Since 2020, we’ve conducted a lot of research to develop and present the Hive Systems Password Table. But for those of you that want to know about the “how” then you’ve come to the right place because we’re going to walk you through our methodology. While the data fits nicely into the table above, things aren’t as as simple as they look. So we’ll talk through the data, our assumptions, and oh, you’re going to see a LOT of variations of the password table.

https://www.hivesystems.io/blog/are-your-passwords-in-the-green

Are Your Passwords in the Green?

We’ve updated our viral Hive Systems Password Table for 2023 and the industry-standard requirements are no longer secure! See why our Password Table has been shared by the news, universities, and companies across the globe - download your copy now!

^{Corey Neskey (Hive Systems)}

The Mullvad Browser is a privacy-focused web browser developed in a collaboration between Mullvad VPN and the Tor Project. It’s designed to minimize tracking and fingerprinting. You could say it’s a Tor Browser to use without the Tor Network. Instead, you can use it with a trustworthy VPN. The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.

https://mullvad.net/de/browser

Free the internet from mass surveillance. With the Mullvad Browser.

The Mullvad Browser is a privacy-focused web browser developed in collaboration between Mullvad VPN and the Tor Project. It’s produced to minimize tracking and fingerprinting. You could say it’s a Tor Browser to use without the Tor Network.

^{Mullvad VPN}

Die populäre vm2-Sandbox hat eine kritische Sicherheitslücke und Exploid-Code ist bereits im Umlauf.

Angreifer könnten zeitnah Systeme mit der JavaScript-Sandbox vm2 attackieren und mit Schadcode aus der Sandbox ausbrechen. Als Basis dafür könnte jüngst veröffentlichter Exploit-Code dienen.

Mit der vm2-Bibliothek führen Entwickler nicht vertrauenswürdigen Code abgeschottet auf einem Node.js-Server aus. Die vm2-Sandbox ist weit verbreitet und wird monatlich millionenfach aus dem NPM-Repository heruntergeladen.

https://www.heise.de/news/Exploit-Code-Schadcode-koennte-aus-JavaScript-Sandbox-vm2-ausbrechen-8875269.html

Exploit-Code: Schadcode könnte aus JavaScript-Sandbox vm2 ausbrechen

^{Dennis Schirrmacher (heise online)}

Don’t let the name “Pretty Good Privacy” mislead you. PGP encryption is the gold standard for encrypted communication and has been used by everyone from nuclear activists to criminals since its invention in 1991. While the execution is complex, the concept is simple: you can encrypt text, making it unreadable to anyone who doesn’t have the key to decode it.

https://www.maketecheasier.com/pgp-encryption-how-it-works/

PGP Encryption: How It Works and How You Can Get Started - Make Tech Easier

Heard of PGP encryption, but have no idea what it means? Find out how it works and how you can encrypt files using PGP.

^{Crystal Crowder (Make Tech Easier)}

We have seen how to fully erase the contents of your hard disk, but what happens if all you want is to permanently delete one, two or a dozen files? This guide shows you some of the most popular solutions for complete file deletion in Linux.

https://www.maketecheasier.com/completely-delete-file-in-linux/

8 Simple Ways to Securely Delete Files in Linux - Make Tech Easier

Secure deletion does not always mean wiping an entire hard disk. Learn how you can securely delete your individual files in Linux.

^{Ramces Red (Make Tech Easier)}

Mobile Network Privacy: Mobile Pro and Mobile Core

Pretty Good Phone Privacy (PGPP) is a fundamentally new type of service that gives you private mobile connectivity. In traditional mobile networks, you are identifiable by your IMSI, a permanent, globally unique identifier that is stored in your SIM card and sent to mobile towers when your phone is on. Because your IMSI never changes, and your phone connects to towers based on location and signal strength, mobile networks can track who you are and where you are located at all times. Because of this, the IMSI leaves an indelible location history, which has been used by mobile providers and numerous others, for virtually every person on the planet. IMSIs are also targeted and captured by third-party attackers using devices known as IMSI catchers, also known as Stingrays, to track a user’s presence and activity in a given location.

