Sergey Shkundaleu @archit3ct@social.ssbx.dev

Attack on privacy is often hidden behind some noble purpose, some purpose where public, in theory, would "buy-in" on being tracked. So here is an example where data broker touting themselves as helping law enforcement to collate information they collect off of mobile phones, but all in all what that is if not a surveillance. #privacy https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/

Are you still pixelating your images? Please don't! This is a reminder why! Post has been written in 2022 and "old news", however think about how far technology has gone in last 2 years. #cybersecurity https://thehackernews.com/2022/02/this-new-tool-can-retrieve-pixelated.html

That's a really awesome development, It looks like Swiss folks understand that open source would better fit governmental needs, at the end of the day when code is out there you at least can inspect it and take countermeasures if necessary. #OpenSource https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/

I had been saying that listening to the microphone on your phone is not practical or scalable from a marketing point of view(while 100 % possible). My recommendation though has always been removal of social media apps from your phone. #punkprivacy However looks like at least one player brags about it, so maybe they were able to implement a process that yields good ROI and proves me wrong. Please remove unnecessary apps from your phone. https://futurism.com/the-byte/facebook-partner-phones-listening-microphone #privacy

Just remember when product is free and distributed by for profit commercial entity, they have to have a way to recoup their losses. In many cases you are the product, in some cases your data is the product that they sell, and in some cases they are straight out fraudsters.
https://www.bleepingcomputer.com/news/security/free-vpn-apps-on-google-play-turned-android-phones-into-proxies/

This is a good reminder of how important is real time continuous monitoring in a whole cybersecurity puzzle. It took 22 min after vulnerability was published for the bad guys to start exploiting it. #cybersecurity https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/

Here is another example of vendor abandoning patching. From time to time businesses around the world would have to make those decisions based on simple economy, however I think it would have been honest from their perspective is to open source their code, so that community could fix it. Unfortunately that's not the case for any of the vendors, luckily people have choices there is OpenWRT which is an open source ecosystem for routers, and that model is supported.
https://www.howtogeek.com/d-link-dir-856-router-exposed-to-hackers/

While progress and shift to software defined everything is generally great, people need to be ready for that shift and be able to understand how to protect themselves from threat vectors associated with such shift. #cybersecurity
https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

As I previously said any company, no mater how noble their intentions could have been, would have to follow procedures of the country where they have been incorporated, that's why I think the future of privacy is for people to be able to manage their own data . #ethiork #privacy
https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/

That is good to see that SEC charging bunch of players on the market for failures to follow their own incident report procedures. That's just another highlight of the value of cybersecurity in today's work, because that is what could move the market. #cybersecurity #SEC
https://www.sec.gov/newsroom/press-releases/2024-63

Another breach from a couple of months ago, and it's coming from effective monopolist in ticket sales, if you tried to buy tickets recently then mos likely you had to deal with enormous "fees" imposed by that player, so what do you think how much of those went into cybersecurity spending, probably not much if anything . #databreach #cybersecurity
https://www.abc.net.au/news/2024-05-30/ticketmaster-data-breach-how-to-check-if-you-have-been-hacked/103912494

With AI getting back to prime time with LLMs, everyone trying to get a hold of tech necessary to succeed and chip wars will continue for sure between different countries. #AI https://www.reuters.com/technology/former-asml-ceo-says-us-china-chip-fight-will-continue-2024-07-06/

I have no intention to continue reporting on data breaches, but that is just continue to pop up here and there, unfortunately companies does not want to walk their talk and it's not a technical problem it's cultural. #cybersecuity
https://www.bleepingcomputer.com/news/security/neiman-marcus-data-breach-31-million-email-addresses-found-exposed/

This is just crazy, stock firmware sends data somewhere in plain text, data which happens to be user's wifi password. Is it the supply chain attack or coming from the company themselves. That would be interesting to know. #cybersecurity
https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/

This is just terrifying, as usual humans are the weak link in any system. There have been multiple reports where hacks utilizing SIM swaps cleared people savings. This is just one case with 5 victims, and it's mind blowing that some one would do that. #security
https://www.bleepingcomputer.com/news/security/former-telecom-manager-admits-to-doing-sim-swaps-for-1-000/

Generative AI coudl be a very useful, when used properly. However what we see in cybersecurity space is that threat actors starting to utilize gen AI for phishing, and that is where AI shines, it creates very persuasive and authentically looking emails. Thus it's very important to be able to recognize phishing emails. #phishing #cybersecurity Check out this article by Wired: https://www.wired.com/story/how-to-spot-business-email-compromise-scam/

Ugh another data breach, now it's AT&T. I know the article is a couple months old, but leak itself from 2021, and it took 3 years for AT&T to admit it. No comments. #cybersecurity #databreach https://restoreprivacy.com/att-admits-data-leak-impacting-73-million-current-and-former-customers/

I know it's a school break for everyone, however when kids woudl get back to school it's very important to help them with right choices and lunch is a very important meal where kids are at school by themselves. I know people get busy, but do not neglect your kids lunch choices, pack a proper lunch and help them stay healthy. #lunch #kids #health https://www.consumerreports.org/health/lunch-and-snack-packs/should-you-pack-lunchables-for-your-kids-school-lunch-a1165583878/