#CyberSecurity
securebulletin.com/us-indicts-…
US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response - Secure Bulletin
The U.S. Department of Justice unsealed charges against Yemeni national Rami Khaled Ahmed (36) for deploying Black Kingdom ransomware via ProxyLogon exploits (CVE-2021-26855) against 1,500+ systems, including U.S.securebulletin.com
reshared this
#tech
spcnet.it/come-mitigare-lesecu…
@informatica
Come mitigare l’esecuzione non autorizzata di PowerShell via Microsoft Word
Microsoft Word può eseguire comandi di PowerShell, indicando un possibile attacco informaticoSpcnet.it
reshared this
#CyberSecurity
securebulletin.com/sophisticat…
Sophisticated npm malware campaign exploits Cross-Ecosystem typosquatting - Secure Bulletin
A coordinated malware operation targeting npm employs cross-ecosystem typosquatting to mimic popular libraries from Python, Java, C++, and .NET ecosystems.securebulletin.com
reshared this
#NINAsec is out!
Buon sabato a tutti, con la #newsletter oggi analizziamo il leak di 42mila domini di #phishing messi a disposizione da FBI, con del codice che potrebbe servire per le vostre organizzazioni.
Altre notizie, la situazione della settimana e un utile #funfact
ninasec.substack.com/p/securit…
Security Weekly 28-2/5/25
I 42.000 domini Phishing as-a-service di LabHost analizzati: hai verificato che la tua rete non abbia avuto contatti con uno di loro? Script Python.Dario Fadda (NINAsec)
reshared this
New DOJ policy on journalists and sources fuels Trump’s lies
The Department of Justice is trying to make it easier for President Donald Trump to lie to the American public under the guise of cracking down on leaks.
On April 25, the DOJ announced the reversal of an internal policy that protected journalists from federal prosecutors seizing their records or forcing them to name their confidential sources. In a memo announcing the change, Attorney General Pam Bondi decried leaks that “undermine President Trump’s policies, victimize government agencies, and cause harm to the American people,” calling them “illegal and wrong.” The new policy was released May 1.
But the DOJ’s priority seems less about protecting the public and more about shielding the Trump administration from scrutiny. The news stories Bondi’s memo cited to justify the change don’t undermine or victimize anyone besides dishonest officials. They reported exactly the kind of news the American people deserve to know, and the administration would rather keep hidden.
In one footnote, Bondi’s memo links to reporting by The Washington Post and The New York Times about Trump’s use of the Alien Enemies Act to deport Venezuelans that officials claim are members of the Tren de Aragua gang. Trump claims that the act provides a legal basis for the deportations because Tren de Aragua is invading the U.S. at the direction of the Venezuelan government.
The reporting, however, revealed that this isn’t true — not according to Trump’s own spy agencies, at least. Based on information from confidential sources, the Post and the Times reported that U.S. intelligence agencies have concluded that the gang is not directed by Venezuela’s government or committing crimes in the United States on its orders.
Another footnote in the memo links to a Reuters news story reporting that Dan Caldwell, an aide to Defense Secretary Pete Hegseth, had been put on leave as part of a Department of Defense leaks investigation. According to Axois, Caldwell and another official were suspended as part of an investigation into the leak of plans for a secret Pentagon briefing for Elon Musk on China. Although Trump denied the reporting as “fake news,” the embarrassing leak reportedly led him to personally ax the briefing.
The DOJ’s priority seems less about protecting the public and more about shielding the Trump administration from scrutiny.
Other recent news reports based on information from confidential sources within the government are in the same vein: embarrassing to the Trump administration, but not a threat to national security.
The Times, for instance, recently used information from confidential sources to report that Hegseth — already under scrutiny for Signalgate 1.0 — shared “detailed information about forthcoming strikes in Yemen” in a second private Signal group chat that included his wife, brother, and lawyer. Days later, The Post reported, again based on confidential sources, that Hegseth had Signal installed on a desktop computer in his Pentagon office.
These news reports raise important and legitimate questions about Hegseth’s ability to protect confidential government information. Yet while the Trump administration has steadfastly refused to hold Hegseth accountable for lapses that could result in the very kind of leaks that damage national security that Bondi condemns, it’s eager to prosecute whistleblowers. Changing the DOJ policy on legal demands to journalists is an important step in this campaign.
Bondi’s memo followed a request announced the previous day by Director of National Intelligence Tulsi Gabbard for the DOJ to investigate leaks to the press. In the past, the DOJ has jailed or threatened to jail journalists who refused to name their confidential sources, and has secretly subpoenaed their phone and email records to search for their sources, sometimes while ignoring past internal policies.
But as bad as that track record is, this isn’t just a return to the status quo as of a few years ago, before the Biden administration enacted the policy Bondi repealed. This new one will be wielded by the most anti-press administration in American history, headed by a President who has called for journalists to be jailed and raped for refusing to name sources. Platitudes about press freedom are irrelevant in an administration that flouts Supreme Court rulings and is unlikely to be constrained by the precise wording of an internal policy.
Bondi’s mischaracterizations of leaks during Trump 2.0 can’t change that whistleblowers remain essential to the ability of the press to tell Americans the truth, rather than simply what the government wants us to know. From legendary Pentagon Papers leaker Daniel Ellsberg to Edward Snowden to countless others whose names we may never know, whistleblowers have been at the heart of some of the most important news stories in American history.
