-
7 votes
-
Denmark suspends Lars Findsen, head of the country's foreign intelligence service – Danish Defense Intelligence Service had initiated operations that were contrary to Danish law
9 votes -
Why and where you should plant your flag
12 votes -
Former Chief Security Officer for Uber charged with obstruction of justice for attempted cover-up of 2016 hack that compromised data from millions of users and drivers
9 votes -
Mozilla signs fresh Google search deal worth mega-millions as 25% staff cut hits Servo, MDN, security teams
16 votes -
NSA and FBI warn that previously undisclosed Drovorub malware for Linux threatens national security
22 votes -
Achilles: Over 400 vulnerabilities found in Qualcomm’s Snapdragon DSP chip, threatening the security of hundreds of millions of Android devices
17 votes -
Microsoft faces complex technical challenges in TikTok carveout
5 votes -
Reddit moderator accounts compromised in coordinated hack, hundreds of subreddits vandalized
29 votes -
Reversing Lyft’s ride history API to analyze 6 years worth of rides
4 votes -
20GB of Intel's internal source code, schematics, specs, and documents released, allegedly found on an unsecured CDN server
20 votes -
GitLab Support will no longer process MFA resets for free accounts as of August 15th, 2020 - make sure you have a valid backup recovery method set up
14 votes -
US Treasury Secretary Steven Mnuchin confirms TikTok is under review by the Committee on Foreign Investment in the US following national security concerns
11 votes -
Seventeen-year-old in Tampa, Florida arrested and accused of "masterminding" the compromises of prominent Twitter accounts on July 15, charged with thirty felonies
34 votes -
Bitwarden review
11 votes -
More than 1,000 people at Twitter had ability to aid hack of accounts
8 votes -
New ‘Meow’ attack has deleted almost 4000 unsecured databases
14 votes -
Hardening Debian
6 votes -
Garmin services and production go down after ransomware attack
16 votes -
A timeline of Wednesday's epic Twitter hack, and some clues about who may have been behind it
19 votes -
Twilio's TaskRouter JavaScript SDK was in a world-writeable S3 bucket, and had what appears to be a precursor to a payment-card skimmer inserted for about 12 hours
10 votes -
The massive Twitter hack could be a global security crisis
20 votes -
Apple, Elon Musk, Kanye West, and other accounts are tweeting a bitcoin scam in giant Twitter hack
49 votes -
Twitter is removing images of an internal tool sources say enables account takeover
11 votes -
The phone bill security hole in HIPAA
5 votes -
The TikTok war - How TikTok exposed Facebook's blindspot, and why its Chinese roots make TikTok a genuine concern
8 votes -
Why is a tech executive installing security cameras around San Francisco?
10 votes -
Amazon orders employees to remove TikTok from phones, then backtracks
10 votes -
Climate change has likely already affected global food production
5 votes -
Sandboxing in Linux with zero lines of code
7 votes -
Can our electronic ballots be both secret and secure? A mathematician's quest to make American elections more trustworthy
4 votes -
Indian government bans fifty-nine Chinese apps for security reasons
11 votes -
Exploiting Bitdefender Antivirus: RCE from any website
13 votes -
Increasing personal security online and Yubikey
I have recently noticed an uptick in phishing emails and SMSs, getting me to click on some malicious link and this has been troubling me. I am fairly good about what I click and so far I haven't...
I have recently noticed an uptick in phishing emails and SMSs, getting me to click on some malicious link and this has been troubling me.
I am fairly good about what I click and so far I haven't clicked anything malicious (I think). However, this has motivated me to up my online security.All my computers run Linux and I use an Android phone.
For browsing I use Firefox, with NoScript (and uBlock) and use containers for separating personal/shopping sites, etc.
I also have host file blocking on my computers and phone (using AdAway).I do have a pi-hole setup at home as well.
I also have 2FA setup on all my banking accounts, email accounts etc.
However all my banking account 2FA is still just using SMS. Which I think is now easily circumvented.
Email accounts do use Authenticator apps (like Authy and Google Authenticator).I also use a password manager (this one), which works well for me, but is only available on my computer and not from my phone. I am split between having my password manager available on my phone tho, since it is always on me and could be stolen or have something malicious installed on. What do you guys think? I am wary of services like LastPass, is that valid?
So I wanted to start a thread to discuss what do you guys do to stay safe online?
I am also considering getting a pair of Yubikey (one backup), are there any caveats/pitfalls I need to be aware of with Yubikey?14 votes -
Turn on multi-factor authentication before crooks do it for you
19 votes -
New South Wales government was the target of major cyber attack operation linked to China
Article: New South Wales government was the target of major cyber attack operation linked to China Also: 'Cyber attacks' point to China's spy agency, Ministry of State Security, as Huawei payback,...
Article: New South Wales government was the target of major cyber attack operation linked to China
This is a follow-up to these articles posted yesterday:
8 votes -
Cyber-attack Australia: Sophisticated attacks from ‘state-based actor’, PM says
7 votes -
How the Nintendo Switch prevents downgrades by irreparably blowing its own fuses
17 votes -
Prime Minister Scott Morrison says Australian organisations, including governments and businesses, are currently being targeted by a sophisticated foreign "state-based" hacker
6 votes -
Exposing Secondary Infektion: Forgeries, interference, and attacks on Kremlin critics across six years and 300 sites and platforms
6 votes -
Obscure Indian cyber firm spied on politicians, investors worldwide
5 votes -
The impending doom of expiring root Certificate Authorities and legacy clients
6 votes -
What are secure alternatives to slack, and what are your experiences with them?
First, some context. The latest from the US justice department saying that they will be focusing on finding "ANTIFA leaders" is incredibly troubling for anyone involved in leftist groups. I...
First, some context. The latest from the US justice department saying that they will be focusing on finding "ANTIFA leaders" is incredibly troubling for anyone involved in leftist groups. I foresee a lot of good activists, regardless of how far left they actually are, arrested on trumped up charges in order to squash opposition.
Organizing is essential to resist fascism. This is made more difficult by the pandemic, as in person meetings bring a huge, almost unacceptable risk. As such, many orgs have been turning to platforms like Slack instead. Trouble is, Slack logs are not encrypted and I am certain that as a business based in the US Slack will not put up a fight to keep user data safe if the feds come calling.
I'd like to collect a decent list of alternatives. Important factors include encryption, ownership, open source status, ease of use, federation, scalability, hosting, cross platform, and anything else you can think of.
23 votes -
macOS 10.15.5 has a trivial bug or a ‘reprehensible’ security decision
7 votes -
Gopass - The team password manager
7 votes -
Edison Mail vulnerability allowing unauthorized access to email accounts of other users
4 votes -
TSA working on plan to check temperatures at some American airports
8 votes -
The confessions of Marcus "MalwareTech" Hutchins, the hacker who stopped WannaCry and was arrested by the FBI in 2017
33 votes -
Zoom acquires Keybase and announces goal of developing the most broadly used enterprise end-to-end encryption offering
38 votes -
CISSP qualification given cert status equivalent to Master’s degree level in Europe
3 votes