Infosec Press


Read the latest posts from Infosec Press.

from Bruno Miguel

I have fibromyalgia, a hell that began almost four years ago. During the first two years, more or less, I read a lot of studies. Still, none got me genuinely excited. That is until a team in Sweden decided to see if the syndrome has an autoimmune origin. The first part of their investigation points to that, and there was subsequent Research from another team that also showed solid evidence of this hypothesis being correct. The second part of the Swede's is still pending.

As far as I know, that's it for Research. A team or even two might be doing work around fibromyalgia, but publishing it will probably take a while. Even after that, assuming the identification of the syndrome's origin and the development of an effective treatment, it will take even more time to adjust the current shitty therapies available that fail miserably at keeping the pain at bay or at least at non-hellish levels.

Every day, the hope of getting access to an effective treatment for fibromyalgia during my lifetime fades away, little by little.

#Health #Fibromyalgia #ChronicPain #Research


from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


🚫 Help us to take down the parasite website security news – Malicious site impersonates Notepad++ for profit, containing deceptive ads.

⚠️ Vorsicht vor kostenlosen Diensten zur Anpassung und Veränderung von Dateien warning – Vorsicht vor kostenlosen Dateikonvertierungsdiensten, die in Abofallen locken.

📑 Messenger-Matrix: Großes Update, zwei neue Messenger (Line, Viber) und neue Kategorien privacy

News For All

🦇 BatBadBut flaw allowed an attacker to perform command injection on Windows vulnerability – RyotaK discovered the 'BatBadBut' vulnerability affecting multiple programming languages, permitting command injection in Windows.

🤖 Chinese hackers are using AI to inflame social tensions in US, Microsoft says cybercrime – China uses AI to spread disinformation, specifically targeting elections.

📞 How to Protect Yourself (and Your Loved Ones) From AI Scam Calls security news – avoid falling for AI scam calls impersonating loved ones.

❤️‍🩹 U.S. Department of Health warns of attacks against IT help desks security news – Sophisticated attacks target healthcare IT help desks using social engineering.

💰 Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits security news

🔍 It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise security research – Increasing trends in malware-initiated scanning attacks against networks.

🏥 Hospital websites share visitors' data with Google, Meta privacy – Research reveals that 96% of non-federal acute care hospitals' websites transmit user data to third parties without privacy policies, posing risks to visitors and hospitals. Tracking technologies expose data to tech giants like Google, Meta, Adobe, and data brokers.

🍏 Apple swaps 'state-sponsored' lingo for 'mercenary spyware' security news – Apple shifts attributing attacks to broadly categorizing them, highlighting the difficulty in identifying perpetrators of sophisticated digital threats.

💸 Change Healthcare faces another ransomware threat—and it looks credible cybercrime – Change Healthcare faces a complex ransomware situation, with ransomware groups AlphV and RansomHub involved.

⚠️ Crooks manipulate GitHub's search results to distribute malware malware – techniques like automatic updates and fake stars to boost visibility.

Some More, For the Curious

🦫 Why CISA is Warning CISOs About a Breach at Sisense security news

🫦 Vulnerabilities Identified in LG WebOS vulnerability – Bitdefender discovers vulnerabilities in LG WebOS exposing devices to remote attacks.

⚔️ Confidential VMs Hacked via New Ahoi Attacks security research – New Ahoi attacks target confidential VMs using malicious interrupts.

🛡️ Microsoft fixes two Windows zero-days exploited in malware attacks vulnerability – Microsoft patches actively exploited zero-days in April 2024 Patch Tuesday.

🔍 Zero Day Initiative — The April 2024 Security Updates Review security news – Zero Day Initiative review of April 2024 security updates by Adobe and Microsoft.

💳 VISA PUBLIC Biannual Threats Report – A Payment Ecosystem Report by Visa Payment Fraud Disruption security news – Visa report highlights evolving, advanced fraud tactics and ransomware threats.

🔑 Microsoft left internal passwords exposed in latest security blunder security news – Microsoft exposed internal passwords on open server to the internet.

