“It's infinitely safer to convince 500 people to withdraw their money from Wells Fargo and Chase so they can't fund a defense contractor or the next pipeline than it is to redecorate a few of their branches. (It leaves a bigger dent too.)”

https://kolektiva.social/@tothedaring/113460078355087435

#civilDisobedience #massNoncooperation #directAction #organizing #protest #resistance #activism #MovementSecurity #MoSec #privacy #infosec #movementorganizing #harmreduction #safety #protestSafety #harris #trump #election #election2024 #democrats

WIRTE APT Targets Israel with Wiper Malware

Pulse ID: 6734783599d63a48c4802abe
Pulse Link: https://otx.alienvault.com/pulse/6734783599d63a48c4802abe
Pulse Author: cryptocti
Created: 2024-11-13 09:58:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Israel #Malware #OTX #OpenThreatExchange #bot #cryptocti

Check Point Research (CPR): Hamas-Affiliated Threat Actor Wirte Continues Its Middle East Operations And Moves To Disruptive Activity
Hamas-affiliated threat actor WIRTE continues to leverage recent events in the region in their espionage operations, likely targeting entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia. CPR assesses that WIRTE group has expanded beyond espionage to conduct disruptive attacks, identifying clear links between the custom malware used by the group and te wiper malware SameCoin (used against Israel entities in February and October 2024). Indicators of compromise provided.

#hamas #wirte #gazacybergang #cyberespionage #wiper #IOC #threatintel #infosec #cyberesecurity #cyberthreatintelligence #CTI

I just wanted to contact a security researcher about something he found a while ago, because I found new details (a regression) and wanted to collaborate. But I can't, because the only contact provided is an X profile and I do not have an account there anymore.

If you are *only* reachable via X, you are missing out. Update your public profiles to include other ways to contact you privately. Tell your friends.

#infosec

What a mess.

We’re all looking at the insecure finances, ownership & security of 23 & Me.

Meanwhile, DNA report company Atlas Biomed took money & DNA, then simply went dark & vanished…

And now appears to have been a Russian front company based in Moscow.

#23andme #dna #dnatesting #atlasbiomed #moscow #russia #infosec #privacy #informationsecurity #medtech

https://www.bbc.co.uk/news/articles/cz7wl7rpndjo

#PrimMinistrulIsraelului #Netanyahu se confruntă cu o nouă furtună politică în legătură cu ostaticii din #Gaza, după arestări legate de o presupusă scurgere de informații (📰#TheGuardian).

🔗 https://wp.me/p9KpFA-3UHi

#Știri #Israel #Palestina #FâșiaGaza #InfoSec #SecuritateInformatică #SecuritateCibernetică

A massive hacking scandal that has engulfed Italy is now threatening to spill beyond its borders, sucking in Israel, the Vatican, the United Kingdom and Lithuania. https://www.politico.eu/article/vatican-israel-italian-hacking-scandal-uk-lithuania-equalize/ #italy #vatican #israel #hacking #infosec

So ...let's face it. A LOT of folks in tech circles are somewhat amazed a fully #blind person can even find the power button on a computer, let alone operate it professionally. I am such a person, and I'd like to bust that myth.
It's also true that many #hacking tools, platforms, courses etc. could use some help in the #accessibility department. It's a neverending vicious circle.
Enter my new twitch channel, IC_null. On this channel, I will be streaming #programming and #hacking content including THM, HTB and who knows what else, from the perspective of a #screenReader user.
What I need, is an audience. If this is something you reckon you or anybody you know might be interested in, drop the channel a follow or share this post. Gimme that #infoSec Mastodon sense of comradery and help me out to make this idea an actual thing :) https://twitch.tv/ic_null #tryHackMe #streamer #selfPromo

"Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice"

https://dys2p.com/en/2021-12-tamper-evident-protection.html#random-mosaic-rm

1) put device in bag 2) put bagged device in another bag 3) pour in a mixture of different colored beans, forming a visual mosaic 4) send picture of mosaic to recipient

EDIT: author is on fedi @dys2p

#lowtech #infosec #opsec #compostable #edible

I genuinely forgot my phone pin for ~12 hours.

A pseudo-pattern, because #grapheneOS doesn't allow actual patterns on the basis they are less secure 🙃

Managed to shift the 2 starting numbers to one side. After ~60 brute-force attempts from this incorrect starting position, my intuition/desperation lead me to the correct start position -> success 👴

Super insecurity-inducing episode. (And what about accident induced memory loss? Dementia? Perhaps biometric #passkeys solve it all /s) #infosec

"For years, the antivirus software company harvested information from users’ web browsers without their consent." #infosec #privacy

Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting

Taylor Swift: Ticketek accounts hacked as ‘thousands’ of Australian fans fear for tickets before Eras tour https://www.theguardian.com/music/2024/feb/13/taylor-swift-eras-tour-australia-ticketek-pop-ups-details-locations-scam-help #Swift #infosec #hacking

Big news in Australia, which has named and shamed an alleged cybercriminal (I think for the first time?). Australia says a Russian man, Aleksandr Ermakov, is responsible for the data breach and extortion attempt against health insurer Medibank in 2022. Ermakov, who was ID’d by the Australian Signals Directorate and the Australian Federal Police, has been sanctioned under a cyber-related sanctions framework, which is the first time Australia has applied the framework.

A few thoughts on this. In Nov. 2022 AFP Commissioner Reece Kershaw said that AFP had a good idea who was behind the Medibank attack. If they already knew Aleksandr Ermakov's name then, that's remarkably fast attribution of in-real-life IDs, which is terrific. Fighting organised cybercriminal groups residing in safe haven countries is difficult. But naming-and-shaming and sanctioning makes it difficult for these actors to live normal lives or travel. It's an important tool, and it's great to see Australia do this. The U.S often takes it a step further, convening grand juries to secure indictments that are often kept under seal unless the suspect is caught. I'd be interested in knowing if Ermakov is now on an international watch list. The Medibank breach was awful for our country. But it's important to note that 1) Ermakov didn't get paid 2) This stigma will follow him around for the rest of his days and 3) It shows other ransomware actors they could be doxxed as well, which is a deterrent. #infosec https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976

Password security 😅 #infosec #security #banking #wifi

Genetic testing firm 23andMe has suffered a data breach.

1 million data points exclusively about Ashkenazi Jews have been advertised for sale on a cybercrime forum. There's also information about hundreds of thousands of users of Chinese descent.

It appears to be a credential stuffing attack—where previously leaked logins and passwords from other sites are tried on 23andMe—with the attackers then scraping data from profiles

@lhn's story has all the details we know so far:
https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ #cybersecurity #news #tech #23andme #infosec

He looks like John Draper (Captain Crunch).

#InfoSec #Doppleganger

I'm planning to do more digital privacy/security skillshares at some point.

Does anyone know of a nice 'ladder' of steps? Simpler steps with higher payoffs at the beginning kind of thing... essay or infographic.

Would be nice to have some orientation in the huge field of #infosec #privacy #cryptoparty #crypto