Trump wants to lie to us with impunity. Journalists and whistleblowers are one of the few things standing in his way.
While the Trump administration’s change to DOJ policy makes it riskier for journalists to do their jobs and for sources to expose officials’ lies, corruption, and crimes, undoubtedly many brave reporters and whistleblowers will continue to do just that.
They should be smart, and take steps to protect their digital and physical security. For example, SecureDrop, an open source whistleblower submission system from Freedom of the Press Foundation (FPF) allows for anonymous sharing of documents and tips.
But in the face of pervasive surveillance and an administration intent on identifying them, it’s possible the DOJ could unmask even the smartest and most careful sources. In that case, it will be up to the public to loudly and forcefully fight back against the Trump administration’s attempts to prosecute sources or the journalists who refuse to give up their names.
The public will only do that if it understands what press freedom means to our democracy and how severely attacks on journalist-source confidentiality can harm accountability. And that’ll only happen if journalists and editorial boards cover attacks on press freedom regularly and aggressively. The days of journalists not wanting to “make themselves the story” need to end – journalists aren’t making themselves the story, the administration is.
Trump wants to lie to us with impunity. Journalists and whistleblowers are one of the few things standing in his way. If the administration starts throwing them in jail — as the new DOJ policy will make it easier to do — we all must stand up for them.
Gazzetta del Cadavere reshared this.
Public records help overcome obstacles to reporting on state prisons
This is the third in a series of profiles of independent journalists who use public records to hold local governments accountable. The second, about Hannah Bassett of the Arizona Center for Investigative Reporting, is here. The first, about Lisa Pickoff-White of the California Reporting Project, is here.
Michelle Pitcher knows a little something about the Texas criminal justice system.
The criminal justice reporter with the Texas Observer, who previously contributed to Pulitzer Prize-winning reporting at The Marshall Project, grew up in Dallas with family members incarcerated by the state.
But while Pitcher's investigative work gives her — and her readership — insight into the impact the Texas Department of Criminal Justice has on the lives of millions of Texans, it’s a complex that typically functions in the dark.
“I think that the system wouldn’t work without secrecy, or at least that’s the idea behind a lot of the actions and policies that happen in Texas prisons,” Pitcher said.
As a journalism master’s student at the University of California-Berkeley, Pitcher worked with The Marshall Project, which focuses exclusively on criminal justice and prisons reporting, on a Pulitzer-Prize winning story about the use of police dogs. “Ever since then, I’ve realized it’s really fulfilling and the area that I’m passionate about for personal and professional reasons,” Pitcher added.
But that doesn’t make the work any easier.
Access to public records in Texas is often blocked by officials hiding behind broad security and privacy excuses, making it difficult for journalists and the public alike to ask questions and get answers. Even when records requests are ultimately not denied, delays can still obstruct newsgathering.
“Even if the attorney general’s office ultimately decides I should get those records, months have passed,” Pitcher said.
But to Pitcher, these obstacles are just that — she’ll follow records requests for a year if she has to, or visit public information officers all over the state in person to obtain the information she needs.
“These laws and policies are in place to make it explicitly difficult to get answers to questions to see what’s going on,” Pitcher said. “If you request documents, there are dozens of exceptions that prison officials can cite.”
Officials often just raise blanket security concerns. “A lot of it is up to the warden’s discretion, too,” Pitcher added. “It’s all very tight-lipped by design.”
To fill in the gaps left by a lack of access to records, Pitcher relies on incarcerated people to tell their stories and show the public what is happening behind closed doors.
"These laws and policies are in place to make it explicitly difficult to get answers"
Michelle Pitcher
“People are very brave and very willing to talk, knowing that it’s not going to be a secret and still willing to talk on the record,” Pitcher said. “As journalists, we should be seeking the people who are willing to tell those stories, because no one wants to feel like they’re shouting into the abyss. And people are shouting. People do want to talk.”
That said, the state prison makes it difficult for journalists to access the people incarcerated within the system, prohibiting journalists from interviewing the same person more than once within 90 days and limiting visits to an hour.
Pitcher uses her reporting to push past barriers — monitoring of emails and letters to incarcerated sources, guards and escorts present during media visits at prisons, incarcerated people moved across facilities — so she can inform the community.
“I’ve had it happen on multiple occasions where I was supposed to interview someone at a unit three hours away, and the day before the interview [they’re] at a different unit five hours away now,” Pitcher said. Although she has the geographical flexibility to follow her sources and navigate delay tactics, she says that is unfortunately “not possible for a lot of newsrooms” in the state.
Last year, Pitcher co-authored a story about the 200-year-long history of prison labor in Texas that pieced together prison reports, testimony, court filings, interviews of incarcerated people, and more to uncover the working conditions and death rates of these prison-run farms — some of which continue operating today.
To obtain these records, Pitcher and her team combined their reporting strategies and combed through the archives at the state libraries, filed records requests, and interviewed incarcerated individuals who had been injured while working.
Despite the obstacles in accessing information about current events in the prison system, Pitcher said that “Texas has a terrible history, and it’s all documented at the state libraries.”
“We had past, we had present, and we had official reports,” Pitcher said. “We had anecdotes, we had data. And it was just so rewarding to be able to put together a full picture.”