🛡️ Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker security research – Attackers embed credit card skimmer in fake Facebook Pixel script to steal sensitive information from checkout pages.

🛡️ CISA emergency directive tells agencies to fix credentials after Microsoft breach security news – CISA issues emergency directive for federal agencies to reset passwords by April 30 and identify affected email correspondence due to security risks.

🔪 Awkward Adolescence: Increased Risks Among Immature Ransomware Operators security research – Contrasting mature ransomware groups with less sophisticated, riskier ones.

CISA Corner KEV – Palo Alto – CVSS 10 KEV – D-Link NAS Siemens Citrix Xen Juniper Microsofts BULK! Adobe – more or less ALL Fortinet

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights.

The short summaries are AI generated and I only skim them! If something is wrong, please let me know!

Highlight 🔐 Microsoft could have prevented Chinese cloud email hack, US cyber report says security news – US report blames Microsoft, highlighting security culture issues and gaps in prevention. 🔐 Cyber review board blames cascading Microsoft failures for Chinese hack 🛹 Cyber Safety Review Board – Review of the Summer 2023 Microsoft Exchange Online Intrusion The report!

News For All

🔒 Google to delete billions of web browsing data records to resolve lawsuit privacy – Google settles landmark lawsuit by committing to delete or de-identify vast web browsing data records collected from users in Incognito mode.

📱 Google Patches Pixel Phone Zero-days After Exploitation by “Forensic Companies” security news

⚠️ The Human Element in Cybersecurity: Understanding Trust and Social Engineering social engineering – Cybersecurity hinges on human trust vulnerabilities with social engineering tactics exploiting such trust for malicious ends.

🛡️ PandaBuy data breach allegedly impacted +1.3M customers data breach – PandaBuy breached, threat actors announcing the breach and selling stolen data on a cybercrime forum.

🔒YUBICO Security Advisory YSA-2024-01 vulnerability – YubiKey Manager GUI < 1.2.6 on Windows may lead to privilege escalation if run as Administrator opening browser windows as Administrator, affecting FIDO features.

🦠 Bing ad posing as NordVPN aims to spread SecTopRAT malware malware – involving typosquatting and a malicious Dropbox link, leading to a RAT with advanced capabilities.

🔍 KI und Datenschutz: Eine kritische Betrachtung privacy – KI in Bezug auf Datenschutz, Diskriminierung und gesellschaftliche Auswirkungen.

🔐 Have I Been Pwned: SurveyLama got breached. data breach – including passwords

📱 Essential iPhone security tips to protect your private data. security news – Tips include staying updated, avoiding suspicious apps, managing email security, and handling threats like phishing and Pegasus spyware.

🕹️ Threat Actors Deliver Malware via YouTube Video Game Cracks malware

Some More, For the Curious

🔐 OWASP discloses a data breach data breach – OWASP discloses a data breach involving old member resumes due to misconfiguration of an old Wiki web server.

🛡️ HTTP/2 CONTINUATION frames can be utilized for DoS attacks vulnerability – multiple HTTP/2 implementations enable attackers to cause out-of-memory crashes, DoS attacks, and CPU resource exhaustion.

🔒 Schneier on Security – Ross Anderson security news – Tribute to influential cryptographer and security engineer, Ross Anderson.

🔧 Persistence – DLL Proxy Loading security research

🕵️ 5 ChatGPT Jailbreak Prompts Being Used By Cybercriminals security research – Cybercriminals using jailbreak prompts to bypass ChatGPT safety measures.

🥷 Adversaries are leveraging remote access tools now more than ever – here’s how to stop them cyber defense – policy, technical controls, DNS security, and EDR blocks.

🔓 From OneNote to RansomNote: An Ice Cold Intrusion security research – Threat actors exploited OneNote files, deploying IcedID, using Cobalt Strike, AnyDesk, and FileZilla for data exfiltration and ransomware deployment.

