Stay Private

@stayprivate@infosec.exchange
6 Followers
8 Following
86 Posts
Privacy advocate, Security enthusiast, Infosec, OSINT and other things. In general, just another nerd.
Stay PrivateSep 6, 2023

So how did the Microsoft consumer signing key end up outside the cooperation?

A long line of unfortunate events or a very well planned heist?

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center

Results of Major Technical Investigations for Storm-0558 Key Acquisition

Stay PrivateSep 6, 2023
Large amount of popular websites are leaking credentials by exposing .git directory, AWS or Github secrets.
https://www.securityweek.com/researchers-find-thousands-of-popular-websites-leaking-secrets/
Thousands of Popular Websites Leaking Secrets

Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.

SecurityWeek
Stay PrivateSep 5, 2023

Some of Asus top of the line Wi-Fi routers found vulnerable to remote execution. Look for updates to firmware as soon as possible!

https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/

ASUS routers vulnerable to critical remote code execution flaws

Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.

BleepingComputer
Stay PrivateSep 5, 2023

Another great video by Naomi Brockwell explaining why Telegram might not be what themselves wants us to believe.

https://youtu.be/rtRQKQkvUfE?si=kIWCp5yrI6VlOUKQ

Telegram Isn't As Private As You Think

YouTube
Stay PrivateSep 5, 2023

So they fined Swedish insurer Trygg-Hansa $3million because of exposing 650.000 client's details. But do the effected people ever get any compensation?

https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/?&web_view=true

Insurer fined $3M for exposing data of 650k clients for two years

The Swedish Authority for Privacy Protection (IMY) has fined Trygg-Hansa 35 million Swedish krona ($3,000,000) for exposing the sensitive data of hundreds of thousands of customers on its online portal.

BleepingComputer
Stay PrivateSep 5, 2023

Vulnerability in LG LED Assistant recently reported

https://www.cve.org/CVERecord?id=CVE-2023-4613

cve-website

Stay PrivateSep 4, 2023
VeilidNetworkSep 4, 2023

Veilid has updated to 0.2.1

Refresh your source and reinstall!

Stay PrivateSep 4, 2023
Containerizing application... Boring.
Stay PrivateAug 31, 2023

An unsecured API endpoint at DuoLingo results in a data scrape containing information about over 2.6 million users.

https://www.cpomagazine.com/cyber-security/over-2-6-million-duolingo-user-records-obtained-via-data-scraping-published-on-hacking-forum/

Over 2.6 Million Duolingo User Records Obtained via Data Scraping Published on Hacking Forum

Account information of over 2.6 million Duolingo users was obtained via data scraping of an exposed API, and recently leaked on an underground hacking forum.

CPO Magazine
Stay PrivateAug 31, 2023
Simple explanation of "dangling DNS subdomain take over"