Donate to fight surveillance and censorship


Tails is their strongest protection

At Tails, we build a liberating operating system that puts people in control of their digital lives:

  • Journalists and whistleblowers use Tails to denounce the wrongdoings of governments and corporations.
  • Activists use Tails to avoid surveillance and organize their struggles for liberatory social change.
  • Domestic violence survivors use Tails to escape surveillance at home.
  • Privacy-concerned citizens use Tails to avoid online tracking and censorship.

Tails is and will remain Free Software because the most vulnerable and oppressed people are the most in need of privacy and security.

Donations from passionate people like you are our most valuable source of funding because they guarantee our independence. We are a very small non-profit and our yearly budget is ridiculously small compared to the value of Tails.

Full article

Document-signing service Docsketch discloses security breach


Image: Docsketch website

Electronic document-signing service Docsketch is notifying customers about a security breach that took place over the past summer.

In an email sent to customers and seen by ZDNet, the company said that an unauthorized third-party gained access to a copy of its database in early August this year.

The database file contained a snapshot of the Docsketch service dated July 9, 2020, the company said.

Full article

Join the Tor Localization Hackathon November 6 – 9

Tor Project

Between November 6 and 9, the Tor Project and Localization Lab will host the first edition of Tor Project’s localization hackathon, the Tor L10n Hackaton. A hackathon is an event where a community hangs out and works together to update, fix, and collaborate on a project. The L10n Hackathon is a totally remote and online event.

In this localization hackathon we’re going to work exclusively on the localization of our latest resource, the Tor Community portal. The Community portal is organized into sections: Training, Outreach, Onion Services, Localization, User Research, and Relay Operations. Each section helps users understand how they can get involved in each of these activities to build and strengthen the community supporting the Tor Project.

Localization of Tor Browser and the Community portal are important. Only a minority of internet users are native or second-language speakers of English, however censorship and surveillance are global challenges that affect us all on a daily basis. Ensuring Tor Browser and Tor resources are available in as many languages as possible removes a large barrier to access for those in need of a more secure, anonymous online presence and those who would like to contribute to Tor Project. Tor Browser is currently available to download in 28 languages, and our main website can be read in 11 languages. To support users and build community in all of these languages, it’s important to also have the Tor website, Support portal and Community portal localized.

Full article

Software AG hit with ransomware: Crooks leak staffers’ passports, want millions for stolen files

The Register

Software AG has seemingly been hit by ransomware, with the German IT giant itself telling the Euro nation’s stock market it had been “affected by a malware attack.”

In a notification to the German stock market published earlier this week, Software AG said: “The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020.”

News of the “malware attack” has been slow to filter into the Anglosphere, though the German Press Agency newswire published a brief note that was syndicated on obscure investment websites yesterday evening. That report states “data from Software AG servers and employees’ notebooks were downloaded.”

Full article

55 New Security Flaws Reported in Apple Software and Services

The Hacker News

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to “fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September.

Full article

We Fight For the Users

Electronic Frontier Foundation

Here at the Electronic Frontier Foundation, we have a guiding motto: “I Fight For the Users.” (We even put it on t-shirts from time to time!) We didn’t pick that one by accident (nor merely because we dig the 1982 classic film “Tron”), but because it provides such a clear moral compass when we sit down to work every day.

Full article

DHS: Unknown hackers targeted the US Census Bureau network

Bleeping Computer

The US Department of Homeland Security said that unknown threat actors have targeted the US Census network during the last year in its first-ever Homeland Threat Assessment (HTA) report released earlier this week.

The US Census Bureau is the largest US federal government statistical agency responsible for collecting statistical data about the US economy and population.

This data is then used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year.

Full article

Largest cruise line operator Carnival confirms ransomware data theft

Bleeping Computer

Carnival Corporation, the world’s largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack.

Carnival is included in both the S&P 500 and the FTSE 100 indices and it has more than 150,000 employees from roughly 150 countries and over 13 million guests each year.

The company operates nine cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, Seabourn) and a travel tour company (Holland America Princess Alaska Tours).

The ransomware attack Carnival refers to took place on August 15, 2020, and it was disclosed via an 8-K form filed with the Securities and Exchange Commission (SEC) two days later, on August 17.

Full article