CIRCLE WITH A DOT

Sending a huge THANK YOU to our badge sponsor, Dataminr for their support of BSides CLT 2026! #bsides #cyber #security #conference

Great #security resarch from the Qualys folks: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txtMultiple vulnerabilities in AppArmor - everything from information disclosure to DoS to LPE!#appsec

BSidesCLT 2026 would like to offer our gratitude and thanks to our Bronze Sponsor, Fortinet! The CLT cyber community appreciates their support in helping us deliver this year's conference!#bsides #cyber #security #conference

"The Most Evil Secret Police in History""This is the story of the Stasi."It's a YouTube video by Fern about the former special agency called "Stasi" in East Germany. It goes into detail about various practices the Stasi used to spy on and even harm targets, including German citizens. I think it's quite informative; I encourage everyone interested in government surveillance to watch it. Please note that the video is historical and that East Germany today is very different from what it used to be.The sources can be found in the video description: https://docs.google.com/document/d/1mOFQ49sB3YSm_57YYEcHb-kErA_sjeYuDg6L2-AtI-w/edit?usp=sharingVideo: https://www.youtube.com/watch?v=Aj7HX7I8KHs#dataprotection #cybersecurity #privacy #security #spy #Stasi #specialagencies @privacy

This in-depth and well-researched report on the local impact of #Flock cameras in Bloomington, Indiana applies equally to other cities consider whether to start or keep a Flock contract. https://limestonepost.org/flock-cameras-in-bloomington/?ref=mastodon#privacy #security

AI is quietly changing something fundamental. For decades we evaluated engineers by what they knew: algorithms, frameworks, tools. But when knowledge becomes instantly accessible, the real signal changes. The two signals that matter most now: • how someone solves problems • whether they can be trusted The Age of Trust. #AI #Security #Engineering #Trust #FutureOfWork

„Freitag auf dem Sofa rechnet man nicht unbedingt mit einer Zero-Day-Lücke"Eine Studentin hat die massive SharePoint-Sicherheitslücke 2025 entdeckt. Im c't-Podcast „They Talk Tech“ spricht sie erstmals öffentlich darüber.https://www.heise.de/news/Freitag-auf-dem-Sofa-rechnet-man-nicht-unbedingt-mit-einer-Zero-Day-Luecke-11210181.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #Podcast #Security #TheyTalkTech #Exploit #news

Sicherheitslücke in „Ally“ WordPress Plugin gefährdet 400.000 WebsitesAngreifer können über eine Schwachstelle im WordPress-Plugin „Ally“ eigene Befehle ausführen. Admins sollten den Sicherheitspatch installieren.https://www.heise.de/news/Sicherheitsluecke-in-Ally-WordPress-Plugin-gefaehrdet-400-000-Websites-11209892.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #Patchday #Security #Sicherheitslücken #Updates #Wordpress #news

Vanadium version 146.0.7680.115.0 released:https://github.com/GrapheneOS/Vanadium/releases/tag/146.0.7680.115.0See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.Forum discussion thread:https://discuss.grapheneos.org/d/33092-vanadium-version-146076801150-released#GrapheneOS #privacy #security #browser

Halifax banking group: bans users with non-certified Android OS from using their banking apps because it's "not secure"also Halifax banking group: leaks customers' transactions to other users of their banks completely unserious people.#Privacy #Security #Banking #Android

SSH management direkt aus dem terminal heraus. SSHM greift direkt auf deine ssh config zu und du kannst alle deine hosts mit einer taste anpingen oder connect. Mega cool!https://2tap2.be/sshm#linux #SSH #server #security #selfhosting #homelab #terminal #tui

Zoom: Videokonferenzsoftware ermöglicht Angreifern RechteausweitungIn der Videokonferenzsoftware von Zoom finden sich teils kritische Sicherheitslücken. Angreifer aus dem Netz können Rechte ausweiten.https://www.heise.de/news/Zoom-Videokonferenzsoftware-ermoeglicht-Angreifern-Rechteausweitung-11208902.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #Security #Sicherheitslücken #Updates #news

The honeymoon phase of AI-driven productivity is meeting the harsh reality of system stability. Amazon has officially updated its internal policies to require senior engineers to sign-off for any code changes assisted by generative AI. This move follows a series of significant service disruptions—referred to internally as "high blast radius" incidents—where AI-generated code led to major product outages.For a company that values speed and a "you build it, you run it" culture, this is a massive shift. It turns out that while AI can write code in seconds, the cost of an error at AWS scale can be measured in hours of downtime and millions in lost revenue. We are seeing a necessary correction: AI is a powerful assistant, but it cannot yet be trusted with the keys to the kingdom without a seasoned human expert verifying the logic.🧠 Amazon now mandates senior review for all AI-assisted code deployments. The policy change follows a spike in high-priority Sev2 incidents. Senior engineers must now act as the ultimate "bar raisers" for synthetic code. This internal friction highlights the hidden costs of AI-driven development.https://arstechnica.com/ai/2026/03/after-outages-amazon-to-make-senior-engineers-sign-off-on-ai-assisted-changes/#EngineeringManagement #CloudComputing #GenerativeAI #security #privacy #cloud #infosec #cybersecurity

