350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Four vulnerabilities in a popular Bluetooth implementation can be chained together to enable remote code execution (RCE) in untold millions of vehicles and miscellaneous devices.

#bluetooth #BlueSDK #PerfektBlue #automotive #auto #cars #security #cybersecurity #hackers #hacking

https://www.darkreading.com/vulnerabilities-threats/350m-cars-1b-devices-1-click-bluetooth-rce

Fellow network nerds, at EuroBSDcon 2025 in Zagreb, there will be a Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ session, a full day tutorial starting at 2025-09-25 10:30 CET. You can register for the conference and tutorial by following the links from the conference Registration and Prices https://2025.eurobsdcon.org/registration.html page. #openbsd #freebsd #networking #security #eurobsdcon #conference #pf #packetfilter #freesoftware #libresoftware #zagreb

Happy "Logging in as users -, [ and $ day" to all who celebrate:

Jul 19 02:02:12 portal sshd-session[88959]: Failed password for invalid user - from 152.42.130.79 port 33738 ssh2
Jul 19 03:00:14 portal sshd-session[79691]: Failed password for invalid user [ from 152.42.130.79 port 41708 ssh2
Jul 19 03:58:56 portal sshd-session[6194]: Failed password for invalid user $ from 152.42.130.79 port 55398 ssh2

#ssh #passwordgroping #security #passwords #cybercrime #botnet

Make our voice heard at the Apple encryption hearing!

On the sly, the UK government tried to force a backdoor into the firewall that protects your privacy. We made the hearing public.

Now we need to win in court ✊

Donate now to fund legal representation ⬇️

https://action.openrightsgroup.org/make-our-voice-heard-apple%E2%80%99s-encryption-hearing

#e2ee #apple #encryption #privacy #cybersecurity #ukpolitics #ukpol #crowdfunder #surveillance #security

When Root Meets Immutable: OpenBSD chflags vs. Log Tampering https://www.undeadly.org/cgi?action=article;sid=20250718072438 #openbsd #immutable #chflags #logs #logtampering #security #hacking

For those who have InfoSec, privacy, security, and/or related technology expertise…

Would you use Bitchat?

(Feel free to elaborate in the comments and/or boost if you’d like to see the opinion of others.)

#Bitchat #JackDorsey #InfoSec #Privacy #Security #Technology #OSS #Encryption

Font caching no longer runs as root https://www.undeadly.org/cgi?action=article;sid=20250717061920 #openbsd #security #fonts #caching #privilegedrop #fontcache

Oh, my goodness. I boosted @Em0nM4stodon’s post about this earlier. But I need to share it with some intention.

This piece she wrote on Mastodon privacy/security is intense. It’s long. SO much information. Read it anyway. Seriously.

And if y’all don’t follow Em, do yourself a solid and get on that. She’s smart af about InfoSec/privacy/security. And super friendly.

https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/

#Fediverse #Mastodon #MastoTips #Privacy #InfoSec #Security #TheFutureIsFederated

Interesting read…

𝙂𝙤𝙤𝙜𝙡𝙚 𝙞𝙨 𝙩𝙧𝙖𝙘𝙠𝙞𝙣𝙜 𝙮𝙤𝙪 (𝙚𝙫𝙚𝙣 𝙬𝙝𝙚𝙣 𝙮𝙤𝙪 𝙪𝙨𝙚 𝘿𝙪𝙘𝙠𝘿𝙪𝙘𝙠𝙂𝙤)

https://www.simpleanalytics.com/blog/google-is-tracking-you-even-when-you-use-duck-duck-go

#google #tracking #privacy #InfoSec #security #tech #technology #BigTech #BigBrother

New Privacy Guides article 🔒
by me:

While most social media rely on commercial models harvesting users' data to sell to advertisers,

Mastodon offers a human-centric alternative that doesn't seek profits from your data and attention.

This means better social connections, better controls, and better privacy!

The first part of this article discusses privacy and security on Mastodon.

The second part is a tutorial to guide you in making the most of Mastodon's security and privacy related features.

This tutorial includes how to:

• Enable multifactor authentication 🔑🔑

• Adjust privacy vs discovery 👀

• Select post visibility and access

• Verify yourself

• Delete and back up your data

• Block users and instances ⛔

• Opt out with hashtags #️⃣

• Move from one instance to another 🚀

I hope this helps you making the most of what Mastodon has to offers!

https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/

#PrivacyGuides #Mastodon #Fediverse #Privacy #Security #Tutorial #TheFutureIsFederated #TinyMastodonTip

@ispreview #censorship not #security

#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?

