soc.octade.net is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Admin email
social@octade.net

Search results for tag #cybersecurity

[?]BeyondMachines :verified: Β» 🤖 🌐
@beyondmachines1@infosec.exchange

U-Boot Bootloader Flaws Allow Stealthy Pre-Boot Code Execution

Binarly researchers discovered six vulnerabilities in the U-Boot bootloader's FIT signature verification process that allow for arbitrary code execution and denial of service. These flaws affect over 50 stable releases since 2013 and can be exploited to install persistent firmware malware.

**If you run devices that use the U-Boot bootloader (servers, network gear, industrial and IoT devices, BMCs), first make sure all these devices are isolated from the internet and their management interfaces are accessible from trusted networks only. Then ask your hardware vendors for firmware updates fixing the U-Boot FIT vulnerabilities and apply them as soon as they're released. Prioritize BMCs and core network equipment.**

beyondmachines.net/event_detai

    [?]Ruben Storm Β» 🌐
    @rubenstorm@mastodon.world

    🚨 New blog post: When Privacy Tools Fight Each Other – IronFox, Mullvad DNS and Quad9

    In my latest article, I explain how I tracked down the problem, the online tools I used to verify it, why browser-level DNS can override system settings, and the simple change that solved everything.

    πŸ”— peakd.com/privacy/@rubenstorm/

    Title Image

    Alt...Title Image

      [?]Ruben Storm Β» 🌐
      @rubenstorm@defcon.social

      🚨 New blog post: When Privacy Tools Fight Each Other – IronFox, Mullvad DNS and Quad9

      I recently ran into a strange issue where websites loaded slowly and HTTPS connections randomly failed in IronFox. At first, I suspected the browser, but the real cause turned out to be a hidden DNS over HTTPS configuration that overrode my Android Private DNS settings.

      In this post, I walk through the troubleshooting process, explain how I discovered IronFox was using Mullvad DNS instead of Quad9, share the tools I used to diagnose the problem, and show the simple fix that restored normal HTTPS connectivity.

      It's a good reminder that adding more privacy layers doesn't always improve your setupβ€”understanding how they interact is just as important.

      πŸ”— peakd.com/privacy/@rubenstorm/

      Blog Title Image

      Alt...Blog Title Image

        [?]Negative PID SL Β» 🌐
        @negativepid@mastodon.social

        [?]The New Oil Β» 🤖 🌐
        @thenewoil@mastodon.thenewoil.org

        [?]The New Oil Β» 🤖 🌐
        @thenewoil@mastodon.thenewoil.org

        [?]Negative PID SL Β» 🌐
        @negativepid@mastodon.social

        [?]The New Oil Β» 🤖 🌐
        @thenewoil@mastodon.thenewoil.org

        [?]Negative PID SL Β» 🌐
        @negativepid@mastodon.social

        [?]thecybersecguru Β» 🌐
        @thecybersecguru@infosec.exchange

        Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.

        I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:

        β€’ Linkability
        β€’ Identifiability
        β€’ Non-repudiation
        β€’ Detectability
        β€’ Data disclosure
        β€’ Unawareness
        β€’ Non-compliance

        The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.

        If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.

        πŸ”— thecybersecguru.com/online-pri

          [?]thecybersecguru Β» 🌐
          @thecybersecguru@infosec.exchange

          Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.

          I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:

          β€’ Linkability
          β€’ Identifiability
          β€’ Non-repudiation
          β€’ Detectability
          β€’ Data disclosure
          β€’ Unawareness
          β€’ Non-compliance

          The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.

          If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.

          πŸ”— thecybersecguru.com/online-pri

            [?]Negative PID SL Β» 🌐
            @negativepid@mastodon.social

            [?]Conan the Sysadmin Β» 🤖 🌐
            @conansysadmin@mstdn.social

            Foolish kings decree secret entrances be built into every would-be fortress. Assassins use them and realms fall, yet no king learns. cromwell-intl.com/cybersecurit

              [?]WinterGate Intelligence CollectiveπŸ‘€ Β» 🌐
              @WinterGateIC@infosec.exchange

              πŸ” OSINTNova 2026 – WIC Investigation Report

              Date: 2026-07-11
              Status: Concluded β€” Observation Period Ongoing
              Classification: Public Intelligence
              Prepared by: WinterGate Intelligence Collective (WIC)

              ----------------------------------------------------------------

              ⚠️ COMMUNITY WARNING

              OSINTNova sells access to your personal data without your consent.

              OSINTNova is a commercial OSINT platform offering "PRO" services that allow users to look up:

              - People by name
              - Phone numbers with country codes
              - Vehicle information (VIN/license plate)
              - Discord IDs
              - Social media profiles (Instagram, Facebook, YouTube, Steam)
              - Breach data and dark web intelligence
              - Financial and crypto wallet information
              - Behavioral profiling via "Oracle"

              WARNING: Purchasing from this platform may expose your own information to criminal actors.

              THIS IS NOT OSINT. THIS IS A DATA BROKER OPERATING WITHOUT CONSENT.

              ----------------------------------------------------------------

              Executive Summary

              OSINTNova (app.osintnova.com) is a commercial OSINT platform offering intelligence-gathering tools. A direct copycat, LittleNuan, has appeared on BuiltByBit, branding itself as a "cheaper version of OSINTNova."

              Key Finding: OSINTNova aggregates and sells access to Personally Identifiable Information (PII) through its "PRO" tier, with no visible privacy policy, terms of service, or consent mechanisms.

              Status: Concluded | Risk Level: HIGH (Legal violations identified)

              ----------------------------------------------------------------

              Platform Overview – High Risk Services

              People Intelligence: Direct PII sales without consent
              Phone Intelligence: Federal crime (18 U.S.C. Β§ 1039)
              Breach Intelligence: Potentially trafficking stolen data
              Vehicle Intelligence: Location tracking without consent
              Discord Intelligence: ToS violation + PII scraping
              Oracle: Algorithmic behavioral profiling
              DorkGPT: Automated exposure of sensitive data
              Dark Web Intelligence: Commercializing illicit data access
              Crypto Wallet Analysis: Financial surveillance
              WhoAmI: Comprehensive PII aggregation

              ----------------------------------------------------------------

              LittleNuan – The Copycat

              Listed on BuiltByBit (May 3, 2026). Price: $47.88 (one-time). 0 purchases, 1 download. Explicitly says: "cheaper version of OSINTNova." Likely scam or same service rebranded. No evidence of functional platform or active user base.

              ----------------------------------------------------------------

              Alarming Questions That Must Be Asked

              1. Is LittleNuan the same service under a different name?
              2. Where does OSINTNova source its data? (Discord data is scraped, phone records are illegal)
              3. Are users unknowingly breaking the law? (CFAA, 18 U.S.C. Β§ 1039, CCPA)
              4. Why no privacy policy, ToS, or consent mechanisms?
              5. Who is behind OSINTNova? (Young domain, anonymous, low trust score)
              6. Is it an unregistered data broker?
              7. What happens to data users submit?

              ----------------------------------------------------------------

              Legal Violations (Summary)

              18 U.S.C. Β§ 1039 – Selling confidential phone records (FEDERAL CRIME)
              CCPA/CPRA – Sale of PII without consent or opt-out
              CFAA (18 U.S.C. Β§ 1030) – Unauthorized scraping of social media platforms
              FTC Act Β§ 5 – Unfair or deceptive trade practices
              California Civil Code Β§ 1724 – Unlawful sale of data obtained via crime
              Platform ToS – Discord, Meta, Google, Steam scraping violations
              GDPR – Processing EU citizen data without compliance

              Regulatory Exposure:
              - Federal Trade Commission (FTC) action possible
              - State Attorney General investigations
              - Department of Justice (DOJ) criminal exposure
              - Civil lawsuits from affected individuals
              - Platform enforcement actions

              ----------------------------------------------------------------

              Red Flags Summary

              1. PII sales without consent
              2. Phone record sales (federal crime)
              3. Breach data commercialization
              4. No privacy policy or ToS
              5. No opt-out mechanisms
              6. No data source disclosure
              7. Social media scraping (ToS violations)
              8. Algorithmic doxing
              9. Dark web data access
              10. Defensive/hostile response to questions
              11. Unregistered data broker
              12. Copycat product exists
              13. No ownership disclosure
              14. Young domain

              ----------------------------------------------------------------

              Associated User Investigation

              A user named Goofisded (guns.lol/goofisded, GitHub: Goofisded) was observed holding root and sudo roles in OSINTNova's Discord server, being defensive, dismissive, and hostile when questioned about the platform's legality, and timing out an investigator who asked legitimate legal questions.

              Assessment: Likely staff or close affiliate. Defensive behavior indicates awareness of legal exposure and inability to defend the platform.

              ----------------------------------------------------------------

              The Bigger Picture

              OSINTNova Is Not a Legitimate OSINT Tool β€” It's a Data Broker. Legitimate OSINT tools help investigators find publicly available information. OSINTNova sells access to private phone records, scraped Discord data, breach data, and behavioral profiles. This is not OSINT. This is commercialized surveillance.

              The Community Is at Risk. OSINT practitioners who use this platform may be violating platform ToS, breaking federal and state laws, exposing themselves to legal liability, and funding the commercialization of stolen data.

              The Pattern Is Clear: Create a platform that looks like an OSINT tool, aggregate PII from questionable sources, sell access to that data, offer no transparency or consent, and act defensive and hostile when questioned.

              ----------------------------------------------------------------

              What's Not Being Said

              - Is OSINTNova the same as LittleNuan? If yes, they're operating under multiple names to evade scrutiny.
              - Where does the data come from? If it's from breaches, it's stolen. If it's scraped, it's ToS violations.
              - Who owns the platform? Anonymous ownership makes accountability impossible.
              - Is this legal? Multiple federal and state laws suggest it is not.
              - Why is there no privacy policy? Because they don't want to disclose what they're doing.
              - Why are they defensive when questioned? Because they know they're operating in a gray area.

              ----------------------------------------------------------------

              Recommendations

              For Community Members:
              - DO NOT use OSINTNova for OSINT work
              - DO NOT enter personal or client information
              - DO NOT purchase services from the platform
              - REPORT suspicious activity to the FTC or state Attorney General
              - CHANGE any passwords or credentials shared with the platform

              For Regulators and Investigators:
              - Review the platform's service offerings
              - Verify the lack of privacy policy, ToS, and consent mechanisms
              - Investigate potential violations of CCPA, CFAA, and 18 U.S.C. Β§ 1039
              - Consider enforcement action
              - Warn the public

              ----------------------------------------------------------------

              Resources

              Platform: app.osintnova.com
              LittleNuan: builtbybit.com/resources/littl
              ScamAdviser: scamadviser.com/check-website/
              Associated User: guns.lol/goofisded
              FTC Report: reportfraud.ftc.gov
              California AG: oag.ca.gov/contact/consumer-co
              DOJ: justice.gov

              ----------------------------------------------------------------

              Status: Concluded | Evidence: Complete | Community Notified: Yes

              ----------------------------------------------------------------

              β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•— β–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—
              β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
              β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘
              β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β•šβ•β•β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘
              β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘
              β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β•β•β•šβ•β•β•šβ•β• β•šβ•β•β•β• β•šβ•β• β•šβ•β• β•šβ•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•β•β• β•šβ•β• β•šβ•β•

              ----------------------------------------------------------------

              WINTERGATEIC ❄️

              ----------------------------------------------------------------

                [?]DigitalEscapeTools Β» 🌐
                @xabd@mastodon.social

                Fort Firewall gives you detailed control over which Windows apps can access the network with custom rules, blocklists, bandwidth limits, and traffic statistics.

                ⚠️ Note: On Windows 10+, it currently requires disabling HVCI (Memory Integrity), so check the requirements first.

                More details: digitalescapetools.com/tools/t

                Screenshot of the Fort Firewall project page showing the app logo, release badges, a description, and the Windows interface with per-application firewall rules for allowing or blocking internet access.

                Alt...Screenshot of the Fort Firewall project page showing the app logo, release badges, a description, and the Windows interface with per-application firewall rules for allowing or blocking internet access.

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]Negative PID SL Β» 🌐
                  @negativepid@mastodon.social

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]Negative PID SL Β» 🌐
                  @negativepid@mastodon.social

                  [?]The New Oil Β» 🤖 🌐
                  @thenewoil@mastodon.thenewoil.org

                  [?]Negative PID SL Β» 🌐
                  @negativepid@mastodon.social

                  [?]Negative PID SL Β» 🌐
                  @negativepid@mastodon.social

                  [?]Pirates.BZ Tech Startup News Β» 🌐
                  @startups@social.vivaldi.net

                  Keyfactor, an Ohio-based cybersecurity company providing digital identity and machine identity management software, has raised a 1B USD private equity round led by Summit Partners, with participation from Insight Partners and Sixth Street Growth. The company helps enterprises secure certificates, encryption keys and connected devices. news.crunchbase.com/ai/biggest

                    [?]The New Oil Β» 🤖 🌐
                    @thenewoil@mastodon.thenewoil.org

                    [?]Francis Mangion (M) Β» 🌐
                    @franciswashere@mastodon.social

                    [?]The New Oil Β» 🤖 🌐
                    @thenewoil@mastodon.thenewoil.org

                    [?]The New Oil Β» 🤖 🌐
                    @thenewoil@mastodon.thenewoil.org

                    What are the worst apps β€” and how do you spot them?

                    proton.me/blog/spyware-apps

                      [?]The New Oil Β» 🤖 🌐
                      @thenewoil@mastodon.thenewoil.org

                      [?]The New Oil Β» 🤖 🌐
                      @thenewoil@mastodon.thenewoil.org

                      [?]Negative PID SL Β» 🌐
                      @negativepid@mastodon.social

                      [?]The New Oil Β» 🤖 🌐
                      @thenewoil@mastodon.thenewoil.org

                      [?]The New Oil Β» 🤖 🌐
                      @thenewoil@mastodon.thenewoil.org

                      [?]The New Oil Β» 🤖 🌐
                      @thenewoil@mastodon.thenewoil.org

                      Back to top - More...