Zum Inhalt der Seite gehen

Suche

Beiträge, die mit Security getaggt sind


Wenn du über aktuelle Beiträge informiert werden möchtest, kannst du dem Blog auf verschiedenen Kanälen folgen, dich mit uns austauschen und aktiv am Diskurs teilnehmen. 👇

• Folgen: https://www.kuketz-blog.de/bleib-aktuell/
• Forum: https://www.kuketz-forum.de/
• Chat: https://www.kuketz-blog.de/chat/

Bleib informiert und diskutiere mit!

#blog #sicherheit #security #datenschutz #privacy #mastodon #newsletter #rss #matrix #signal #discourse #forum


Q. is the world heading towards a new nuclear arms race?

The focus of civil society has been taken up with climate change as an existential threat, so the build up of nukes in the US, China & Russia has (perhaps) escaped out notice.... Now Jessica Matthews (Carnegie) sees a revival of the sorts of nuclear politics that for those around my age (now in our 50s/60s) will be both familiar from our past & likely unwelcome.... it doesn't look good.

#NuclearWeapons #security
https://www.theguardian.com/world/2024/nov/14/nuclear-weapons-war-new-arms-race-russia-china-us


#Strikes in #Palestine:
Amid an economic crisis caused by Israeli policies and Palestinian Authority corruption, teachers are bringing #schools and streets to a standstill until their demands are met: https://www.972mag.com/palestinian-teachers-strike-pa-repression/ #WestBank #Gaza #occupation #education #security


https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

Wired has published a guide to protecting yourself from surveillance by the US government

The guide discusses the potential increase in government surveillance under a second Trump administration and offers advice on upgrading personal privacy protections, including using end-to-end encrypted messengers and securing devices.

#privacy #security #civilrights


[Important Update] Google patches two Android Zero-Days used in targeted Attacks. :android:

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 & CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks.

https://source.android.com/docs/security/bulletin/2024-11-01

#google #android #update #zerodays #it #security #privacy #engineer #media #tech #news
The security issues fixed this month impact Android versions between 12 and 15.

• The CVE-2024-43047 flaw is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges. The flaw was first disclosed in early October 2024 by Qualcomm as a problem in its Digital Signal Processor (DSP) service.

• CVE-2024-43093 is also a high-severity elevation of privilege flaw, this time impacting the Android Framework component and Google Play system updates, specifically in the Documents UI. Google did not disclose who discovered the CVE-2024-43093 vulnerability.

To apply the latest update, head to Settings > System > Software updates > System update. Alternatively, go to Settings > Security & privacy > System & updates > Security update. A restart will be required to apply the update.


If you’re looking for an EU-based alternative to AzireVPN since they’ve now sold to a US company (why, hello, Trump presidency, how goes?), see Mullvad VPN (@mullvadnet).

https://mullvad.net

#privacy #security #VPN #AzireVPN #MullvadVPN


If one considers everything well, one will find something appears to be virtue, which if pursued would be one's ruin, and something else appears to be vice, which if pursued results in one's security and well-being.
-- Niccolo Machiavelli

⬆ #Wisdom #Quotes #NiccoloMachiavelli #Security #Vice #Virtue

⬇ #Photography #Panorama #Palms #Florida
photo by richard rathe


"DNA firm holding highly sensitive data 'vanishes' without warning"

https://www.bbc.com/news/articles/cz7wl7rpndjo

"A DNA-testing firm appears to have ceased trading - without telling its customers what has happened to the highly sensitive data they shared with it.

Atlas Biomed, which has offices in London, offered to provide insights into people's genetic make up as well as their predisposition to certain illnesses."

@BBCNews

#UK #London #DNA #AtlasBiomed #BBC #privacy #security #press


Fuck your Olympic #security cameras.

"In July 2024, ahead of the Summer Olympics in France, the threat actor hacked a French commercial dynamic display provider in an effort to show photo montages denouncing the participation of Israeli athletes in the #Olympics.

In addition, ASA has conducted IP camera hacking, mainly targeting devices in #Israel, but also in #Gaza and #Iran.

ASA made images and content from Israeli cameras available for clients to access via several servers beginning in October 2023...”
https://www.securityweek.com/us-israel-describe-iranian-hackers-targeting-of-olympics-surveillance-cameras/


Checking your own phone for signs of compromise is easy using Amnesty International Security Lab's Mobile Verification Toolkit. Here's how iPhone users can do it now:

https://scidsg.medium.com/how-to-check-your-iphone-for-pegasus-338bafb2358e

#threatmodel #security #iPhone #hacking #phishing #amnesty #journalism #opensource #press #law


Weekly Update 📰

▶️ We published a new article: "The New German #Security Package: #Digital #Surveillance and #DataProtection". More in our #blog: https://www.vioffice.de/blog/sicherheitspaket-digitale-ueberwachung/ 🇬🇧🇩🇪

▶️ ViOffice Cloud for free! Use our full ViOffice #Cloud with up to 3GB storage including all functions (storage, chat, videocall, groupware, taskboard, polls and more) for free. Register at: https://cloud01.vioffice.de/apps/registration/ 🚀


LiteSpeed Cache Plugin Vulnerability poses significant Risk to WordPress Websites.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated actors to gain admin rights.

[CVE-2024-50550 CVSS score: 8.1]

https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/

#wordpress #litespeed #flaw #it #security #privacy #engineer #media #tech #news
LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites.

The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8).

It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator.

The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

<https://wordpress.org/plugins/litespeed-cache/>


[BEWARE!!!] Android Malware "FakeCall" now reroutes Bank Calls to Attackers. :androidalt:

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/

#android #fakecall #vishing #malware #it #security #privacy #engineer #media #tech #news
FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information.

In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction.

The malware also exploits the Android Accessibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app.
[ImageSource: Zimperium]

Overview of latest FakeCall attacks.

The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges.

A fake call interface mimics the actual Android dialer, displaying trusted contact information and names, elevating the level of deception to a point that's hard for victims to realize.

What makes this malware so dangerous is that when a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker's phone number instead.


Apple creates Private Cloud Compute VM to let Researchers find Bugs. :apple_inc:

The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.

https://security.apple.com/blog/pcc-security-research

#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some “key components” to help researchers analyze the privacy and safety features on the architecture.

The company also makes available the Private Cloud Compute Security Guide, which explains the architecture and technical details of the components and the way they work.

<https://security.apple.com/documentation/private-cloud-compute>
[ImageSource: Apple]

Interacting with the Private Cloud Compute client from the Virtual Research Environment.

Apple provides a Virtual Research Environment (VRE), which replicates locally the cloud intelligence system and allows inspecting it as well as testing its security and hunting for issues.

“The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple explains, sharing documentation on how to set up the Virtual Research Environment on your device.

VRE is present on macOS Sequia 15.1 Developer Preview and it needs a device with Apple silicaon and at least 16GB of unified memory.

<https://security.apple.com/documentation/private-cloud-compute/vresetup>


Security News This Week: Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

https://www.wired.com/story/russia-hackers-microsoft-source-code/

#technology #tech #hacked #hackers #microsoft #security #cybersecurity #datasecurity


Largely how I feel about the entire push towards FIDO and hardware tokens.

#FIDO #Yubikey #Security
A meme format image with two boxes, spelling "Yes, but" as the header.

The "Yes," box showing a yubikey hardware token.

The "But" box showing the high price for one yubikey.


Just ordered a hardware security token.

Will this improve my security, privacy, coonvenience?

I'll let you know.

#2fa #mfa #security #securitykey


How to Secure Your Kid's Android Device https://www.eff.org/deeplinks/2023/12/how-secure-your-kids-android-device #security