home.social

#digitalrisk — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #digitalrisk, aggregated by home.social.

  1. @Deverse

    Резюме статьи (kod.ru про Telegram и неофициальные клиенты):

    Появился новый неофициальный клиент Telegram — Monogram (Android, open source), созданный как попытка сделать более современное, быстрое и прозрачное приложение.

    Он использует официальную библиотеку TDLib, но строится на современном Android-стеке (Kotlin, Jetpack Compose, модульная архитектура).

    Причины появления таких клиентов:

    официальный клиент стал сложным и перегруженным;

    задержки с публикацией исходного кода;

    спорные решения в дизайне (например, перенос iOS-стиля в Android).

    Ключевая проблема — безопасность:

    Исследования показывают, что альтернативные клиенты часто:

    отправляют данные на сторонние серверы (в т.ч. в РФ);

    включают стороннюю аналитику (например, Firebase);

    могут передавать пользовательские данные третьим сторонам.

    В целом эксперты считают большинство неофициальных клиентов потенциально небезопасными.

    Состояние Monogram:

    ранняя стадия разработки (много багов, проблемы с логином и аккаунтами);

    быстро развивается, но пока не готов как полноценная замена.

    Вывод:

    Неофициальные клиенты появляются из-за технологических и UX-претензий к Telegram.

    Но на практике это компромисс: удобство и кастомизация vs безопасность и приватность.

    На текущий момент — скорее инструмент для энтузиастов, а не массовая альтернатива.

    #Telegram #Monogram #TDLib #Android #OpenSource #Мессенджеры #Кибербезопасность #Приватность #DataLeak #Инфобез #ИТ #Разработка #Kotlin #JetpackCompose #Аналитика #Security #AppDev #FOSS #TelegramAPI #DigitalRisk

  2. @Deverse

    Резюме статьи (kod.ru про Telegram и неофициальные клиенты):

    Появился новый неофициальный клиент Telegram — Monogram (Android, open source), созданный как попытка сделать более современное, быстрое и прозрачное приложение.

    Он использует официальную библиотеку TDLib, но строится на современном Android-стеке (Kotlin, Jetpack Compose, модульная архитектура).

    Причины появления таких клиентов:

    официальный клиент стал сложным и перегруженным;

    задержки с публикацией исходного кода;

    спорные решения в дизайне (например, перенос iOS-стиля в Android).

    Ключевая проблема — безопасность:

    Исследования показывают, что альтернативные клиенты часто:

    отправляют данные на сторонние серверы (в т.ч. в РФ);

    включают стороннюю аналитику (например, Firebase);

    могут передавать пользовательские данные третьим сторонам.

    В целом эксперты считают большинство неофициальных клиентов потенциально небезопасными.

    Состояние Monogram:

    ранняя стадия разработки (много багов, проблемы с логином и аккаунтами);

    быстро развивается, но пока не готов как полноценная замена.

    Вывод:

    Неофициальные клиенты появляются из-за технологических и UX-претензий к Telegram.

    Но на практике это компромисс: удобство и кастомизация vs безопасность и приватность.

    На текущий момент — скорее инструмент для энтузиастов, а не массовая альтернатива.

    #Telegram #Monogram #TDLib #Android #OpenSource #Мессенджеры #Кибербезопасность #Приватность #DataLeak #Инфобез #ИТ #Разработка #Kotlin #JetpackCompose #Аналитика #Security #AppDev #FOSS #TelegramAPI #DigitalRisk

  3. @Deverse

    Резюме статьи (kod.ru про Telegram и неофициальные клиенты):

    Появился новый неофициальный клиент Telegram — Monogram (Android, open source), созданный как попытка сделать более современное, быстрое и прозрачное приложение.

    Он использует официальную библиотеку TDLib, но строится на современном Android-стеке (Kotlin, Jetpack Compose, модульная архитектура).

    Причины появления таких клиентов:

    официальный клиент стал сложным и перегруженным;

    задержки с публикацией исходного кода;

    спорные решения в дизайне (например, перенос iOS-стиля в Android).

