Sergey Shkundaleu @archit3ct@social.ssbx.dev

Just remember when product is free and distributed by for profit commercial entity, they have to have a way to recoup their losses. In many cases you are the product, in some cases your data is the product that they sell, and in some cases they are straight out fraudsters.
https://www.bleepingcomputer.com/news/security/free-vpn-apps-on-google-play-turned-android-phones-into-proxies/

This is a good reminder of how important is real time continuous monitoring in a whole cybersecurity puzzle. It took 22 min after vulnerability was published for the bad guys to start exploiting it. #cybersecurity https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/

Here is another example of vendor abandoning patching. From time to time businesses around the world would have to make those decisions based on simple economy, however I think it would have been honest from their perspective is to open source their code, so that community could fix it. Unfortunately that's not the case for any of the vendors, luckily people have choices there is OpenWRT which is an open source ecosystem for routers, and that model is supported.
https://www.howtogeek.com/d-link-dir-856-router-exposed-to-hackers/

While progress and shift to software defined everything is generally great, people need to be ready for that shift and be able to understand how to protect themselves from threat vectors associated with such shift. #cybersecurity
https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

As I previously said any company, no mater how noble their intentions could have been, would have to follow procedures of the country where they have been incorporated, that's why I think the future of privacy is for people to be able to manage their own data . #ethiork #privacy
https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/

That is good to see that SEC charging bunch of players on the market for failures to follow their own incident report procedures. That's just another highlight of the value of cybersecurity in today's work, because that is what could move the market. #cybersecurity #SEC
https://www.sec.gov/newsroom/press-releases/2024-63

Another breach from a couple of months ago, and it's coming from effective monopolist in ticket sales, if you tried to buy tickets recently then mos likely you had to deal with enormous "fees" imposed by that player, so what do you think how much of those went into cybersecurity spending, probably not much if anything . #databreach #cybersecurity
https://www.abc.net.au/news/2024-05-30/ticketmaster-data-breach-how-to-check-if-you-have-been-hacked/103912494

With AI getting back to prime time with LLMs, everyone trying to get a hold of tech necessary to succeed and chip wars will continue for sure between different countries. #AI https://www.reuters.com/technology/former-asml-ceo-says-us-china-chip-fight-will-continue-2024-07-06/

I have no intention to continue reporting on data breaches, but that is just continue to pop up here and there, unfortunately companies does not want to walk their talk and it's not a technical problem it's cultural. #cybersecuity
https://www.bleepingcomputer.com/news/security/neiman-marcus-data-breach-31-million-email-addresses-found-exposed/

This is just crazy, stock firmware sends data somewhere in plain text, data which happens to be user's wifi password. Is it the supply chain attack or coming from the company themselves. That would be interesting to know. #cybersecurity
https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/

This is just terrifying, as usual humans are the weak link in any system. There have been multiple reports where hacks utilizing SIM swaps cleared people savings. This is just one case with 5 victims, and it's mind blowing that some one would do that. #security
https://www.bleepingcomputer.com/news/security/former-telecom-manager-admits-to-doing-sim-swaps-for-1-000/

Generative AI coudl be a very useful, when used properly. However what we see in cybersecurity space is that threat actors starting to utilize gen AI for phishing, and that is where AI shines, it creates very persuasive and authentically looking emails. Thus it's very important to be able to recognize phishing emails. #phishing #cybersecurity Check out this article by Wired: https://www.wired.com/story/how-to-spot-business-email-compromise-scam/

Ugh another data breach, now it's AT&T. I know the article is a couple months old, but leak itself from 2021, and it took 3 years for AT&T to admit it. No comments. #cybersecurity #databreach https://restoreprivacy.com/att-admits-data-leak-impacting-73-million-current-and-former-customers/

I know it's a school break for everyone, however when kids woudl get back to school it's very important to help them with right choices and lunch is a very important meal where kids are at school by themselves. I know people get busy, but do not neglect your kids lunch choices, pack a proper lunch and help them stay healthy. #lunch #kids #health https://www.consumerreports.org/health/lunch-and-snack-packs/should-you-pack-lunchables-for-your-kids-school-lunch-a1165583878/

AI has become a fashionable word on geopolitical arena as well. Unfortunately often goverments turn to the best mechanism they know, which is heavy regulations. What worries me in that article is the view of some folks that the government should be regulating open source models, which will lead to even further concentration of AI power in corporate hands rather than being available to people. #ai https://www.reuters.com/technology/us-eyes-curbs-chinas-access-ai-software-behind-apps-like-chatgpt-2024-05-08/

Another good article from Mozilla regarding privacy. That's a good example of what I've been talking about for a while. In many cases the definition of privacy is limited to primarily personal information, however advertisers do not need that information, advertisers need to understand the person behind the screen to predict their next purchase or drive person towards that. Beware of how mental health and prayer apps use most vulnerable population, their users. #privacy https://foundation.mozilla.org/en/blog/top-mental-health-and-prayer-apps-fail-spectacularly-at-privacy-security/

Age verification and ID verification services are touted as a great savior that would protect kids and so on, thus there is a notion to force people into using those services throuhg regulations. However what happens when those services are getting hacked? #privacy #cybersecurity https://www.eff.org/deeplinks/2024/06/hack-age-verification-company-shows-privacy-danger-social-media-laws

This is exactly the problem with closed ecosystem. Apple says that their apps go through the rigorous process to get admitted into the app store. However would you do when apps are removed from the app store within a particular country. Apple sought to open up an ecosystem a bit with 17.4 update, but still it's cumbersome for most of the people. Key point Apple is a corporation and corporations would always cave to local authorities to keep business running. #vpn #apple https://appleinsider.com/articles/24/07/05/russia-forces-apple-to-remove-vpn-apps-from-the-app-store

I recently stumbled upon an FTC Update, they published back in march. Highlights include strong enforcement actions, new rulemaking efforts, extensive guidance for businesses & consumers, and global collaboration to protect your data. With wide adoption of AI, you would need to understand that enforcements they've done are just tip of the iceberg and there is more mischief happening to your data. Stay informed and stay secure! 🔒💼🌐 #Privacy #DataSecurity https://www.ftc.gov/news-events/news/press-releases/2024/03/ftc-releases-2023-privacy-data-security-update