Testing soon to be published #Synology #BC800Z camera.

⚡️ 4K resolution (30fps)
⚡️ PoE and #AI-powered
⚡️ IP67 and IK10 ratings
⚡️ People, vehicle, and license plate detection
⚡️ Smart Smoke detection
⚡️ Face recognition*
⚡️ Automatic defog

* needs to be paired with a Synology DVA model
#surveillance #security #monitoring

Now that #openbsd 7.8 https://www.openbsd.org/78.html is out, a refresh of "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html or tracked https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html was in order. #install #upgrade #maintenance #security #freesoftware #libresoftware

OpenBSD 7.8 Released https://www.undeadly.org/cgi?action=article;sid=20251022025822 #openbsd #openbsd78 #terraodontidae #newrelease #development #security #innovation #freesoftware #libresoftware

Amazon’s Ring is partnering with Flock—a network used by ICE, police & feds—in a major privacy red flag 🚨

Cops can now request Ring footage, expanding AI surveillance into our neighborhoods 🎥
Flock tracks vehicles & uses biased AI to ID people ⚠️

Given Ring’s privacy failures, this is deeply alarming 😠

🔗 https://techcrunch.com/2025/10/16/amazons-ring-to-partner-with-flock-a-network-of-ai-cameras-used-by-ice-feds-and-police/

#TechNews #Privacy #Surveillance #Ring #Flock #Amazon #AI #CivilRights #BigBrother #SmartHome #Police #Data #BigTech #DigitalRights #Security

Message scanning powers are sleeping on the statute book. They must never get activated.

The UK government has already tried to make Apple put a backdoor in its encrypted services. It's clear they want to recklessly dismantle our cybersecurity protections.

We must save encryption to #PracticeSafeText 💬

#GlobalEncryptionDay #encryption #e2ee #privacy #cybersecurity #security #OnlineSafetyAct #ukpolitics #ukpol #surveillance

Powers in the UK Online Safety Act to introduce message scanning technology is far from an online safety measure. It's a gift to predators and stalkers❗

Forcing a backdoor into encrypted systems so everything we send can be scanned makes us vulnerable to anybody who wants to exploit that weakness.

#PracticeSafeText #GlobalEncryptionDay #encryption #e2ee #privacy #cybersecurity #security #OnlineSafetyAct #ukpolitics #ukpol #surveillance

Practice Safe Text for Global Encryption Day 🔒

Messaging apps we use to chat, share and plan shield us from scams, stalking and sextortion.

But the UK Online Safety Act contains a time bomb that lets the government break encryption for surveillance.

Find out more about our campaign ➡️ https://www.openrightsgroup.org/campaign/save-encryption/

#PracticeSafeText #GlobalEncryptionDay #encryption #e2ee #privacy #cybersecurity #security #OnlineSafetyAct #ukpolitics #ukpol #surveillance

Alt...

Image of a red and yellow message icon as a 3D baloon with a children crossing sign on the skin. Text reads: Save Encryption – Practice Safe Text.

Encryption scrambles what we send on messaging apps.

Only the person you’re talking to can make sense of it. That’s your chats, pics and deets for their eyes only.

This is how we protect kids, parents and people experiencing domestic abuse from those who want to use your private life against you.

#PracticeSafeText #GlobalEncryptionDay #encryption #e2ee #privacy #cybersecurity #security #OnlineSafetyAct #ukpolitics #ukpol #surveillance

Please stop using Math.floor(Math.random() * range) for generating #passwords

https://atoponce.github.io/unbiased-random/

#cryptography #security #javascript

Microsoft says it’s starting to test ads inside the Start menu on Windows 11. The software maker will use the Recommended section of the Start menu, which usually shows file recommendations, to suggest apps from the Microsoft Store. Trillion dollar corporation is so poor. They need more money by selling your data to the highest bidder. wtf? #privacy #security https://www.theverge.com/2024/4/12/24128640/microsoft-windows-11-start-menu-ads-app-recommendations

Alt...

The headline reads: Microsoft starts testing ads in the Windows 11 Start menu / The app recommendations from Windows 10 are coming to Windows 11 soon.

xubuntu.org might be compromised https://old.reddit.com/r/Ubuntu/comments/1oa4549/xubuntuorg_might_be_compromised/

The malware check the clipboard for crypto wallet addresses and then replace them with attacker addresses.

#linux #security

⚠️ ~200,000 Framework Linux laptops shipped with UEFI components that can bypass Secure Boot 🖥️

A signed mm command allows memory edits, disabling signature checks & enabling persistent bootkits 🔐
Not a breach—an oversight. Fixes are rolling out. Users should update firmware or apply mitigations 🔧

@frameworkcomputer

🔗 https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/

#TechNews #Linux #Cybersecurity #Framework #UEFI #SecureBoot #Security #Firmware #Privacy #OpenSource #Vulnerability #Update #Patch #Laptop #Technology

Time to patch any #Windows systems you have to deal with new #security issues
https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html

Interesting Git repos of the week:

#security, #research, #code

Massive Crypto Scam Bust: $15B Bitcoin Seized

The US Department of Justice executed its largest-ever forfeiture action, seizing approximately $15 billion in bitcoin from Chen Zhi, a 37-year-old Cambodian-British tycoon who founded Prince Holding Group.

