Cybersecurity

How fast is open source moving in AI and cybersecurity?

LF Research Mentee Chase Rudin shares insights from #OSSNA on AI’s impact on hiring and the rising push for stronger security standards.

🔗 https://www.linuxfoundation.org/blog/open-source-at-the-crossroads-ai-cybersecurity
#OpenSource #AI #Cybersecurity #TechTrends

Employee gets $920 for credentials used in $140 million #BankHeist

https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/

#cybersecurity #finance

Alleged Chinese hacker tied to #SilkTyphoon arrested for cyberespionage

https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/

#cybersecurity #China

#Atomic #macOS #infostealer adds #backdoor for persistent attacks

https://www.bleepingcomputer.com/news/security/atomic-macos-infostealer-adds-backdoor-for-persistent-attacks/

#cybersecurity #privacy

#Qantas is being extorted in recent data-theft #cyberattack

https://www.bleepingcomputer.com/news/security/qantas-is-being-extorted-in-recent-data-theft-cyberattack/

#cybersecurity #DataBreach #privacy #travel #airline

#Bitwarden: “Hey #Siri, make my #password security smarter”

https://bitwarden.com/blog/bitwarden-ios-app-intents-integration/

#cybersecurity #iOS #iPhone #PasswordManager

Hackers abuse leaked #Shellter #RedTeam tool to deploy infostealers

https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellter-red-team-tool-to-deploy-infostealers/

#cybersecurity #infostealer #malware

"There is no “cloud,” just someone else's computer—and when the cops come knocking on their door, these hosts need to be willing to stand up for privacy, and know how to do so to the fullest extent under the law. These legal limits are also important for users to know, not only to mitigate risks in their security plan when choosing where to share data, but to understand whether these hosts are going to bat for them. Taking action together, service hosts and users can curb law enforcement getting more data than they’re allowed, protecting not just themselves but targeted populations, present and future.

This is distinct from law enforcement’s methods of collecting public data, such as the information now being collected on student visa applicants. Cops may use social media monitoring tools and sock puppet accounts to collect what you share publicly, or even within “private” communities. Police may also obtain the contents of communication in other ways that do not require court authorization, such as monitoring network traffic passively to catch metadata and possibly using advanced tools to partially reveal encrypted information. They can even outright buy information from online data brokers. Unfortunately there are few restrictions or oversight for these practices—something EFF is fighting to change.

Below however is a general breakdown of the legal processes used by US law enforcement for accessing private data, and what categories of private data these processes can disclose. Because this is a generalized summary, it is neither exhaustive nor should be considered legal advice. Please seek legal help if you have specific data privacy and security needs."

https://www.eff.org/deeplinks/2025/06/how-cops-can-get-your-private-online-data

#USA #CyberSecurity #PoliceState #Surveillance #Privacy #Encryption #E2E #DataBrokers

My debit card's "fraud protection":

1. Regularly flags payments to subscription services as potential fraud even though I've used them for years, paying with the same debit card, and in spite of the fact that I've indicated many times that I trust these services; and
2. Has never identified a real instance of fraud

Whatever they're doing to detect potential fraud, it has a large false positive rate and does not seem adaptive (at least in my case). It's especially odd to me that this bank asks if I've authorized transactions it flagged as potentially fraudulent, I indicate no, this is not fraud, and yet the system continues to flag transactions with the same vendor as potentially fraudulent. I'm giving it a reinforcement signal that couldn't be more clear!

#DebitCard #banking #fraud #FraudProtection #FraudDetection #cybersecurity #InfoSec

Stay safe!

https://www.infosecurity-magazine.com/news/hundreds-malicious-domains/

#CyberSecurity #Spoof #AmazonPrime

Critical #Sudo Vulnerabilities Let Local Users Gain Root Access on #Linux, Impacting Major Distros

https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html

#FOSS #cybersecurity

Ransomware attack causes outage at Ingram Micro, a U.S. tech distribution and managed services company. Read about it from @Techcrunch:

https://flip.it/vkT0Ym

#Tech #CyberSecurity #Ransomware #Hacking

"Also at odds with the G7 statement is Canada’s own proposed border-security bill (C-2), which has been widely condemned by this author and numerous other rights groups for the ways it may open up transborder surveillance by foreign governments into Canada. As written, the bill might actually facilitate further transnational repression.

As my Citizen Lab colleague Kate Robertson noted in a recent analysis, Bill C-2 “contains several areas where proposed powers appear designed to roll out a welcome mat for expanded data-sharing treaties or agreements with the United States, and other foreign law-enforcement authorities.” In light of the authoritarian train wreck unfolding in the U.S., and the prospect of high-risk individuals fleeing that country for Canada, such data-sharing could conceivably become a tool of transnational repression used by our closest neighbour, not to mention other repressive regimes.

Pledges are important and the Canadian-backed G7 statement on countering transnational repression and abuse of spyware is certainly a very welcome one. But for Canada to actually translate those pledges into meaningful laws and policies will require some serious self-reckoning about how our own past and current practices are actually implicated in the very acts we have once again condemned."

https://www.theglobeandmail.com/opinion/article-g7-transnational-repression-bill-c-2-carney/

#Canada #G7 #CyberSecurity #DigitalRights #Privacy #Spyware #DataProtection #PoliceState #USA

#IngramMicro outage caused by #SafePay #ransomware attack

https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

#cybersecurity

Minister tells #Turing #AI institute to focus on defence

https://www.bbc.com/news/articles/cy7nppe5gkgo

#cybersecurity #politics

A security flaw in a covert surveillance app exposed passwords for 62,000 users. @ArsTechnica has more:

https://flip.it/GAEoV-

#Tech #Apps #CyberSecurity #Hacking

"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.

CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.

Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."

https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/

#CyberSecurity #Encryption #ClientSideScanning #E2EE #Privacy #DataProtection #Surveillance

#ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

https://www.theregister.com/2025/07/03/ai_phishing_websites/

#phishing #AI #cybersecurity

There's no official word on what the problem is, but Ingram Micro's website has been down since Thursday morning. They claim to be "currently experiencing technical difficulties..."

Are you thinking what I’m thinking? I really hope I'm wrong, but it's not at all unusual for a cyber attack to be timed to coincide with a long holiday weekend...

#cybersecurity #ransomware

#LetsEncrypt rolls out free security certs for IP addresses

https://www.theregister.com/2025/07/03/lets_encrypt_rolls_out_free/

#cybersecurity

#Ubuntu Disables #Spectre/#Meltdown Protections

https://www.schneier.com/blog/archives/2025/07/ubuntu-disables-spectre-meltdown-protections.html

#Linux #FOSS #cybersecurity

Local Privilege Escalation via chroot option

https://www.sudo.ws/security/advisories/chroot_bug/

#sudo #cybersecurity #Linux #FOSS

Could the aviation industry be the next big target for hacking groups like Scattered Spider? And if so, why?

That was the question I got from Lauren Baulch and the team at ITV News yesterday. See what I had to say here: https://www.itv.com/news/2025-07-03/could-airlines-be-the-new-target-for-hacking-group-scattered-spider

#cybersecurity #ransomware

#Grafana releases critical security update for #ImageRenderer plugin

https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/

#cybersecurity

#DataBreach reveals #Catwatchful ‘#stalkerware’ is spying on thousands of phones

https://techcrunch.com/2025/07/02/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones/

#spyware #cybersecurity #privacy