If you run GitLab you probably want to update your servers ASAP. Looks like things being exploited and turned into botnet to launch DDoS attacks. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps/
For those who follows development around CMMC model it seems there are some very significant changes coming with 2.0 version. Those of us who has been in software development long enough would feel dejavu moment and certainly recall Angular 2.0 release. Here is the link you can start your deciphering journey https://www.acq.osd.mil/cmmc/assessments.html #CMMC #cybersecurity
October Update:
Introducing the #PinePhonePro - $399
#PineNote and PinePhone Pro pre-orders are now open to developers & shipping this year!
#PineTime #InfiniTime major firmware progress & project management update
https://www.pine64.org/2021/10/15/october-update-introducing-the-pinephone-pro/
Security is a complex exercise, and there could not be any rush in protecting sensitive data. Aside of fact that vaccine passports are infringement on people freedom, governments should have asked themselves is this information that can be handled by startup. Unfortunately we see an opposite, governments around the world buying those type of apps from startups who are in gold rush mode to deliver, because window of opportunity to get their hands on budget money is short.
https://blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/
Cloud providers came together with set of Trusted Cloud Principles. You may ask what's wrong with this, looks like really nice initiative. However if you look closer, it's skewed towards cloud providers ability to access/store your data. One very important piece is missing in that initiative is ethical behavior of those providers and equal opportunities for legal expression. In other words there is nothing about those providers censoring you when you view is different. https://trustedcloudprinciples.com/
« Leaked #Facebook docs show the company saw pre-teens as an 'untapped' audience and wanted to 'leverage playdates,' The Wall Street Journal reports » 🤢 https://www.msn.com/en-us/news/technology/leaked-facebook-docs-show-the-company-saw-pre-teens-as-an-untapped-audience-and-wanted-to-leverage-playdates-the-wall-street-journal-reports/ar-AAOX9H0 #DeleteFacebook
Another day another rootkit. There was an interesting exploit made public couple days ago, that allows attacker to stay hidden from view point of Windows subsystems in charge of security while having quite a bit of an access to that PC and of course company that identified ability to exploit offering their services to protect PC's ... quite suspicious ... https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html
@kyle Entirely agree, vendors doesn't want for their users to make right choices, otherwise when users would be able to leave vendors when they are not delivering and then who is going to pay for those jails. So each of those vendors want their users to stay and pay for their jail, looks like upside down world to me.
If anyone still had an illusion that social media platforms are about purpose, social good, here is article for you. They only care about ways to exploit networking effect for as long as it increases their bottom line, thus people with large audience, politicians and etc are exempts from rules defined by platforms. Rules are for regular people and people are just a product being packaged and sold to advertisers. Ethiork helps you break free of those giants. https://www.wsj.com/articles/facebook-files-xcheck-zuckerberg-elite-rules-11631541353?st=g3pys94rcdk8h9r&reflink=share_mobilewebshare
Microsoft disclosed Zero-Day vulnerability 2 days ago about remote code execution that is exploited through specially crafted MS Office documents. Please be careful and better refrain from opening any docs from untrusted sources. It sounds like actively exploited targeted attack. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
I've been a fan of #Mycroft for a while now, but I recently learned some things they're involved with that I was completely unaware of. Maybe that's my fault for not paying attention, or maybe they could use some help in the PR department.
They've scored a contract with #NASA for various "space" related projects which sound interesting.
https://www.bizjournals.com/kansascity/news/2021/08/20/kc-mycroft-ai-nets-multiple-wins.html
They've been working with Tree Industries on #Ezra EA to develop voice technologies for classrooms.
https://www.tree.industries/products/ezra/ezra-education-assistant
Finally got around reducing resolution of the images on my blog and submitting it to https://512kb.club/ doing my part in reducing digital waste on the Internet. Check it out here https://sergeysh.com/
@kev Looks awesome, I would have done networking closet first :D
Security poverty line. Many organizations fell behind it with more sophisticated threat actors out there. However organizations can buy their way out of it with more investments. What about individual consumers? Are the products that suitable for consumers? Are they stuck with big tech companies and their "free" products. That's why we started Ethiork project, to give individuals a hand to raise above security poverty line. https://www.ethiork.com/
Holidays are usually sweet spot for threat actors, because it's easy to go undetected over extended holidays. There is no sleep people involved in cybersecurity :( here is advisory from CISA and FBI https://us-cert.cisa.gov/ncas/alerts/aa21-243a
... accidental typo in nmap scan leads to scanning of majority of network infrastructure, which leads to finding some unexpected ports on several host, which leads to a witch hunt unleashing wide variety of tools on to those hosts ... just to confirm that everything runs as expected ... as a result all tools on offensive security box has gotten most recent updates and skills brushed off ...
Those who still live under impression that data anonymization which tech giants tooting while selling your data left and right works read this article: https://nypost.com/2021/07/25/reporting-that-outed-catholic-priest-reveals-data-is-not-private/
Just pay close attention to "how" they investigate rather than what is reported. There are also articles from NY Times
https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html
and
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
Your data is valuable, stop giving it away for free. #privacy
Experienced technology entrepreneur on the quest for ethics and privacy. Follow #punkprivacy tag to get regular privacy tips. You can also follow @ethiork account to get information about progress of Ethiork project that enables people to own their data and protect their privacy.