Privatnost i sigurnost podataka i korisnika

[Neo-ST]

Prigodan video...

[The Exiled]

I ja ću se prigodno nadovezati s rješenjem za buduće AWS DNS probleme.

[kopija]

Citiraj:

Autor kopija

Another day, another conspiracy theory.

Ispravka netočnog navoda, ovaj put upučena samom sebi.


Isprike kolegi McG-ju za klevetu, olakotna okolnost mi je da sam lak na okidaču ovih dana od količine ludila i gluposti koje vidim oko sebe.


Uvijek me uspiju iznenaditi pa me obuzme tuga koja prijeđe u bijes.
Jer je lakše biti bijesan nego tužan.

[tomek@vz]

TLDR o sigurnosti u 10 jednostavnih pitanja:

Citiraj:

Worried about hackers, viruses, and fraud? Ask yourself these 10 questions
New attacks, new security technologies, new questions: In this article, we provide answers to current problems in PC and internet security.

> PcWorld

Nije najbolje sto postoji ali dobro stivo za pocetnike i one malo iznad.

[medo]

https://learn.microsoft.com/en-us/se...ws-of-security

[kopija]

Citiraj:

Autor medo

https://learn.microsoft.com/en-us/se...ws-of-security

Standard User Account riješava većinu navedenih problema.
Al to koristim samo ja i još petorica pacijenata

[Ivo_Strojnica]

je, ali je topčić.
A imaš lipo admin account, sa njime instaliraš sve šta ti treba, bitno je samo da nije po defaultu logiran, puno se toga riješi.

[medo]

Ima pacijenata poput mene koji imaju korporativni firewall doma. To je teški overkill ali kad vidiš koliko toga filtrira bez puno efforta…

DLP iliti Data Leak Prevention u kombinaciji s UTM-om je jaka stvar.

[Ivo_Strojnica]

uf bome, svaka čast.
ja imam na routeru firewall složen, radi sasvim lijepo.
Koje benefite di donosi korporativni firewall naspram consumer based?

[Neo-ST]

Šta reći na ovo osim LOL.

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright

[mkey]

Citiraj:

Autor Ivo_Strojnica

uf bome, svaka čast.
ja imam na routeru firewall složen, radi sasvim lijepo.
Koje benefite di donosi korporativni firewall naspram consumer based?

Vjerujem da može mirno spavati što se tiče masivnih DDoS napada

Citiraj:

Autor Neo-ST

Šta reći na ovo osim LOL.

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright

Bila je tona primjera: ljudi koji ne mogu ući u auto, ljudi koji ne mogu izaći iz kuće... i drugi raznovrsni idioti.

[Neo-ST]

Citiraj:

Autor Ivo_Strojnica

Koje benefite di donosi korporativni firewall naspram consumer based?

Pornjava je blokirana by default ruleset

Citiraj:

Autor mkey

Bila je tona primjera: ljudi koji ne mogu ući u auto, ljudi koji ne mogu izaći iz kuće... i drugi raznovrsni idioti.

Na šta će ova civilizacija ličiti za 10-20 godina...majko mila.

[mkey]

Spominjalo se dosta puta, pogledaj film idiokracija. Taj uradak je u biti reverzna vremenska kapsula, poslali unatrag da nas upozore ali mi, eto, svejedno idemo all in.

[Neo-ST]

Citiraj:

Autor mkey

Spominjalo se dosta puta, pogledaj film idiokracija. Taj uradak je u biti reverzna vremenska kapsula, poslali unatrag da nas upozore ali mi, eto, svejedno idemo all in.

Pogledaj opet moj username i avatar pa se upitaj, misliš li da mi je promakao ijedan od takvih i sličnih uradaka? 😁

[kopija]

Citiraj:

Autor Ivo_Strojnica

uf bome, svaka čast.
ja imam na routeru firewall složen, radi sasvim lijepo.
Koje benefite di donosi korporativni firewall naspram consumer based?

