Infosec.Pub

Legacy authentication bypassed modern security controls and logging.

Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK and US, the report points to three areas shaping board-level conversations this year: AI, compliance, and supply chain security. AI: A tool and a target AI is now woven into security operations and business … More → The post Shadow AI is breaking corporate security from within appeared first on Help Net Security.

The first half of 2025 saw one of the worst waves of crypto hacks to date, with more than $3.01 billion stolen. AI was a big part of it, making scams easier to run and letting even low-skill criminals get in on the action. In the U.S. alone, nearly 160,000 crypto-related fraud complaints were reported in 2024. “The adversaries themselves aren’t fundamentally different between traditional finance and the crypto industry, but certain of the tactics … More → The post AI made crypto scams far more dangerous appeared first on Help Net Security.

cross-posted from: https://lemmy.blahaj.zone/post/31922513

cross-posted from: https://lemmy.blahaj.zone/post/31922512

I recently picked up an older but perfectly adequate HP Z Book Firefly with a built-in smart card reader and I'm wondering what possible use is this little bit of tech? Can I, like, auth with my credit card or whatever? (mostly joking, I briefly looked at the PAM config for that and prefer my current hobbies lol)

From Input Output via this RSS feed

This posted was drafted by EFF legal intern Alexandra Halbeck The Court of Appeals for the Ninth Circuit, which covers California and most of the Western U.S., just delivered good news for digital privacy: abandoning a phone doesn’t abandon your Fourth Amendment rights in the phone’s contents. In United States v. Hunt, the court made clear that no longer having control of a device is not the same thing as surrendering the privacy of the information it contains. As a result, courts must separately analyze whether someone intended to abandon a physical phone and whether they intended to abandon the data stored within it. Given how much personal information our phones contain, it will be unlikely for courts to find that someone truly intended to give up their privacy rights in that data. This approach mirrors what EFF urged in the amicus brief we filed in Hunt, joined by the ACLU, ACLU of Oregon, EPIC, and NACDL. We argued that a person may be separated from—or even discard—a device, yet still retain a robust privacy interest in the information it holds. Treating phones like wallets or backpacks ignores the reality of technology. Smartphones are comprehensive archives of our lives, containing years of messages, photos, location history, health data, browsing habits, and countless other intimate details. As the Supreme Court recognized in Riley v. California, our phones hold “the privacies of life,” and accessing those digital contents generally requires a[...]

AP2 Protocol Introduces 'Mandates' to Keep Agent-Led Spending AccountableArtificial intelligence agents can now shop so consumers don't have to - but the non-human shoppers will need a signed permission slip first. Google on Wednesday announced the launch of an "agent payments protocol," which creates a framework for AI-driven purchases.

Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”...

Researchers have discovered a large ad fraud campaign on Google Play Store.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

HUMAN Security's Satori team has uncovered "SlopAds," a sophisticated ad fraud operation involving 224 Android apps downloaded over 38 million times across 228 countries[^1]. The apps use steganography to hide malicious code within PNG files and create hidden WebViews to generate fraudulent ad impressions and clicks[^1].

Key findings:

• Generated 2.3 billion daily bid requests at peak
• Heaviest traffic from US (30%), India (10%), and Brazil (7%)
• Only activated fraud for downloads traced to threat actor ad campaigns
• Used attribution tools and multiple layers of obfuscation to avoid detection
• Operated through extensive network of command-and-control servers

Google has removed the identified apps and enabled Google Play Protect warnings to block future installations[^1]. HUMAN's Ad Fraud Defense and Ad Click Defense customers are protected from SlopAds' impact[^1].

[^1]: HUMAN Security - Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation

App list Domain list

Former Wirecard AG executive Jan Marsalek is living in Moscow and seems to be working with Russian intelligence services, according to a joint investigation by a consortium of media organizations.

From Ergo Platform via this RSS feed