I know, I'm late at the party. I was querying the search engine they call Copilot. I asked "in gcp, how do I find the costs of unattached disks per project?"
Copilot gave me a very bad answer. If s.o. would have used the command for listing unattached disks to delete unused disks they would have done a catastrophic error. Now, I'm happy that I'm late to the party haha. Always double and triple check the answers no matter if it's "AI".

The TV provider Free.fr was breached. Users got notified that a lot of personal data was compromised (name, last name, domicile, phone number, subscription information, bank info, and more).

I find interesting that they include a paragraph regarding the penalties and liability of the offender. They should talk about their own responsibility and fines the should be facing!!

This is your regular reminder that most communications on Telegram are not end-to-end encrypted. Channels and groups are never end-to-end encrypted and 1-on-1 messages are only end-to-end when explicitly enabled.

EuroUSEC 2024

Only 1 month left to submit to the 2024 European Symposium on Usable Security!

Submit your research and findings to EuroUSEC, a forum for research and discussion on human factors in security and privacy! Discover the perfect synergy of technology, innovation, and tranquillity as EuroUSEC 2024 makes its way to the charming city of Karlstad.

Call for Papers – EuroUSEC 2024 – 30th Sep - 1st Oct 2024, Karlstad, Sweden

https://eurousec24.kau.se/
#cfp #academia #usablesecurity #usec #EuroUSEC

@j2bryson this is coming to most airports and airlines. I believe Dubai has it for some time.

Not long ago I read headings about Signal losing a big donor. The blogs posts were painting a dire future. It's refreshing work keeps going and the introduction of usernames as identifiers.
https://signal.org/blog/phone-number-privacy-usernames/

Fake Job Posts on LinkedIn.
.
.
Always be alert, suspicious and verify before even clicking.

There's been several posts in the media, articles and blogs by people describing how LinkedIn is being used to recruit, deceive, or scam job seekers.

I am receiving emails with job offers with "High experience match", "High skills match", or "Be first to apply" LinkedIn [pretend] labels.

I checked "Fudan University" in Hafnarfjörður (On-site) under the Icelandic Yellow Pages, nothing found:
"Engar niðurstöður fundust fyrir „fudan university“
Ástæðan gæti verið að leitarorðið er rangt skrifað eða ekki á skrá."
Google Translate:
"No results found for "fudan university"
The reason could be that the keyword is misspelled or not in the file."
https://ja.is/?q=fudan%20university

Alright, maybe not in file. So I checked Revenue Iceland. If it's on-site and it is a university it surely has to be registered; well, no surprise there, nothing found.
"Leit eftir „Fudan University“ skilaði engri niðurstöðu"
Google Translate: A search for "Fudan University" returned no results
https://www.skatturinn.is/fyrirtaekjaskra/leit?nafn=Fudan+University&heimili=&kt=&vsknr=

I repeated the exercise for MindPal Kópavogur (On-site).
Similar results, nothing under ja.is or the tax office.
https://www.skatturinn.is/fyrirtaekjaskra/leit?nafn=MindPal&heimili=&kt=&vsknr=
https://ja.is/?q=mindpal

#linkedin #linkedinjobscam #scams #linkedinjobs

From @protonmail
"The EU Parliament adopted a crucial position on the #ChatControl legislation removing the attacks on encryption, taking a definitive and progressive stance for privacy and security.

The original proposal threatened the fundamental rights of hundreds of millions of Europeans and risked undermining their safety..."
https://proton.me/blog/eu-parliament-chat-control

❗ WARNING ❗

➡ Fake Skills Assessment Targeting IT & Cyber Job Seekers ⬅

Microsoft's security team has uncovered a disturbing trend targeting IT professionals. A notorious hacking collective, known by names such as Sapphire Sleet, APT38, BlueNoroff, CageyChameleon, and CryptoCore, is exploiting job seekers on LinkedIn. This subgroup of the infamous Lazarus Group is luring individuals with the promise of skills assessments, only to lead them into a trap.

After initial contact on LinkedIn, the scammers direct victims to external platforms where the real deception begins. They've constructed an elaborate facade, complete with password-protected websites that distribute malware under the guise of legitimate job-related content. These tactics are not just a deviation from their previous methods of attaching malware to emails or hiding it in plain sight on legitimate websites; they represent an evolution in cyber threats, with a direct aim at the unwary job seeker.