Although receiving her master’s in journalism helped shape her career path and train her in public records-seeking, Pitcher emphasized that anybody who wants to find out more about our government can request public records and report on them.
“As journalists, we have no real special rights or powers,” Pitcher said. “We are just members of the public who are availing ourselves of public record laws. All you have to do to be a journalist is do journalism with ethics.”
For more on this topic, see our two-part series on covering the mass incarceration system.
100 days, 100 attacks on the press
Dear Friend of Press Freedom,
This week, we take a look back at Trump 2.0’s first 100 days — and catch us live May 2, 2025, at 1 p.m. Eastern time for a discussion on the administration’s unprecedented attack on law firms and what they mean for the press.
100 days, 100 attacks on the press, and counting
The second Trump administration’s 100th day came and went this week, but the attacks on the press and transparency kept coming.
Our U.S. Press Freedom Tracker has a recap of some of the major press freedom violations it’s documented so far. We also put together a list of 100 times President Donald Trump and his team targeted the Fourth Estate. Here it is on Bluesky and X.
It’s alarming how easy it was to get to that number. Before the ink dried, there were a couple more, including Trump’s ludicrous threat to sue The New York Times for “tortious interference” for quoting legal experts on the weakness of his frivolous shakedown of a lawsuit against CBS News.
And to combat the excessive secrecy that defined this administration’s first few months, we also launched The Classified Catalog, a secrecy news tracker to help the public hold the government accountable.
Department of Justice repeals protections for journalist-source confidentiality
Attorney General Pam Bondi has rescinded her predecessor’s policy restricting federal prosecutors from forcing journalists to reveal sources.
As Freedom of the Press Foundation (FPF) Director of Advocacy Seth Stern said, “Everyone predicted this would happen in a second Trump administration, yet politicians in a position to prevent it prioritized empty rhetoric over putting up a meaningful fight.” Read our full statement.
Using public records to break through the secrecy of the Texas prison system
Our series highlighting local journalists using public records to speak truth to power continues with a profile of Michelle Pitcher, a reporter at the Texas Observer who focuses on criminal justice.
Public records alone can’t tell the story, though — only those living it can. “As journalists, we should be seeking the people who are willing to tell those stories because no one wants to feel like they’re shouting into the abyss. And people are shouting. People do want to talk,” Pitcher said. Read more here.
Rural America needs public media
We partnered with Reporters Without Borders (RSF) and the Committee to Protect Journalists to lead a letter urging congressional leadership to reject the White House’s request to rescind funds appropriated to the Corporation for Public Broadcasting.
The letter explains that “the harm of these cuts will disproportionately befall rural American communities. Less densely populated parts of the country tend to have fewer options for reliable news sources. ... When people lose access to their local media, they’re forced to turn instead to national media, which are less attuned to the needs of their communities.” Read the letter here.
What we’re reading
100 days of attacks on transparency and the press (The Dissenter). FPF’s Seth Stern and Daniel Ellsberg Chair on Government Secrecy Lauren Harper joined The Dissenter’s podcast to talk about the state of press freedom and transparency 100 days into Trump 2.0.
Alarm bells: Trump’s first 100 days ramp up fear for the press, democracy (Committee to Protect Journalists). “I really think we’re just beginning to understand the impact of, for example, removing the AP’s access, and what that will do to local news organizations,” said Kirstin McCudden, Managing Editor of our U.S. Press Freedom Tracker.
Trump’s war on the press: 10 numbers from the US President’s first 100 days (Reporters Without Borders ). RSF lays out 10 key numbers that illustrate the administration’s unconstitutional assaults on press freedom and the right to reliable information.
Trump v. 60 Minutes is a stunning battle for the soul of US media (The Guardian). “In addition to all the principled reasons to not cave to Trump, there’s also the practical one that it doesn’t work,” Stern explained to The Guardian. “He will be right back at your door with his hands out the next day.”
Democrats had a shot at protecting journalists from Trump. They blew it (The Intercept). “Last year, Senate Democrats had a clear opportunity to make basic protections for journalists a matter of binding federal law, rather than mere policy that could be undone with a vendetta-laced memo … then Democratic leaders blew it.”
The legal battle for DOGE transparency (Columbia Journalism Review). “More transparency means less corruption and potential for state capture. It’s an existential issue, and not one that our federal records laws or the people in the bureaucracy are equipped to deal with,” Harper told CJR.
US attorney for DC accuses Wikipedia of ‘propaganda,’ threatens nonprofit status (The Washington Post). Practically everything Ed Martin says is nonsense, but the one thing that’s totally believable is he doesn’t know federal prosecutors don’t investigate nonprofits’ tax compliance.
TODAY: Micky Metts shares stories of her Pirate life
TODAY JOIN fellow Pirate Micky Metts at 6PM @ the Artisan’s Asylum in Allston, to hear her share stories of her life of community activism, and organizing around free software and cooperative development, privacy, and nurturing collective ownership!
Register at hooverai.eventbrite.com/blog/f….