🔒 NVD Program Announcement security news – Growing backlog of vulnerabilities at NVD prompts prioritization, collaboration.

🪳 Earth Freybug Uses UNAPIMON for Unhooking Critical APIs malware – Earth Freybug (APT41) uses DLL hijacking and API unhooking to deploy malware UNAPIMON for defense evasion.


from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights.

The short summaries are AI generated! If something is wrong, please let me know!

News For All

⚠️ Google's new AI search results promotes sites pushing malware, scams warning

👧 Florida enacts tough social media law barring children under 14 from holding accounts privacy – Florida law bars children under 14 from social media accounts, requires consent for 14-15 year olds, and mandates age verification for explicit sites. Critics argue privacy violations and censorship issues.

🍏 “MFA Fatigue” attack targets iPhone owners with endless password reset prompts cybercrime – Victims, overwhelmed by prompts, might unintentionally grant access or accidentally allow attackers in.

📈 Meta allegedly snooped on Snapchat via traffic decryption privacy – Meta allegedly using Onavo to intercept Snapchat data for commercial gain. Meta's actions included intercepting SSL traffic.

☎️ Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs privacy – Telegram offers free premium subscription to users in exchange for allowing their phone numbers to be used to send OTPs.

🤖 Navigating the Challenges and Opportunities of Synthetic Voices security research – OpenAI shares insights into small-scale preview of Voice Engine, highlighting potential risks.

⚖️ 25 years for Sam Bankman-Fried cybercrime – Sam Bankman-Fried sentenced to 25 years in prison and $11 billion judgment for crimes related to FTX.

⚛️ Sellafield nuclear waste dump faces prosecution over cybersecurity failures security news – Sellafield nuclear waste dump faces legal action over cybersecurity breaches, potential espionage and disruptive attacks.

APT31 put in a corner? 🏬 Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov cybercrime 🌐 UK, New Zealand Accuse China of Cyberattacks on Government Entities cybercrime – Chinese hacktivist groups like APT31 are accused of spying. The countries have taken action by imposing sanctions on Chinese entities. ⛩️ Finland confirms APT31 hackers behind 2021 parliament breach cybercrime

Some More, For the Curious

⛓️💣 xz supply chain corner 💣⛓️ this is THE BIG ONE this week. When linux distros tell you to stop using their product, something is wrong... advisories timeline need to know summary in a pic all you can find in one link

🔒 Shostack + Friends Blog > The NVD Crisis security news – The National Vulnerability Database (NVD) is struggling and not issuing CVSS information to CVEs, causing concern for patch management. Recommendations include embracing cloud-native practices and automation to streamline patch deployment.

🔍 CPE Enrichment in VulnCheck NVD++ security news – NIST NVD faces delay in CVE analysis, VulnCheck launches NVD++ for community accessibility.

0️⃣ We’re All in this Together – A Year in Review of Zero-Days Exploited In-the-Wild in 2023 security research – Google Threat Analysis Group 🥸 Spyware and zero-day exploits increasingly go hand-in-hand, researchers find security research – Commercial spyware firms exploit 64% of zero-day mobile and browser vulnerabilities, targeting end-user devices for surveillance.

⚙️ ZenHammer: Rowhammer Attacks on AMD Zen security research – bit flips

🎣 Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit security research – Sekoia uncovers Tycoon 2FA phishing kit, monitors infrastructure, and analyzes in-depth changes.

🔒 Double trouble for DNSSEC though the devil is in the details vulnerability – Two DNSSEC vulnerabilities are disclosed, KeyTrap and NSEC3-encloser, with KeyTrap posing a greater threat. Concerns are raised about MITRE's assessment of the severity of the vulnerabilities.

⚙️ Local Privilege Escalating my way to root through Apple macOS filesystems hacking writeup – CVE-2023-42931 in macOS involving filesystem mount options allows users to potentially escalate to root.

🚘 Zero days demonstrated at Pwn2Own 2024 security news – Google and Mozilla addressed zero-days discovered during Pwn2Own Vancouver 2024.

