A new actively exploited zero-day vulnerability in iOS has been disclosed by researchers from nostr:npub1h662kslx3s4e4y0ny97snasj8d0m22yld2xt6rn8zjpyj8nz4f7q8e0ec3.

This vulnerability is being used by the "BLASTPASS" exploit to deploy NSO Group's Pegasus mercenary spyware. The exploit involves a PassKit attachment that contains malicious images sent from an attacker iMessage account to its victim. The researchers also note that no user interaction is required by the victim for this exploit to work.

Apple has since released patches for this zero-day vulnerability. Both Apple & Citizen Lab urges iPhone users to update as soon as possible.

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Apple security advisory: https://support.apple.com/en-us/HT213905

#infosec #cybersecurity #zeroday #blastpass #citizenlab #nsogroup #pegasus #spyware #iOS #iPhone #iMessage #patchnow

The Liquor Control Board of Ontario (LCBO), a crown corporation that sells alcohol in the Canadian province of Ontario has been implicated in another data breach.

This time, the breach was through one of its third party service provider, Conversion Digital, a company that manages it's promotional emails.

The data loss included any information used to sign up for their email list. Some of these information may include: name, date of birth, Aeroplan number and postal code.

https://www.thestar.com/business/lcbo-reports-another-data-breach-as-some-customers-personal-information-compromised/article_c9656dd3-9154-5c40-a369-d242ef2984f4.html

#infosec #cybersecurity #LCBO #Aeroplan #Ontario #Canada #databreach

nostr:npub1vcy8zvrhj3xhwydfjempzl6s4sv77ypyy8zqtzsgexfk3nrsr9jquzgzn8 nostr:npub1lrvmc88ck63qpt734w85t5pnxchncvam0p9k9mueuezqz0grkn6s8jtth9

It's kinda interesting how Mastodon has resisted adding full text search when other ActivityPub microblogging implementations like #Akkoma & #Firefish already have these for a while.

I'm currently replying from a Firefish instance and the full text search works pretty well...

nostr:npub183n8fp0xavfvuejszsfzkf44af77j6xfgmk33k2whm7ktflcr4jqswtahh wait, what was this Madison issue? I know the whole LTT controversy but never heard about another controversy surrounding Madison, what happened there?

nostr:npub12lxtr540euchz3wpu4l745spze9fesue5lcentzceegq04ftzzxsajjvjy Person was really hugging the edge of the road, could even seen as purposefully knocking out the mailbox... There seems like there's enough room on the road to avoid the mailbox...

nostr:npub170vth99f30mk0s683wkxkhdhraxkmnyc5a8nw9p2046jz8ztdnps3wjavf nostr:npub1ks4j70qusuv7hnaqcrr3azks95fxjpz4sx29sy9h35z3vltwaunsmdx88p nostr:npub15x4zdwm9h6f88jpsslct9ehxffg0cnr0ejhp9t0pz60s2qx6myvsu23p3l

They don't even need to do that, they can just simply choose to deploy an #Akkoma or #Firefish instance that already have those features... You don't need to modify #Mastodon to do something that already exists on the fediverse. If they don't want to deploy their own instance, they can join existing ones running these implementations.

Akkoma & Firefish include quote boosts/quote posts, rich text formatting, full text search and more. Firefish even has the option to import posts from other instances including from Mastodon as well.

Mastodon has the most "market share" but they're definitely not the only #ActivityPub microblogging implementation out there. Others exist and already have features that are missing on Mastodon. Unfortunately because of Mastodon's sheer size, people have equated it to the entire fediverse, similar to how Kleenex is to facial tissues.

I think Big Media is mainly still not sold on the idea of decentralized social networking and they don't believe the audience is there. They seem to have hopped on to Threads pretty fast. I'm interested to see how BBC's experiment on the fediverse plays out, hopefully they have a permanent presence here.

nostr:npub1ks4j70qusuv7hnaqcrr3azks95fxjpz4sx29sy9h35z3vltwaunsmdx88p nostr:npub15x4zdwm9h6f88jpsslct9ehxffg0cnr0ejhp9t0pz60s2qx6myvsu23p3l

They don't even need to do that, they can just simply choose to deploy an #Akkoma or #Firefish instance that already have those features... You don't need to modify #Mastodon to do something that already exists on the fediverse. If they don't want to deploy their own instance, they can join existing ones running these implementations.

Akkoma & Firefish include quote boosts/quote posts, rich text formatting, full text search and more. Firefish even has the option to import posts from other instances including from Mastodon as well.

Mastodon has the most "market share" but they're definitely not the only #ActivityPub microblogging implementation out there. Others exist and already have features that are missing on Mastodon. Unfortunately because of Mastodon's sheer size, people have equated it to the entire fediverse, similar to how Kleenex is to facial tissues.

I think Big Media is mainly still not sold on the idea of decentralized social networking and they don't believe the audience is there. They seem to have hopped on to Threads pretty fast. I'm interested to see how BBC's experiment on the fediverse plays out, hopefully they have a permanent presence here.

🤣

Source: nostr:npub1gfdrrw9629qxwvwaa3vwnvzhtaqu2c5m9wf6vcwjnmdnhs7hl4jsux7gg6 on Facebook.

