes first revealed the existence of Paragon, which didn’t — and still doesn’t — have a website. The magazine reported that the company was founded by a group of former Israeli intelligence officers: Ehud Schneorson, former commander of Unit 8200, a renowned Israeli spy agency whose alumni often then work in the cybersecurity private sector, as well as CEO Idan Nurick, CTO Igor Bogudlov, and vice president of research Liad Avraham."
https://techcrunch.com/2024/12/16/israeli-spyware-maker-paragon-bought-by-u-s-private-equity-giant/
#CyberSecurity #Israel #Paragon #Graphite #Spyware
Tech news website Calcalist reported that the investment firm bought Paragon for $500 million, and depending on how the company grows, the deal could reach $900 million. Globes reported that the upfront payment is $450 million, 20% of which will go to Paragon’s 400 employees, and 30% to the five co-founders, with the remaining 50% going to U.S. venture capital fund Battery Ventures and Israeli venture capital fund Red Dot.
In 2021, Forbes first revealed the existence of Paragon, which didn’t — and still doesn’t — have a website. The magazine reported that the company was founded by a group of former Israeli intelligence officers: Ehud Schneorson, former commander of Unit 8200, a renowned Israeli spy agency whose alumni often then work in the cybersecurity private sector, as well as CEO Idan Nurick, CTO Igor Bogudlov, and vice president of research Liad Avraham."
https://techcrunch.com/2024/12/16/israeli-spyware-maker-paragon-bought-by-u-s-private-equity-giant/
#CyberSecurity #Israel #Paragon #Graphite #Spyware
Israeli spyware maker Paragon bought by US private equity giant | TechCrunch
The company's spyware, dubbed Graphite, is capable of hacking phones and stealing private communications.Lorenzo Franceschi-Bicchierai (TechCrunch)
Our closet ally 🇮🇱 ? Preposterous! 😂
@josephcox
https://infosec.exchange/@josephcox/113668733376112279
#cybersecurity #palestine #surveillance
@josephcox
https://infosec.exchange/@josephcox/113668733376112279
#cybersecurity #palestine #surveillance
Joseph Cox (@josephcox@infosec.exchange)
New from 404 Media: DHS knows which countries are primarily abusing SS7 vulnerabilities in U.S. telecom networks, allowing location tracking, text/call intercept. China, Russia, Iran, Israel mostly. DoD also says *all* U.S.Infosec Exchange
🚨 Breaking: Rhode Island's RIBridges system, managing benefits like Medicaid and SNAP, has been breached, exposing sensitive citizen data. Governor Dan McKee confirms the incident and ongoing investigations. Free credit monitoring offered to affected individuals. 🛡️🔒
Read more: https://cyberinsider.com/rhode-islands-it-system-breached-citizen-data-compromised/
#CyberSecurity #DataBreach #RhodeIsland #RIBridges #IdentityTheft #TechNews #PrivacyMatters #newz
Read more: https://cyberinsider.com/rhode-islands-it-system-breached-citizen-data-compromised/
#CyberSecurity #DataBreach #RhodeIsland #RIBridges #IdentityTheft #TechNews #PrivacyMatters #newz
Rhode Island's IT System Breached, Citizen Data Compromised
A cybersecurity breach on Rhode Island's RIBridges system has exposed the data of individuals applying for or receiving state benefits.Amar Ćemanović (CyberInsider)
🚨 Breaking Cyber News! Researchers uncover NoviSpy, a sinister Android spyware targeting Serbian activists, exploiting a zero-day Qualcomm chip vulnerability. Journalists beware - your device might be compromised! 🕵️♀️📱 #CyberSecurity #DigitalPrivacy #ZeroDayExploit @GoogleTAG #newz
https://cyberinsider.com/new-novispy-android-spyware-exploits-zero-day-flaw-in-qualcomm-chips/
https://cyberinsider.com/new-novispy-android-spyware-exploits-zero-day-flaw-in-qualcomm-chips/
New NoviSpy Android Spyware Exploits Flaw in Qualcomm Chips
A newly disclosed zero-day vulnerability in Qualcomm's DSP driver has been linked to the deployment of an Android spyware tool named NoviSpy.Alex Lekander (CyberInsider)
🚨 Data Breach Alert! 🚨 Nearly 24 million users have been notified by Have I Been Pwned (HIBP) about a significant data exposure linked to the mysterious entity Hopamedia. This breach reveals sensitive info like emails, names, and phone numbers. Users are urged to stay vigilant against phishing attempts! 🔍💻 #DataBreach #CyberSecurity #HIBP #StaySafe #Hopamedia #newz
Read more here: https://cyberinsider.com/hibp-notifies-23-million-users-of-mysterious-hopamedia-data-exposure/
Read more here: https://cyberinsider.com/hibp-notifies-23-million-users-of-mysterious-hopamedia-data-exposure/
HIBP Notifies 23 Million Users of “Hopamedia” Data Exposure
Have I Been Pwned (HIBP) has added a new dataset to its database, affecting nearly 24 million records, and linked to a firm named Hopamedia.Amar Ćemanović (CyberInsider)
"The report is significant because it shows that although Cellebrite devices are typically designed to unlock or extract data from phones that authorities have physical access to, they can also be used to open the door for installing #activesurveillance technology. In these cases, the devices were infected with malware and then returned to the targets."
#Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With #Malware (#spyware)
https://www.404media.co/cellebrite-unlocked-this-journalists-phone-cops-then-infected-it-with-malware/ #cybersecurity #cybersec
#Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With #Malware (#spyware)
https://www.404media.co/cellebrite-unlocked-this-journalists-phone-cops-then-infected-it-with-malware/ #cybersecurity #cybersec
Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware
A new report from Amnesty International reveals multiple cases where Serbian authorities used Cellebrite devices to access targets' mobile phones before loading them with spyware.Joseph Cox (404 Media)
Serbian police used #Cellebrite to unlock, then plant #spyware, on a journalist’s phone
https://techcrunch.com/2024/12/15/serbian-police-used-cellebrite-to-unlock-then-plant-spyware-on-a-journalists-phone/
#Serbia #privacy #cybersecurity #journalism
https://techcrunch.com/2024/12/15/serbian-police-used-cellebrite-to-unlock-then-plant-spyware-on-a-journalists-phone/
#Serbia #privacy #cybersecurity #journalism
Serbian police used Cellebrite to unlock, then plant spyware on, a journalist's phone | TechCrunch
Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops.Lorenzo Franceschi-Bicchierai (TechCrunch)
Quadrant has launched a FREE Dark Web report tool for small and medium-sized businesses! 🛡️ This innovative service provides critical insights into compromised credentials, helping organizations stay ahead of cyber threats. Early detection can prevent costly data breaches! 💼🔍 Check it out here: https://www.techradar.com/pro/This-free-tool-offers-SMBs-critical-insights-into-compromised-credential-found-on-the-dark-web #CyberSecurity #DarkWeb #SMBs #DataProtection
#newz
#newz
This free tool offers SMBs critical insights into compromised credentials found on the dark web
Offers actionable insights to keep SMBs protectedEfosa Udinmwen (TechRadar pro)