🌑 The Darkside of TheMoon security research – Black Lotus Labs at Lumen Technologies discovered a multi-year campaign targeting end-of-life routers and IoT devices using an updated version of TheMoon malware.

🔐 Cisco warns of password-spraying attacks targeting Secure Firewall devices warning

💰 Rewards for Justice – Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure cybercrime – Up to $10 million reward for info on ALPHV BlackCat ransomware targeting U.S. infrastructure

⚠️CISA Corner Sharepoint, Ivanti, Fortinet – Update your s***! Safari & macOS Cisco IOS and Access Points

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


from Kevin Neely's Security Notes

I always loved Lesley Carhart's blog post on packing for hacker conferences and referred to it many times while prepping for #DEFCON , #BSides, other cons, and even general travel. As time has gone by, I've developed a three-tier system that kind of builds on itself for longer and more involved travel. The general ideaidea is that

Tier 1 Go Bag – The Weekender

The most basic level of the tech travel stack I've created is what I call “The Weekender”. it's meant for being out and about all day long or for short weekend getaways. As such, the requirements are basically: 1. Take up little room, being able to fit in any backpack or even a sling bag. 2. be able to charge the devices I'm likely to carry, from ear buds to a laptop. 3. Plan for extended periods away from a power source.

image image 1: Tier 1 go bag – The Weekender with a backup battery, USB-C to USB-C cable, USB-A to micro-USB cable, and USB-C adapter. Small, ready to go, and easy to drop into any bag.

Bag Contents

In order to address these simple requirements, I realized I needed to be able to provide power to USB-C and micro-USB devices, for a laptop, I need a bit more oomph, so the adapter can deliver enough power to charge a laptop battery. Limited by the space requirements, I went with a 33W charger that can absolutely charge a laptop, but it will not keep up with power consumption under load. This means that if I'm going to be working all day on the laptop, I'm going to need to move up to the next tier.

Power sources & adapters

  • 1x multi-adapter (USB-A for devices, USB-C for laptops) like the Anker 323 at 33W it won’t fully power a laptop, however, it will greatly extend the battery life and will change the laptop when it’s off or in standby
  • 1 5000mAh battery pack with dual USB-C ports – thin and light is key here



Note that all cables can transfer data. For versatility, I don’t mess with power-only cables. – 1x USB-A to microUSB cable – 3ft. – 1x 5ft. USB-C to USB-C cable – This is the minimum length you want to ensure your phone can reach the bed when charging


Converters extend the utility and versatility of the other equipment – USB micro female to USB-C male. This gives me a third USB-C cable

image Image 2: Zipped Weekender Go-bag and its contents in detail


from critic

Che poi con la doccia alla sera si risparmia tempo la mattina... certo se poi quel tempo lo usi per pulire le cacche dei gatti allora torniamo al punto di partenza.


from critic

Non funziona con la app di Writefreely. Sono un po’ deluso. Nonostante ciò proverò ad usarlo via browser.


from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights.

‼️ New feature warning – AI generated mini summaries‼️ Some of you reached out with feedback and asked for summaries of the articles. Well, I don't want to spend my own time on this, but chat-GPT should be quite good at this. So, I decided to script myself a little python thingy and you now get AI generated single line summaries and categorizations (which nearly double the length of a single post). This is a “work in progress”-feature. I would appreciate feedback and please let me know, if anything is off or I missed grave errors.

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlight 🤾‍♀️ Esports league postponed after players hacked midgame hacking news

For All

🤕 Meta to shutter key disinformation tracking tool before 2024 election warning – Meta's closure of CrowdTangle tool sparks criticism as groups fear impeded disinformation monitoring ahead of elections.

🐬 FlipperZero – Our Response to the Canadian Government

💸 Crypto scams more costly to US than ransomware, Feds say cybercrime – Investment fraud led to $4.57 billion losses in 2023, surpassing ransomware costs.