#systemd #humour #comedy #sysadmin #linux

One of Canada's largest medical diagnostics lab providers has reached a proposed class action settlement of C$4.9 million for the hack that it suffered back in 2019. In 2019, cybercriminals broke into LifeLabs' network & stole medical records of 8.6 million Canadians.

In its proposed class action settlement, the company stated that:Any Canadian resident who was a LifeLabs customer on or before Dec. 17, 2019 – the day the company announced it had been the target of a data breach – and whose personal information, including lab results, was accessed could receive a cash payment as part of the proposed settlement.Each claimant in the proposed settlement can receive between $50-150 depending on their claim.

It is important to note that the proposed settlement has not yet been approved by the courts, but affected individuals have "the option of participating in the settlement, staying in the class action and objecting to the settlement, or opting out."

https://www.ctvnews.ca/business/lifelabs-to-pay-out-at-least-4-9-million-in-proposed-class-action-settlement-over-data-breach-1.6514511

Class action settlement site: https://lifelabssettlement.kpmg.ca/

#infosec #cybersecurity #cybercrime #cyberattack #dataleak #ClassAction #Canada #LifeLabs #news

nostr:npub1xxemmfvctc02ug4ue2u8sr2z683wpprh3ntl5r5gc3cd7l3f02ass4zxth

Only thing that I keep rotating is my smartphones because of the battery & OS updates. Would love the ability to get replaceable batteries & longer OS updates with the latest specs but that's not likely. Fairphone can be an option but the specs are just mediocre.

For my desktops, I generally design them for 5 years but that's only as my primary. They always find life afterwards as hand me downs or repurposed for something else and they are only truly recycled/e-waste when they hit about 15-20 years.

Hell, my #OPNSense box is running on hardware that's almost 15 years old.

Running #Linux or #FreeBSD really extends the life of old hardware. Drivers tend to still work on ancient hardware. Example, I have a really old NIC card from a company who doesn't make NIC cards anymore, the drivers only work up until Windows XP. I plop it into a FreeBSD box, and it just works. Instead of e-wasting the NIC card, it's now humming along.

Infosec.town has now achieved its 500th user w00t!

#Firefish #fediverse

Infosec.town has hit its 500th user w00t!

#Firefish #fediverse

nostr:npub1k9js796vr48cum9ypnj4r38jhf7jtlyx2r9jg8ghl3d0e9av6mqq3dgsa2 Oracle Cloud Free Tier gives you 4 ARM-based vCPU, 24GB RAM & 200GB free. However, you need to keep it active or else they will claim the resources back.

https://www.oracle.com/cloud/free/

Alternatively, you can get dirt cheap hosting if you check out LowEndTalk forums.

I've had pretty good experience with GreenCloudVPS. These hosts do oversubscribe but these guys aren't too bad. You're not gonna get Hetzner or DigitalOcean quality but for bargain basement pricing, hard to beat: https://greencloudvps.com/billing/store/budget-kvm-sale. Their 2 vCPU + 4GB RAM option should be enough for something like an #Akkoma install or maybe even a #Firefish install. Not a ton of drive space though so you have to be very careful of how many relays you use.

Hope this helps!

nostr:npub12lxtr540euchz3wpu4l745spze9fesue5lcentzceegq04ftzzxsajjvjy Ya COVID brain fog is real. Hopefully with lots of rest, it will clear soon, get well soon!

nostr:npub17tdadn0j58jjrekysl4ley0nlzzge58w5nuw7knncr8mk4vacfkqz3apfk First thought was Arch because that's the distro that I've gotten to like very much (and daily drive) but if there was just 1 distro, I have to hand it to #Debian. It's rock solid, it doesn't shove packages you don't want down your throat, it's predictable, relatively lightweight. Doesn't randomly break shit on you.

Though for desktop, its repositories can get stale, I guess that's where Flatpak comes in with newer desktop app packages regardless of what the Debian repo have.

nostr:npub1698uvfxspzetzm4jld522rpphytcwj3v2sg0nz96znv8k6e70msq7jhmgt nostr:npub1qmcpm5qnud8p4az4enwx0arcnw38jxyq70yzphj5xdn9va6q8s4qryv6gx Thanks, much appreciated!

I wish they had some sort of screen or sign to let them know because newcomers aren't going to automatically figure that out lol.Most people look for a sign in button or at least some sort of instructions on "getting started".

nostr:npub1698uvfxspzetzm4jld522rpphytcwj3v2sg0nz96znv8k6e70msq7jhmgt nostr:npub1qmcpm5qnud8p4az4enwx0arcnw38jxyq70yzphj5xdn9va6q8s4qryv6gx I have been doing some reviews myself as well. Regarding Nostr, had some quick first impressions that I posted a couple days ago: https://mstdn.ca/@deltatux/110828937214549484

I like the protocol but the community there is just mainly cryptobros pumping crypto so far...

Personally I couldn't get Primal working either and the apps are still very much in development.

nostr:npub1698uvfxspzetzm4jld522rpphytcwj3v2sg0nz96znv8k6e70msq7jhmgt nostr:npub1qmcpm5qnud8p4az4enwx0arcnw38jxyq70yzphj5xdn9va6q8s4qryv6gx it looks like it appeared on #Nostr through the Mostr ActivityPub-Nostr bridge.