When Your Office Scanner Is Framed for Phishing

When Your Office Scanner Is Framed for Phishing

The phishing campaign attempts to leverage the 'scan to email' functionality of modern office document-handling equipment as the bait text to lure users into opening an attachment which contains a credential-harvesting phishing page.

GitHub - ddz/whatsapp-media-decrypt: Decrypt WhatsApp encrypted media files

GitHub - ddz/whatsapp-media-decrypt: Decrypt WhatsApp encrypted media files

A recent high-profile forensic investigation reported that “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file] to determine if it contained any malicious code in addition to the delivered video.”.

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75.Observant Firefox users on Windows who have updated the web browser to Firefox 75 may have noticed that the upgrade brought along with it a new scheduled tasks.

Browse the Telemetry that Firefox collects

Browse the Telemetry that Firefox collects

The Mozilla Firefox web browser, like the majority of browsers available today, collects Telemetry data which Mozilla introduced in Firefox 7 in 2011,.Firefox collects only "non-personal information" such as "performance, hardware, usage, and customizations" according to Mozilla.

The Secret History of Facial Recognition

The Secret History of Facial Recognition

When his son Lance arrived at the house in Austin, Texas, that morning in early 1995, Woody immediately began to issue instructions in dry-erase ink.When Lance got back, Woody motioned to two large file cabinets inside the garage.

IWantClips Admits Performer Data Breach

IWantClips Admits Performer Data Breach

In this isolated incident, there was a minor inadvertent data release that affected a very small number of our artists (483 United States based artists out of our community of more than 30,000 artists) who had previously received a 1099 from us in the year 2017.

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

This release includes an improved solution, which addresses the issue on a broader scope, avoiding this to reoccur in other areas of the code in the future.

Please Mozilla, don't touch the user.js functionality in Firefox

Please Mozilla, don't touch the user.js functionality in Firefox

One of the main advantages over Firefox's preferences file is that it has priority and that it is a user-owned file that is left untouched when Mozilla makes changes to the browser.

In the face of password breaches, we are equal

In the face of password breaches, we are equal

I decided to survey the managers of the 11 most valuable companies in Finland and checked if I could easily find information about data breaches that they were involved in.After gathering the emails, I need to check if they were involved in public data breaches including leaked passwords.

Facebook Scraping, Still a Privacy Disaster

Facebook Scraping, Still a Privacy Disaster

If someone were to scrape a list of people who belong to a particular Facebook group, or who like a certain page, they could easily upload their profile URLs to a PSE.

Barr DOJ Argues TSA Screeners Can Never Be Sued for Checkpoint Abuse

Barr DOJ Argues TSA Screeners Can Never Be Sued for Checkpoint Abuse

But earlier this week, in the case of grandmother Rhonda Mengert who was strip searched by TSA without suspicion and in blatant violation of TSA policy, the TSA added it all up and argued that because of all of these immunities, there actually doesn’t need to be a way to sue screeners for checkpoint abuse, no matter how egregious, at all.

$5B class action lawsuit accusing Apple of selling customer data is thrown out

$5B class action lawsuit accusing Apple of selling customer data is thrown out

A $5B class action lawsuit that accused Apple of selling customer data has been rejected for the second and final time.Patently Apple reports that the lawsuit, filed in May, alleged that Apple sold customer-identifying data relating to iTunes purchases.

(Update: Instagram statement) Shady app lets stalkers view private Instagram accounts in exchange for their own data

(Update: Instagram statement) Shady app lets stalkers view private Instagram accounts in exchange for their own data

The catch is that you have to invite at least one other person to the service to be able to view private profiles, which is how the app manages to constantly increase its pool of available content — if any of its users happen to follow a private profile, it just farms that account's content.

Introducing Private.sh: A search engine that cryptographically protects your privacy

Introducing Private.sh: A search engine that cryptographically protects your privacy

With non-private search engines, being able to identify you – the searcher – and tie your search terms to your user profile while targeting advertising at you is all an essential part of the business model.

Google will make file manager devs submit a form to get broad file storage access in Android 11

Google will make file manager devs submit a form to get broad file storage access in Android 11

This means that file managers will have to ask Google for permission to access the external storage, much like how apps requesting SMS/Call Log permissions have to ask Google.

Dnsmasq-based DNS blocking

Dnsmasq-based DNS blocking

3600 IN A 104.198.14.52 ;; Query time: 155 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 11 18:47:14 GMT 2019 ;; MSG SIZE rcvd: 56) And successfully blocks the cancer that is Google!.

