Notices tagged with infosec, page 8

What the actual fuck:
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

"A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages."

#InfoSec

Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635

tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.

Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."

#InfoSec

I do not want to live on this planet anymore:
https://arstechnica.com/information-technology/2018/05/drive-by-rowhammer-attack-uses-gpu-to-compromise-an-android-phone/

"[T]he exploit is the first to show that GPUs can flip individual bits stored in dynamic random-access memory. (...) It's also the first Rowhammer attack that uses standard JavaScript to compromise a smartphone, meaning it can be executed when users do nothing more than visit a malicious website. Another key innovation: on average, GLitch takes less than two minutes to compromise a device"

#infosec

48 million people put at risk after firm that scraped social networks left data exposed for anyone to download https://hotforsecurity.bitdefender.com/blog/48-million-people-put-at-risk-after-firm-that-scraped-info-from-social-networks-left-it-exposed-for-anyone-to-download-19784.html#new_tab #infosec

Wait, what. Windows 10 sends info on USB devices plugged in directly to Microsoft?

And it does that using pure HTTP?
https://pastebin.com/ttYp5rLg

You gotta be kidding me.

#InfoSec

RT @Fisher85M@twitter.com: Classic. {Comic}

#Cybersecurity #IoT @fisher85m@twitter.com #IoTSecurity #infosec #security
https://twitter.com/Fisher85M/status/985157005680742400

T-Mobile Austria started a big old #infosec dumpster fire on birdsite: https://twitter.com/tmobileat/status/982190220798967809 /ht @bkero

MyFitnetssPal got hacked.

https://www.digitaltrends.com/computing/under-armour-myfitnesspal-accounts-hacked/

#infosec #news #hacked

Anyone who just recently joined Mastodon, post up an introduction about who you are, what you do, and what you like to talk about!

Hashtag it #Introductions or #Introduction ! We use hashtags a lot to follow ideas across multiple instances!

Check those Introduction hashtags to meet more new folks.

Here are two of my favorite hashtags:
- #Infosec
- #MastoArt

Other folks might have other suggestions!

Help the 5th edition of the biggest infoSec, cryptography and hacking convention in Latin America exist. Have some spare money? Donate so the 5th Crypto Rave can happen! There is only a few days left 😱😱 https://cryptorave.org/en/

You can also submit a proposal for an activity! There'll be tons of lectures, talks, workshops, installfest and partying 😃

Retoots are more than welcome :)
#crypto #infoSec #cryptorave #crowdfunding

Hello! Made an account here some time ago because the instance name resonated with me, then decided to actually do something with it because @bb010g shilled mastodon so here I am I guess. I'm looking for some people to follow so taking suggestions. My bio describes my interests quite accurately but here are some of them as tags #music #guitar #warhammer #gaming #linux #programming #security #infosec

Have a great day and see you around :D #introduction

Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?

https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/

#infosec

When you are #infosec but also #medieval https://pouet.it/media/ljM9QuJdx8cu0wwvU_k

Cisco can now sniff out malware inside encrypted traffic - https://www.theregister.co.uk/2018/01/11/cisco_sniff_malware_inside_encrypted_traffic/

Yeah but you have to send traffic from their kit flow to a cloud-based analytics service. That's not gonna form YET another surface of attack. Naaah

#security #netsec #infosec #malware

#infosec christmas present: Privilege escalation through bugs in the eBPF verifier in Linux 4.4 and newer.

https://www.decadent.org.uk/ben/blog/bpf-security-issues-in-debian.html

https://marc.info/?l=oss-security&m=151388232503996&w=2

Bad idea! #Keeper , a password manager bundled with Windows has a security flaw. Security journalists reported on it. What did Keeper do? Sued the journalists.

Fuck Keeper.

#Hacking #InfoSec

http://www.zdnet.com/google-amp/article/security-firm-keeper-sues-news-reporter-over-vulnerability-story/

EFF's Security Education Companion: essential materials for people helping their communities practice good information security https://boingboing.net/2017/11/17/enabling-teachers-with-securit.html #securityeducationcompanion #trainertraining #pedagogy #security #infosec #opsec #Post #eff

Yo #infosec - new malware, "Petya"

It's wcry again, but with the killswitch taken out and some phishing initial delivery.

And by "it's wcry again" I mean it. Same exploit. Same traffic. Same everything. If your org bothered patching or mitigating, then this won't affect you.