Crea un profiloAccedi

Ricerche recenti

Nessuna ricerca recente

Opzioni di ricerca

Disponibile solo dopo aver effettuato l'accesso.
mastodon.uno è uno dei tanti server Mastodon indipendenti che puoi usare per partecipare al fediverso.
Mastodon.Uno è la principale comunità mastodon italiana. Con 77.000 iscritti è il più grande nodo Mastodon italiano: anima ambientalista a supporto della privacy e del mondo Open Source.

Amministrato da:

Statistiche del server:

6,3K
utenti attivi

mastodon.uno: InfoStatoCartella dei profiliPolitica sulla privacy

Mastodon: InfoScarica l'appScorciatoie da tastieraVisualizza il codice sorgentev4.3.7

Pubblico
Brian Greenberg

⚠️ Genetic privacy alert: 23andMe’s bankruptcy puts your DNA data at risk 🔬📉

With user data now part of potential asset sales, EFF is urging all customers to act now:

🧬 Download your data — store it securely for personal use
🗑️ Delete your account + data — this includes reports, raw data, and family tree connections
❌ Revoke research consent — and explicitly request sample destruction

Why it matters:
• DNA reveals more than identity — it exposes health, ancestry, and family connections
• The data doesn’t just belong to you — it can implicate relatives who never opted in
• A new owner might not respect your privacy

Take control now. Your genes deserve better security than a bankruptcy fire sale.

#Privacy #DNA #DataRights #CyberSecurity #23andMe #DigitalRisk #security #privacy #cloud #infosec

eff.org/deeplinks/2025/03/how-

Electronic Frontier Foundation · How to Delete Your 23andMe DataThis week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you don't want your data included in any potential sale, it’s a good time to ask the company to delete it.
Pubblico
Miguel Afonso Caetano

"Inherent security flaws are raising questions about the safety of AI systems built on the Model Context Protocol (MCP).

Developed by Anthropic, MCP is an open source specification for connecting large language model-based AI agents with external data sources — called MCP servers.

As the first proposed industry standard for agent-to-API communication, interest in MCP has surged in recent months, leading to an explosion in MCP servers.

In recent weeks, developers have sounded the alarm that MCP lacks default authentication and isn’t secure out of the box — some say it’s a security nightmare.

Recent research from Invariant Labs shows that MCP servers are vulnerable to tool poisoning attacks, in which untrusted servers embed hidden instructions in tool descriptions.

Anthropic, OpenAI, Cursor, Zapier, and other MCP clients are susceptible to this type of attack..."

thenewstack.io/building-with-m

The New Stack · Building With MCP? Mind the Security GapsA recent exploit raises concerns about the Model Context Protocol, AI's new integration layer.
#AI#GenerativeAI#AIAgents
Pubblico
Efani

Security by design isn’t a tagline for Microsoft anymore — it’s part of employee performance reviews.

In its latest Secure Future Initiative (SFI) Progress Report, Microsoft shared updates on its internal transformation to embed security across engineering, identity, operations, and culture. This follows heavy criticism from the U.S. Cyber Safety Review Board (CSRB) after a series of breaches in 2023 and 2024 — including the Storm-0558 and Midnight Blizzard incidents.

Key takeaways from the report:
- Every Microsoft employee now has a “Security Core Priority” tracked in annual performance reviews
- Over 34,000 engineers have worked full-time on SFI-related security tasks over the past 11 months
- 92% of employee productivity accounts now use phishing-resistant MFA
- 90% of identity tokens from Entra ID are validated by a unified SDK
- All 14 Deputy CISOs completed risk inventories across their respective products or functions

Microsoft also released a new Secure by Design UX Toolkit, rolled out internally to 22,000 employees and made publicly available to help teams prevent user-targeted attacks through clearer, more secure interfaces.

The company says five of its 28 SFI objectives are near completion, with meaningful progress made on 11 others.

SFI was launched in late 2023 with three foundational principles:
- Secure by design
- Secure by default
- Secure operations

The push came after the CSRB called Microsoft’s security culture “inadequate” — especially after the July 2023 Chinese nation-state breach, where a stolen MSA signing key allowed attackers to access U.S. government email accounts. Since then, Microsoft has pledged to rebuild trust from the inside out, starting with its own development and operational teams.

But critics remain skeptical. Security researchers have called out Microsoft for inconsistent communication, patch quality, and vulnerability handling. Some argue the company’s day-to-day security execution has worsened despite its strategic goals.

Still, others believe the cultural shift is real — even if results will take years to materialize.

At @Efani, we believe transparency and measurable change matter more than slogans. Security culture starts with leadership but lives in how every product is designed, monitored, and updated. Microsoft’s progress is a reminder that no company is immune from its own architecture.

#CyberSecurity#ZeroTrust#CloudSecurity
Pubblico
Miguel Afonso Caetano

"The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.

"It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them," Neumann said.

Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.

The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related."

politico.eu/article/european-p

POLITICO · European Parliament’s Iran delegation chair victim of Tehran-linked hackingDi Antoaneta Roussi
#EU#Germany#Iran
Pubblico
0x40k

Whoa, folks, it's wild how quickly exploits are hitting the streets these days. 😳

Seriously, a recent VulnCheck report confirms that CVEs are getting weaponized *way* faster than before. It looks like Content Management Systems (CMS) and network gear are becoming prime targets, and open-source projects aren't escaping the heat either. Keep an extra close eye on systems from Microsoft, VMware, CyberPower, and TOTOLINK – they seem to be particularly in the crosshairs right now!

So, what's the takeaway? You absolutely *have* to stay on top of patching. Automated scans? Sure, they're a decent starting point, but honestly, proper penetration testing isn't just nice-to-have anymore, it's essential. That old phrase "Trust but Verify"? Yeah, it rings truer than ever in cybersecurity today.

Let's talk reality: what are your biggest headaches when it comes to patch management? 🤔 Drop your thoughts below!

#Pentesting#VulnerabilityManagement#ZeroDay
Pubblico
0x40k

Whoa, hold up! 🤯 There's a new Linux rootkit dubbed "Curing" out in the wild, and it's got a nasty trick: leveraging `io_uring` to slip right past traditional security tools. Why? Because most of those tools are laser-focused on system calls... which `io_uring` can bypass.

So, what's the deal with `io_uring`? Picture an application chatting directly with the kernel, essentially skipping the front desk where system calls usually check-in. "Curing" exploits this direct line for its command-and-control communication, leaving *none* of the usual suspicious system call footprints. Talk about stealth mode! And heads up – Google has actually been warning about the potential risks here for some time.

Speaking from a pentester's perspective, this is yet another stark reminder: just relying on "basic" security isn't going to cut it. We really need to dive deeper, get our hands dirty with kernel-level analysis and understanding. Let's be clear: running automated scans is *not* the same as a thorough penetration test!

What about you? Are you utilizing `io_uring` in your environment? What kind of security measures have you put in place around it? Seriously curious – how do you see kernel security evolving from here? Let's discuss! 👇

#Cybersecurity#Linux#Rootkit
EsploraFeed dal vivo
Info
404Not Found