cybersecurity

Looks like they're pretty concerned with the possibility of mass discrimination by AI, perhaps in the wake of the news about United Healthcare using AI to decline coverage. This could be useful to people:

If you believe that you or someone you know has been subjected to unlawful discrimination due to a health care provider’s or health insurance plan’s use of AI, please let us know by submitting a complaint to my office: https://ocrportal.hhs.gov/

cross-posted from: https://biglemmowski.win/post/4480202

This is a follow up to the DRM'd polish trains.

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

(Tune: Auld Lang Syne)

Should old accounts be all forgot, And passwords left to die, We'll set them strong, revoke the weak, For secured times gone by.

(Chorus) For secured times gone by, my friends, For safe and sure goodbyes, We'll scan the logs and patch the flaws, For secured times gone by.

We’ve tightened up our firewalls, To block malicious tries, And phished no more, we’ve closed the door, On hackers' prying eyes.

(Chorus) For secured times gone by, my friends, For safe and sure goodbyes, We'll scan the logs and patch the flaws, For secured times gone by.

Two-factor codes and backups made, Encrypt each byte and file, Let’s toast to all who stayed secure, And breached not by a mile.

(Chorus) For secured times gone by, my friends, For safe and sure goodbyes, We'll scan the logs and patch the flaws, For secured times gone by.

So here's to friends who keep things safe, And guard their keys with pride, May zero days stay far away, For secured times gone by.

(Chorus) For secured times gone by, my friends, For safe and sure goodbyes, We'll scan the logs and patch the flaws, For secured times gone by.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Hey there, not entirely sure where to post this, hope it fits.

This morning, for the first time ever, my phone (a Huawei P20) showed a malware warning to me. The app 'Idealo', a german portal for price comparison, was supposed to be infected with 'mirai-gx'. I tapped uninstall and began researching.

I consider myself very tech- and IT-savvy, but I lack deeper knowledge of malware.

Apparently, mirai was (is) a worm that primarily infects IoT devices to join them into a bot net. The BSI (german authority for cyber security) states that it resides in volatily memory only, so that a reboot should suffice to get rid of it.

The warning was issued by Huawei's UI 'MIUI' as far as I can tell, not Play Services. I am aware that the latest security patch for my phone is from 2022, I just couldn't afford to buy a new one up until now.

Some questions that arise:

(1) How can I trust that the information presented by my phones notification is correct? I mean, how would an IoT worm infect an app that was downloaded from the Google Play Store, is that even possible without root access to the phone or accessing the developers Play Store account?

(3) Right now, I'm combing through recent DNS queries in my PiHole log that originated from my phone. How can I tell regular queries from those of a bot net?

(4) What does the -gx suffix even mean? Information on this is very scarce.

(5) Just how bad of an idea is it to use a phone that has already gone two years without patches?

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

cross-posted from: https://biglemmowski.win/post/3682899

https://lab401.com/ (I guess one of the bigger supplier/e-shop of hacking tools in EU) has a sale going on.

If you are interested you can check it out but I have another question, has anyone actually found the hamster?
I've even started scouring the page sources, considering the nature of the site it wouldn't be unusual to have it hidden literally but no bueno.
The 200EUR hamsters were gone within few hours so I must be doing something wrong or... :shrug:

Their gitlab seems to be down though, that slows down the documentation and install process.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

cross-posted from: https://lemmy.eco.br/post/8758930

If you're using Vaultwarden, you should update because of security fixes.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.