    Ключевая проблема — безопасность:

    Исследования показывают, что альтернативные клиенты часто:

    отправляют данные на сторонние серверы (в т.ч. в РФ);

    включают стороннюю аналитику (например, Firebase);

    могут передавать пользовательские данные третьим сторонам.

    В целом эксперты считают большинство неофициальных клиентов потенциально небезопасными.

    Состояние Monogram:

    ранняя стадия разработки (много багов, проблемы с логином и аккаунтами);

    быстро развивается, но пока не готов как полноценная замена.

    Вывод:

    Неофициальные клиенты появляются из-за технологических и UX-претензий к Telegram.

    Но на практике это компромисс: удобство и кастомизация vs безопасность и приватность.

    На текущий момент — скорее инструмент для энтузиастов, а не массовая альтернатива.

    #Telegram #Monogram #TDLib #Android #OpenSource #Мессенджеры #Кибербезопасность #Приватность #DataLeak #Инфобез #ИТ #Разработка #Kotlin #JetpackCompose #Аналитика #Security #AppDev #FOSS #TelegramAPI #DigitalRisk

  4. Thousands of publicly exposed Google API keys may now authenticate access to Gemini AI services.

    Researchers say what was once low-risk exposure gained new privileges after AI integration.

    Cloud security takeaway: legacy credentials + evolving scope = hidden risk.
    Have you audited your API keys recently?

    Source: bleepingcomputer.com/news/secu

    Share your perspective below.
    Follow TechNadu for trusted cybersecurity coverage.

    #CyberSecurity #Google #Gemini #CloudSecurity #APIKeys #AIsecurity #Infosec #DevSecOps #AppSec #DigitalRisk

  5. Thousands of publicly exposed Google API keys may now authenticate access to Gemini AI services.

    Researchers say what was once low-risk exposure gained new privileges after AI integration.

    Cloud security takeaway: legacy credentials + evolving scope = hidden risk.
    Have you audited your API keys recently?

    Source: bleepingcomputer.com/news/secu

    Share your perspective below.
    Follow TechNadu for trusted cybersecurity coverage.

    #CyberSecurity #Google #Gemini #CloudSecurity #APIKeys #AIsecurity #Infosec #DevSecOps #AppSec #DigitalRisk

  6. Thousands of publicly exposed Google API keys may now authenticate access to Gemini AI services.

    Researchers say what was once low-risk exposure gained new privileges after AI integration.

    Cloud security takeaway: legacy credentials + evolving scope = hidden risk.
    Have you audited your API keys recently?

    Source: bleepingcomputer.com/news/secu

    Share your perspective below.
    Follow TechNadu for trusted cybersecurity coverage.

    #CyberSecurity #Google #Gemini #CloudSecurity #APIKeys #AIsecurity #Infosec #DevSecOps #AppSec #DigitalRisk

  7. Thousands of publicly exposed Google API keys may now authenticate access to Gemini AI services.

    Researchers say what was once low-risk exposure gained new privileges after AI integration.

    Cloud security takeaway: legacy credentials + evolving scope = hidden risk.
    Have you audited your API keys recently?

    Source: bleepingcomputer.com/news/secu

    Share your perspective below.
    Follow TechNadu for trusted cybersecurity coverage.

    #CyberSecurity #Google #Gemini #CloudSecurity #APIKeys #AIsecurity #Infosec #DevSecOps #AppSec #DigitalRisk

  8. New 2026 telemetry from Bitdefender indicates 41% of Valentine’s-themed email traffic contained scam elements.

    Threat vectors observed:
    • Brand impersonation campaigns
    • AI-generated dating personas
    • Advance-fee survey funnels
    • Delivery notification phishing
    • Pharma spam distribution
    • Healthcare provider impersonation (e.g., Techniker Krankenkasse)
    Geographic targeting concentrated in the U.S. (55%) and key European markets.

