@GossiTheDog assuming you have seen this : https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/
| Github | https://github.com/limp15000 |
Thomas Eklund
- 11 Followers
- 66 Following
- 78 Posts
Bbq, coffee, home assistant, lego, Private pilot, Teams technical specialist @ Microsoft
balloobSecurity is important. @homeassistant is open source which makes it easier to verify it's secure. While we pay to have security audits done, our open source nature means there is no barrier for other security teams to help find attack vectors.
The team at GitHub Security Lab spend a week last summer digging through our code and found some issues that we promptly addressed. We are grateful for their audit to help make Home Assistant more secure for everyone đ
https://github.blog/2023-11-30-securing-our-home-labs-home-assistant-code-review/
Ged MaheuxLetâs be clear about one thing: No one is âstuckâ on Twitter. If youâre still there thatâs your *choice*. Alternatives exist and some are far better than Twitter even though you may not choose to put the effort in to make it so.
Today I un-installed X from my phone, considering closing my account completely..I do miss a few people here though đą
Enjoying a nice espresso and blueberry scone at wallace espresso đ
BrianKrebsSmall scoop here: In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
From the story:
"...the researchers learned the attackers frequently grouped together victims by sending their cryptocurrencies to the same destination crypto wallet.
By identifying points of overlap in these destination addresses, the researchers were then able to track down and interview new victims. For example, the researchers said their methodology identified a recent multi-million dollar crypto heist victim as an employee at Chainalysis, a blockchain analysis firm that works closely with law enforcement agencies to help track down cybercriminals and money launderers.
Chainalysis confirmed that the employee had suffered a high-dollar cryptocurrency heist late last month, but otherwise declined to comment for this story."
Je comprends toujours pas comment on laisse faire les CFF... https://www.heidi.news/cyber/vos-applications-suisses-preferees-sont-des-aspirateurs-a-donnees-personnelles?utm_source=newsletter&utm_medium=email
Vos applications suisses préférées sont des aspirateurs à données personnelles
La Fédération romande des consommateurs (FRC) a analysé des applications suisses de la vie courante, comme celle des CFF ou de médias. En 20 minutes, prÚs de 1000 traceurs ont été repérés. Une pratique légale, mais opaque. La FRC et Heidi.news mettront prochainement en commun leur expertise sur ces questions de données personnelles et de respect de la vie privée.
Eugen RochkoThe fragmentation among friends that follows Twitterâs collapse is exactly the kind of problem that Mastodon and the social web solves for. Imagine that you donât have to pick and choose which new platform to adopt, or make and maintain a million accountsâbecause you can follow anyone regardless of which platform theyâre on. Thatâs our reality.