Pinned post

Google adds E2E RCS encryption to their default Messages using Signalapp messages, emoji mashup suggests, and more for Android - The Verge
theverge.com/2021/6/15/2253417

APT hacker group "TA402/Molerats" has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government agencies linked to geopolitics in the region.

Details: thehackernews.com/2021/06/mole

has issued an advisory manufacturers of a critical — CVE-2021-32934 / CVSS score: 9.1 —in 's P2P that could be by attackers to on connected .

Read: thehackernews.com/2021/06/crit

This could be part of a supply chain spy campaign on the airline industry, via a breach of air industry IT supplier SITA.

Show thread

New - There’s compelling evidence linking APT41 - one of China’s most prolific espionage and cybercrime crews, and an FBI Most Wanted - to the huge hack of Air India. Read 👉 forbes.com/sites/thomasbrewste

New: Otonomo is a firm that sells location data from cars, etc. They say it's privacy-preserving. But source scraped data from their website en masse, gave it to us, we could see where people drove and where they likely lived

"Privacy nightmare," EFF said vice.com/en/article/4avagd/car

The longer you keep your phone the more lightly it would have tread the earth, so think twice when you want to buy a new phone. Do you really need a new phone? The truth is, the most #sustainable phone is the one you already own – so make it last. 🌍 📱

#worldenvironmentday2021

India's requirement to trace messaging apps content back to its originators has wider implications on users' right to privacy. Weakening end-to-end encryption for some means doing so for all, and could set a dangerous global precedent for secure apps. t.co/C9IpmrYlPr

Google this week announced 4 major privacy and security that everyone needs to know about:

— Two-factor authentication for all, by default.
— Privacy labels for Google Play apps
— Hardware-Enforced Exploit Protection for Chrome
— Cosign for signing and verifying container images

Read details here: thehackernews.com/2021/05/4-ma

The European Commission has funded an open source project to create a Gateway between the ActivityPub and XMPP PubSub Protocols, and E2EE on PubSub

From goffi: "it's my pleasure to announce that an ActivityPub XMPP gateway doubled with Pubsub end-to-end encryption project has been selected for a grant by NLNet/NGI0 Discovery Fund (with financial support from European Commission's Next Generation Internet programme)".
The XMPP ActivityPub gateway will join two major open and decentralised protocols. In practice it will be a XMPP server component (usable with any server), and implement the ActivityPub server to server protocol (or "Federation Protocol"). On XMPP side, it will be mostly a Pubsub service (with some extra, like private messages converted to XMPP message stanza).
XMPP blogging (XEP-0277: Microblogging over XMPP) will be used, and thus any client supporting it will have access to ActivityPub publications (Libervia and Movim for instance). squeet.me/objects/962c3e10d49f

Continuous popularity of extends to the cyber-criminal community such that Malware authors are increasingly using Telegram as a ready-made command and control (C&C) system for their malicious products, because it offers several advantages compared to conventional web-based malware administration.
blog.checkpoint.com/2021/04/22

Show older