    Question for defenders:
    Are current email filtering models sufficiently adaptive to seasonal emotional triggers amplified by generative AI?
    Engage below.

    Follow @technadu for threat intelligence reporting.

    #ThreatIntel #Phishing #EmailSecurity #AIThreats #SOC #BlueTeam #FraudDetection #BrandAbuse #SecurityResearch #CyberDefense #Malspam #DigitalRisk

  9. New 2026 telemetry from Bitdefender indicates 41% of Valentine’s-themed email traffic contained scam elements.

    Threat vectors observed:
    • Brand impersonation campaigns
    • AI-generated dating personas
    • Advance-fee survey funnels
    • Delivery notification phishing
    • Pharma spam distribution
    • Healthcare provider impersonation (e.g., Techniker Krankenkasse)
    Geographic targeting concentrated in the U.S. (55%) and key European markets.

    Question for defenders:
    Are current email filtering models sufficiently adaptive to seasonal emotional triggers amplified by generative AI?
    Engage below.

    Follow @technadu for threat intelligence reporting.

    #ThreatIntel #Phishing #EmailSecurity #AIThreats #SOC #BlueTeam #FraudDetection #BrandAbuse #SecurityResearch #CyberDefense #Malspam #DigitalRisk

  10. New 2026 telemetry from Bitdefender indicates 41% of Valentine’s-themed email traffic contained scam elements.

    Threat vectors observed:
    • Brand impersonation campaigns
    • AI-generated dating personas
    • Advance-fee survey funnels
    • Delivery notification phishing
    • Pharma spam distribution
    • Healthcare provider impersonation (e.g., Techniker Krankenkasse)
    Geographic targeting concentrated in the U.S. (55%) and key European markets.

    Question for defenders:
    Are current email filtering models sufficiently adaptive to seasonal emotional triggers amplified by generative AI?
    Engage below.

    Follow @technadu for threat intelligence reporting.

    #ThreatIntel #Phishing #EmailSecurity #AIThreats #SOC #BlueTeam #FraudDetection #BrandAbuse #SecurityResearch #CyberDefense #Malspam #DigitalRisk

  11. New 2026 telemetry from Bitdefender indicates 41% of Valentine’s-themed email traffic contained scam elements.

    Threat vectors observed:
    • Brand impersonation campaigns
    • AI-generated dating personas
    • Advance-fee survey funnels
    • Delivery notification phishing
    • Pharma spam distribution
    • Healthcare provider impersonation (e.g., Techniker Krankenkasse)
    Geographic targeting concentrated in the U.S. (55%) and key European markets.

    Question for defenders:
    Are current email filtering models sufficiently adaptive to seasonal emotional triggers amplified by generative AI?
    Engage below.

    Follow @technadu for threat intelligence reporting.

    #ThreatIntel #Phishing #EmailSecurity #AIThreats #SOC #BlueTeam #FraudDetection #BrandAbuse #SecurityResearch #CyberDefense #Malspam #DigitalRisk

  12. This Gmail hack is unsettling not because it’s flashy, but because it’s bureaucratic. Attackers aren’t breaking encryption or outsmarting algorithms. They’re filling out forms. By changing an account’s age and abusing Google’s Family Link feature, they can quietly reclassify an adult user as a “child” and assume parental control. At that point, the rightful owner isn’t hacked so much as administratively erased.

    The clever part is that everything happens inside legitimate features. Passwords are changed. Two-factor settings are altered. Recovery options are overwritten. And when the user tries to get back in, Google’s automated systems see a supervised child account and do exactly what they were designed to do: say no.

    Google says it’s looking into the issue, which suggests this wasn’t how the system was supposed to work. But it’s a reminder of an old lesson. Security failures often happen when protective mechanisms are combined in ways no one quite imagined. The tools aren’t broken. The assumptions are.

    There’s no dramatic fix here, only mildly annoying advice that suddenly feels urgent. Review recovery settings. Lock down account changes. Use passkeys. Because once an attacker controls the recovery layer, proving you’re you can become surprisingly difficult.

