Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to set up privac ...

 Privacy

In our previous post, we discussed privacy concerns regarding the new Twitter alternative from Mark Zuckerberg, how much data the Threads app collects (hint: its a lot), how the social network operates (its a little unusual), whether its worth creating a profile for those who already have an Instagram account, and   show more ...

whether you should rush to create one if you dont have one already (no need to rush, actually). In this post, Ill be talking about what you can set up (and where) to make Threads more private and secure. Where to find the privacy and security settings in the Threads app Lets start with the privacy and security settings that you can find within the application itself. Actually, that should be applications in the plural. Since the Threads social network is an extension of Instagram, they share some of the same settings. But thats not all. In total, Threads settings can be found in three different places: Some of them can be found within the Threads app itself. A more comprehensive list of settings is available in the Instagram app (however, they arent regular Instagram settings, and can only be accessed from Threads). Finally, some settings are located in the Meta Accounts Center. Confused yet? Thats normal — there are lots of things about Threads that are pretty confusing. Threads settings exist in three places: in the Threads app, the Instagram app, and the Meta Account Center. So convenient! Now lets explore the useful settings you can find in these three sections. How to restrict other users from interacting with you in Threads Lets start with the different levels of privacy protection against other Threads users. Just like Instagram, Threads offers several settings options that allow you to restrict other users visibility and access to your posts and comments, as well as hide their content from you (say, in case you find their content uninteresting, or they begin to bother you for some reason). All the options discussed below can be found directly in the Threads app. To access them, go to your profile by tapping the icon with a little person in the lower right corner, then click on the button with two dashes in the upper right corner. This takes you to the Threads settings. How to get to the Threads app settings Muted users The app allows you to mute users. With this setting, you wont see posts from this profile in your feed, nor will you see their responses to your posts. Meanwhile, the owner of the profile wont know that youve muted them. By the way, this muted user doesnt have to be your friend (that is, a follower or someone you follow) — you can mute anyone. To mute someone, go to their profile, tap the three-dots icon in the upper right corner, and select Mute. How to mute a user in Threads Keep in mind that your lists of muted profiles in Threads and Instagram are not linked to each other. To find your list of muted users in Threads, go to Settings -> Privacy -> Muted. From there, you can also unmute someone (muting can only be done on that users profile). How to unmute a user in Threads Restricted accounts You can also restrict users. In this case, youll no longer receive notifications when the restricted user likes your posts, replies to them, forwards or links to them. The profile owner wont know youve restricted them. Again, you can restrict a user regardless of whether theyre your friend or not. The list of restricted accounts is shared between Threads and Instagram — if you restrict someone in one app, theyll automatically be restricted in the other. How to restrict users in Threads To restrict a user, go to their profile, find the icon with three dots in the upper right corner, and then click on Restrict. To view the list of restricted users, go to Settings -> Privacy -> Other privacy settings -> Restricted accounts. On this tab, you can remove users from the list or add new ones using the search function. How to remove or add a user to the restricted list in Threads Blocked accounts Now lets move on to more drastic measures. In Threads, you can block users. After blocking, they wont be able to find your content or profile on the social network. Just like with Twitter, Threads wont notify the user about the block. And, as with the previous options, you can block anyone — not just your friends. The list of blocked users is shared between Threads and Instagram. How to block a user in Threads To block someone, go to their profile, click on the three dots in the upper right corner and select Block. The list of blocked profiles can be found in Settings -> Privacy -> Blocked profiles. Here, you can also unblock a user or add someone to the blocked list by clicking on the + in the upper right corner. How to remove or add a user to the blocked list in Threads Private profile and access only for followers Finally, if youre completely fed up with bots and trolls, you can make your profile private. After doing so, only those who are following you will be able to see your posts, and you can carefully filter the list of your friends to ensure your privacy. This level of privacy might not be quite in the spirit of microblogging platforms, but it will certainly give you a break from interacting with annoying individuals. How to make your Threads profile private Making your profile private is very easy: go to Settings -> Privacy and toggle the switch next to Private profile. A few lines further down you can find the Profiles you follow section. Go into it, select the Followers tab, and carefully edit the list — removing any suspicious individuals. How to edit the list of your followers in Threads Finally, its important to note that private profiles in Threads and Instagram are configured independently of each other. Other privacy settings in Threads There are a few more settings inside the Threads application that might be useful. Here are the options available under Settings -> Privacy, and what you can configure with them: Mentions. Here, you can set who can mention you in posts — that is, link to your profile using the @ symbol followed by your username. Hidden words. In this section you can filter offensive language in responses to your posts. You can use automatic filtering with built-in lists, or add specific words and phrases that are relevant to you. These options are synchronized across Threads and Instagram — if you enable them in one app, theyll apply to the other as well. Hide likes. With this setting, you can choose whether the like count will be displayed next to your posts. Note that this is another shared setting that applies to both Threads and Instagram. Another useful setting is located in Settings -> Notifications. Just like Facebook and Instagram, Threads allows you to flexibly