avoidthehack

@avoidthehack@mastodon.social

An initiative promoting the intersection of internet #privacy and #cybersecurity for all users.

MOVED to infosec.exchange -> https://infosec.exchange/@avoidthehack

This profile is from a federated server and may be incomplete. Browse more on the original instance.

avoidthehack, to opsec

How to share files and sensitive information securely

@bitwarden shows you how to use Bitwarden Send to share files and sensitive information in a more secure way.

In most cases, you should avoid sending sensitive information via email (even if not a file).

#opsec #cybersecurity #security

https://bitwarden.com/blog/how-to-share-files-and-sensitive-information-securely/

avoidthehack, to privacy

Avoidthehack updates #private #browser Comparison Tool

  • Added Mullvad @mullvadnet browser
  • Added Comodo IceDragon
  • Fixed image display issues on some #browsers
  • Corrected existing information

#privacy #privacymatters #opensource

https://avoidthehack.com/util/browser-comparison

avoidthehack, to Cybersecurity

CISA Adds Five Known #Vulnerabilities to Catalog

CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation
CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass
CVE-2023-35311 Microsoft Outlook Security Feature Bypass
CVE-2023-36874 Microsoft Windows Error Reporting Service Privilege Escalation
CVE-2022-31199 Netwrix Auditor Insecure Object Deserialization

#cybersecurity #infosec #security

https://www.cisa.gov/news-events/alerts/2023/07/11/cisa-adds-five-known-vulnerabilities-catalog

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    avoidthehack,

    @GossiTheDog Git off yer phone

    avoidthehack, to apple

    #Apple releases emergency #update to fix zero-day exploited in attacks

    CVE-2023-37450 - code execution in the WebKit browser engine (which powers Safari).

    #cybersecurity #infosec #security

    https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/

    avoidthehack, to apple

    How to block emails on #Gmail, Outlook, Proton Mail, Yahoo Mail, and #Apple Mail

    From @protonmail

    #privacy #email #privacymatters

    https://proton.me/blog/how-to-block-emails

    avoidthehack, to windows

    New ‘Big Head’ ransomware displays fake Windows update alert

    Suspected to be spreading primarily through gasp Malvertising.

    During the encryption stage, this #ransomware displays a loading screen similar to a #windows update.

    #cybersecurity #infosec #security

    https://www.bleepingcomputer.com/news/security/new-big-head-ransomware-displays-fake-windows-update-alert/

    avoidthehack, to privacy

    How Threads’ policy compares to Twitter’s (and its rivals’)

    has abysmal privacy... just reading the list in this article is exhausting.

    I fail to see how it is an "acceptable middleground" for users being introduced into the (with the talk of ActivityPub integration.)

    https://arstechnica.com/security/2023/07/how-threads-privacy-policy-compares-to-twitters-and-its-rivals/

    avoidthehack,

    @ancatdubh exactly. Connecting to the fediverse for exposure is okay… but the cost for users to do so (through threads) is very high and concerning…

    avoidthehack, to mastodon

    Critical TootRoot bug lets attackers hijack #Mastodon servers

    > bad actor sends malicious toot
    > instances process malicious toot
    > spawns webshell
    > bad actor uses webshell to assume control over the server

    There is a #security patch for this - all Mastodon server admins should update if they haven't already.

    #cybersecurity #infosec

    https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/

    avoidthehack, to Cybersecurity

    CISA Adds One Known #Vulnerability to Catalog

    CVE-2021-29256 Arm Mali GPU #Kernel Driver Use-After-Free

    #cybersecurity #security #infosec #exploit

    https://www.cisa.gov/news-events/alerts/2023/07/07/cisa-adds-one-known-vulnerability-catalog

    avoidthehack, to fediverse

    I’m not going to sit here and pretend like the current #fediverse without Threads is “perfect” for #privacy … But just look at the data #threads collects.

    This is insane.

    avoidthehack,

    In this section of their #privacy policy, it’s stated “We collect information about the Third Party Services and a third party users who interact with threads…”

    Interaction includes following #threads users, interacting with threads content, and especially threads users following/interacting with your “third party” content.

    Data collected includes IP address, instance info, profile information

    So, in theory, any interaction with a Threads user would subject you to this data collection…

    avoidthehack,

    #threads also has a supplemental #privacy policy to the #meta privacy policy: (caution this is an Instagram link) https://help.instagram.com/515230437301944

    There’s a section, “Information From Third Party Services and Users,” where it states “we collect information about Third Party Services and Third Party Users who interact with Threads.”

