NEW BETA RELEASES
iOS 18.4 beta 4 (22E5232a) iPadOS 18.4 beta 4 (22E5232a)
macOS 15.4 beta 4 (24E5238a)
tvOS 18.4 beta 4 (22L5250a)
visionOS 2.4 beta 4 (22O5231a)
watchOS 11.4 beta 4 (22T5244a)
Recent searches
Search options
Administered by:
#security
65 posts43 participants5 posts today
NEW BETA RELEASE
Xcode 16.3 beta 3 (16E5129f)
APIs often handle vast amounts of Personally Identifiable Information (#PII), which makes them prime targets for API data exfiltration. 
So, it's no surprise that #API-based attacks with the aim of stealing sensitive data have increased over time. Many orgs also lack visibility into which APIs are handling PII, which leaves them with massive #security blind spots. 
What should orgs do about this? Let's take a closer look at:
The growing risks of PII exposure in API traffic
The methods attackers use to exfiltrate data
Capabilities to look for in a data exfiltration prevention solution
How the new release of Graylog API Security 3.7 can help
https://graylog.org/post/apis-the-silent-highway-for-sensitive-data/ #APIsecurity #APIs #cybersecurity
Tell me I'm reading this blog post wrong. It reads as if Cloudflare is admitting to reading the login credentials of users of sites that use Cloudflare.
"Our data reveals that 52% of all detected authentication requests contain leaked passwords found in our database of over 15 billion records, including the Have I Been Pwned (HIBP) leaked password dataset."
h/t: @0xF21D
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/
The Cloudflare Blog · Password reuse is rampant: nearly half of observed user logins are compromisedNearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
Quick Ways to Secure Your Python PyPI Publishing Workflow!
Want to keep your package safe? Follow these 3 key security steps:
Use GitHub Environments to restrict your publishing workflows Set up PyPI Trusted Publisher instead of API tokens Scan your workflows with zizmor (on PyPI) to identify security flaws
Read more in our latest blog post:
https://www.pyopensci.org/blog/python-packaging-security-publish-pypi.html
Ever worried about other users on your Linux server seeing what processes are running? The `hidepid` kernel feature is your friend! It makes processes invisible to anyone but the owner and root user, even in system monitoring tools like ps, top, htop, and btop. This is a great way to prevent sensitive information (like API keys or passwords used in command-line arguments) from being exposed. See how to configure it https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ for more info.
The Fediverse is public and can be archived by bots and AIs for years. The Quiet Public and Followers-only privacy settings keep your account timeline tidy but won't help privacy. All "@"-only messages are stored unencrypted.
Mastodon is privacy-aware but fraudsters, hackers and adversaries can still study and use your posts against you.
FOSS does not imply private or safe to use. Never share sensitive content on a Fediverse server!
Replied in thread
DOGE Cuts Reach Key Nuclear Scientists, Bomb Engineers & Safety Experts
Firings & buyouts hit the top-secret National Nuclear Safety Admn amid a major effort to upgrade America’s #nuclear arsenal. Critics say it shows the consequences of heedlessly cutting the federal work force.
https://www.nytimes.com/2025/03/17/us/politics/federal-job-cuts-nuclear-bomb-engineers-scientists.html
"Officials had initially expected that the nuclear agency’s #NationalSecurity mission would protect it from layoffs."
Mastodon friends, I've heard a few suggestions of companies moving from US cloud providers to those based in the EU, due to risks with the Trump administration/Cloud Act, etc.
Has anyone come across any businesses that have made the leap recently? Feel free to DM or message on Signal, mattburgess.20
Since the arrival of a team from Elon Musk’s Department of Government Efficiency,
#Social #Security is in a far more precarious place than has been widely understood,
according to #Leland #Dudek,
the acting commissioner of the Social Security Administration.
“I don’t want the system to collapse,”
Dudek said in a closed-door meeting last week, according to a recording obtained by ProPublica.
He also said that it “would be catastrophic for the people in our country”
if DOGE were to make changes at his agency that were as sweeping as those at USAID, the Treasury Department and elsewhere.
Dudek’s comments, delivered to a group of senior staff and Social Security advocates attending both in person and virtually,
offer an extraordinary window into the thinking of a top agency official in the volatile early days of the second Trump administration.
The Washington Post first reported Dudek’s acknowledgement that DOGE is calling the shots at Social Security.
But the full recording reveals that he went much further,
citing not only the actions being taken at the agency by the people he repeatedly called
“the DOGE kids,”
but also extensive input he has received from the White House itself.
When a participant in the meeting asked him why he wouldn’t more forcefully call out Donald Trump’s continued false claims about widespread Social Security fraud as “BS,”
Dudek answered, “So we published, for the record, what was actually the numbers there on our website.
This is dealing with — have you ever worked with someone who’s manic-depressive?”
Throughout the meeting, Dudek made alarming statements about the perils facing the Social Security system,
but he did so in an oddly informal, discursive manner.
It left several participants baffled as to the ultimate fate of the nation’s largest and most popular social program,
one that serves 73 million Americans.
