Zum Inhalt der Seite gehen

Suche

Beiträge, die mit Security getaggt sind

Wenn du über aktuelle Beiträge informiert werden möchtest, kannst du dem Blog auf verschiedenen Kanälen folgen, dich mit uns austauschen und aktiv am Diskurs teilnehmen. 👇

• Folgen: https://www.kuketz-blog.de/bleib-aktuell/
• Forum: https://www.kuketz-forum.de/
• Chat: https://www.kuketz-blog.de/chat/

Bleib informiert und diskutiere mit!

#blog #sicherheit #security #datenschutz #privacy #mastodon #newsletter #rss #matrix #signal #discourse #forum

Bleib aktuell

RSS, Newsletter oder Social Media: Immer informiert über neue Beiträge • IT-Sicherheit & Datenschutz aus Karlsruhe
www.kuketz-blog.de
#privacy #mastodon #signal #matrix #blog #security #RSS #newsletter #discourse #forum #sicherheit #datenschutz

Q. is the world heading towards a new nuclear arms race?

The focus of civil society has been taken up with climate change as an existential threat, so the build up of nukes in the US, China & Russia has (perhaps) escaped out notice.... Now Jessica Matthews (Carnegie) sees a revival of the sorts of nuclear politics that for those around my age (now in our 50s/60s) will be both familiar from our past & likely unwelcome.... it doesn't look good.

#NuclearWeapons #security
https://www.theguardian.com/world/2024/nov/14/nuclear-weapons-war-new-arms-race-russia-china-us
#security #nuclearweapons

#Strikes in #Palestine:
Amid an economic crisis caused by Israeli policies and Palestinian Authority corruption, teachers are bringing #schools and streets to a standstill until their demands are met: https://www.972mag.com/palestinian-teachers-strike-pa-repression/ #WestBank #Gaza #occupation #education #security

Defying PA repression, Palestinian teachers lead biggest strike in years

Amid an economic crisis caused by Israeli policies and PA corruption, teachers are bringing schools and streets to a standstill until their demands are met.
Ben Reiff (+972 Magazine)
#schools #education #security #palestine #occupation #strikes #gaza #westbank

https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

Wired has published a guide to protecting yourself from surveillance by the US government

The guide discusses the potential increase in government surveillance under a second Trump administration and offers advice on upgrading personal privacy protections, including using end-to-end encrypted messengers and securing devices.

#privacy #security #civilrights
#privacy #security #civilrights

[Important Update] Google patches two Android Zero-Days used in targeted Attacks. :android:

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 & CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks.

https://source.android.com/docs/security/bulletin/2024-11-01

#google #android #update #zerodays #it #security #privacy #engineer #media #tech #news
The security issues fixed this month impact Android versions between 12 and 15. • The CVE-2024-43047 flaw is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges. The flaw was first disclosed in early October 2024 by Qualcomm as a problem in its Digital Signal Processor (DSP) service. • CVE-2024-43093 is also a high-severity elevation of privilege flaw, this time impacting the Android Framework component and Google Play system updates, specifically in the Documents UI. Google did not disclose who discovered the CVE-2024-43093 vulnerability. To apply the latest update, head to Settings > System > Software updates > System update. Alternatively, go to Settings > Security & privacy > System & updates > Security update. A restart will be required to apply the update.
#android #news #privacy #zerodays #google #tech #media #security #it #engineer #update

tools like @torproject, @securedrop (by @freedomofpress) and @signalapp are going to be so important for protecting people in the coming years. please support them

#privacy #security #anonymity #journalism #whistleblowing
#privacy #journalism #whistleblowing #security #anonymity @Signal @The Tor Project @Freedom of the Press @securedrop

If you’re looking for an EU-based alternative to AzireVPN since they’ve now sold to a US company (why, hello, Trump presidency, how goes?), see Mullvad VPN (@mullvadnet).

https://mullvad.net

#privacy #security #VPN #AzireVPN #MullvadVPN

Mullvad VPN - Free the internet

Free the internet from mass surveillance and censorship. Fight for privacy with Mullvad VPN and Mullvad Browser.
Mullvad
#privacy #vpn #security #azirevpn #MullvadVPN @mullvadnet

If one considers everything well, one will find something appears to be virtue, which if pursued would be one's ruin, and something else appears to be vice, which if pursued results in one's security and well-being.
-- Niccolo Machiavelli