WHO: YOU, MICKY, and THEO
WHEN: Today, Friday, May 2nd @ 6-7:30PM. Doors open at 5:45PM
WHERE: Artisan’s Asylum, 96 Holton St, Boston, MA 02135
Micky Metts will share stories of her life of community activism, and organizing around free software and cooperative development, privacy, and nurturing collective ownership.Theodora Skeadas will interview Micky on her four passions – community building, industry organizing, free software liberation, cooperative development, and how they have permeated her life, from living next to billionaires in affluent Connecticut, marching on DC to protest the Vietnam War with Students for a Democratic Society, playing in a punk rock band in Boston, to more recently, co-founding the Agaric Web Technology Collective and participating in May First Movement, discussing the role of autonomous technology providers.
Join for a Fireside Chat as they discuss a pressing challenge of our time: the interplay between technology and individual freedoms.
They will explore critical questions such as:
- Why should I care about free software?
- Why are there no guarantees of privacy and security?
- What does “freedom” mean in the context of software in our society?
- How is our collective freedom linked to the software we choose?
This conversation will bridge past and present efforts to resist surveillance and centralized power, highlighting actionable steps individuals and communities can take to reclaim agency in an increasingly digitized world.
Don’t miss this powerful discussion on reclaiming privacy and freedom in the age of AI!
COME JOIN!!!!
Transparenzbericht 1. Quartal 2025: Unsere Einnahmen und Ausgaben und die Suche nach Substanz
Why is UNOV important for PPI?
Over almost a decade of UN activities, we have consistently attended events at the UN Headquarters in New York and the office in Geneva. Around 2019 we sent a few delegates to Vienna, but COVID ended most of our activities. This year we are making a new emphasis to network and lobby at UNOV, because a lot of very important global policies that are important to our movement are decided there. The important issues include crime, drugs, trade, outer space, and nukes.
Over this past Easter holiday the chair of PPI, Keith Goldstein, met with the Pirate Party of Austria members, including the PPI main representative at UNOV, Kay Schroeder. They discussed plans this year for PPI activities in Vienna, including goals of establishing a side event, hosting further PPI visits at UNOV, making statements, crowdfunding, and grant writing to establish projects.
PPI has held special consultative status with the UN Economic and Social Council (ECOSOC) since 2017, granting us the right to attend UN events, submit statements, and engage with global policymakers. UNOV representatives have been focused on events, such as those of the UN Office on Drugs and Crime´s 68th Commission on Narcotic Drugs in March 2025. We have also participated for several years now in the Cybercrime panels. Many international actors do not share our belief in a free and open internet. We hope that our presence at these events can at a minimum keep us informed about changes to the interpretation of cybercrimes, or at best to stop regulations that target innocent civilians who are not criminals but treated as such. We have also attempted to inquire about nuclear safety issues, but most of those meetings are not open to NGOs.
We share a few pictures from the most recent trip to UNOV. Please let us know if you are also interested in participating in UNOV activities. We hope to inform you soon about PPI events in the area.
May 2025 Meeting Announcements
Ahoy Pirates,
Our next PPI board meeting will take place on 13.05.2025 at 20:00 UTC / 22:00 CEST.
Prior to that meeting we will hold a SCENE and SCUBA working groups meeting in the same Jitsi room, so 13.05.2025 at 19:00 UTC / 21:00 CEST.
All official PPI proceedings, Board meetings included, are open to the public. Feel free to stop by. We’ll be happy to have you.
Where: jitsi.pirati.cz/PPI-Board
Agenda: etherpad.pp-international.net/…
All of our meetings are posted to our calendar: pp-international.net/calendar/
We look forward to seeing visitors.
Thank you for your support,
The Board of PPI
Why ‘Predictive’ Policing Must be Banned
The UK Government is trying to use algorithms to predict which people are most likely to become killers using sensetive personal data of hundreds of thousands of people. The secretive project, originally called ‘The Homicide Prediction Project’ was discovered by Statewatch. They described how “data from people not convicted of any criminal offence will be used as part of the project, including personal information about self-harm and details relating to domestic abuse.”
It may sound like something from a sci-fi film or dystopian novel, but the “Homicide Prediction Project” is just the tip of the iceberg. Police forces across the UK are increasingly using so-called “predictive policing” technology to try to predict crime. Police claim these tools “help cut crime, allowing officers and resources to be deployed where they are most needed.” In reality, the tech is built on existing, flawed, police data.
As a result, communities who have historically been most targeted by police are more likely to be identified as “at risk” of future criminal behaviour. This leads to more racist policing and more surveillance, particularly for Black and racialised communities, lower income communities and migrant communities. These technologies infringe human rights and are weaponised against the most marginalised in our society. It is time that we ban them for good.
That is why we are calling for a ban on predictive policing technologies, which needs to be added to any future AI Act, or the current Crime and Policing Bill. We are urgently asking MPs to demand this ban from the government, before these racist systems become any further embedded into policing.
The illusion of objectivity
The Government argue that algorithms remove human bias from decision-making. Instead, these tools are only as “objective” as the data they are fed. Historical crime data reflects decades of racist and discriminatory policing practices, for example, targeting poorer neighbourhoods by labelling them “crime-hotspots” and “microbeats” synonymous with drugs and violence and racial profiling by using the language of “gang” and “gang-affiliated” as a dog whistle for young Black men and boys. When algorithms are built on discriminatory data, they don’t neutralise bias, they amplify it.
There are two main types of “predictive policing” systems: those which focus on geographies seeking to “predict” where crimes may take place and those which aim to “predict” an individuals likelihood of committing a future crime.