"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."

"China go brrr"

At least it's not dry

https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f?gi=a1ac3499734e

#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report

Alt...

Opera Winfrey meme with the text "You get an incident, everybody gets a citrix netscaler incident"

GrapheneOS just dropped stable Android 16 support for Pixel devices! 🚀🔒 Despite new hurdles from Google, the team’s update includes the TapTrap vulnerability fix and under-the-hood improvements. No flashy features, all about security! #GrapheneOS #Android16 #Pixel #privacy #security

🔗 https://www.heise.de/en/news/GrapheneOS-releases-Android-16-in-the-stable-channel-10484215.html

Shortlink: https://heise.de/-10484215

As much as #Trump seems to want credit for helping to end the war, he is also clear that he doesn’t want to be blamed for the outcome [of course]. “I do want to make one statement again,” he said. “I said it before. This is not Trump’s war.”

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security

It looks like #Russia was expecting an even tougher announcement by #Trump. The main Moscow stock index jumped more than 2.5% after Trump’s announcement. Konstantin Kosachev, a senior lawmaker, said on social media that Trump could change his mind again in the next 50 days (& probably will): “If this is all Trump had to say about Ukraine today, then for now, it’s all just hot air.”

#geopolitics #TrumpIsWeak #PutinsPuppet #Ukraine #Europe #Security

“There are not Americans dying,” #Trump said, noting he & #JDVance had “a problem” with #US involvement, though he never finished the thought. Trump acknowledged that the #UnitedStates wanted “a strong Europe.” He never said, however, whether he shared the Europeans’ concern that #Putin would not stop at #Ukraine & could broaden his push into #Europe.

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Security

“My conversations with him are very pleasant, & then the missiles go off at night,” #Trump said of #Putin. Clearly sensitive about his turnaround, Trump added of Putin: “He fooled Clinton, Bush, Obama, Biden — he didn’t fool me.”
[invert that last statement for the truth]

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security

#Putin is convinced he has the battlefield momentum & has been prepared for #Trump to lose his patience, NYT reported last week. For all of Trump’s Russia-friendly rhetoric earlier this year, he refused to make the major concessions that Putin wanted, such as pushing Ukraine to give up more territory & limit the future size of its military.

#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security

https://www.nytimes.com/2025/07/09/world/europe/russia-ukraine-putin-trump.html?smid=nytcore-ios-share&referringSource=articleShare

Just published another part of our long running series on #Kubernetes #Security fundamentals. This time looking at how Kubernetes cluster's use PKI. I know when I started the idea that every cluster had three different certificate authorities came as a bit of a surprise!

https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-7/

I'm still on some commercial platforms, but I've given up on X, Facebook, and WhatsApp. Sometimes I wish I could have made different choices when I started my online journey in the 90s, and not have my full name and details out there to some extent. I'm in too deep. There's some safety in knowing certain things - security-wise, to protect myself. But it's horrifying to think about people who don't take those precautions. Many are just prey for the black and gray hats.

I often choose not to post about these things on commercial social media because it's seen as fearmongering and insensitive. I wish I could warn everyone, but most do not care until something bad happens.

#Privacy #Security

This unusual T-shaped keyhole (left) is part of an Odell's nightlatch. It's at the entrance to an 1850s tenement on Kelvingrove Street and is only the second I've found in the wild in Glasgow.

Cont./

#glasgow #odellnightlatch #glasgowhistory #lock #dullmensclub #security #tenement #scotland #glasgowtenemenets

Alt...

The unusual t-shaped keyhole for an Odell's nightlatch, with an example of the internal workings of such a latch and one of its keys.

If you still think that #Apple cares for the #privacy of its paying customers:

Apple Gave #Governments Data on Thousands of Push #Notifications
https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/

With companies like that, you're the product although you pay premium money.

#iOS #iPhone #security

Perusing a paper paper for once I saw this advert for WhatsApp.

No I can believe the content of your message can not be read, but by using it, your address book is theirs, your messages sent/received are logged and you will be tracked wherever you are - and whatever you are buying.

That’s what they really want.

Go #Signal - it makes sense

#whatsApp #privacy #security #hiddenThreats #meta

Alt...