Stay vigilant. If an opportunity seems too good to be true, it might just be the work of Sapphire Sleet. Verify the authenticity of any skills assessment with the offering company directly and never download files or enter personal details into unverified platforms. Let's keep our digital job-hunting safe.

Please reshare to spread the word

Source:

https://cybersocialhub.com/csh/microsoft-warns-of-fake-skills-assessment-portals-targeting-it-job-seekers/

#CyberSafety #ITJobs #CyberSecurity #LinkedIn #Cyber #infosec #technews #tech #cyber #cybernews #technology #news #hack #hacking

Mastadonians wanting more security- and privacy-related content here: there are a bunch of journalists, researchers and engineers who are woefully underfollowed relative to the impact and importance of the work they do. Please follow and engage with them so they have a strong incentive to use this platform more.

There are way too many to name all of them. In no particular order here are some (but sorry, not all; please look at the people I follow for more):

@lhn
@josephcox
@jasonkoebler
@malwarejake
@sophieschmieg
@howelloneill
@selenalarson
@philip
@neilmadden
@ryanc
@Wednesday
@yossarian
@LukaszOlejnik
@chenghlee
@saraislet
@Bryan

Please boost for visibility

So Okta was breached (Oct 2023) and the Threat Actor(s) pivot tired to pivot to other services. According to @vxunderground the Threat Actor(s) successfully pivoted to 1Password. Cloudflare is also reporting the attempt to pivot to them but they managed to contain and minimize the impact. More on it here: https://cfl.re/3Q6VpuR
#okta #breach

5 southwestern Ontario hospitals have shut down online services including their patient record and email systems after a cyberattack on Monday. The nonprofit service provider that these hospital relies on stated that they’re still determining the scope and impact of the attack, and trying to determine if patient data were accessed.

There’s currently no word on when services will be restored. Hospital officials advise that patients will be contacted to have their appointments rescheduled.

https://www.cbc.ca/news/canada/windsor/windsor-hospital-system-1.7005158

#infosec #cybersecurity #cyberattack #hospital #Ontario #Canada

@toddalstrom I hear you, it's so hard to ask them to switch.

OWASP Wrong Secrets

I came across this resource from OWASP. I'm yet to give it a try but it looks great.It's a series of challenges which aim at teaching how to recognize common mistakes when it comes to handling secrets and the secret strategy.

https://github.com/OWASP/wrongsecrets

#devops #devsecops #cybersecurity #cybersecurite

Signal Will Leave the UK Rather Than Add a Backdoor https://www.schneier.com/blog/archives/2023/09/signal-will-leave-the-uk-rather-than-add-a-backdoor.html

Congratulations Þorsteinn K. Ingólfsson on defending your #Master's this week, very well done 🙌 . It's great to know you are contemplating continuing to do research.

Special thanks to the co-advisers and the committee members for their insights, feedback and questions Thomas Welsh, Helmut Neukirchen, Matthias Book, and Theodor Gislason.

Thesis: The state of cybersecurity vulnerability reporting in Iceland.

Háskóli Íslands (the University of Iceland).

#háskóliíslands #researchers #graduateschool #cybersecurity #infosec #VulnerabilityDisclosure
#research #academia #bugbounty

Thanks for the boost @kamui!

Hello Usable Security and Cybersecurity community,

Phishing awareness survey.

https://www.soscisurvey.de/phishing/

We are seeking participants for a phishing awareness survey.

Purpose:
The purpose of this research study is to understand user's awareness and knowledge on phishing.

Eligibility criteria:
This study is targeting Internet users. To be eligible you must be of legal age in your country of residence. Persons under 14 years old are not eligible.

Possible Benefits
You may not directly benefit from this research; however, we hope that your participation in the study may help improve the current status of phishing awareness training and research in the field.

This study is being done by Rakesh Mohan Verma from the University of Houston and Gerardo R., independent researcher.
.
#phishing #academia #cybersecurity #security #HCI #usablesecurity #cybersecurite

Another insight from the #TikTok Advertisment Library. TikTok announced that targeting minors based on behavioural data would no longer be possible after July 11th. The data and a hands-on analysis show instead that nothing changed.

Details in our blog: https://tiktok-audit.com/blog/2023/ads-targeting-minors/

@semperinlimbo Thanks for the kind words! The book also contains very interesting #hci, #cybersecurity, and #privacy overview chapters by @verena_distler @n0g @lorrietweet and lots of other researchers that are not on Mastodon (yet).

And yeah, fully #OpenAccess!

Download: https://doi.org/10.1007/978-3-031-28643-8