🦐 How Spammers, Scammers and Creators Leverage AI-Generated Images on Facebook for Audience Growth cybercrime – Researchers analyze how spammers leverage AI-generated images, such as Shrimp Jesus, on Facebook for audience growth.

🥸 Warning Against Infostealer Disguised as Installer malware – StealC malware disguised as installer distributed in mass, extorting various data through multiple redirections.

🔓 Email accounts of International Monetary Fund compromised data breach – 11 accounts breached, incident under investigation.

🍊 Remove WordPress miniOrange plugins, a critical flaw can allow site takeover vulnerability – Uninstall miniOrange plugins; critical privilege escalation flaw enabling site takeover.

🎎 Fujitsu hack raises questions, after firm confirms customer data breach data breach – Fujitsu warns of potential customer data theft due to malware, lacking details, and uncertain impact.

🤖 FTC investigating Reddit plan to sell user content for AI model training privacy – Reddit's plan to sell user content for AI training sparks privacy concerns.

🛑 Russians will no longer be able to access Microsoft cloud services, business intelligence tools general news – Microsoft will suspend access to cloud services for Russian users due to European sanctions post-invasion of Ukraine.

🩻 Here's why Twitter sends you to a different site than what you clicked security research – Twitter link previews can redirect to different websites; security flaw abused by scammers and threat actors.

💧 Mozilla Drops Onerep After CEO Admits to Running People-Search Networks privacy – Mozilla ends partnership with Onerep after CEO's admission of founding numerous people-search services.

🌐 Nemesis darknet marketplace raided in Germany-led operation cybercrime

more, For the Curious

📦 Opening Pandora-s box – Supply Chain Insider Threats in Open Source projects vulnerability – Open Source projects face supply chain insider threat risks, demonstrated through a responsible disclosure of an RCE vulnerability in AWS.

⛴️ Acoustic Side Channel Attack on Keyboards Based on Typing Patterns security research

👻 Shielding Networks From Androxgh0st malware – AndroxGh0st targets Laravel apps; abuses multiple CVEs for data extraction and RCE.

📄 Abschlussbericht – Security Incident: Südwestfalen-IT

🦜 VIDEO by PirateSoftware: Apex Legends Vulnerabilities – Investigation and Wrap Up hacking news

🗝️ Microsoft announces deprecation of 1024-bit RSA keys in Windows

⛈️ AcidRain | A Modem Wiper Rains Down on Europe malware – AcidRain wiper attack in Ukraine and Germany linked to Russian invasion, using a new ELF MIPS malware wiping modems and routers.

🤏 We’re closer to a cybersecurity standard for smart home devices general news – CSA introduces IoT Device Security Specification and certification to ensure secure smart home devices globally.

💔 Inside the Massive Alleged AT&T Data Breach data breach – 70 million AT&T records, including SSNs and DOBs, leaked on a public forum.

⚡ CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity warning – CISA and partners issue warning on PRC-sponsored Volt Typhoon cyber threat targeting U.S. critical infrastructure.

🤨 Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry vulnerability

🍏 Unpatchable vulnerability in Apple chip leaks secret encryption keys vulnerability – Apple chip vulnerability leaks encryption keys due to prefetchers confusions with memory content.

⚠️ Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days hacking news

🦥 NVD slowdown leaves thousands of vulnerabilities without analysis data vulnerability – NVD stopped updating vulnerabilities analysis, leading to thousands of unanalyzed CVEs, affecting security tools and vulnerability management.


from critic

Usare un carattere senza grazie per essere riconoscibili al volo. Soprattutto a me stesso.

Il punto determinante è utilizzare parole con la lettera L per essere sicuri che il carattere corrisponda col proposito appena indicato.


from Bruno Miguel

I've been having an issue on i3wm that's been bugging me: the screen blanking doesn't get disabled with software like caffeine or stimulator. Both used to work but suddenly stopped, and I have no idea why.

Fortunately, there's xset to manage the screen blanking and screensaver from the terminal.