Why a social credit system is so scary.

Why a social credit system is so scary.

This virtual profile of yours will lead to real-life consequences: You might not get the loan you need to buy a home because of a bad social credit.

New version of OnionShare makes it easy for anyone to publish anonymous, uncensorable websites

New version of OnionShare makes it easy for anyone to publish anonymous, uncensorable websites

It worked like this: OnionShare zips up the files, starts a local web server on your computer with a link to this zip file, makes this website accessible as a Tor onion service, and shows you the URL of the web server.

Pair Locking your iPhone with Configurator 2

Pair Locking your iPhone with Configurator 2

This gave me a chance to re-run the steps required to pair lock the device, a process which prevents law enforcement from using forensics tools against your phone, and the result of which is this blog post.

Facebook launches dating service in United States

Facebook launches dating service in United States

Fidji Simo, who recently took over leadership of the core Facebook app, said at the company’s annual F8 developer conference in May that the service was expanding into 14 new countries in Asia and Latin America and would be available in the United States by the end of the year.

Facebook learned about Cambridge Analytica as early as September 2015, new documents show

Facebook learned about Cambridge Analytica as early as September 2015, new documents show

Facebook said the scraping of public profiles is distinct from the data Cambridge Analytica reportedly used from users' friends who did not consent to sharing their data.Still, the documents show that Facebook was aware of potential policy violations by Cambridge Analytica as early as September 2015.

Top tip: Don't upload your confidential biz files to free malware-scanning websites – everything is public

Top tip: Don't upload your confidential biz files to free malware-scanning websites – everything is public

By passively observing three such services over the course of three days earlier this month, Cylab hackers were able to collect more than 200 documents, mostly things like purchase orders and invoices.

N.Y.P.D. Detectives Gave a Boy, 12, a Soda. He Landed in a DNA Database.

N.Y.P.D. Detectives Gave a Boy, 12, a Soda. He Landed in a DNA Database.

The New York Police Department has taken DNA samples from people convicted of crimes, as well as from people who are only arrested or sometimes simply questioned.

Google Chrome Incognito Mode Can Still Be Detected by These Methods

Google Chrome Incognito Mode Can Still Be Detected by These Methods

When Google made it so that Incognito mode uses a temporary filesystem using the computer's RAM, it opened up a new method of detecting it based on the amount of storage set aside for the internal filesystem used by the browser.

Group dating app 3Fun exposed sensitive data on 1.5 million users

Group dating app 3Fun exposed sensitive data on 1.5 million users

More than 1.5 million users of a group dating service had their personal data exposed — including their real-time location — because of a vulnerability in the app.

Instagram ad partner secretly sucked up and tracked millions of users’ locations and stories

Instagram ad partner secretly sucked up and tracked millions of users’ locations and stories

Hyp3r, an apparently trusted marketing partner of and Instagram, has been secretly collecting and storing location and other data on millions of users, against the policies of the social networks, Business Insider reported today.

How to stop Apple from listening to your Siri recordings

How to stop Apple from listening to your Siri recordings

On your iPhone or iPad, head to GitHub to download the “Prevent server-side logging of Siri commands.mobileconfig” Swith to the Raw view, tap Allow to download the profile Complete the profile installation in Settings by reviewing it and tapping Install Kaiser is also encouraging users to let Apple know if they want a more transparent option in Setting to turn off server-side Siri response logging.

GitHub - jankais3r/Siri-NoLoggingPLS: Configuration profile disabling server-side logging of Siri requests for your Mac, iPhone and iPad

GitHub - jankais3r/Siri-NoLoggingPLS: Configuration profile disabling server-side logging of Siri requests for your Mac, iPhone and iPad

Configuration profile disabling server-side logging of Siri requests for your Mac, iPhone and iPad. 4 commits 1 branch 0 releases 1 contributor MIT Branch: master. Configuration profile disabling server-side logging of Siri requests for your Mac, iPhone and iPad. Installation steps: Open the.

Equifax Data Breach Settlement

Equifax Data Breach Settlement

In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. If your information was exposed in the data breach , you can file a claim at for the benefits described below.

ALA urges LinkedIn Learning to reconsider changes to terms of service that impair library users’ privacy rights

ALA urges LinkedIn Learning to reconsider changes to terms of service that impair library users’ privacy rights

“The requirement for users of LinkedIn Learning to disclose personally identifiable information is completely contrary to ALA policies addressing library users’ privacy, and it may violate some states’ library confidentiality laws,” said ALA President Wanda Kay Brown.