Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 4

Get the latest international news and world events from around the world.

Log in for authorized contributors

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one.

Securing the cloud office in this scenario is all about finding leverage: identifying the strategic control points that drive the most resilience without adding operational overhead.

Google Workspace provides an excellent security foundation, but its native tooling has inherent limitations, and relying on the default configurations can cause headaches. To build a truly resilient program, there are some common-sense first steps teams can take to secure Workspace natively, before intelligently augmenting the platform where its capabilities fall short.

INC ransomware opsec fail allowed data recovery for 12 US orgs

An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations.

A deep forensic examination of the artifacts left behind uncovered tooling that had not been used in the investigated attack, but exposed attacker infrastructure that stored data exfiltrated from multiple victims.

The operation was conducted by Cyber Centaurs, a digital forensics and incident response company that disclosed its success last November and now shared the full details with BleepingComputer.

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft.

In a new report released today by Okta, researchers explain that the phishing kits are sold as part of an “as a service” model and are actively being used by multiple hacking groups to target identity providers, including Google, Microsoft, and Okta, and cryptocurrency platforms.

Unlike typical static phishing pages, these adversary-in-the-middle platforms are designed for live interaction via voice calls, allowing attackers to change content and display dialogs in real time as a call progresses.

Curl ending bug bounty program after flood of AI slop reports

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports.

The change was first discovered in a pending commit to curl’s BUG-BOUNTY.md documentation, which removes all references to the HackerOne program.

Once merged, the file will be updated to state that the curl project no longer offers any rewards for reported bugs or vulnerabilities and will not help researchers obtain compensation from third parties either.

CEO of Palantir Says AI Means You’ll Have to Work With Your Hands Like a Peasant

Wondering what your career looks like in our increasingly uncertain, AI-powered future? According to Palantir CEO Alex Karp, it’s going to involve less of the comfortable office work to which most people aspire, a more old fashioned grunt work with your hands.

Speaking at the World Economic Forum yesterday, Karp insisted that the future of work is vocational — not just for those already in manufacturing and the skilled trades, but for the majority of humanity.

In the age of AI, Karp told attendees at a forum, a strong formal education in any of the humanities will soon spell certain doom.

/* */