Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
freiburg.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Ein Mastodon-Server für Freiburg und Umland betrieben durch den Verein freiburg.social e.V.: https://wir.freiburg.social

Administered by:

Server stats:

526
active users

freiburg.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#scam

24 posts18 participants0 posts today
Public
Infoblox Threat Intel

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

Public
silverpill

I saw the news that ATProto relay is now very cheap to run, and went to check it. Turns out "cheap" means 10 GB RAM, 500 GB SSD, 50mbps bandwidth. This is more than minimum Ethereum node requirements, and I am not sure how it could possibly be worse than that.

Needless to say, relay is only one component in their laughably inefficient system, which is still not decentralized in any meaningful way.

Bluesky Social · bryan newbold (@bnewbold.net)there will be an updated post soon. new relay uses around 2x vCPU, 10 GB RAM, 500 GB SSD, 50mbps bandwidth, IIRC. disk scales with event rate times replay window. 500 GB doesn't grow over time, only with event rate. that is for 72hr window, could slash a lot
#scam
Replied in thread
Public
Petra van Cronenburg

@leighms The same problem with #crafts and #art. Not long ago someone wrote an article about #scam #fake lacemaker books: 404media.co/bobbin-tatting-lac When it comes to tutorials, #LLM images become a pest destroying beginners' self esteem.
The only good news: it doesn't kill.

And Bezos, Zuckerberg & Co are complicit, because they want to sell their AI. @writers
@Remittancegirl

404 Media · AI-Generated Book Grifters Threaten The Future of Lace-Making“Unfortunately, for newcomers who might be excited to dive into this hobby, they could get burned by the inadequate books—and frankly the thievery—of the work of our cherished lacemakers and designers."
#AI#ChatGPT#bookstodon
Public *
Infoblox Threat Intel

Last week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens.

Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies.

Here are a few samples of the domains:

- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil.
- creo--ia[.]com Lookalike for an industrial fabrication firm in WA State.
- admiralsmetal[.]com Lookalike for US based metals provider.
- ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor.
- elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #phishing #malware #scam #dod

Public *
John Francis 🦫🇨🇦🍁💪⬆️

Elevated number of scam calls with fraudulent caller ID from my bank today. Won't leave voicemail. Won't talk to the automatic screener.

If they have anything interesting to say, they'll send me a letter.

Never accept calls or emails from business or govt. you deal with. Call them yourself, at the number found on their website or paper documents.

#scam#phish#canada
Replied in thread
Public *
Kevin Karhan :verified:

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

  • The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
#cryptoparty
Public
Amalia Zeichnerin

#scam
What do documentaries like „The Tinder Swindler“ and „Con Mum“ teach us?

If someone comes into your life, lovebombs you… and later asks you for your money, because they have an emergency or something like that? Run! And block them, before they can scam you even more.

The Tinder Swindler
imdb.com/de/title/tt14992922/

Con Mum
imdb.com/de/title/tt35955855/

IMDbDer Tinder-Schwindler (2022) ⭐ 7.1 | Dokumentarfilm, Krimi1h 54m | 12
Replied in thread
Public
Kevin Karhan :verified:

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread
Public
Kevin Karhan :verified:

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

  • This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
ExploreLive feeds
About