Infosec.Pub

George Orwell might’ve predicted the surveillance state, but it’s still surprising how many entities took 1984 as a how-to manual instead of a cautionary tale. [Benn Jordan] decided to take …read more

Security teams rely on threat reports to understand what’s out there and to keep their organizations safe. But a new report shows that these reports might only reveal part of the story. Hidden malware variants are quietly slipping past defenses, leaving teams with a false sense of security. Stairwell’s Hidden Malware Report 2025 analyzed 769 threat reports published between March 2023 and July 2025. These reports contained more than 10,000 malware file identifiers. By digging … More → The post The unseen side of malware and how to find it appeared first on Help Net Security.

Two experiments with different quantum computers showcase their growing ability to simulate materials and quantum matter that have so far proven elusive in the lab

Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them.

One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets

A breach at the New York Blood Center resulted in theft of data for 194,000 people, including SSNs, IDs, bank and health information

A pair of flaws in Microsoft's Entra ID identity and access management system could have allowed an attacker to gain access to virtually all Azure customer accounts.

cross-posted from: https://lemmy.sdf.org/post/42496551

Original report (pdf, only in German language available)

• Damage caused by data theft, industrial espionage and sabotage increases to 289.2 billion euros in Germany in the last 12 months, 9 in 10 companies (87%) were effected
• The largest part of the 289.2 billion euros in damages reported by the 1,002 companies polled came from concrete production losses or theft, but legal and remediation costs were also substantial
• Cyberattacks: Almost three out of four companies register increase in attacks

[...]

The survey by Germany industry group Bitkom found that almost half of all companies that could identify the sources of attacks had traced them to Russia and China, while about a quarter traced them to other European Union countries or the United States.

In detail, of the companies affected, 46 percent have detected at least one attack from Russia (2024: 39 percent), as many from China (2024: 45 percent). Attacks from Eastern Europe outside the EU (31 percent, 2024: 32 percent), from the USA (24 percent, 2024: 25 percent), from EU countries (22 percent, 2024: 21 percent) and Germany (21 percent, 2024: 20 percent).

[...]

Schedule

BSides Exeter 2025 Youtube channel (the videos are uploaded but not put into playlists)

Follows similar ruling against Bunnings.

Legacy authentication bypassed modern security controls and logging.

Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK and US, the report points to three areas shaping board-level conversations this year: AI, compliance, and supply chain security. AI: A tool and a target AI is now woven into security operations and business … More → The post Shadow AI is breaking corporate security from within appeared first on Help Net Security.

The first half of 2025 saw one of the worst waves of crypto hacks to date, with more than $3.01 billion stolen. AI was a big part of it, making scams easier to run and letting even low-skill criminals get in on the action. In the U.S. alone, nearly 160,000 crypto-related fraud complaints were reported in 2024. “The adversaries themselves aren’t fundamentally different between traditional finance and the crypto industry, but certain of the tactics … More → The post AI made crypto scams far more dangerous appeared first on Help Net Security.

cross-posted from: https://lemmy.blahaj.zone/post/31922513

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

From Input Output via this RSS feed

This posted was drafted by EFF legal intern Alexandra Halbeck The Court of Appeals for the Ninth Circuit, which covers California and most of the Western U.S., just delivered good news for digital privacy: abandoning a phone doesn’t abandon your Fourth Amendment rights in the phone’s contents. In United States v. Hunt, the court made clear that no longer having control of a device is not the same thing as surrendering the privacy of the information it contains. As a result, courts must separately analyze whether someone intended to abandon a physical phone and whether they intended to abandon the data stored within it. Given how much personal information our phones contain, it will be unlikely for courts to find that someone truly intended to give up their privacy rights in that data. This approach mirrors what EFF urged in the amicus brief we filed in Hunt, joined by the ACLU, ACLU of Oregon, EPIC, and NACDL. We argued that a person may be separated from—or even discard—a device, yet still retain a robust privacy interest in the information it holds. Treating phones like wallets or backpacks ignores the reality of technology. Smartphones are comprehensive archives of our lives, containing years of messages, photos, location history, health data, browsing habits, and countless other intimate details. As the Supreme Court recognized in Riley v. California, our phones hold “the privacies of life,” and accessing those digital contents generally requires a[...]