In 2021, the Home Office funded 20 police forces from across the UK to roll out a geographic “predictive policing” programme called ‘Grip.’ The tech was described as “a place-based policing intervention that focuses police resources and activities on those places where crime is most concentrated.”1
However, research by Amnesty International has highlighted that there has been no conclusive evidence to demonstrate that the programme had any impact on crime. What’s more, there is evidence that the programme reinforced and contributed to racial profiling and racist policing.
Rather than investing in addressing the root causes of crime, such as the rising cost of living and lack of access to mental health services, the Government is wasting time and money on technologies that automate police racism and criminalise entire neighbourhoods.
Lack of transparency and accountability
So-called “predictive policing” systems are not only harmful in that they reinforce racism and discrimination; there is also a lack of transparency and accountability over their use. In practice, this means people often do not know when or how they, or their community have been subject to “predictive policing,” but they can still be impacted in various areas of their life.
This includes being unjustly stop-and-searched, handcuffed and harassed by police. However, because data from these systems is often shared between public services, people can experience harms in multitude areas of their life, including in their dealings with schools and colleges, local authorities and the Department for Work and Pensions. This can affect people’s access to education, benefits, housing and other essential public services.
Even when individuals seek to access information on whether they have been profiled by a tool, they are often met with blanket refusals or contradictory statements. The lack of transparency means people often cannot challenge how or why they were targeted, or all the different places that their data may have been shared.
In an age where “predictive policing” technologies are being presented as a silver bullet to crime, police forces should be legally required to disclose all the “predictive policing” systems that they are using, including what they do, how they are used, what data operationalises them and the decisions they influence.
It should also be legally required that individuals are notified when they have been profiled by “predictive policing” systems, with clearly defined routes to challenge all places that their data is being held. Without full transparency and enforceable accountability mechanisms, these systems risk eroding the very foundations of a democratic society.
The Pre-Crime Surveillance State
The expansion of “predictive policing” into public services represents a dangerous move towards a surveillance state. The scope of “predictive policing” is not only limited to the criminal legal system. The Government is expanding algorithmic, automated and data-based systems into spaces of healthcare, education and welfare as well.
Research conducted by Medact on the Prevent Duty in healthcare evidenced how health workers are required to identify and report those who they believe are “at risk” of being drawn into terrorism. This risks undermining therapeutic relationships, confidentiality and trust in medical practitioners and expands the role of policing and counter-terror into healthcare.
Those targeted by these kinds of systems are not afforded the right to be presumed innocent until proven guilty. Instead, they are profiled, risk-scored and surveilled based on where they live or what flawed data says about them or who they associate with.
This is how a surveillance state embeds itself into the everyday. Without committing a crime, you can be branded a threat; without access to redress, you can be punished; and without transparency, you may never know it happened.
But the rise of pre-crime policing is not inevitable – it is a political choice. That is why we must take a stand and call on the government to ban “predictive policing” systems once and for all.
Beyond ‘predictive’ policing, towards community safety
The failures of “predictive” policing have been well documented – from reinforcing racist policing to undermining human rights. But rejecting these technologies does not mean giving up on public safety. On the contrary, it means shifting resources and attention to solutions that are proven to work, that respect human rights and that are based on trust, not fear. This means investing in secure housing, mental health services, youth centers and community based support services for people experiencing hardship or distress. If safety is the goal – prevention not prediction should be the priority.
Ban Crime predicting police tech
Crime predicting’ AI doesn’t prevent crime – it creates fear and undermines our fundamental right to be presumed innocent.
Sign the petition
Digital Privacy
End Pre-Crime
Support ORG
Become a member
reshared this
Viktoriia Roshchyna: cronaca e analisi politica di una morte annunciata
#PoliticalNotes
ilglobale.it/2025/05/viktoriia…
@politica
Viktoriia Roshchyna: cronaca e analisi politica di una morte annunciata
ilGlobale - Quotidiano di informazione economica, politica e tecnologicailGlobale.it
reshared this
#CyberSecurity
securebulletin.com/dismantling…
Dismantling “764”: inside the takedown of a sophisticated child exploitation network - Secure Bulletin
In a significant development for cybersecurity and child protection efforts, law enforcement agencies have successfully apprehended two key figures allegedly behind "764," a highly organized online child exploitation network.securebulletin.com
reshared this
#CyberSecurity
securebulletin.com/hijacking-t…
Hijacking Trust: how Gmail and Google APIs are being weaponized for stealthy C2 channels - Secure Bulletin
In the ever-evolving landscape of cybersecurity, attackers are increasingly exploiting trusted services to establish covert command-and-control (C2) channels.securebulletin.com
reshared this
In occasione della Festa dei Lavoratori, il sindacato CISAL-SIBC-ACN — primo e maggiormente rappresentativo all’interno dell’Agenzia per la Cybersicurezza Nazionale (ACN) e del CSIRT Italia — ha proclamato lo stato di agitazione sindacale.