Advert for WharsApp, woman’s face, hidden message, text reads No one, not even WhatsApp, can see or hear your personal messages. WhatsApp from CO Meta

Well, great. Now @bitwarden is going to ad AI bullshit to their services. I left Bitwarden a few months back for different reasons but I'm kind of glad that I did. I switched to @1password@1password.social. If they add AI to their services (are they already?), I'm just going to call it quits on all of them and just move completely to @keepassxc@fosstodon.org. I can simply just host my own with Keepassxc and not have to worry about any AI crap. I'm using Keepassxc now but not for everything. That might change in the very near future.

https://nerds.xyz/2025/07/bitwarden-mcp-server-secure-ai/

#passwordmanager #privacy #security

Yes, The Book of PF, 4th Edition Is Coming Soon https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html

Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder https://nostarch.com/book-of-pf-4th-edition #openbsd #pf #packetfilter #freebsd #networking #security #tcpip #ipv6 #ipv4 #bookofpf

Belgium is unsafe for CVD (coordinated vulnerability disclosure)
https://floort.net/posts/belgium-unsafe-for-cvd/

#CVD #security #coordinated #vulnerability #disclosure #Belgium

If you have a #Brother #printer, take a quick #security break, so your printer doesn’t get commandeered into a botnet! 🖨️💪

1. Check if your printer model is on this list and has updated firmware available:

https://support.brother.com/g/s/id/security/CVE-2017-9765.pdf

2. If new firmware is available, download the appropriate updater here:

https://support.brother.com/g/b/midlink_os.aspx?c=us&lang=en&prod=group2&site=pc&type2=4&orgc=us&orglang=en&orgprod=group2&targetpage=18

3. Story for context:

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

AMD CPU Transient Scheduler Attacks security flaw revealed https://www.gamingonlinux.com/2025/07/amd-cpu-transient-scheduler-attacks-security-flaw-revealed/

#AMD #PCGaming #Security #Gaming #CPUs

The Node.js Project just pre-announced security updates, to be released next week, on Tuesday, July 15th;

"The 24.x release line of Node.js is vulnerable to 2 high severity issues. The 22.x release line of Node.js is vulnerable to 1 high severity issues. The 20.x release line of Node.js is vulnerable to 1 high severity issues."

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

#Security

Great news! #HPE networking equipment is now secure!

"Combination accelerates HPE’s strategic vision with a full, secure networking IP stack"

https://www.hpe.com/us/en/newsroom/press-release/2025/07/hewlett-packard-enterprise-closes-acquisition-of-juniper-networks-to-offer-industry-leading-comprehensive-cloud-native-ai-driven-portfolio.html

#security #Juniper #MarketingBullshit #Consolidation

The most recent report, issued in 2023, included an interactive atlas that zoomed down to the county level. It found that #ClimateChange is affecting people’s #security, #health & livelihoods in every corner of the country in different ways, with minority & Native American communities often disproportionately at risk.

#law #EnvironmentalLaw #Climate #ClimateCrisis #PublicHealth #WeatherPreparedness #Trump #USpol

What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀

#Security #MFA #2FA #Authenticator

Indiana University silent on major security breach while dozens of services are down for weeks.

https://www.ipm.org/news/2025-07-04/administrator-says-iu-will-never-explain-it-security-breach-publicly?fbclid=IwY2xjawLVRjFleHRuA2FlbQIxMQABHkfpe_KACeX4r2kR7sWjWSMdr6ASrFltBVcS4xXAaIAtUBLiUuG7g8KXBR83_aem_tMrMLsvOTvB3sMFPwNz8qg

#iu #indiana #cybersecurity #security #infosec

Internet traffic, visualized with a opensource app which comfortably monitor your Internet traffic. It is a cross-platform and reliable app for your needs https://github.com/GyulyVGC/sniffnet

#opensource #security

Alt...

A screenshot of sniffnet Application to comfortably monitor your Internet traffic.

"Censys has made a list of some of the ICS products commonly targeted by Iranian hackers and scanned the internet to determine how widespread they are and whether their owners and operators have taken steps to secure them in recent months."

https://www.securityweek.com/iranian-hackers-preferred-ics-targets-left-open-amid-fresh-us-attack-warning/

https://censys.com/blog/ics-iran-exposure-of-previously-targeted-devices

#security #ics

Alt...

Table depicting exposure of four different device types known to be of interest or targeted by Iranian actors, including Unitronics, Orpak SiteOmat, Red Lion, and Tridium Niagara. During the 6 month period from January through June 2025, Orpak SiteOmat is the only software that saw a decrease in exposures, dropping from 158 in January to 123 in June.

#NixOS 24.11 is now officially unmaintained and will not receive bugfixes and #security updates any more.

Time to #upgrade to nixos-25.05 if you haven't yet.

https://github.com/NixOS/infra/pull/761