    (Third Parties would naturally include other Fediverse instances and their users.)

    Federated Fediverse platforms share some data, but this seems to be a whole other level.

    avoidthehack,

    It looks like Meta could use the #fediverse to collect metadata on… a lot of people. In my opinion, it’s similar to the Facebook Pixel - which allows Meta to collect data on users who are off its platforms.

    This could seem like no big deal (and I guess it could be), but let’s face it: Meta isn’t exactly #privacy friendly and has been accused (with proof) of abusing collected information.

    #threads

    avoidthehack, (edited )

    Realize this data wouldn’t exist in a vacuum or even as a “single data point.”

    Meta has many avenues for data collection for users on its platforms (WhatsApp, Facebook, Instagram, etc) and off (Facebook Pixel and buying/using third party data). If just by interacting with #threads users, you are now subject to their (Meta’s) policies… how crazy is that?

    Stay safe out there, folks.

    #privacy #privacymatters

    avoidthehack,

    @bflipp @DaveMasonDotMe

    I agree with you Mastodon is not private, but it lends itself more to #privacy than traditional social media.

    There is still absolutely the threat of #metadata collection from #threads - just not first-party collection (if you are not on their platform.)

    Similar context: you may not use WhatsApp, but I do. I have your contact info... and I share that info with WhatsApp. Well, now WhatsApp has it too. And they can infer we interact.

    avoidthehack,

    @bflipp @DaveMasonDotMe

    With #threads and the fediverse, over time gives the "how" and "how often." Do you DM? Boosts and favorites? Bookmark? Does the third-party interact with the #threads user? When and how often?

    It's the power of metadata and collection + correlation over time I'm stressing here. Still speculation, but I am positive they will use/process/share/sell the metadata - especially because tracking their own users will give them a front row seat, an easy ingestion point.

    avoidthehack,

    @bflipp @DaveMasonDotMe

    Their business model relies on it. The core of the issue is that this data wouldn't exist in a vacuum - whatever is ingested from interaction with #threads users goes back to Meta.

    They are tracking their own millions of users so closely, even while interacting with the fediverse, that it will have implications for users on other instances.

    Pile on that the concerns of lack of moderation on the threads platform and high potential for abuse and wow, we have a problem.

    avoidthehack,

    @bflipp @DaveMasonDotMe

    Also, thanks for clarification on the IP address issue. I mentioned it because it would be an issue for the small(er) servers. Same user profile + same IP address (of a small or single-user server) could be an easy identifier. I should have mentioned this when I brought it up.

    At the end of the day, they are asking Mastodon admins to federate for some reason. They could just scrape what is public, but I don't think that gives them the real time metadata.

    avoidthehack, to Cybersecurity

    Shell Confirms MOVEit-Related Breach After #Ransomware Group Leaks Data

    Affected organizations from MOVEit continue to pile up...

    #databreach #cybersecurity #security #moveit

    https://www.securityweek.com/shell-confirms-moveit-related-breach-after-ransomware-group-leaks-data/

    avoidthehack, to privacy

    Avoidthehack updates "Blocking Ads, Trackers, and in , Devices, and Networks"

    Updated this guide with lots of changes. Including removing mentions of Vivaldi, adding more sections/headers for readability, added references where appropriate.

    So, what's your method of blocking ads?

    https://avoidthehack.com/how-to-block-ads

    avoidthehack,

    @voxel you covered most of it! Additionally, it has a phoning home function (but admittedly nothing like browsing data) that can’t be disabled.

    avoidthehack, to Cybersecurity

    Is my #password compromised?

    @bitwarden showcases how the locally run Bitwarden Vault Health Report can help you identify reused passwords, exposed passwords, and weak passwords.

    #cybersecurity #infosec #opsec

    https://bitwarden.com/blog/is-my-password-compromised/

    avoidthehack, to privacy

    Who’s Behind the DomainNetworks Snail Mail Scam?

    From @briankrebs

    +1 for Domain WHOIS privacy protection.

    Personally, I've never received one of these - but somehow they've pinged the email associated with the record via a relay/aliasing service.

    https://krebsonsecurity.com/2023/07/whos-behind-the-domainnetworks-snail-mail-scam/

    avoidthehack,

    @dostalcody @briankrebs What I’m gathering is that these are the equivalent of “we’ve been trying to reach you about your car’s extended warranty…” calls. Lol.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •