Turn off 2G on your phone!

Fake cell towers (CSS) operating on 2G are now inexpensive. Your country no longer has any 2G towers. 2G uses plain text. A CSS forcing your phone onto 2G, a simple maneuver, has control of your phone. It's called a Stingray attack.

All your SMS messages are in plain text, so they see them. They can listen to your phone calls. If they know your email address, they can take over your email by intercepting the 2FA code. Then they can get access to your bank accounts after this.

They can also send you malicious text messages that your carrier would have discarded. This has become common. It's called SMS Blasting.

Nobody knows how many account takeovers result from CSS attacks because there's no evidence left behind. But, there must be many.

If you have Android 12 or later, turn on 2G protection (or disable 2G), whatever the wording.

If you have an iPhone, sorry. You can only use the nuclear Lockdown Mode, which may have undesirable side effects as it disables many more things.

https://solcyber.com/how-scammers-abuse-mobile-phone-interceptors-and-what-you-can-do/

#CyberSecurity

New research from our @DomainTools Investigations team:

Banker Trojan Targeting Indonesian and Vietnamese Android Users

Found while monitoring for suspicious content indicating impersonation of Google Play Store app pages, we walk through the technical and targeting specifics of this Android trojan and provide IOC domains and domain registration patterns.

#infosec #cybersecurity #threatintel

https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/

hi there #cybersecurity @cybersecurity won a verify a link for me? this was sent to spam (and I suspect it is) acting as stripe.
and it doesn't lead to a stripe domain, either.
https://celemaifrumoasecarti.ro/stp.php

This was a great, brief investigation by my colleague Julia Ibinson identifying a cluster of TV service-spoofing domains!

She did a great job starting from a hypothesis about the current threat environment and then moving from there.

#cybersecurity #infosec #threatintel

https://www.domaintools.com/resources/blog/avoiding-activation-scams-this-football-season/

"His private discord post"

My brother in christ if a corporate app or service's literal only hard security feature is that it uses SSL it simply is not private.

Assume all of your Meta, Discord, Telegram etc messages can be read in near realtime by proud boys with badges i. Trump's regime.

https://www.kenklippenstein.com/p/charlie-kirk-assassination-sparks

@kenklippenstein

#Discord #Privacy #Cybersecurity

Email: "Our tracking shows you have not been opening our newsletters... so we are going to unsubscribe you.."

Me: "NO, you nitwits, I have an ad blocker on and I'm blocking your tracking pixels..."

(Actually: was not actually signed up for any of their emails yet, valid news source I have a subscription too but hadn't gotten that far. 🤔 )

#cybersecurity

so i'm trying something a bit new with my file encryption. rather than just 1 layer, I now have 2 layers. one uses the normal AES256, and another uses PGP to encrypt. this is dubble encryption. obviously, drive also has encryption at rest, so I guess that's also triple encryption.
I now have 2 layers of my own encryption, plus Google drives layer of encryption at rest. this is client side encryption without paying high amounts of money
#encryption #cybersecurity #opsec #comsec

🚨 New research exposes "ChoiceJacking"—a USB attack that tricks smartphones into granting data access without user consent. Malicious chargers can bypass protections on Android & iOS in under 333ms! Stay safe: avoid public USB chargers. 🔒📱 #CyberSecurity #TechNews #ChoiceJacking #newz

Read more: https://cyberinsider.com/modern-smartphones-vulnerable-to-silent-choicejacking-usb-attacks/

People just don't listen…

Any suggestions for sourcing quality USB flash drives?

I keep running into flash drives that report — say — 32GB to the system but, in fact, have a capacity that is in fact far less. I'm also wary of malware from the factory issues. Thanks!

#Linux #Windows #sysadmin #cybersecurity #askfedi