⬆ #Wisdom #Quotes #NiccoloMachiavelli #Security #Vice #Virtue

⬇ #Photography #Panorama #Palms #Florida
photo by richard rathe
#photography #florida #wisdom #quotes #security #panorama #virtue #niccolomachiavelli #vice #palms

https://www.europesays.com/1599555/ Iran’s Nuclear Program Can’t Be Bombed Out of Existence #Deterrence #Iran #IranNuclearProgram #Israel #nuclear #NuclearProliferation #security

Iran’s Nuclear Program Can’t Be Bombed Out of Existence - EUROPE SAYS

The Middle East is on the brink of full-scale regional war. Israel recently launched retaliatory strikes against Iran.
EUROPE SAYS (EUROPESAYS.COM)
#israel #security #nuclear #Iran #deterrence #irannuclearprogram #nuclearproliferation

https://www.europesays.com/1599133/ Security Boosted For France-Israel Match #conflict #fbl #fra #france #isr #Israel #nations #palestinians #police #security #SYND
UN Urges Leveraging Carbon Markets To Help Poorest Countries

Security Boosted For France-Israel Match - EUROPE SAYS

Text size A high police presence is being prepared for the France v Israel Nations League match at
EUROPE SAYS (EUROPESAYS.COM)
#police #israel #france #security #palestinians #conflict #nations #synd #fbl #fra #isr

"DNA firm holding highly sensitive data 'vanishes' without warning"

https://www.bbc.com/news/articles/cz7wl7rpndjo

"A DNA-testing firm appears to have ceased trading - without telling its customers what has happened to the highly sensitive data they shared with it.

Atlas Biomed, which has offices in London, offered to provide insights into people's genetic make up as well as their predisposition to certain illnesses."

@BBCNews

#UK #London #DNA #AtlasBiomed #BBC #privacy #security #press

I gave my DNA to tracking company - then it vanished

Customers of Atlas Biomed are angry and worried about what's happened to the highly sensitive data they shared.
Zoe Kleinman (BBC News)
#uk #privacy #london #press #bbc #security #dna #atlasbiomed @BBCNews

https://www.europesays.com/1595603/ Iran Update, November 8, 2024 #Afghanistan #Conflicts #Institute #InstituteForTheStudyOfWar #Iran #IranProject #Iraq #Israel #ISW #Libya #MiddleEast #ORBAT #report #security #Study #war
Iran Update, November 8, 2024

Iran Update, November 8, 2024 - EUROPE SAYS

  Iran Update, November 8, 2024 Johanna Moore, Siddhant Kishore, Annika Ganzeveld, Ben Rezaei, Avery Borens, Adiv Kuray,
EUROPE SAYS (EUROPESAYS.COM)
#war #study #report #israel #security #afghanistan #Iraq #libya #Iran #middleeast #conflicts #institute #instituteforthestudyofwar #iranproject #isw #orbat

Fuck your Olympic #security cameras.

"In July 2024, ahead of the Summer Olympics in France, the threat actor hacked a French commercial dynamic display provider in an effort to show photo montages denouncing the participation of Israeli athletes in the #Olympics.

In addition, ASA has conducted IP camera hacking, mainly targeting devices in #Israel, but also in #Gaza and #Iran.

ASA made images and content from Israeli cameras available for clients to access via several servers beginning in October 2023...”
https://www.securityweek.com/us-israel-describe-iranian-hackers-targeting-of-olympics-surveillance-cameras/
#israel #security #olympics #gaza #Iran

Checking your own phone for signs of compromise is easy using Amnesty International Security Lab's Mobile Verification Toolkit. Here's how iPhone users can do it now:

https://scidsg.medium.com/how-to-check-your-iphone-for-pegasus-338bafb2358e

#threatmodel #security #iPhone #hacking #phishing #amnesty #journalism #opensource #press #law
#opensource #journalism #press #law #security #phishing #hacking #iphone #amnesty #threatmodel

Weekly Update 📰

▶️ We published a new article: "The New German #Security Package: #Digital #Surveillance and #DataProtection". More in our #blog: https://www.vioffice.de/blog/sicherheitspaket-digitale-ueberwachung/ 🇬🇧🇩🇪

▶️ ViOffice Cloud for free! Use our full ViOffice #Cloud with up to 3GB storage including all functions (storage, chat, videocall, groupware, taskboard, polls and more) for free. Register at: https://cloud01.vioffice.de/apps/registration/ 🚀

The new German Security Package: Digital Surveillance and Data Protection - ViOffice

