Found 6141 bookmarks
Custom sorting
Light on Safety
Light on Safety
To attract users across the Global Majority, many technology companies have introduced “lite” versions of their products: Applications that are designed for lower-bandwidth contexts. TikTok is no exception, with TikTok Lite estimated to have more than 1 billion users. Mozilla and AI Forensics research reveals that TikTok Lite doesn’t just reduce required bandwidth, however. In our opinion, it also reduces trust and safety. In comparing TikTok Lite with the classic TikTok app, we found several discrepancies between trust and safety features that could have potentially dangerous consequences in the context of elections and public health. Our research revealed TikTok Lite lacks basic protections that are afforded to other TikTok users, including content labels for graphic, AI-generated, misinformation, and dangerous acts videos. TikTok Lite users also encounter arbitrarily shortened video descriptions that can easily eliminate crucial context. Further, TikTok Lite users have fewer proactive controls at their disposal. Unlike traditional TikTok users, they cannot filter offensive keywords or implement screen management practices. Our findings are concerning, and reinforce patterns of double-standard. Technology platforms have a history of neglecting users outside of the US and EU, where there is markedly less potential for constraining regulation and enforcement. As part of our research, we discuss the implications of this pattern and also offer concrete recommendations for TikTok Lite to improve.
#foundation.mozilla#EN#2024#TikTok#lite#research#double-standard#disinformation#privacy#safety
·foundation.mozilla.org·
Light on Safety
Acronis Product Vulnerability Exploited in the Wild
Acronis Product Vulnerability Exploited in the Wild
Cybersecurity and data protection technology company Acronis last week warned that threat actors are exploiting a critical-severity vulnerability patched nine months ago. Tracked as CVE-2023-45249 (CVSS score of 9.8), the security defect impacts Acronis Cyber Infrastructure (ACI) and allows threat actors to execute arbitrary code remotely due to the use of default passwords.
#securityweek#EN#2024#acronis#CVE-2023-45249#ACI#Exploited
·securityweek.com·
Acronis Product Vulnerability Exploited in the Wild
Apple Rolls Out Security Updates for iOS, macOS
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
#securityweek#EN#2024#macos#ios#ipados#Security#Updates#for#iOS#iOS17.6
·securityweek.com·
Apple Rolls Out Security Updates for iOS, macOS
UNC4393 Goes Gently into the SILENTNIGHT
UNC4393 Goes Gently into the SILENTNIGHT
In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant's initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster's victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster's transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques.
#Mandiant#EN#2024#QAKBOT#UNC4393#BlackBasta#SILENTNIGHT
·cloud.google.com·
UNC4393 Goes Gently into the SILENTNIGHT
Certificate Revocation Incident
Certificate Revocation Incident
DigiCert will be revoking certificates that did not have proper Domain Control Verification (DCV). Before issuing a certificate to a customer, DigiCert validates the customer’s control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF). One of these methods relies on the customer adding a DNS CNAME record which includes a random value provided to them by DigiCert. DigiCert then does a DNS lookup for the domain and verifies the same random value, thereby proving domain control by the customer..
#digicert#EN#2024#Certificate#Revocation#Incident#DCV
·digicert.com·
Certificate Revocation Incident
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
A major company made a staggering $75 million ransomware payment to hackers earlier this year, according to cybersecurity vendor Zscaler. Zscaler made the claim in a Tuesday report examining the latest trends in ransomware attacks, which continue to ensnare companies, hospitals, and schools across the country.
#pcmag#EN#2024#Zscaler#report#Fortune50#record#ransomware#payment#DarkAngels
·pcmag.com·
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
CrowdStrike is sued by shareholders over huge software outage
CrowdStrike is sued by shareholders over huge software outage
CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the July 19 global outage that crashed more than 8 million computers. In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike's assurances about its technology were materially false and misleading when a flawed software update disrupted airlines, banks, hospitals and emergency lines around the world.
#reuters#EN#2024#CrowdStrike#outage#shareholders#sued
·reuters.com·
CrowdStrike is sued by shareholders over huge software outage
'Error' in Microsoft's DDoS defenses amplified Azure outage
'Error' in Microsoft's DDoS defenses amplified Azure outage
o you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. No one has blamed the actual product named "Windows Defender," we must note. According to Microsoft, the initial trigger event for yesterday's outage, which took out great swathes of the web, was a distributed denial-of-service (DDoS) attack. Such attacks are hardly unheard of, and an industry has sprung up around warding them off.
#theregister#EN#2024#Microsoft#DDoS#Azure#outage
·theregister.com·
'Error' in Microsoft's DDoS defenses amplified Azure outage
Cyberattack hits blood-donation nonprofit OneBlood
Cyberattack hits blood-donation nonprofit OneBlood
A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US. The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood’s service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack.
#cnn#EN#2024#cyberattack#US#OneBlood#Healthcare#ransomware#incident
·edition.cnn.com·
Cyberattack hits blood-donation nonprofit OneBlood