An alle #Infosec Verantwortlichen hier, macht das bitte am Montag.

Ich empfehle, den Zugriff auf X (Twitter) zu sperren und Grok/X-Apps von verwalteten Endgeräten zu entfernen.

❗️Grund: Durch LLM-generierte sexualisierte Darstellungen von Kindern in Timelines besteht ein erhebliches strafrechtliches Risiko.
📱 App-Caching (Android/iOS) kann solche Inhalte lokal speichern – damit kann bereits strafbarer Besitz vorliegen, auch bei KI-Inhalten.

#infosec

https://swiss.social/@tobi82/115875470402791248

An alle #Infosec Verantwortlichen hier, macht das bitte am Montag.

Ich empfehle, den Zugriff auf X (Twitter) zu sperren und Grok/X-Apps von verwalteten Endgeräten zu entfernen.

❗️Grund: Durch LLM-generierte sexualisierte Darstellungen von Kindern in Timelines besteht ein erhebliches strafrechtliches Risiko.
📱 App-Caching (Android/iOS) kann solche Inhalte lokal speichern – damit kann bereits strafbarer Besitz vorliegen, auch bei KI-Inhalten.

#infosec

https://swiss.social/@tobi82/115875470402791248

Instagram API exposure leaks 17.5 million user records

A threat actor leaked 17.5 million Instagram user records on BreachForums, likely originating from a 2024 API exposure. The data includes names, emails, and phone numbers, leading to widespread password reset spam and phishing risks.

**If you have an Instagram account, activate MFA ASAP. If you receive password reset emails, go don't click on any links from the emails. Visit Instagram, reset your password and ignore further password reset emails if you yourself haven't requested a password reset.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/instagram-api-exposure-leaks-17-5-million-user-records-9-6-a-t-j/gD2P6Ple2L

Instagram API exposure leaks 17.5 million user records

A threat actor leaked 17.5 million Instagram user records on BreachForums, likely originating from a 2024 API exposure. The data includes names, emails, and phone numbers, leading to widespread password reset spam and phishing risks.

**If you have an Instagram account, activate MFA ASAP. If you receive password reset emails, go don't click on any links from the emails. Visit Instagram, reset your password and ignore further password reset emails if you yourself haven't requested a password reset.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/instagram-api-exposure-leaks-17-5-million-user-records-9-6-a-t-j/gD2P6Ple2L

Been getting asked quite a bit why we're seeing fewer IMEI-based tracking methods, such as stingrays and tower dumps, compared to before, and why there are so many new companies entering this market with arguably less direct answers.

TL;DR:
Law enforcement has shifted to Advertiser ID tracking because it's asynchronous, and doesn't require warrants.

Stingrays and geofence warrants require being at a location to identify targets and establish probable cause on a large set of individuals. Warrants for major gatherings are not easy to obtain. Advertiser IDs allow you to buy someone's entire location history going back months or years from data brokers; there is no probable cause and no judge involved. This is because the data being purchased was not gathered for law enforcement but was considered a business good or OSINT. Carpenter v. US (2018) made warrants mandatory for pulling tower data from carriers.

1/2
#privacy #surveillance #infosec #databrokers #osint

Been getting asked quite a bit why we're seeing fewer IMEI-based tracking methods, such as stingrays and tower dumps, compared to before, and why there are so many new companies entering this market with arguably less direct answers.

TL;DR:
Law enforcement has shifted to Advertiser ID tracking because it's asynchronous, and doesn't require warrants.

Stingrays and geofence warrants require being at a location to identify targets and establish probable cause on a large set of individuals. Warrants for major gatherings are not easy to obtain. Advertiser IDs allow you to buy someone's entire location history going back months or years from data brokers; there is no probable cause and no judge involved. This is because the data being purchased was not gathered for law enforcement but was considered a business good or OSINT. Carpenter v. US (2018) made warrants mandatory for pulling tower data from carriers.

