но есть и хорошие новости. Google Authenticator наконец-то научился синхронизировать 2FA через учетку пользователя Google
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Google Online Security Blog
Google Authenticator now supports Google Account synchronization
Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which a...
❤53😁25💩18👍16👎11😱11🤡5🔥4👏1
https://yro.slashdot.org/story/23/04/25/209254/microsoft-edge-is-leaking-the-sites-you-visit-to-bing
yro.slashdot.org
Microsoft Edge is Leaking the Sites You Visit To Bing
Microsoft's Edge browser appears to be sending URLs you visit to its Bing API website. Reddit users first spotted the privacy issues with Edge last week, noticing that the latest version of Microsoft Edge sends a request to bingapis.com with the full URL…
😁48🤡27😱5❤🔥2
Интересный тред про эту фичу синхронизации 2FA у Google, и почему её не стоит активировать.
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
https://defcon.social/@mysk/110262313275622023#.
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
https://defcon.social/@mysk/110262313275622023#.
DEF CON Social
Mysk🇨🇦🇩🇪 (@mysk@defcon.social)
Attached: 4 images
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets…
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets…
👍46❤5👎2🔥1🌭1
Тоже вот интересная ссылка о приключениях датацентра ТикТок и всевозможных нарушениях политик безопасности в них
https://www.forbes.com/sites/emilybaker-white/2023/04/21/security-failures-tiktok-virginia-data-centers-unescorted-visitors-flash-drives/
https://www.forbes.com/sites/emilybaker-white/2023/04/21/security-failures-tiktok-virginia-data-centers-unescorted-visitors-flash-drives/
Forbes
Security Failures At TikTok’s Virginia Data Centers: Unescorted Visitors, Mystery Flash Drives And Illicit Crypto Mining
Other security issues at the sites have included unattended boxes of hard drives, illicit crypto mining, and a sanctioned supplier.
🤝19👎4👍2
Из серии “ничего непонятно”. но мало ли.
For those who trust me:
Goto your Amazon account, sign out of all your devices, everything, everywhere all your Echos (yes I know it's a pain), reset your password, delete 2FA and any tokens and reset them. Now.
That doesn't include Fido / Yubikeys but does include Auth tokens.
Do it now.
As much a pain as it is to reset Echo and all smart devices, trust me, please do it.
I can't tell you more yet, but I am being ethical and you need to actually realise I have a clue.
It's been a scary day
https://sackheads.social/@Cloudguy/110256209708866473
For those who trust me:
Goto your Amazon account, sign out of all your devices, everything, everywhere all your Echos (yes I know it's a pain), reset your password, delete 2FA and any tokens and reset them. Now.
That doesn't include Fido / Yubikeys but does include Auth tokens.
Do it now.
As much a pain as it is to reset Echo and all smart devices, trust me, please do it.
I can't tell you more yet, but I am being ethical and you need to actually realise I have a clue.
It's been a scary day
https://sackheads.social/@Cloudguy/110256209708866473
😁25🤔12👾12😱4❤3🤡1🥴1
Информация опасносте
Из серии “ничего непонятно”. но мало ли. For those who trust me: Goto your Amazon account, sign out of all your devices, everything, everywhere all your Echos (yes I know it's a pain), reset your password, delete 2FA and any tokens and reset them. Now. …
auspicacious.org
Flush your Amazon credentials now
Чувак, сливший секретные документы в дискорд, конечно, тот еще сумасшедший клоун. Действительно возникают вопросы о том, как такие получают доступ к секретной информациии
https://twitter.com/EliotHiggins/status/1651490777015500800?s=20
https://twitter.com/EliotHiggins/status/1651490777015500800?s=20
Twitter
Aside from leaking classified documents onto Discord for his pals, it also appears Jack was really into mass shootings.
🤯32🤡14👍4⚡2🗿2
Passkey в Гугл учетке
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Google
The beginning of the end of the password
We’ve begun rolling out support for passkeys across Google Accounts on all major platforms as an additional option that people can use to sign in.
😐25👍22👎7🖕5🤡3😱2🤮2
В некотором роде забавная история. Хакерская группировка Clop, занимающаяся взломами и вымогательством выкупов за данные, атаковала компанию Brightline, и похитила данные на почти 800 тысяч клиентов компании. Компания занимается дистанционной психологической терапией для детей и подростков. Похищенные данные содержали в себе имена и контактную информацию пациентов.
https://www.hellobrightline.com/fortra-data-notice
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Узнав, что за данные они похитили, злоумышленники написали журналистам, что они не знали, что это была за организация, и, узнав, якобы удалили у себя эти данные.
Update 5/3/23: After the publication of this article, the Cl0p ransomware operation emailed BleepingComputer to say they deleted Brightline's data from their data leak site.
