Infosec.Pub

4,699 readers
114 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago
ADMINS
726
 
 

In a lawsuit filed Monday, the former head of security for the messaging app accused the social media company of putting billions of users at risk. Meta pushed back on his claim.

727
 
 

Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. [...]

728
 
 

The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.

729
730
2
submitted 1 month ago by digicat to c/blueteamsec
731
732
733
734
 
 

Please tell me if it is feasible to design a catapult that satisfies these requirements:

  • must be able to launch a European¹ washing machine with a range of ~2 meters more than the distance from the street to the front window of Beko headquarters
  • ideally it would accept an unmodified payload, which is a machine with the heavy stabliser bricks installed (all components working apart from the control board which is trapped in an error state because Beko will not disclose the secret unlock code)
  • must be able to move fast after launch because the machine would ideally be re-used for the next set of requirements:

Nice to have:

  • ability to launch a Zanussi refrigerator through the window of AEG headquarters with all components installed (the only thing broken is a cheap proprietary relay switch that is no longer produced)

I actually have two washing machines to return to Beko in this manner of projectile delivery system, both of which have an artificially shortened life due to designed obsolescence. They could perhaps both be launched together or in quick succession. I wonder if it might make more sense to use a crane-like design for a wrecking ball, which could perhaps be delivered multiple times. The complicated task would be releasing it at the righ moment on the final delivery.

¹ The signficance of European washing machines is they are much heavier due to stabilizer bricks. By contrast, American machines tend not to have them, although I’ve never lifted a front-load machine in the US so it may be more related to front-load vs. top load.

735
 
 

cross-posted from: https://lemmy.sdf.org/post/41893545

Archived

The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones, cars, cameras, LLMs).

“The penetration of these technologies and devices into critical industries (such as transport, energy, healthcare, public administration and others) is growing and will continue to grow in the future. Current critical infrastructure systems are increasingly dependent on storing and processing data in cloud storage and on network connectivity that allows remote operation and updates.” reads the statement published by NUKIB. “In practice, this means that suppliers of technological solutions have the ability to fundamentally influence the operation of critical infrastructure and/or access important data, and trust in the reliability of the supplier is therefore absolutely crucial. “

Czech agency warns of data transfers and remote asset control from China-linked threat actors. The entities under the Cyber Security Act must address the threat.

Many devices and cloud services transmit data to or are managed from China, giving suppliers deep influence over operations and access to sensitive data. Risky products include IP cameras, PV inverters, smart meters, healthcare tech, phones, cars, and AI models.

“Another risk factor is the increasing number of devices that are connected to the Internet, also transmit data and are remotely managed by their suppliers.” continues the statement. “Examples of risky products and services that may transmit data to or are managed from the PRC include IP cameras, PV inverters, so-called “smart meters”, healthcare, cloud storage, highly complex personal devices (phones, watches), connected vehicles (electric cars), large language models and others;”

[...]

736
737
 
 

The Linux Kernel Runtime Guard (LKRG) is a kernel module that checks the Linux kernel while it’s running. It looks for signs of tampering and tries to catch attempts to exploit security flaws in the kernel. Because it’s a module and not a patch, LKRG can run on many different kernels without any changes to them. It works with versions going back to RHEL7 and its variants, as well as the latest mainline and distribution … More → The post Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support appeared first on Help Net Security.

738
739
740
741
742
3
Lemdro.id? (lemmy.sdf.org)
submitted 1 month ago by lemmie689@lemmy.sdf.org to c/isitdown
 
 

I get a 502 from the website. I think it's been down for a few days.

743
744
 
 

Not sure what that changes, but it's interesting.

745
746
747
748
749
 
 

Investors are looking to see which banks have the best cyber resiliency.

750
 
 

Qantas cuts executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year. Qantas cuts executive bonuses by 15% after a July cyberattack that exposed data of 5.7M people, despite posting $1.5B profit in the last fiscal year. This case study demonstrates that a security breach […]

view more: ‹ prev next ›