To i mene zanima.
Ja znam da imam dva firewalla, OS i ruter. Godinama neuspješno pokušavam naći rupu u njima s ShieldsUp! testom.
Pretpostavljam da bi pokleknuli pod ionskim DDoS napadom iz niske orbite?


A što se tiče dokumentaraca, ovaj je isto bio dobar.
Budućnost ljudi i Windows operativnog sustava.

[tomek@vz]

Citiraj:

In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).

> LinuxJournal

Citiraj:

The Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls.
The attack represents a significant tactical evolution in ransomware deployment strategies. Threat actors utilized WinSCP for secure file transfer to move Linux ransomware binaries onto Windows machines, then leveraged Splashtop Remote management software to execute the cross-platform payload directly on Windows systems.
Trend Micro Research uncovered this advanced attack campaign that specifically targets VMware infrastructure and backup systems, combining legitimate remote management tools with bring-your-own-vulnerable-driver (BYOVD) techniques to evade detection and encrypt hybrid enterprise environments.

> gbhackers

[medo]

Citiraj:

Autor Ivo_Strojnica

uf bome, svaka čast.
ja imam na routeru firewall složen, radi sasvim lijepo.
Koje benefite di donosi korporativni firewall naspram consumer based?

Performance per watt. Radi preko 1Gbps SSL/TLS inspectiona s manje od 10W snage.

Drugi još veći benefit je profesionalni antivirus, c&c botnet block, DNS filter… URL/adblocker radi jako efikasno a ništa ne strga. I sve se ažurira nekoliko puta dnevno, nekada i 2-3x u sat vremena.

I još puno toga… Split tunnel 2FA VPN npr…

[spawn]

Indirektno vezano za privatnost podataka, ima li istine u ovome ili je fakenews

https://youtu.be/8uEqk2p9MZU?si=fPiiT4H2Y1RvjeAF

[tomek@vz]

Citiraj:

Autor spawn

Indirektno vezano za privatnost podataka, ima li istine u ovome ili je fakenews

https://youtu.be/8uEqk2p9MZU?si=fPiiT4H2Y1RvjeAF

Da...ali da citiram:

Citiraj:

To be fair, if you're at the point where someone wants to take your phone from you so they can take it apart and has the equipment and knowledge to pull the data from it, and balls to use it illegally .... you're already fucked in life.

[Bono]

Citiraj:

Autor medo

Performance per watt. Radi preko 1Gbps SSL/TLS inspectiona s manje od 10W snage.

Drugi još veći benefit je profesionalni antivirus, c&c botnet block, DNS filter… URL/adblocker radi jako efikasno a ništa ne strga. I sve se ažurira nekoliko puta dnevno, nekada i 2-3x u sat vremena.

I još puno toga… Split tunnel 2FA VPN npr…

Koji model fortija vrtis doma? 😀

Sent from my SM-S931B using Tapatalk

[tomek@vz]

Auch...

Citiraj:

Hackers have been spreading malware through more than 3,000 YouTube videos advertising cracked software and game hacks, cybersecurity firm Check Point warned this week. The campaign, active since at least 2021, tripled its video production in 2025. The videos promoted free versions of Adobe Photoshop, FL Studio, Microsoft Office, and game cheats for titles like Roblox. Fake comments created the appearance of legitimacy, the researchers found.

Users who downloaded archives from Dropbox, Google Drive, or MediaFire were instructed to disable Windows Defender before opening files. The downloads contained malware including Lumma and Rhadamanthys, which steal passwords and cryptocurrency wallet information. The hackers hijacked existing accounts and created new ones. One compromised channel with 129,000 subscribers posted a cracked Photoshop video that reached 291,000 views. Another video for FL Studio received over 147,000 views.

Nazalost ponovni dokaz da ljudska glupost,naivnost i pohlepa (s obje strane) nemaju granica.