"We delete the data and we did not know what this company is doing, because not all companies are analyzing. And we ask for forgiveness for this incident," Clop emailed BleepingComputer.
https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/
https://www.hellobrightline.com/fortra-data-notice
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Узнав, что за данные они похитили, злоумышленники написали журналистам, что они не знали, что это была за организация, и, узнав, якобы удалили у себя эти данные.
Update 5/3/23: After the publication of this article, the Cl0p ransomware operation emailed BleepingComputer to say they deleted Brightline's data from their data leak site.
"We delete the data and we did not know what this company is doing, because not all companies are analyzing. And we ask for forgiveness for this incident," Clop emailed BleepingComputer.
https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/
😇37🤔28❤19👍9🤡8😱3😐2❤🔥1
Большой отчёт о вредоносном ПО Snake, которое применяет ФСБ россии для сбора информации о своих целях
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
🔥39👍17🤡11🤔4😁3❤2🤮2💩1
Твиттер запустил шифрование для личных сообщений между пользователями. Только это не не сквозное шифрование - Твиттер может читать переписку, и это «шифрование» никак не проинформирует участников о MITM атаке. По ссылке можно почитать о большом количестве ограничений этой фичи, которую и шифрованием в обычном смысле трудно назвать. Функция доступна только для платных пользователей. Хотя непонятно, зачем ею пользоваться в принципе.
https://help.twitter.com/en/using-twitter/encrypted-direct-messages
https://help.twitter.com/en/using-twitter/encrypted-direct-messages
X
About Encrypted Direct Messages – DMs | X Help
X seeks to be the most trusted platform on the internet, and encrypted Direct Messages are an important part of that.
🤡99💊6😁5🌚4🤔3❤1
Кстати еще о шифровании - разбор на косточки еще одного сервиса, утверждающего, что обеспечивает полное шифрование и конфиденциальность переписки
Converso misrepresents itself as a state-of-the-art end-to-end encrypted messaging app, which couldn't be further from the truth. The reality is that the wild claims Converso makes on its website – the promises it makes about its app's security, plus the shade it throws on premier encryption tools – are all provably false. It's therefore my opinion that you shouldn't rely on Converso for any sense of security, and you certainly shouldn't pay $4.95/month for it.
https://crnkovic.dev/testing-converso/
Converso misrepresents itself as a state-of-the-art end-to-end encrypted messaging app, which couldn't be further from the truth. The reality is that the wild claims Converso makes on its website – the promises it makes about its app's security, plus the shade it throws on premier encryption tools – are all provably false. It's therefore my opinion that you shouldn't rely on Converso for any sense of security, and you certainly shouldn't pay $4.95/month for it.
https://crnkovic.dev/testing-converso/
crnkovic.dev
Testing a new encrypted messaging app's extraordinary claims
How I breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger.
🔥22🤡12
Дискорд рассылает своим пользователям письма счастья с уведомлениями о взломе и утечке информации
https://www.bleepingcomputer.com/news/security/discord-discloses-data-breach-after-support-agent-got-hacked/
https://www.bleepingcomputer.com/news/security/discord-discloses-data-breach-after-support-agent-got-hacked/
BleepingComputer
Discord discloses data breach after support agent got hacked
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
😁40😱10🤡5👍2
если вы владелец Тойоты в Японии, то у меня для вас плохие новости. Компания говорит, что изза человеческой ошибки могли утечь данные клиентов компании, которые подписались на облачный сервис
https://www.reuters.com/business/autos-transportation/toyota-flags-possible-leak-more-than-2-mln-users-vehicle-data-japan-2023-05-12/
https://www.reuters.com/business/autos-transportation/toyota-flags-possible-leak-more-than-2-mln-users-vehicle-data-japan-2023-05-12/
Reuters
More than 2 million Toyota users face risk of vehicle data leak in Japan
Toyota Motor Corp said on Friday the vehicle data of 2.15 million users in Japan, or almost the entire customer base who signed up for its main cloud service platforms since 2012, had been publicly available for a decade due to human error.
🤡33🤬8👍3😁3🥱1
Эксперт по вирусам-вымогателям, которые использовались для атак по критической инфраструктуре в США, по имени Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, получил свою награду — попадание в список FBI Most wanted
https://www.fbi.gov/wanted/cyber/mikhail-pavlovich-matveev
https://ofac.treasury.gov/recent-actions/20230516
https://www.fbi.gov/wanted/cyber/mikhail-pavlovich-matveev
https://ofac.treasury.gov/recent-actions/20230516
Federal Bureau of Investigation
MIKHAIL PAVLOVICH MATVEEV | Federal Bureau of Investigation
Computer Intrusion; Conspiracy; Intentional Damage to a Protected Computer; Threats Relating to a Protected Computer; Aiding and Abetting
👍66🥴17🙏8🤷♂2😢2🥱2💋2🤡1