La decisione arriva a soli sei mesi dalla precedente mobilitazione e denuncia gravi criticità: opacità nei meccanismi di reclutamento e carriera, ritardi nell’istituzione del fondo pensione e nel welfare aziendale, carichi di lavoro eccessivi per il personale del CSIRT, e un clima descritto come intimidatorio verso chi solleva obiezioni. Il sindacato chiede l’avvio urgente delle procedure di conciliazione.
insicurezzadigitale.com/notizi…
(in)sicurezza digitale
Notizie cybersecurity, malware, ransomware e sicurezza dei datiinSicurezzaDigitale.com
reshared this
Through the Spyglass: May Day and the Hobo
Hobos. Most people hear the word “hobo” and immediately have the same thing come to mind:
- Vagabond
- Tramp
- Scamp
- Bum
- Transient
But, as most things in life, the word “hobo” has been bastardized and become a shorthand for an undesirable characteristic and way of life. No one thinks of “hobo” and immediately conjures up the image of a migrant worker traveling and willing to work. No one thinks of a member of a subculture, one that had it’s own colleges, mutual aid society, annual conventions and even “hobo code”.
Today, this International Worker’s Day, we look back at the history of a working subculture that shaped the culture of the United States in more ways than one.
This May Day, let’s honor the hobos.
This is not an article that has been written lightly. It might come across as strange to the uninitiated to see the US Pirate Party spending International Worker’s Day talking about hobos. I mean, what on Earth could pirates and hobos have in common?
Surely, on the surface, it looks odd. But when you look at the values that define both hobos and pirates (not the caricatures; the REAL movements), you’ll see something familiar: resistance to unjust systems, decentralized community and subculture, solidarity among the marginalized and a commitment to mutual aid over top-down control.
Hobos were not freeloaders, riding the rails without an end goal or destination. Hobos were workers without a boss, tradesmen without tenure, citizens without a fixed home. They travelled the rails not for leisure, but out of necessity, building the US up behind the scenes and without the fanfare.
Hobos found dignity in mobility, not in exploitation. Like the true nature of pirates, hobos created a “Hobo Code of Conduct”, developed informal communication network and created a decentralized, self-governing community long before there was a US Pirate Party.
In a way, you could view hobos and pirates as being cut from the same cloth.
Also like the US Pirate Party, hobos (still, to this day) host annual conferences. Since 1900, the National Hobo Convention in Britt, Iowa has been held yearly to honor the culture and impact on US society of the hobo, even electing a National Hobo King and Queen. The Pirate Party could only be so lucky to have our 125th Pirate National Conference in 2131, but that is a long way from today. Until then, we tip our pirate hats for that kind of longevity.
The United States Pirate Party believes that labor isn’t just something tied to a W2; it’s a deeply human act. Labor is building, creating, growing and surviving.
So this May Day, we don’t simply remember the striking factory workers, the unions and the bloodshed to get labor rights in this country.
Although yes, we DO this remember all of that today, including the Haymarket Affair of May 4th, 1886 that kicked this holiday off.
This May Day, we remember the people who labored outside of the system, because the system gave them no place. Hobos, the forget workers in our country’s history. They legacy should not be seen as a relic, but as pioneers, a warning and a blueprint.
This May Day, we honor the hobos.
Editor’s note
Below is the Hobo Code of Conduct, as adopted by the 1889 National Hobo Convention:
- Decide your own life; don’t let another person run or rule you.
- When in town, always respect the local law and officials, and try to be a gentleman at all times.
- Don’t take advantage of someone who is in a vulnerable situation, locals or other hoboes.
- Always try to find work, even if temporary, and always seek out jobs nobody wants. By doing so you not only help a business along, but ensure employment should you return to that town again.
- When no employment is available, make your own work by using your added talents at crafts.
- Do not allow yourself to become a stupid drunk and set a bad example for locals’ treatment of other hoboes.
- When jungling in town, respect handouts and do not wear them out; another hobo will be coming along who will need them as badly, if not worse than you.
- Always respect nature; do not leave garbage where you are jungling.
- If in a community jungle, always pitch in and help.
- Try to stay clean, and boil up wherever possible.
- When traveling, ride your train respectfully. Take no personal chances. Cause no problems with operating crew or host railroad. Act like an extra crew member.
- Do not cause problems in a train yard; another hobo will be coming along who will need passage through that yard.
- Do not allow other hoboes to molest children; expose all molesters to authorities – they are the worst garbage to infest any society.
- Help all runaway children, and try to induce them to return home.
- Help your fellow hoboes whenever and wherever needed; you may need their help someday.
- If present at a hobo court and you have testimony, give it. Whether for or against the accused, your voice counts!
In solidarity, below this is the “Pirate Codex” adopted by Pirates Without Borders on February 26, 2011:
- Pirates are free – Pirates are freedom-loving, independent, autonomous, and disapprove of blind obedience. They stand for informational self-determination and freedom of opinion. Pirates bear the responsibility entailed by freedom.
- Pirates respect privacy – Pirates protect privacy. They fight against the increasing surveillance mania of state and economy because it prohibits the free development of the individual. A free and democratic society is impossible without private and unobserved free space.
- Pirates are critical– Pirates are creative, curious, and do not acquiesce in the status quo. They challenge systems, search for weak spots and find ways to correct them. Pirates learn from their mistakes.
- Pirates are fair-minded – They keep their word. Solidarity is important when it comes to collective aims. Pirates counteract the blind-eye-mentality of society and take action when moral courage is necessary.
- Pirates respect life – Pirates are peaceful. Therefore they reject the death penalty and the destruction of our environment. Pirates stand for the sustainability of nature and its resources. We do not accept patents on life.