“Are we going to break something?” Dudek asked at one point,
referring to what DOGE has been doing with Social Security data.
“I don’t know.”
ProPublica“The President Wanted It and I Did It”: Recording Reveals Head of Social Security’s Thoughts on DOGE and Trump
More from 
ProPublica
Is there any push within the EU to work on Linux and other free software alternatives to US software, to stop having the whole administration of every single European country, and the EU itself, be totally dependent on software that can spy on us all for a hostile, nazi regime?
Folks have pointed out that in the current state of ... /waves around .. that it might be a good idea for US based institutions to reconsider hosting sites on non-US country code top-level domains (ccTLD) such as .io (Indian Ocean, going away soon anyway), .it (Italy), and .ai (Anguilla)
One that always bugged me was various Mississippi Gov departments using .ms which belongs to Montserrat. In light of current events these might have more risk than they did before. It looks like most of the State of MS related sites are now forwarders/shorteners for the real sites but there are plenty of official sites for MS counties as well as various private orgs that are still fully hosted on .ms domains.
Search: mississippi site:.ms
This happens for other states to various degrees as well. In some cases it's mostly private company domains and in others there are a few official state domains.
Arizona / Azerbaijan
Search: Arizona site:.az
Georgia / Gabon
Search: georgia site:.ga
Idaho / Indonesia
Search: idaho site:.id
Louisiana / Laos
Search: Louisiana site:.la
Maine / Montenegro
Search: Maine site:.me
etc. etc.
One after another, callers on a telephone town hall with U.S. Rep. Bill Huizenga pressed the Michigan Republican about possible cuts to #Social #Security.
“We worked our entire life,” one said. “But we can’t get any help because we can’t get through to anybody.”
Huizenga pledged throughout the meeting: “Let me just reiterate, Social Security is not being touched.”
Similar exchanges have played out across the political battleground of Michigan and elsewhere in the U.S. in recent days,
as widespread cuts prompt fears among constituents about the popular program,
which provides monthly benefits to retirees and some children.
It’s left Republicans scrambling to reassure voters and play down Musk’s comments about Social Security and his ability to make cuts.
At a fiery in-person town hall in Asheville, North Carolina, one of the first questions Rep. Chuck Edwards fielded was on how he would
“ensure the protection of our Social Security benefits.”
After the question was read, the room of about 300 people erupted in applause.
While Trump has repeatedly said he “will not cut Social Security, Medicare or Medicaid benefits,” the administration has begun layoffs affecting over 10% of the Social Security Administration workforce and the closure of dozens of offices nationwide.
The GOP accuses Democrats of “fear-mongering” on the matter.
https://apnews.com/article/musk-trump-doge-social-security-92de2ce547df0dcdcc00a5876e1a7bd6
AP News · Voters fear Social Security cuts and put heat on GOP over Musk and DOGE
Under Trump, AI Scientists Are Told to Remove ‘Ideological Bias’ From Powerful Models
A directive from the National Institute of Standards and Technology eliminates mention of “AI safety” and “AI fairness.”
https://www.wired.com/story/ai-safety-institute-new-directive-america-first/
WIRED · Under Trump, AI Scientists Are Told to Remove ‘Ideological Bias’ From Powerful Models
New Privacy Guides video 
by @jw
If you've wondered about
the difference between:
Privacy,
Security,
and Anonymity 
And why some privacy-focused
services are worth using even when they don't provide perfect anonymity, watch this!
It's truly an amazing short video!
Everyone should watch it 
https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/
If you still use one of these devices, you might want to start looking into alternatives.
"In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally [...] Starting on March 28, recordings of everything command spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud."
Ars Technica · Everything you say to your Echo will be sent to Amazon starting on March 28
Antarctic security a concern for Canada, says top naval commander
The Canadian Navy's top commander, Vice-Admiral Angus Topshee, spoke to the CBC about the Navy's current mission in Antarctica, and why a scientific research expedition can serve to strengthen Canada's polar security.
#security #military #research #politics #Antarctica #Canada
https://www.cbc.ca/news/science/antarctic-canada-angus-topshee-1.7482863?cmp=rss
Continued thread
Will you join over 1.9k people who’ve signed our petition to keep what’s stored on Apple iCloud encrypted?
The UK government is gambling with our security and playing into the hands of hackers and criminals.
Send a message: save encryption before more services are hit with technical notices.
Sign and share now 
https://you.38degrees.org.uk/petitions/keep-our-apple-data-encrypted
38 DegreesKeep our Apple data encryptedIt is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud.
Encryption keeps our private information safe and secure. It’s essential for being safe online when sending messages, shopping, doing online banking – and for storing things safely in the cloud. With the Cabinet Office estimating the cost of Cyber Crime at £21BN a year to our economy, we can’t afford to make our...
‘Absurd’
When you have the press and civil society camped outside the courtroom, the secret might be out 
Even so, we’re still denied the reasons why the UK government wants to take a battering ram to our security and privacy.
It shows contempt for the public interest in the Apple encryption case.