The line between national security and political surveillance is thinning. Congressional Democrats just launched an inquiry into the Department of Homeland Security regarding its use of administrative subpoenas. Unlike the subpoenas you see in courtroom dramas, these do not require a judge’s signature. They allow federal agencies to demand personal information and internal communications directly from technology companies with almost zero outside oversight.This investigation follows reports that DHS used these "judge-free" demands to gather data on Americans who criticized the agency on social media. It is a significant moment for anyone in the tech industry. When the government can compel your data without a warrant, the First Amendment starts to look very fragile. You should watch how these tech firms respond to the inquiry, as it will set the standard for how they protect your information from administrative overreach.🧠 Lawmakers are demanding to know how often DHS uses subpoenas without judicial review. The inquiry follows evidence that critics of agency policy were specifically targeted. Major tech platforms must now disclose their internal protocols for handling these federal demands. Civil liberties groups are pushing for new legislation to require a judge’s approval for all data seizures.https://www.washingtonpost.com/nation/2026/03/02/subpoenas-free-speech-congress-investigation/#DataPrivacy #DigitalRights #TechLaw #security #privacy #cloud #infosec #cybersecurity

HP-PCs: Angreifer können sich höhere Rechte über UEFI-Lücken verschaffenComputer von HP sind über mehrere Schwachstellen im UEFI und Device Manager angreifbar.https://www.heise.de/news/HP-PCs-Angreifer-koennen-sich-hoehere-Rechte-ueber-UEFI-Luecken-verschaffen-11208417.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #Patchday #Security #Sicherheitslücken #Updates #news

️ Exploiting a Critical Vulnerability in Palo Alto Networks PAN‑OS Firewalls: A Practical Walkthrough️ Palo Alto Networks is one of the biggest security vendors out there. The company’s firewalls run on a proprietary OS with a name that sounds oddly familiar to Russian speakers: PAN-OS. And that’s exactly where several vulnerabilities were recently discovered, allowing remote code execution as roo… https://hackmag.com/security/pan-os-exploit?utm_source=mastodon&utm_medium=social&utm_campaign=repost_hackmag_to_socials#security

The recent Iranian cyber attack on Stryker, a Michigan-based medical device giant, marks a sobering escalation in the digital shadow war. Thousands of employees woke up yesterday to find their laptops and cellphones remotely wiped and disabled. This was not a standard data breach but a targeted disruptive operation launched by the Handala hacking group, which has documented ties to the Iranian Ministry of Intelligence.The attackers did not use traditional malware. Instead, they compromised the company’s Microsoft Intune account—the very platform used by IT departments to manage and secure corporate devices. By triggering the remote wipe feature intended for lost or stolen hardware, the hackers effectively paralyzed the workforce. This incident serves as a stark reminder that our greatest security assets can quickly become our most significant liabilities when access is compromised.🧠 Hackers hijacked the Microsoft Intune management console to wipe employee devices. Handala Team claims the attack is retaliation for a recent missile strike on an Iranian school. This is the first major Iranian cyberattack on a U.S. firm since current hostilities began. Sophos and other security firms have officially linked the perpetrators to Iranian state intelligence.https://www.nbcnews.com/world/iran/iran-appears-conducted-significant-cyberattack-us-company-first-war-st-rcna263084#CyberWarfare #TechSecurity #Geopolitics #War #security #privacy #cloud #infosec #cybersecurity

heise+ | Passbolt: Den europäischen Open-Source-Passwortmanager selbst hostenDer Passwortmanager Passbolt ist Open Source und wird in Luxemburg entwickelt. Wir zeigen, wie man ihn auf eigener Hardware aus dem Heimnetz betreibt.https://www.heise.de/ratgeber/Passbolt-Den-europaeischen-Open-Source-Passwortmanager-selbst-hosten-11172920.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #OpenSource #Passwörter #Security #news

Did you know you can use #InQL to recreate #GraphQL schema even when the introspection query is disabled? Our Schema Bruteforcer ensures "hidden" doesn't actually mean "off-limits". Find out more at:https://blog.doyensec.com/2025/12/02/inql-v610.htmlhttps://github.com/doyensec/inql#doyensec #appsec #security

Aruba-Switches mit AOS-CX: Angreifer können Admin-Passwort zurücksetzenHPEs Netzwerkbetriebssystem Aruba Networking AOS-CX ist verwundbar. Die Entwickler haben mehrere Sicherheitslücken geschlossen.https://www.heise.de/news/Aruba-Switches-mit-AOS-CX-Angreifer-koennen-Admin-Passwort-zuruecksetzen-11208000.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#IT #Patchday #Security #Sicherheitslücken #Switch #Updates #news