    TL;DR
    🧠 Family safety tools are being weaponized
    ⚡ Account recovery can be shut down entirely
    🎓 Legitimate features enable the lockout
    🔍 Prevention matters more than appeals

    forbes.com/sites/daveywinder/2

    #Cybersecurity #Gmail #IdentitySecurity #AccountRecovery #DigitalRisk #security #privacy #cloud #infosec

  13. AI-driven fraud is hitting holiday shoppers at machine speed. In today’s Cyberside Chats episode, Sherri Davidoff and Matt Durrin unpack what that looks like in the real world. They discuss how phishing kits, prebuilt configs, and bot-driven takeovers are giving attackers a near-instant launchpad for credential abuse.

    This breakdown shows how quickly these tools scale—and why teams need to shore up people, passwords, and payments before the rush.

    Listen here: chatcyberside.com/e/holiday-ha

    Watch the video: youtu.be/TpMD5v5JUNc

    Or find Cyberside Chats wherever you get your podcasts.

    #CyberDefense #SecurityAwareness #OnlineFraud #DigitalRisk #ThreatResearch #AIinSecurity #Malvertising #HolidayThreats

  14. AI-driven fraud is hitting holiday shoppers at machine speed. In today’s Cyberside Chats episode, Sherri Davidoff and Matt Durrin unpack what that looks like in the real world. They discuss how phishing kits, prebuilt configs, and bot-driven takeovers are giving attackers a near-instant launchpad for credential abuse.

    This breakdown shows how quickly these tools scale—and why teams need to shore up people, passwords, and payments before the rush.

    Listen here: chatcyberside.com/e/holiday-ha

    Watch the video: youtu.be/TpMD5v5JUNc

    Or find Cyberside Chats wherever you get your podcasts.

    #CyberDefense #SecurityAwareness #OnlineFraud #DigitalRisk #ThreatResearch #AIinSecurity #Malvertising #HolidayThreats

  15. Stellantis hit by a cyberattack via a third-party provider, exposing the auto industry’s fragile digital supply chains. With rivals facing similar crises and Stellantis already battling losses, it’s clear cybersecurity is now as vital as engineering.

    #Stellantis #CyberAttack #DataBreach #AutoIndustry #CyberSecurity #EV #DigitalRisk #TECHi

    Read Full Article Here :- techi.com/stellantis-cyberatta

  16. Just dropped a new post in a loooong time: AI Instrumental Convergence – A New Enterprise Threat

    If you're not thinking about how AI could accidentally outmanoeuvre your business, you're already behind.

    Read now: ivos.pro/ai-instrumental-conve

    #CyberSecurity #AIThreats #InfoSec #EnterpriseRisk #TechLeadership #AIConvergence #DigitalRisk #CIO #CTO

  17. Just dropped a new post in a loooong time: AI Instrumental Convergence – A New Enterprise Threat

    If you're not thinking about how AI could accidentally outmanoeuvre your business, you're already behind.

    Read now: ivos.pro/ai-instrumental-conve

    #CyberSecurity #AIThreats #InfoSec #EnterpriseRisk #TechLeadership #AIConvergence #DigitalRisk #CIO #CTO

  18. Just dropped a new post in a loooong time: AI Instrumental Convergence – A New Enterprise Threat

    If you're not thinking about how AI could accidentally outmanoeuvre your business, you're already behind.

    Read now: ivos.pro/ai-instrumental-conve

    #CyberSecurity #AIThreats #InfoSec #EnterpriseRisk #TechLeadership #AIConvergence #DigitalRisk #CIO #CTO

  19. Just dropped a new post in a loooong time: AI Instrumental Convergence – A New Enterprise Threat

    If you're not thinking about how AI could accidentally outmanoeuvre your business, you're already behind.

    Read now: ivos.pro/ai-instrumental-conve

    #CyberSecurity #AIThreats #InfoSec #EnterpriseRisk #TechLeadership #AIConvergence #DigitalRisk #CIO #CTO

  20. Just dropped a new post in a loooong time: AI Instrumental Convergence – A New Enterprise Threat

    If you're not thinking about how AI could accidentally outmanoeuvre your business, you're already behind.