The new German security package: far-reaching digital surveillance and possible intrusions into citizens' privacy.
Pascal Langer (ViOffice)
#surveillance #cloud #blog #dataprotection #security #digital

https://www.europesays.com/1588044/ Iran Update, November 5, 2024 #Afghanistan #Conflicts #Institute #InstituteForTheStudyOfWar #Iran #IranProject #Iraq #Israel #ISW #Libya #MiddleEast #ORBAT #report #security #Study #war
Iran Update, November 5, 2024

Iran Update, November 5, 2024 - EUROPE SAYS

  Iran Update, November 5, 2024 Carolyn Moorman, Johanna Moore, Annika Ganzeveld, Andie Perry, Siddhant Kishore, Ben Rezaei,
EUROPE SAYS (EUROPESAYS.COM)
#war #study #report #israel #security #afghanistan #Iraq #libya #Iran #middleeast #conflicts #institute #instituteforthestudyofwar #iranproject #isw #orbat

LiteSpeed Cache Plugin Vulnerability poses significant Risk to WordPress Websites.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated actors to gain admin rights.

[CVE-2024-50550 CVSS score: 8.1]

https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/

#wordpress #litespeed #flaw #it #security #privacy #engineer #media #tech #news
LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites. The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8). It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. <https://wordpress.org/plugins/litespeed-cache/>

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin - Patchstack

A vulnerability in LiteSpeed Cache allowed unauthorized admin access; fixed in version 6.5.2, with Patchstack users automatically protected.
Rafie Muhammad (Patchstack)
#news #privacy #tech #wordpress #media #security #it #engineer #litespeed #flaw

[BEWARE!!!] Android Malware "FakeCall" now reroutes Bank Calls to Attackers. :androidalt:

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/

#android #fakecall #vishing #malware #it #security #privacy #engineer #media #tech #news
FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information. In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction. The malware also exploits the Android Accessibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app.
[ImageSource: Zimperium] Overview of latest FakeCall attacks. The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges. A fake call interface mimics the actual Android dialer, displaying trusted contact information and names, elevating the level of deception to a point that's hard for victims to realize. What makes this malware so dangerous is that when a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker's phone number instead.

Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.
Zimperium
#android #news #privacy #tech #media #malware #security #it #engineer #fakecall #vishing

Apple creates Private Cloud Compute VM to let Researchers find Bugs. :apple_inc:

The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.

https://security.apple.com/blog/pcc-security-research

#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some “key components” to help researchers analyze the privacy and safety features on the architecture. The company also makes available the Private Cloud Compute Security Guide, which explains the architecture and technical details of the components and the way they work. <https://security.apple.com/documentation/private-cloud-compute>
[ImageSource: Apple] Interacting with the Private Cloud Compute client from the Virtual Research Environment. Apple provides a Virtual Research Environment (VRE), which replicates locally the cloud intelligence system and allows inspecting it as well as testing its security and hunting for issues. “The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple explains, sharing documentation on how to set up the Virtual Research Environment on your device. VRE is present on macOS Sequia 15.1 Developer Preview and it needs a device with Apple silicaon and at least 16GB of unified memory. <https://security.apple.com/documentation/private-cloud-compute/vresetup>
#news #ai #privacy #tech #media #security #pcc #Apple #bug #it #engineer #programming #vm #securityresearch #bounty

Security News This Week: Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

https://www.wired.com/story/russia-hackers-microsoft-source-code/

#technology #tech #hacked #hackers #microsoft #security #cybersecurity #datasecurity

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.
Dhruv Mehrotra (WIRED)
#hackers #cybersecurity #tech #security #technology #microsoft #datasecurity #hacked

Largely how I feel about the entire push towards FIDO and hardware tokens.

#FIDO #Yubikey #Security
A meme format image with two boxes, spelling "Yes, but" as the header. The "Yes," box showing a yubikey hardware token. The "But" box showing the high price for one yubikey.
#yubikey #security #fido

Just ordered a hardware security token.

Will this improve my security, privacy, coonvenience?

I'll let you know.

#2fa #mfa #security #securitykey
#security #mfa #2fa #securitykey

How to Secure Your Kid's Android Device https://www.eff.org/deeplinks/2023/12/how-secure-your-kids-android-device #security

How to Secure Your Kid's Android Device

After finding risky software on an Android (Google’s mobile operating system) device marketed for kids, we wanted to put together some tips to help better secure your kid's Android device (and even your own).
Electronic Frontier Foundation
#security