configure push notifications, deciding which of them the social network is allowed to send you. Currently, Threads offers a dozen separate types of notifications, along with the option to pause notifications from the app for a specific period — you can set an interval between 15 minutes and eight hours. Notification settings in Threads Theres no option to completely disable all notifications with one button, but you can do this in your smartphones settings if you wish. Security settings in Threads Strictly speaking, there are no security settings in the Threads app itself. The security settings of all Instagram and Facebook accounts are configured from Metas Accounts Center. To get there, in Threads, go to Settings -> Account and select Security. Security settings in Threads There are quite a few settings under this tab. The most relevant ones are the following: Change password. Its pretty easy to guess that this section allows you to change your Instagram (which means Threads as well) and Facebook account passwords in the same place. Two-factor authentication. This is where you set up two-factor authentication for Threads/Instagram and Facebook. Different options are available — from one-time codes being sent to your phone, to authenticator apps. I recommend the latter option, as it offers the optimal trade-off between security and convenience. Where youre logged in. This section allows you to check which devices are signed in to your Instagram and Facebook accounts. It would be wise to check this list from time to time to see if any unexpected devices have appeared and to delete old ones you no longer use. Login alerts. Here you can set up notifications that will alert you when someone tries to log into your Instagram and Facebook accounts. It would make sense to enable all the notification channels and respond to the alerts ASAP. Security Checkup. This menu item takes you to a window presenting the key security-related information about your Threads/Instagram or Facebook account. Here you can look up your linked e-mails and phone numbers (and change them if no longer available), the date you changed your password the last time, and whether two-factor authentication is on or not. Facebook or Threads/Instagram account security checkup Technically, you can configure all the same things under other settings. This window, however, offers the convenience of doing it all from the same place. Other privacy settings in Threads Lets now take a look at the measures limiting the amount of data Threads collects about you and thus protecting your privacy — not from other users of the platform but from its owners. And were going to do this in the settings, of course — not those of the app itself but in your OS. iOS users should begin by checking that their iPhone or iPad is configured to disable permission for apps to track your actions across other companies apps and websites. Apple rolled out this feature back in its iOS 14.5. Weve already discussed some details on its design, purpose, and proper setup. You can set this up in iOS in Settings -> Privacy & Security -> Tracking. Best of all is to completely disable Allow Apps to Request to Track. Disabling app tracking in iOS Another thing to be set up is the app permissions. Threads requests a few of them already, whereas its parent, Instagram — considerably more. Permissions in both should be limited. Pay attention to the following in particular: Access to microphone and camera. I personally prefer not to give these permissions at all. Access to location services. Either permit it only when using the app (if you like adding geotags), or disable it altogether. Access to photos and videos. For iOS, the best option is Selected Photos, which enables the app to access only the photos you intend posting in it. As far as I know, Android provides no such option, so you either permit access to photos or stick with not posting any. Not a bad option in fact, if you only intend to view other peoples posts. Background app refresh. If you disable this one, apps wont be able to operate in the background, which is good. Even if youre not concerned with how much information about you they collect, this option greatly reduces the amount of data the apps keep streaming to their servers, thus saving your internet traffic and battery charge. The option is available both in iOS and Android. Setting up Threads and Instagram permissions in iOS You should also think about whether you really need all those endless social network notifications? I personally like to keep them completely off, so I am not distracted by random likes under my photos or posts. I prefer interacting with my apps when I want to and have time for it — not when they choose to bother me with yet another notification. To disable all notifications from Threads in iOS, go to Settings -> Notifications, find the app in the list and deactivate Allow Notifications. In Android, the menu items will be different depending on device version and vendor, but the feature will be placed in a similar location. Completely disabling Threads notifications in iOS Deleting your Threads account You might have heard that your Threads account cannot be deleted. Thats kind of true; thing is — Threads accounts dont exist, so its quite tricky deleting something thats not there. You sign in to Threads using your Instagram account, based on which your Threads user profile is created. Thus, you dont have to make up a new password, or even type it: your login and password will be automatically copied over from Instagram. But you cannot delete your Threads profile either: to wipe it you have to completely delete your parent Instagram account. But your Threads profile can be deactivated: once you do that, all your data will be concealed from other users of the social network. So, in practical terms, its not much different from deletion. To do this, go to Settings -> Account -> Deactivate profile and press Deactivate Threads profile. Threads profile deactivation is effectively the same as deletion Password is the staff of life The fact that your Instagram account data is now used for two social networks instead of one has an important consequence: your login and password are now twice as important. So now your Instagram account needs to be properly protected against takeover more than ever. Do the following: Use a password thats both unique and strong. In general, strong means long — at least 12 characters or more. You can generate a good password using our Kaspersky Password Manager, which also doubles as secure password storage, lest you forget your password. Enable two-factor authentication. Its best to use one-time codes from the app. By the way, our Kaspersky Password Manager now features a built-in authenticator.

image for Transatlantic Cable ...