Chen faces charges of wire fraud and money laundering conspiracy for operating forced-labor compounds across Cambodia that ran "pig butchering" cryptocurrency scams, stealing billions from victims worldwide.

Prince Group allegedly operated at least 10 scam compounds in Cambodia, with facilities controlling 76,000 fake social media accounts using 1,250 mobile phones.

Trafficked workers, lured by fake job advertisements, were held against their will and forced under threat of torture to carry out online fraud, often building fake romantic relationships with targets before convincing them to invest in fraudulent cryptocurrency platforms.

At one point, Chen allegedly bragged the operation was generating $30 million daily. Americans lost at least $10 billion to Southeast Asia-based scams in 2024 alone, a 66% increase from 2023.

Stolen funds financed luxury purchases including yachts, private jets, vacation homes, and a Picasso painting.

The US Treasury sanctioned 146 individuals and entities within the Prince Group network, declaring it a transnational criminal organization. The UK froze 19 London properties worth over $134 million linked to the network.

Chen, who served as an adviser to Cambodia's prime ministers and held the honorific title "neak oknha," remains at large and faces up to 40 years in prison if convicted.

https://www.cnbc.com/2025/10/14/bitcoin-doj-chen-zhi-pig-butchering-scam.html

https://www.justice.gov/opa/pr/chairman-prince-group-indicted-operating-cambodian-forced-labor-scam-compounds-engaged

https://home.treasury.gov/news/press-releases/sb0278

https://www.aljazeera.com/news/2025/10/15/us-uk-sanction-huge-southeast-asian-crypto-scam-network

https://www.npr.org/2025/10/15/nx-s1-5574948/us-indictment-cambodia-tycoon-alleged-crypto-scam

#CryptoScam #PigButchering #Bitcoin #Cybercrime #ForcedLabor #MoneyLaundering #Cambodia #CryptoFraud #HumanTrafficking #DOJ #Security #SouthEastAsia #TootSEA

WPA3 support for OpenBSD 802.11 wireless funded by NLNet Foundation https://www.undeadly.org/cgi?action=article;sid=20251017070142 #openbsd #wifi #networking #wpa3 #security #nlnet #nlnetfoundation #funding #freesoftware #libresoftware

Maybe someone wants to explain the value of stupid AI prompts like the one in this paper. They write:

As a highly experienced threat modeler practitioner with over 20 years of experience, you have worked for one of the largest financial institutions in the world.

First off, this is a classic #security mistake: assuming that (a) security is the same everywhere, so what one firm does well, everyone should do the same, and (b) "financial institutions" have the best security, so if you want to have the "best security," you should do what they do.

Secondly, I don't get the point of including this fictional 20 years of experience in the prompt. Is that making a material difference? Why not tell it that it has a bazillion years of experience? Why not omit that? Do you want it threat modelling like we did "over 20 years ago" in 2002?

Third, this prompt will steer you toward threat models that are very wrong for some orgs. A non-profit, or an educational institution, or a low-stakes governmental agency (like parks & rec) will have very different #ThreatModeling needs.

Lastly, the thing that all #ThreatModel AI systems get wrong is they lack any notion of skepticism. Did the architecture diagram not make sense? Did they imply something exists but omit it from the description? Do some aspects of the documentation contradict each other? It never considers the possibility that any inputs are wrong or incomplete, either through ignorance or omission.

The advent of LLMs makes everyone think they can do expert-level work in fields where they have no expertise, all because they think they are the first person to try applying an LLM to problems in that domain.

@daedalus Generally speaking, “resilience” and “recovery” are the #cybersecurity equivalent of “shift security right.” Nobody is interested in prevention any more. Only #security wonks still say “shift security left.”

Modern businesses have realised that only a fraction of the reckless risks actually materialise. So they’re picking up their plates and joining the queue at the all-you-can-eat risk buffet.

“Clean up on aisle 5” when things blow up feels cheaper to them than the opportunity cost of a risk they didn’t take. This is why I can’t be CEO.

Coming to a Snapdragon phone near you...maybe...

GrapheneOS will drop Google Pixel exclusivity with 'major' Snapdragon-powered devices coming

https://9to5google.com/2025/10/14/grapheneos-will-drop-google-pixel-exclusivity-with-major-snapdragon-powered-devices-coming/

#GrapheneOS #Google #Pixel #Android #Snapdragon #Qualcomm #Security #Privacy #Mobile #Tech

Earlier today, I thought my @1password account had been compromised, so I immediately changed the password for my account, which created a new emergency kit. A few hours later, I'm trying to log in and it's failing. For some reason, I'm still able to access my browser extension account and the password is still listed as my original password but not allowing me into my account. The new password that I created isn't working, either.

