Pinned post

Google adds E2E RCS encryption to their default Messages using Signalapp messages, emoji mashup suggests, and more for Android - The Verge

APT hacker group "TA402/Molerats" has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government agencies linked to geopolitics in the region.


has issued an advisory manufacturers of a critical — CVE-2021-32934 / CVSS score: 9.1 —in 's P2P that could be by attackers to on connected .


This could be part of a supply chain spy campaign on the airline industry, via a breach of air industry IT supplier SITA.

Show thread

New - There’s compelling evidence linking APT41 - one of China’s most prolific espionage and cybercrime crews, and an FBI Most Wanted - to the huge hack of Air India. Read 👉

New: Otonomo is a firm that sells location data from cars, etc. They say it's privacy-preserving. But source scraped data from their website en masse, gave it to us, we could see where people drove and where they likely lived

"Privacy nightmare," EFF said

The longer you keep your phone the more lightly it would have tread the earth, so think twice when you want to buy a new phone. Do you really need a new phone? The truth is, the most #sustainable phone is the one you already own – so make it last. 🌍 📱


India's requirement to trace messaging apps content back to its originators has wider implications on users' right to privacy. Weakening end-to-end encryption for some means doing so for all, and could set a dangerous global precedent for secure apps.

Google this week announced 4 major privacy and security that everyone needs to know about:

— Two-factor authentication for all, by default.
— Privacy labels for Google Play apps
— Hardware-Enforced Exploit Protection for Chrome
— Cosign for signing and verifying container images

Read details here:

The European Commission has funded an open source project to create a Gateway between the ActivityPub and XMPP PubSub Protocols, and E2EE on PubSub

From goffi: "it's my pleasure to announce that an ActivityPub XMPP gateway doubled with Pubsub end-to-end encryption project has been selected for a grant by NLNet/NGI0 Discovery Fund (with financial support from European Commission's Next Generation Internet programme)".
The XMPP ActivityPub gateway will join two major open and decentralised protocols. In practice it will be a XMPP server component (usable with any server), and implement the ActivityPub server to server protocol (or "Federation Protocol"). On XMPP side, it will be mostly a Pubsub service (with some extra, like private messages converted to XMPP message stanza).
XMPP blogging (XEP-0277: Microblogging over XMPP) will be used, and thus any client supporting it will have access to ActivityPub publications (Libervia and Movim for instance).

Continuous popularity of extends to the cyber-criminal community such that Malware authors are increasingly using Telegram as a ready-made command and control (C&C) system for their malicious products, because it offers several advantages compared to conventional web-based malware administration.

Show older