- Pirates are eager for knowledge – The access to information, education, knowledge and scientific findings has to be unlimited. Pirates support free culture and free software.
- Pirates are social – Pirates respect human dignity. They commit themselves to a society united in solidarity where the strong defend the weak. Pirates stand for a political culture of objectivity and fairness.
- Pirates are international -Pirates are part of a global movement. They take advantage of the opportunities offered by the internet and are therefore enabled to think and act without borders.
reshared this
Account gesperrt: Sie haben Pornos rezensiert, dann warf Instagram sie raus
reshared this
Solo dal 2023 l'AI è diventata parte del discorso di tutti: il suo utilizzo, l'addestramento con nostri dati, le opposizioni ecc.
Ma ogni tanto mi piace condividere ciò che succedeva già 17 anni fa, che ha posto le basi per tutto ciò, ma che in pochi tenevano in considerazione
reshared this
#CyberSecurity
securebulletin.com/kintetsu-wo…
Kintetsu World Express ransomware attack: technical overview and response - Secure Bulletin
Kintetsu World Express (KWE), a major Japanese global logistics provider, has confirmed a significant ransomware attack that began impacting its operations in late April 2025.securebulletin.com
reshared this
Gerichtshof für Menschenrechte: Serbien soll Schallwaffe stecken lassen
‘ProtectEU’ security strategy: a step further towards a digital dystopian future
The European Commission presented an internal security strategy that would undermine digital rights and even increase security threats. We unpack what ‘ProtectEU’ means for the EU’s future digital policy, including on encryption, data retention, and border surveillance.
The post ‘ProtectEU’ security strategy: a step further towards a digital dystopian future appeared first on European Digital Rights (EDRi).
What Do Political Parties Really Know About You?
This Thursday (1 May 2025), voters will go to the polls in 1,641 council seats across 24 local authorities. You may have spoken to a canvasser, filled out a political survey, or received campaign leaflets — but have you ever stopped to wonder how political parties know where to find you, how likely you are to vote, or even what you care about?
How Political Parties use your data
Behind the scenes, political parties are using sophisticated data systems to profile, segment, and target voters — and many people have little to no idea this is happening.
Five years ago, Open Rights Group published a report called What Do They Know? revealing how political parties were building detailed databases of voter information. In the run-up to last year’s General Election, we revisited this issue — and what we found was even more troubling.
We invited supporters to submit subject access requests (SARs) to political parties, allowing individuals to see what data parties held on them. We have complied a CSV full of some of the data fields we learned about.
This time, we also provided new tools to help people opt out of automated profiling and algorithmic decision-making. In parallel, we carried out a technical audit of canvassing apps used by major parties and published the results in our report, Moral Hazard: Voter Data Privacy and Politics in Election Canvassing Apps.
Here are four lessons we’ve learned.
ONE
Credit agency Experian is embedded in Labour’s voter targeting infrastructure
We uncovered an uncomfortably close relationship between the Labour Party and Experian, a credit referencing agency best known for scoring people’s creditworthiness.
Experian plays a role in hosting or developing key parts of Labour’s canvassing database. Labour’s privacy policy admits that the party collects “demographic data about you from our commercial supplier (Experian),” but provides little detail about the nature of this data or how it’s used.
Subject access requests suggest that Experian’s Mosaic data is used to algorithmically score voters — including, worryingly, assigning a score for a person’s likelihood of being at home during the day.
Credit reference agencies like Experian have extraordinary powers to harvest personal data. Their involvement in electoral profiling raises serious questions about data separation and accountability.
We believe the Information Commissioner’s Office (ICO) should investigate how data flows between Experian and political parties, and whether such relationships breach the principles of data protection law.
TWO
Political parties are still failing to respect people’s data rights
No political party performed well in handling data access or opt-out requests.
- The Conservatives, though relatively quick to respond, treated requests to opt out of profiling as if they were simply requests to stop receiving marketing emails.
- We had reports from members that the Liberal Democrats claimed they were too busy during the election to respond to some SARs.
- Labour introduced bureaucratic hurdles, questioning the validity of requests submitted through third-party tools — ironically, despite most email addresses also being third-party services.
- Reform UK failed to respond at all, prompting the Good Law Project to take legal action against them.
This isn’t about pointing fingers at one party over another — it’s a systemic failure across the political spectrum. Established parties like Labour and the Conservatives are just as culpable as newer entrants like Reform UK or the Workers Party of Britain. The underlying problem is that compliance isn’t prioritised in political campaigning — funding and staffing go to ads and outreach, not rights and transparency.
Most parties offer some ability to opt out of direct marketing, but none are prepared to honour opt-outs from automated profiling. That’s concerning, because some voters may want to hear from candidates — but not be profiled or scored based on commercially available data.
If political parties want to earn the trust of privacy-conscious voters, they need to take these rights seriously.
THREE
Profiling by race has declined — but class-based targeting remains widespread
When we first looked at voter profiling in the late 2010s, it wasn’t unusual to find parties making assumptions about race, religion, and ethnicity. The Liberal Democrats analysed surnames to predict ethnic origin. Labour used Experian’s “Mosaic Origins” data field. The Conservatives had a “Mysticism” field to guess someone’s religion.