 News

The latest edition of the Transatlantic Cable begins with discussion around Elon Musk, Twitter X and WeChat – is Elon trying to pivot the social media app into an everything app?  From there, the team talk about the Home Office in the U.K looking into facial recognition technology for the retail sector. To wrap up   show more ...

the team discuss two stories, the first around the Lazarus group being implicated in a recent crypto heist and the other around Call of Duty: Modern Warfare II and a worm virus. As always, if you liked what you heard please consider subscribing. WeChat: Why does Elon Musk want X to emulate Chinas everything-app? Home Office secretly backs facial recognition technology to curb shoplifting Lazarus hackers linked to $60 million Alphapo cryptocurrency heist Hackers are infecting Call of Duty players with a self-spreading malware

image for Spotlight Podcast: A ...

 Companies

In this Spotlight podcast interview, David Monnier of Team Cymru talks about the evolution of the threat intelligence into actionable and target specific “threat reconnaissance.” The post Spotlight Podcast: Are you ready for Threat Reconnaissance? first appeared on The Security Ledger with Paul F. Roberts. The   show more ...

post Spotlight Podcast: Are you...Read the whole entry... » Click the icon below to listen. Related StoriesSpotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of KELASpotlight: SIEMs suck. Panther is out to change that. Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply Chain Security

image for Instagram Flags AI-G ...

 Feed

Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.

 Breaches and Incidents

Aquasec researchers have discovered cybercriminals targeting unsecured Jupyter notebooks in the new Meow attack campaign, which is currently affecting hundreds of publicly accessible databases online. These criminals have wiped out data from over 4,000 databases, including Cassandra, CouchDB, Redis, Hadoop, Jenkins, and Apache ZooKeeper. Databases at organizations must be scrutinized to identify any security gaps.

 Breaches and Incidents

Some 26 staff at NHS Lanarkshire accessed the WhatsApp group between April 2020 and April 2022, entering sensitive patient data including names, phone numbers, addresses, images, videos, screenshots, and clinical information, according to the UK ICO.

 Trends, Reports, Analysis

According to new data by Qualys, over 60 million applications reached the end of support and end of life during the research period. Critical categories, such as databases, web servers, and security software, now lack security updates.

 Govt., Critical Infrastructure

The UK’s Ministry of Defence (MoD) has launched its Secure by Design initiative, which is to transform how cybersecurity is built into its systems and capabilities both internally and across its supply chain.

 Breaches and Incidents

Arizona's Empowerment Scholarship Account program experienced a data breach where personal information of students, including names and disability categories, was viewable on the program's financial vendor's website.

 Breaches and Incidents

Proofpoint discovered a new malware WikiLoader, a sophisticated malware downloader that targets Italian organizations to drop Ursnif trojan. It uses multiple evasion techniques to make detection and analysis difficult. Organizations and network defenders must leverage IOCs related to the malware to understand the current attack patterns and enhance the defense approaches to stay safe.

 Trends, Reports, Analysis

Halcyon Research uncovers C2P entities enabling ransomware attacks, identifies new affiliates, and links them to the ISP Cloudzy, facilitating anonymous RDP VPS services with cryptocurrencies. Experts confidently concluded that Cloudzy is highly likely to be a front for abrNOC, the actual hosting company operating from Iran.

 Trends, Reports, Analysis

Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than otherwise appear unfounded, concludes a British think tank study that suggests insurers should do more to enact corporate discipline.

 Feed

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered   show more ...

that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

 Feed

Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

 Feed

Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

 Feed

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

 Feed

Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-4429-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

 Feed

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2023-4312-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.46.

 Feed

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2023-4418-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

 Feed

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

 Feed

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

 Feed

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone  going by the name Hassan Nozari," Halcyon said in a

 Feed

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of

 Feed

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform,"

 Feed

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

 Feed

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

 Feed

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto, Callisto (or Calisto),

2023-08
Aggregator history
Wednesday, August 02
TUE
WED
THU
FRI
SAT
SUN
MON
AugustSeptemberOctober