(Crosspost) Summary:

Meduza Stealer is a malware that targets Windows users and organizations. It is specifically designed to steal data from browsers, including login credentials, browsing history, and cookies. It can also steal data from password managers, 2FA apps, cryptocurrency wallets, and gaming extensions The malware is distributed through a variety of channels, including cybercrime forums and Telegram channels. It is difficult to detect because it does not use obfuscation techniques. Once it is installed, the malware will connect to a remote server and upload the stolen data. The malware is specifically designed to target Windows users, but it could be adapted to target other platforms in the future. The malware is not currently very widespread, but it has the potential to become more widespread in the future. The malware is still under development, so it is possible that it will be updated with new features or capabilities. Defensive measures suggested:

Regularly install updates for your operating system, browsers, and installed applications to patch vulnerabilities that malware can exploit. Be cautious when downloading files or opening email attachments, especially from unknown sources. Scan files using security software before opening them. Employ strong and unique passwords for all your accounts, including browsers, email, and cryptocurrency wallets. Consider using a password manager to securely store and manage your passwords. Enable 2FA wherever possible to add an extra layer of security to your accounts. This helps protect against unauthorized access, even if passwords are compromised. Only install browser extensions from trusted sources. Regularly review and remove unnecessary or suspicious extensions to minimize the risk of malware interference. Keep a close eye on your financial accounts, including cryptocurrency wallets, and regularly review transaction history for any suspicious activities. Report any unauthorized transactions or security breaches immediately. There are no details about what kind of information it can steal from the Password manager extensions.

Finally #Pfsense CE 2.7 was released today! And just in time to ruin...err I mean, enjoy the weekend upgrading it. 🤣 🤣

https://www.netgate.com/blog/pfsense-2.7.0-and-23.05

#selfhosting #firewall

I just switched to a different instance that is more focused on my interests (Cyber-sec and IT).

The process of creating a new account was as easy as before, but there is not really a migration path like in Mastodon, so I ended up editing my Bio to link the new profile, and adding Old at the end of my Display name. I then had to manually suscribe to all of the communities I was following before by searching for them by !communityname@instance, that part was too manual, too slow and definitely needs streamlining.

Some of the communities I followed before had never been accessed from my new instance, so I'll have to wait a bit to start seeing posts and comments, but that was expected as I am beginning to understand how federation works.

My old comments and posts will not be migrated (there's currently no way to migrate them), but that's ok, I plan on leaving the old account up for about a month.

All in all, not a terrible process, but exporting/importing followed communities/followers/followed users would be a very welcome addition for users looking to migrate to a different instance.