1/2
#privacy #surveillance #infosec #databrokers #osint

I'm hiring an Information Security Generalist at 4DMedical. Ref: https://4dmedical.bamboohr.com/careers/115
"Generalist" means we're a small #infosec team so everyone on the team wears lots of hats.
4DMedical is headquartered in Australia, but this is a U.S. remote position. U.S. citizenship is required.
4D is small, about 145 people. We're doing great work that helps real people every day, and 4D truly cares about its staff.
Please boost. Help people in the fedi get hired!
#GetFediHired #jobPosting

I'm hiring an Information Security Generalist at 4DMedical. Ref: https://4dmedical.bamboohr.com/careers/115
"Generalist" means we're a small #infosec team so everyone on the team wears lots of hats.
4DMedical is headquartered in Australia, but this is a U.S. remote position. U.S. citizenship is required.
4D is small, about 145 people. We're doing great work that helps real people every day, and 4D truly cares about its staff.
Please boost. Help people in the fedi get hired!
#GetFediHired #jobPosting

Protesting in the U.S. can be dangerous — not only physically, but for your digital information. Here's @WIRED's guide to protecting your privacy.

https://flip.it/K.2FRD

#Protesting #USNews #USPolitics #Privacy #InfoSec

Protesting in the U.S. can be dangerous — not only physically, but for your digital information. Here's @WIRED's guide to protecting your privacy.

https://flip.it/K.2FRD

#Protesting #USNews #USPolitics #Privacy #InfoSec

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen - Golem.de

https://www.golem.de/news/dringend-mfa-aktivieren-massenhaft-daten-aus-cloud-instanzen-abgeflossen-2601-203932.html

> Betroffen sind self-hosted Instanzen von Owncloud, Nextcloud und Sharefile. Daten von 50 Organisationen stehen zum Verkauf, weil die MFA nicht aktiv war.

#InfoSec #nextcloud #owncloud

Dringend MFA aktivieren: Massenhaft Daten aus Cloud-Instanzen abgeflossen - Golem.de

https://www.golem.de/news/dringend-mfa-aktivieren-massenhaft-daten-aus-cloud-instanzen-abgeflossen-2601-203932.html

> Betroffen sind self-hosted Instanzen von Owncloud, Nextcloud und Sharefile. Daten von 50 Organisationen stehen zum Verkauf, weil die MFA nicht aktiv war.

#InfoSec #nextcloud #owncloud

No, there's no major security vulnerability in zlib.

There's a stack buffer overflow in the contrib/untgz tool. However, these tools are unsupported as described by the README.contrib file: https://github.com/madler/zlib/blob/develop/contrib/README.contrib

"
All files under this contrib directory are UNSUPPORTED. They were
provided by users of zlib and were not tested by the authors of zlib.
Use at your own risk. Please contact the authors of the contributions
for help about these, not the zlib authors. Thanks.
"

#infosec #cybersecurity

Yesterday (2026-01-07) CISA added a new entry to it's catalog of known exploited vulnerabilities. It's about CVE-2009-0556, a vulnerability in PowerPoint 2003 which is EOL since 2014.

#InfoSec is a lost cause if we keep using unmaintained software.

Yesterday (2026-01-07) CISA added a new entry to it's catalog of known exploited vulnerabilities. It's about CVE-2009-0556, a vulnerability in PowerPoint 2003 which is EOL since 2014.

#InfoSec is a lost cause if we keep using unmaintained software.

RE: https://infosec.exchange/@burritosec/115850040770342356

#Fediverse has decided Mark-of-the-web is NOT a security feature.

So can we now please drop any shitty CVE that claims not honoring it would be?
Like back then when #7Zip got shit for it...

#infosec

RE: https://infosec.exchange/@burritosec/115850040770342356

#Fediverse has decided Mark-of-the-web is NOT a security feature.

So can we now please drop any shitty CVE that claims not honoring it would be?
Like back then when #7Zip got shit for it...

#infosec

RE: https://chaos.social/@christopherkunz/115854461318711490

The inofficial #2026 #infosec #bingo card.

RE: https://chaos.social/@christopherkunz/115854461318711490

The inofficial #2026 #infosec #bingo card.