Our most recent SAR data shows fewer signs of this kind of profiling — a welcome shift. But class-based targeting remains widespread. However the Conservatives were still using a ‘mother tongue’ field which could be used as a proxy for race and cultural profiling.
Voters are still being profiled based on wealth and income indicators, often sourced from third-party commercial datasets. Parties routinely use marked registers — which show who has voted in past elections — to estimate a person’s likelihood to vote.
Together, these tools can lead to a troubling outcome: if parties believe certain people are unlikely to vote, they’re less likely to contact them. And those people, in turn, become even more disengaged.
It creates a vicious cycle of disenfranchisement — especially for those from lower-income or precarious backgrounds.
The use of credit data (again, often via Experian) can exacerbate these issues, as debt history and postcode data are used to profile voting behaviour.
Politicians should remember: ignoring voters who don’t vote might backfire — especially when a new party comes along with a message that resonates with those left out.
FOUR
Canvassing apps: security flaws and lack of transparency
Our Moral Hazard report revealed major privacy and security concerns in the canvassing apps used by political parties:
- Labour’s web-based Reach, Doorstep and Contact Creator apps were found to be integrated with infrastructure owned by Experian. It’s unclear how data was shared and processed between the two entities.
- Static Application Security Testing analysis of the Liberal Democrats’ MiniVan App found it was deployed on infrastructure with a history of known vulnerabilities.
- The Conservatives’ Share2Win app raised privacy concerns including potential location tracking.
- All parties appear to be reliant on international commercial entities to run key parts of their digital campaigning infrastructure.
The lack of transparency over these tools — and how data is being stored, shared, or secured — raises serious questions about voter privacy and legality. We believe the ICO must investigate these tools as part of a broader inquiry into the data ecosystems underpinning modern campaigning.
Time for Political Data Reform
Our investigations show that voter data rights are still not being respected — by any political party.
Political parties collect vast amounts of personal data to drive increasingly precise and opaque targeting. But the systems they use are poorly regulated, frequently intrusive, and not subject to meaningful oversight.
If democracy is to be fair, voters must have the right to understand, challenge, and opt out of how they’re being profiled. We need:
- Stronger enforcement by the ICO.
- Greater transparency from political parties.
- Tools and rights that put power back in the hands of voters.
- Funding for parties to get compliance issues right.
As voters head the polls in local elections, we urge parties to clean up their data practices — and we urge voters to ask: What do they know about me? And what are they doing with it?
ACCESS WHAT INFORMATION POLITICAL PARTIES HAVE ABOUT YOU
Use our tool to find out what data political parties hold about you
Take action
Voter Data Privacy and Politics in Election Canvassing Apps
Read ORG’s report into canvassing apps used by UK Political Parties
Find out more
Data and Democracy
Data and Democracy
Support ORG
Become a member
EU-Regeln für KI-Modelle: Wenn meine KI keinen Atomkrieg startet, darf sie dann rassistisch sein?
Zerschlagung von Big Tech: Warum es für Alphabet, Meta & Co. eng werden könnte
Netzneutralität: Beschwerde gegen Telekom wegen absichtlicher Netzbremse
Pirate News: Facebook whistleblower testifies
Joe and James discuss testimony by whistleblower Sarah Wynn-Williams before the Senate Judiciary Committee. She was formerly Facebook/Meta’s global public policy director.
youtube.com/embed/4jtmNP3uZCQ?…
Sign up to our newsletter to get notified of new events or volunteer. Join us on:
Some links we mentioned:
- Ex-Facebook employee to tell Congress the company undermined U.S. national security;
- C-SPAN: Meta Whistleblower Testifies on Facebook Practices;
- FULL HEARING: Facebook Whistleblower Testifies Before Senate Judiciary Committee.
Image Credit: C-SPAN
Member Meeting Moved to May 4th
Our next member meeting is Sunday, May 4th. We start at 8pm and will end once our agenda is complete or 9pm, whichever comes sooner.
To participate:
- go to communitybridge.com/bbb-room/m…;
- enter your name;
- enter the access code listed on the page;
- click the Join button.
Summaries of the meetings and agendas are at our wiki. You can view the 2025, 2024, 2023 and 2022 meeting recordings.
Spoiler: it’s bad news on #encryption, #DataRetention, #Europol & more.
Read it here: edri.org/our-work/protecteu-se…
‘ProtectEU’ security strategy - European Digital Rights (EDRi)
The European Commission presented an internal security strategy that would undermine digital rights and even increase security threats.European Digital Rights (EDRi)
reshared this
oh, you mean the #BackdoorPlan that the EU comission calls ProtectEU and wants others to call it as well?
One of the great wins for privacy advocates is the fact that everybody have heard about #ChatControl and nearly nobody knows the name that the EU commission wants us to use. Let's call it #BackdoorPlan and before it sticks one can write #BackdoorPlan (a.k.a ä. protectEU)
reshared this
#CyberSecurity
securebulletin.com/jfl-hospita…
JFL Hospital targeted in ransomware attack amid wave of cyber incidents in US Virgin Islands - Secure Bulletin
Governor Juan F. Luis Hospital & Medical Center (JFL) in the US Virgin Islands has become the latest government entity to suffer a cybersecurity breach, confirming a ransomware attack that compromised its computer networks on Sunday.securebulletin.com
reshared this
plan-A
in reply to N_{Dario Fadda} • • •its fed job