https://invisv.com/pgpp/

PGPP

About PGPP

^invisv.com

Nach den Entwicklern ist Firejail ist eine SUID-Sicherheitssandbox, die auf Linux-Namespaces und seccomp-bpf basiert Es ist nichts einzigartiges an Firejail, da es im Wesentlichen einige Kernel-Sicherheitstechnologien verwendet, die übereinander geschachtelt sind. Der Vorteil ist damit, dass Komplexität für den Benutzer reduziert wird. Ausserdem bieten sie vorkonfigurierte Sicherheitsprofile für viele Programme an.

https://elsensohn.ch/docs/informationsecurity/firejail/

What is the most vulnerable application on your desktop? For most users, it is the web browser, since — in the picturesque phrase of Nick Congleton — it is "a large and complex piece of software with the ability to execute code, and it accesses the open Internet and executes just about everything that it comes into contact with".[1] Whilst selective-execution plug-ins such as NoScript can (and should[2][3][4]) be used to mitigate this risk, they cannot entirely remove it.

https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail

The number of compromised records year-over-year has grown, on average, an astounding 224 percent since 2017. As part of Imperva Research Labs’ ongoing efforts to monitor and report on the current Database Threat Landscape, we studied and analyzed more than 100 of the biggest and most well-known data breaches of the last decade to help you:

Protect Personal Data from insider and outsider threats
Gain insights about the most common root causes of data breaches
Learn how to stay on top of your organization’s security posture and eliminate bad practices inside the database environment

The security of an organization is only as strong as the weakest link. Download this whitepaper for key data and flow diagrams to help you better understand how to protect your organization from the complicated ecosystem of data breaches.

https://www.imperva.com/resources/resource-library/white-papers/more-lessons-learned-from-analyzing-100-data-breaches/

More Lessons Learned from Analyzing 100 Data Breaches | Resource Library

The number of compromised records year-over-year has grown, on average, an astounding 224 percent since 2017. As part of Imperva’s Security Labs’ ongoing ef

^{Resource Library}

SCP stands for secure copy and is used to securely copy files or directories from one Linux environment to another.

Using the SCP command you can copy files or directories from a remote environment to a local environment, from a local environment to a remote environment, or between two remote environments in your local environment.

There are a number of benefits to using the SCP command to copy files i.e. you can limit the bandwidth which the channel can occupy using the -l tag.

SCP command supports password encryption to protect the data from leaking or files being snooped during transfer. Password encryption is what makes SCP secure.

https://bytexd.com/how-to-pass-password-to-scp-command-in-linux-using-sshpass/

How to Pass Password to SCP Command in Linux using SSHPass - ByteXD

^{EdXD (ByteXD)}

I've been using LUKS for full disk encryption on all my computers for many years. The main benefit is that if someone steals my computer, they don't get access to any of my personal data (unless they are very smart or have a $5 wrench). The main downside is that every time I reboot my computer, I have to type in the disk encryption password so it can actually boot.

https://tavianator.com/2022/remote_reboots.html#remote-reboots-with-encrypted-disks

CrowdSec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative).

To achieve this, CrowdSec reads logs from different sources (files, streams ...) to parse, normalize and enrich them before matching them to threats patterns called scenarios.

CrowdSec is a modular and plug-able framework, it ships a large variety of well known popular scenarios; users can choose what scenarios they want to be protected from as well as easily adding new custom ones to better fit their environment.

Detected malevolent peers can then be prevented from accessing your resources by deploying bouncers at various levels (applicative, system, infrastructural) of your stack.

One of the advantages of Crowdsec when compared to other solutions is its crowd-sourced aspect : Meta information about detected attacks (source IP, time and triggered scenario) are sent to a central API and then shared amongst all users.

Thanks to this, besides detecting and stopping attacks in real time based on your logs, it allows you to preemptively block known bad actors from accessing your information system.

https://doc.crowdsec.net/docs/intro/

LibreAV is an attempt to detect malware in Android devices by utilising machine learning approach.

