security

Pig Butchering Scams Are Going High Tech
12 Oct

Pig Butchering Scams Are Going High Tech

stp2y0 CommentsAI, , , , ,
As digital scamming explodes in Southeast Asia, including so called “pig butchering” investment scams, the United Nations Office on Drugs and Crime (UNODC) issued a comprehensive report this week with a dire warning about the rapid growth of this criminal ecosystem. Many digital scams have traditionally relied on social engineering, or tricking victims into giving away their money willingly, rather than leaning on malware or other highly technical methods. But researchers have increasingly sounded the alarm that scammers are incorporating generative AI content and deepfakes to expand the scale and effectiveness of their operations. And the UN report offers the…
Read More
How Should We Feel About Ring?
10 Oct

How Should We Feel About Ring?

stp2y0 CommentsGenAI, , , , , ,
Ring cameras have come a long way. Since the security camera brand launched 11 years ago, its video doorbells and cams have become vigilant, constant surveyors of patios, porches, and vestibules everywhere. Amazon now owns the company, and has ushered it through controversies over privacy concerns, security breaches, incidents of vigilantism, and the company’s cozy relationship with law enforcement. The drama has not slowed growth; over 10 million Rings have been installed, and the cameras currently blanket our urban and suburban landscape, filming the movements of you, your family, and any strangers who wander near your door.That makes for a…
Read More
How to Use Secrets in GitHub Actions Workflows
03 Oct

How to Use Secrets in GitHub Actions Workflows

stp2y0 CommentsNews, , , , , , , , ,
Introduction I would like to go through some thoughts on how you can better maintain and make use of secrets with your GitHub Actions workflows. Once I had read through the GitHub documentation, I did a simple breakdown of the core activities before giving a number of recommendations: Overview of Secrets: In GitHub, these are called secrets, which are stored-sensitive data at the organization, repository, or environment level. Secrets might be used within workflows but would remain accessible only when they have explicitly been mentioned in a workflow file to protect API tokens, credentials, and other sensitive data. Examples of…
Read More
Issue 64 of AWS Cloud Security Weekly
02 Oct

Issue 64 of AWS Cloud Security Weekly

stp2y0 CommentsNews, , , , , , , , ,
(This is just the highlight of Issue 64 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-64 << Subscribe to receive the full version in your inbox weekly for free!!) What happened in AWS CloudSecurity & CyberSecurity last week September 24- October 01, 2024? Amazon Inspector introduced an upgraded engine for its Lambda standard scanning which offers a more thorough view of vulnerabilities in the third-party dependencies used in Lambda functions and associated layers within the environment. Do note that: with this change, you may observe some findings being closed as the engine re-assesses resources for improved risk evaluation, while also identifying…
Read More
Microsoft explains how it’s tackling security and privacy for Recall
27 Sep

Microsoft explains how it’s tackling security and privacy for Recall

stp2y0 CommentsNews, , , , , ,
The condemnation of Microsoft's Recall feature for Copilot+ AI PCs was swift and damning. While it's meant to let you find anything you've ever done on your PC, it also involves taking constant screenshots of your PC, and critics noticed that information wasn't being stored securely. Microsoft ended up delaying its rollout for Windows Insider beta testers, and in June it announced more stringent security measures: It's making Recall opt-in by default; it will require Windows Hello biometric authentication; and it will encrypt the screenshot database.Today, ahead of the impending launch of the next major Windows 11 launch in November,…
Read More
Amid Air Strikes and Rockets, an SMS From the Enemy
26 Sep

Amid Air Strikes and Rockets, an SMS From the Enemy

stp2y0 CommentsRAG models, , ,
At the start of September, Nour was having an ordinary evening at home in Beirut—eating pumpkin seeds and watching Netflix—when the SMS hit her device like the smartphone version of a brick through her window. The sender name appeared as eight question marks, “????? ???”, and in the message preview she could read, in clunky, hard-to-understand Arabic, a threat: “We have enough bullets for everyone who needs them.”To Nour, whose name has been changed to protect her anonymity, it was obvious who had sent this message. “Israel,” she says, “that’s their tone.” The Israeli military did not reply to WIRED’s…
Read More
Top 10 Tips with Code Examples: How to Secure Your C# Application
21 Sep

Top 10 Tips with Code Examples: How to Secure Your C# Application

stp2y0 CommentsNews, , , , , , , , ,
Follow practical code examples and expert advice to protect your software from potential threats. 1. Input Validation The input validation prevents any unauthorized user or their script from penetrating deeper into the code to access sensitive information. In other words, the input validation layer prevents invalid data or scripts executed in the code. public bool IsValidEmail(string email) { try { var addr = new System.Net.Mail.MailAddress(email); return addr.Address == email; } catch { return false; } } Enter fullscreen mode Exit fullscreen mode 2. Use Parameterized Queries These attacks can be simply blocked by using parametrized SQL queries instead of using…
Read More
How to Use Shadow DOM and Honeypots to Deter Crawlers
16 Sep

How to Use Shadow DOM and Honeypots to Deter Crawlers

stp2y0 CommentsNews, , , , , , , , ,
This is a short introduction and demonstration on how we can increase security on forms, especially against crawling, it's noticeable that it's most likely overkill for most applications but very interesting for those who want to understand a bit more about such practices as and how it's possible to undermine them. Disclaimer: This post was inspired by Felippe Regazio, on a late-night coding stream, make sure to give him a follow. Huge thanks. Also, I'm not a senior dev, so please feel free to double-check any information you believe I could've misstated so that we can correct/improve it together. Next.js…
Read More
Combining the benefits of session tokens and JWTs
11 Sep

Combining the benefits of session tokens and JWTs

stp2y0 CommentsNews, , , , , , ,
Neither session tokens nor JWTs alone are sufficient as an optimal authentication strategy. Session token authentication has been in use for decades and is still widely implemented in modern applications, but can become a bottleneck when scaling an application. JWT authentication enables fast request validation, making it suitable for scaling distributed applications, yet struggles with session invalidation. While both approaches have their tradeoffs, the two methods can be combined to amplify their benefits and cancel out their drawbacks. Let's explore these two authentication strategies, and discuss how rethinking the approach to JWTs can result in the best of both worlds.…
Read More
Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works
11 Sep

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

stp2y0 CommentsGenAI, , , , , , , , ,
Apple is making every production PCC server build publicly available for inspection so people unaffiliated with Apple can verify that PCC is doing (and not doing) what the company claims, and that everything is implemented correctly. All of the PCC server images are recorded in a cryptographic attestation log, essentially an indelible record of signed claims, and each entry includes a URL for where to download that individual build. PCC is designed so Apple can't put a server into production without logging it. And in addition to offering transparency, the system works as a crucial enforcement mechanism to prevent bad…
Read More
No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.