The former US Ambassador to Russia has claimed that deepfakes are being used to impersonate him in a bid to “undermine” Ukrainian war efforts.Michael McFaul, a vocal critic of Vladimir Putin who served as US ambassador to Russia from 2012 to 2014, claims that an “AI-generated deep fake that looks and talks like me” is being circulated as a “new Russian weapon of war” He wrote on Twitter: “WARNING. Someone using the phone number +1 (202) 7549885 is impersonating me. If you connect on a video platform with this number, you will see an AI-generated "deep fake" that looks and talks like me.

A massive Chinese database storing millions of faces and vehicle license plates was left exposed on the internet for months before it quietly disappeared in August. While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error. The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China’s east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely.

The Internal Revenue Service (IRS) confirmed that it accidentally exposed the confidential data of about 120,000 individuals on its website. The information has since been removed. The data exposed was from Form 990-T, filed by individuals with individual retirement accounts (IRAs) who earn some type of business income, aside from securities, from their retirement plans.

Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. While Plex’s message says “all account passwords that could have been accessed were hashed and secured in accordance with best practices,” it is still advising all users to change their passwords immediately. The email states, “Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.” There is no indication any other personal account information has been compromised, and there’s no mention of access to private media libraries having been accessed in the breach.

Twitter officially confirmed that a January breach led to the leak of information connected to 5.4 million accounts. Two weeks ago, a hacker on Breach Forums offered email addresses and phone numbers connected to the accounts, which they said ranged from “celebrities, companies, randoms, OGs, etc.” Researchers immediately tied the post to a vulnerability in Twitter’s platform that was discovered in January by a security researcher who reported the issue through HackerOne, which operates a bug bounty platform used by Twitter. Twitter told The Record on July 22 that it would investigate the issue. On Friday, the company confirmed both that the information was obtained through the vulnerability and that the stolen information was legitimate.

In order to prevent browsers like Brave and Firefox from deploying URL stripping that removes tracking parameters added to links by Facebook and others, like Amazon, Facebook is reportedly turning to encrypting links. Instead of changing tracking parameters in URLs, they are now encrypted and cannot be automatically removed. This means that browsers at this time cannot do anything to prevent tracking via Facebook URLs.

Amazon’s Ring devices are not just personal security cameras. They are also police cameras—whether you want them to be or not. The company now admits there are “emergency” instances when police can get warrantless access to Ring personal devices without the owner’s permission. This dangerous policy allows police, in conjunction with Ring, to decide when access should be granted to private video. The footage is given in “​​cases involving imminent danger of death or serious physical injury to any person.”

Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.

San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras – think: those in residential doorbells, medical clinics, and retail shops – in real time for surveillance purposes.

Cannot Sign up, not log in using the hackliberty portals using the .onion address. Either option presents a permanent loading symbol with no signs of progression.

The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.

Twitter published an apology on Wednesday after it was caught covertly using account security data for targeted advertising. The social media giant admitted that for several years, users were asked to provide a phone number or email address to secure or authenticate their accounts. Twitter then used that information for targeted advertising, according to a complaint filed by the Department of Justice and Federal Trade Commission. In May, the company agreed to pay a $150 million fine to settle the complaint, which alleged that Twitter violated a previous order “by collecting customers’ personal information for the stated purpose of security and then exploiting it commercially.”

An entity controlling MEGA’s core infrastructure can tamper with the encrypted RSA private key and deceive the client into leaking information about one of the prime factors of the RSA modulus during the session ID exchange. More specifically, the session ID that the client decrypts with the mauled private key and sends to the server will reveal whether the prime is smaller or greater than an adversarially chosen value. This information enables a binary search for the prime factor, with one comparison per client login attempt, allowing the adversary to recover the private RSA key after 1023 client logins. Using lattice cryptanalysis, the number of login attempts required for the attack can be reduced to 512.

Skiff gives every user 10GB free of Skiff Drive.

'We are not so naive as to think that this book will expose terrible things previously unknown, mark the border separating good from evil, or reveal some brilliant discovery…This book's objectives are modest and practical: to teach you to protect yourself from cyber espionage, get round unlawful censoring and suppressing of resources, safely protect your electronic data, and remain anonymous in the Internet." Source: https://book.cyberyozh.com/what-will-you-learn-from-this-book/ © CyberYozh security group

A comprehensive list of VPS and cloud-service/hosting providers that are either: - (a) Tor-friendly ***or*** - (b) accept Monero (XMR) and are privacy-driven

A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps.

An in-depth comparison of *most* of the secure messaging apps out there.

Resources, guides and links for Bitcoin, open source software for mobile and desktop, privacy tools, self-hosting and more.

Do you know the hidden cost of using free services like discord? It might not be what you think...