Features:

* Real time scan - Automatically scan new app installations
* On device inference - Zero network traffic
* Open-source - The source code is distributed under GNU GPLv3
* Lightweight antivirus - Do not consume too much resources
* 100% free and No ads - We do not charge any fee or sell ads

https://f-droid.org/de/packages/tech.projectmatris.antimalwareapp/

LibreAV | F-Droid - Free and Open Source Android App Repository

A free and open-source anti-malware using machine learning

^f-droid.org

Silence ist eine SMS/MMS-Anwendung zum Schutz deiner Privatspäre bei der Kommunikation mit Freunden.
Mit Silence kannst du SMS-Nachrichten senden sowie Medien oder Anhänge teilen unter vollständiger Einhaltung deiner Privatsphäre.

Funktionen:
* Einfach. Silence funktioniert wie jede andere SMS-Anwendung. Weder musst du dich irgendwo anmelden, noch müssen deine Freunde einem neuen Dienst beitreten.
* Zuverlässig. Silence kommuniziert durch Verwendung verschlüsselter SMS-Nachrichten. Dadurch benötigt es weder Server noch eine Internetverbindung.
* Vertraulich. Silence bietet Ende-zu-Ende-Verschlüsselung für deine Nachrichten und verwendet hierfür das mit großer Sorgfalt entwickelte Signal-Verschlüsselungsprotokoll.
* Sicher. Alle Nachrichten sind lokal verschlüsselt. Sollte dein Telefon einmal verloren gehen oder gestohlen werden, sind deine Nachrichten geschützt.
* Open Source. Silence ist kostenlos und Open Source, sodass jeder den Quellcode einsehen und dessen Sicherheit überprüfen kann.

https://f-droid.org/de/packages/org.smssecure.smssecure/

Silence | F-Droid - Free and Open Source Android App Repository

SMS/MMS-Verschlüsselung leicht gemacht!

^f-droid.org

I am writing this blog post, because I quite often hear from friends and colleagues two things:
- I’ve disabled SELinux
- I don’t know what I need SELinux on my desktop for

And since usually my follow-up questions end in lengthy and probably annoying for my friends discussions, I decided to write this small blog post to show a real-life scenario, where SELinux could help, and to also demonstrate how (almost) easy it is to configure SELinux.

https://mihail-milev.medium.com/mitigating-malware-risks-with-selinux-e37cf1db7c56

Mitigating malware risks with SELinux by M.Milev | Medium

Simple real-life scenario how SELinux could help mitigate the risk of malware or ransomware on a Linux machine

^{Mihail Milev (Medium)}

Security is paramount. Security involves defence in depth. Approaching security one step at a time, with consistency and rigour, you can mitigate threats, and keep intruders at bay.

Intruders use a variety of different techniques in an attempt to compromise a system. For example, systems can be attacked by denial of service, cracking, intrusion, snooping (intercepting the data of another user), or viruses/worms/Trojan horses. To have a secure box, a system therefore needs a variety of defences.

https://www.linuxlinks.com/best-free-open-source-vulnerability-detection-tools/

4 Best Free and Open Source Vulnerability Detection Tools - LinuxLinks

Vulnerability scanning is an essential activity for enterprise security. We recommend the best open source vulnerability detection tools.

^{Steve Emms (LinuxLinks)}

A jump host (also known as a jump server) is an intermediary host or an SSH gateway to a remote network, through which a connection can be made to another host in a dissimilar security zone, for example a demilitarized zone (DMZ). It bridges two dissimilar security zones and offers controlled access between them.

https://www.tecmint.com/access-linux-server-using-a-jump-host/

How to Access a Remote Server Using a Jump Host

A jump host is an intermediary host or an SSH gateway to a remote network, through which a connection can be made to another host in a dissimilar security zone.

^{www.tecmint.com}

This tutorial is going to show you how to install and use ModSecurity with Apache on Debian/Ubuntu servers. ModSecurity is the most well-known open-source web application firewall (WAF), providing comprehensive protection for your web applications (like WordPress, Nextcloud, Ghost etc) against a wide range of Layer 7 (HTTP) attacks, such as SQL injection, cross-site scripting, and local file inclusion.

https://www.linuxbabe.com/security/modsecurity-apache-debian-ubuntu