[medo]

Citiraj:

Autor Bono

Koji model fortija vrtis doma? 😀

Sent from my SM-S931B using Tapatalk

40F koji uskoro ide u decommision. Stiže 70G

[Bono]

Citiraj:

Autor medo

40F koji uskoro ide u decommision. Stiže 70G

Njega muci 2gb rama, bas su klosari sa tim ramom, procesora ima koliko hoces, a skrtare na ramu. Makar za po kuci je valjda ok, 70g je ok, ima 4gb rama, a 90g je jos bolji jer ima 2.5/5/10gbit wan i 8gb rama.

Sent from my SM-S931B using Tapatalk

[medo]

Vidi koliko koštaju licence za 90G

[Bono]

Za kucu nije, ali za firmu ovisi sta stitis.

Sent from my SM-S931B using Tapatalk

[tomek@vz]

MS daje svoj doprinos kotroli homeoffice radnika...

Citiraj:

Citiraj:

According to the Microsoft 365 roadmap: "When users connect to their organization's Wi-Fi, Teams will automatically set their work location to reflect the building they are working in." The location of that worker will apparently update automatically upon connecting.

It's set to launch on Windows and macOS, with rollout starting at the end of this year. "This feature will be off by default," notes Microsoft. But "tenant admins will decide whether to enable it and require end-users to opt-in."

Analiza Amazon fijaska:

Citiraj:

Citiraj:

Amazon has temporarily disabled its DynamoDB DNS Planner and DNS Enactor automation globally while it fixes the race condition and add safeguards against incorrect DNS plans. Engineers are also updating EC2 and its network load balancer.

Further reading: Amazon's AWS Shows Signs of Weakness as Competitors Charge Ahead

I kako te susjedov WIFI moze pratiti:

Citiraj:

People often worry about being tracked through their wireless devices, especially when using public Wi-Fi networks. However, researchers have discovered multiple methods to detect and potentially track individuals via Wi-Fi, even if they are not carrying any devices, and the widespread presence of Wi-Fi networks makes these surveillance tactics potentially universal.
According to a recent study (PDF) from the Karlsruhe Institute of Technology, any Wi-Fi router that supports Wi-Fi 5 (802.11ac) or newer can be used to observe people within range. The findings raise serious privacy concerns.

> Techspot

[tomek@vz]

Citiraj:

Security expert Troy Hunt just added a huge new dataset to the Have I Been Pwned database containing 183 million new email accounts with leaked login details. It was collected with the help of Synthient, a security product that helps detect and block bad actors on platforms. (Have I Been Pwned is a great way to stay on top of fresh data breaches!)
According to the HIBP announcement post, the data includes both email addresses and their corresponding passwords, along with all the websites they’ve been entered into. The data was cleansed before inclusion into the database so that only unique accesses were included (i.e., no duplicate entries).
This brings the total number of accounts that have been “pwned” (i.e., affected by verifiable data leaks) to over 15.3 billion. Yikes.

> PcWorld

[tomek@vz]

Citiraj:

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.
Three security researchers, MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH, have been acknowledged for discovering and reporting the bug.

> hackernews

[Neo-ST]

Mislili ste da je Chat Control mrtav?

https://www.reddit.com/r/europe/s/UiTpW4ohI5

https://www.reddit.com/r/europe/s/qTpqYPTMww

[tomek@vz]

Citiraj:

Artificial Intelligence has advanced to the point where systems can now clone voices convincingly in real time, letting attackers mimic anyone during a live conversation. The breakthrough removes earlier limits that depended on prerecorded clips or slow processing, raising new cybersecurity and identity verification concerns.
Cybersecurity firm NCC Group has demonstrated that combining open-source AI tools with off-the-shelf hardware can generate real-time voice deepfakes with minimal latency. The technique, dubbed "deepfake vishing," uses AI models trained on samples of a target's voice to produce live impersonations that operators activate via a start button on a tailored web interface.

> Techspot