I'm now a bit frustrated, extremely stressed, and not sure what to do. When I created the new password, 1Password asked if I wanted to save it and I, of course, said, yes. Why is the password not in my account and why am I not able to access my account?

#1password #security

So, another day, another leak of 70000 people's government IDs, from Discord this time.

It seems to me that websites shouldn't be *allowed* to collect personal information unless it is absolutely necessary (an address so that they can delver a package). But we instead seem to be moving in the opposite direction with Governments around the world demanding that various websites collect ID for age verification. This is bad.

https://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/

#it #security

Wow, the damage from that Red Hat GitLab breach seems to be getting worse by the day. Jeez.

The Crimson Collective, the cybercriminal gang claiming responsibility for breaching the repo and stealing over 500GB of data, now seems to be collaborating with other cybercriminal gangs to extort Red Hat.

From the article, the cybercrim alliance:

"threatens to publish a "multi terabyte of data haul of your most sensitive intellectual property" and accuses Red Hat of failing to safeguard what it claims are trade secrets and personal data, invoking GDPR and US state privacy laws. It also reckons Red Hat's doors were kicked in on September 13 – weeks before the company came clean about the break-in."

https://www.theregister.com/2025/10/07/red_hat_breach_new_claims/?td=rt-9bp

#redhat #gitlab #news #technews #cyberattack #breach #cybersecurity #security #cybercrime #crime #extortion

OpenSSH 10.2 released https://www.undeadly.org/cgi?action=article;sid=20251010131052 #openbsd #openssh #ssh #security #networking #login #trickery #shell #tunneling

Ouch. This whole ongoing online safety thing is going well isn't it? Who could have guessed that some personal data would end up leaking? Everyone with a brain.
https://www.gamingonlinux.com/2025/10/around-70000-users-affected-in-discord-related-breach-which-includes-some-government-id-images/

#Apps #Security #Misc

Around 70,000 users affected in Discord related breach which includes some government ID images https://www.gamingonlinux.com/2025/10/around-70000-users-affected-in-discord-related-breach-which-includes-some-government-id-images/

#Discord #Security

NVIDIA reveal new driver security issues for October 2025 https://www.gamingonlinux.com/2025/10/nvidia-reveal-new-driver-security-issues-for-october-2025/

#NVIDIA #Linux #Windows #Security

We've just fought #ChatControl - now Ireland 🇮🇪 wants its own backdoor law. 🔓

But we, together with ~40 orgs, are saying no.

#NoToBackdoors 💪

Read our open letter to Ireland: 👉 https://www.globalencryption.org/2025/10/open-letter-irish-communications-interception-and-lawful-access-bill/

#backdoor #encryption #privacy #security

Alt...

REMINDER LEGISLATORS: A backdoor for the good guys only is not possible.”

#opensource #pve #proxmoxve #foss #debian #linux #apt #security #homelab

Alt...

ProxLB with upcoming new major features for Proxmox based clusters

"The violence has put local #Jewish community members in the #Seattle area on edge just days before the #Oct7 anniversary of the #Hamas-led attacks on #Israel, which triggered the ongoing war in #Gaza.

“I’m always aware, wherever I am, thinking about my #security,” Michele Bat-Or told KOMO News.

A reported rise in #antisemitism globally after Oct. 7, 2023, has left local Jewish people, like Bat-Or, feeling at risk.

“I usually wear a #Jewishstar necklace, and I changed to a different symbol,” she continued, “That feels a little bit too unsafe to wear a Jewish star around my neck.”

https://komonews.com/news/local/seattles-jewish-community-ramps-up-security-after-deadly-uk-synagogue-attack

OpenSSH 10.1 released https://www.undeadly.org/cgi?action=article;sid=20251006105328 #openbsd #openssh #ssh #security #newrelease #crypto #cryptography #securelogin #networking #freesoftware #libresoftware

🇬🇧 UK govt demands access to British Apple users' data, reigniting its privacy dispute with Apple 🔐

Apple pulled Advanced Data Protection from UK iCloud, calling the move "gravely disappointing" ⚠️

Critics warn secret orders threaten global security 🕵️

🧑‍⚖️ Legal hearing set for Jan 2026

🔗 https://www.bbc.com/news/articles/c740r0m4mzjo

#TechNews #Privacy #Apple #UK #DataRights #Encryption #CyberSecurity #Surveillance #CivilLiberties #HumanRights #TechPolicy #iCloud #DataProtection #EndToEndEncryption #Security

The lethal trifecta for #AI #agent s: private data, untrusted content, and external communication
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

#security

@ferryoons And this is the original FT article (without a paywall)

http://archive.today/2025.10.01-205427/https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265

#FinancialTimes #Privacy #Security #UKgov