    Read now: ivos.pro/ai-instrumental-conve

    #CyberSecurity #AIThreats #InfoSec #EnterpriseRisk #TechLeadership #AIConvergence #DigitalRisk #CIO #CTO

  21. North Korea’s 🇰🇵 IT worker scams are getting more sophisticated, while Western defenses remain reactive. Over 1,000 emails and new personas tied to DPRK operatives have been exposed, revealing lavish lifestyles, AI-generated fake identities, and state-level monitoring.

    TL;DR
    🕵️ Researchers exposed key operatives and email networks
    🧠 DPRK IT workers use AI, stolen IDs, and fake personas
    🎭 Operatives get autonomy, luxury, and state protection
    📡 Internal surveillance and quotas drive risky behavior

    wired.com/story/north-korean-i
    #nationalsecurity #cyberespionage #digitalrisk #infosecleadership #security #privacy #cloud #infosec #cybersecurity

  22. ⏰ Just 24 hours.

    That’s all EU companies now have to report a significant cyber incident under new laws like NIS2.

    This isn’t just red tape—it’s Europe’s attempt to build real-time digital resilience.

    Could your org meet the deadline?

    📖 Read more: blueheadline.com/cybersecurity

    #CyberSecurity #TechPolicy #DigitalRisk #BlueHeadline #CyberResilience #EURegulation #NIS2 #CyberDefense #InfoSec #Technology

  23. ⚠️ Genetic privacy alert: 23andMe’s bankruptcy puts your DNA data at risk 🔬📉

    With user data now part of potential asset sales, EFF is urging all customers to act now:

    🧬 Download your data — store it securely for personal use
    🗑️ Delete your account + data — this includes reports, raw data, and family tree connections
    ❌ Revoke research consent — and explicitly request sample destruction

    Why it matters:
    • DNA reveals more than identity — it exposes health, ancestry, and family connections
    • The data doesn’t just belong to you — it can implicate relatives who never opted in
    • A new owner might not respect your privacy

    Take control now. Your genes deserve better security than a bankruptcy fire sale.

    #Privacy #DNA #DataRights #CyberSecurity #23andMe #DigitalRisk #security #privacy #cloud #infosec

    eff.org/deeplinks/2025/03/how-

  24. 🔓 200M X (Twitter) user records leaked in a 34GB free-for-all—again.

    Data enthusiast “ThinkingOne” released the files after allegedly failing to get a response from X. The breach combines:
    ・Data from a 2022 vulnerability X previously downplayed
    ・January 2025 breach data
    ・A total of 2.8 billion records spanning X user IDs, emails, bios, locations & more

    X continues to deny its systems were the direct source of the leak. But researchers confirm much of the data is real—and the scale is unmatched.

    💡 The kicker? ThinkingOne believes this might’ve required internal access, or an attack of unprecedented sophistication.

    Even without passwords, this treasure trove fuels phishing, impersonation, and targeted disinformation.

    👉 forbes.com/sites/daveywinder/2

    #CyberSecurity #DataBreach #Privacy #XPlatform #InfoSec #Twitter #SecurityAwareness #DigitalRisk #UserData

  25. 🔐 Let's protect your business: Extreme and real peril of cyberthreats 🌐
    Dive into the dynamic realm of cybersecurity with us! From surging threats to regulatory nuances, discover key strategies for a resilient digital future for your business. Let's fortify our defenses together! 🔒💻
    relianoid.com/blog/identify-th

  26. In this blog series, the author discussed how digital strategy and digital risk are essential to kickstarting a security transformation journey. He then looked into the use cases of secure access service edge (SASE) architecture with security service edge (SSE) capabilities and zero trust as part of the journey. netskope.com/blog/3-key-use-ca #DigitalStrategy #DigitalRisk #SecureAccessServiceEdge #ZeroTrust