I wrote a function for my shell (zsh) to make it more interactive and easier to use. On a window manager, I can attribute keybindings to specific options to toggle the screen blanking and the screensaver or query their statuses, then get a notification about the change or the query. The function is:

function XScreenManage {
		if ! command -v notify-send &> /dev/null; then
			echo -e "Warning: notify-send could not be found. Please install it using\
your distribution native package manager. On Arch Linux, you can install it\
with \"sudo pacman -Sy libnotify\""
			return 1 2>/dev/null

		local blanking() {
				blanking_status=$(xset s q | grep -i blanking | cut -d " " -f3-6)
				blanking_off="prefer blanking:  no"
				blanking_on="prefer blanking:  yes"

				if [[ $blanking_status = $blanking_off ]]; then
					echo -e "\n\e[0;93mEnabling screen blanking..."
					xset s blank
					xset s q | grep -i blanking | cut -d " " -f3-6
					notify-send "Screen blanking enabled"
					echo -e "\n\e[0;93mDisabling screen blanking..."
					xset s noblank
					xset s q | grep -i blanking | cut -d " " -f3-6
					notify-send "Screen blanking disabled"

		local screensaver() {
				screensaver_status=$(xset s q | grep -i timeout | cut -d " " -f3-5)
				screensaver_off="timeout:  0"
				screensaver_on="timeout:  600"

				if [[ $screensaver_status = $screensaver_off ]]; then
					echo -e "\n\e[0;93mEnabling screensaver..."
					xset s on
					xset s q | grep -i timeout | cut -d " " -f3-5
					notify-send "Screensaver enabled"
					echo -e "\n\e[0;93mDisabling screensaver..."
					xset s off
					xset s q | grep -i timeout | cut -d " " -f3-5
					notify-send "Screensaver disabled"

		local status() {
				notify-send "$(xset s q | grep -i blanking | cut -d " " -f2-6)"
				notify-send "$(xset s q | grep -i timeout | cut -d " " -f3-5)"
				xset s q | grep -i blanking | cut -d " " -f2-6
				xset s q | grep -i timeout | cut -d " " -f3-5

		case "$1" in
				-h | *)
						echo -e "-b\ttoggle screen blanking\n-s\ttoggle screensaver\n-q\t\
query screen blanking and screensaver status\n-h\tdisplay help"

I only tested them with zsh, as a function in my .zshrc, but it should work with bash and dash. It probably doesn't work in shells like fish, though. Also, you need notify-send, but the script throws an error and stops if it doesn't detect it in your $PATH.

This function is licensed under the CC0 1.0 license.

#Linux #X11 #Xset #WindowManager #i3wm


from phillip prado

Here is how to remove EXIF metadata on Android, iOS, or even your desktop of choice.

Sharing photos online is a critical part of how we connect with one another. Whether it's X (formerly Twitter) or Mastodon, Instagram or Pixelfed, or even just SMS or Signal, sharing pictures is synonymous with sharing our experiences. But this habit comes with a risk some aren't aware of: doxing yourself and/or your family via the photo's EXIF metadata.

Disclaimer: This blog post was originally posted on my blog, Zero Click. Check it out here.

What is EXIF metadata and why you may want to remove it

Most digital photos we take store what's known as EXIF metadata, which stands for exchangeable image file format. This metadata can be really useful to photographers, because it includes things like the camera type, aperture, focal length, and so on. But for the average smartphone and digital camera user, this information isn't of much use.

In fact, EXIF metadata may actually reveal some details we wish to keep private, like where and when the photo was taken. This information may accidentally reveal where we live, where we work, where our children are during what times of day, etc.

Now, this isn't something most people would or even should worry about, but it's still important to know. It's also important to know how to remove EXIF metadata from photos should you wish. Thankfully, there are several easy was to do this, and I'm going to show you a few.

How to remove EXIF metadata on Android

If you are on Android, there is an app called Scrambled Exif which streamlines this process. Once you've installed the app onto your Android device, using it is almost as easy as sharing a photo normally. Here's how:

  1. Open the gallery app on your Android device.
  2. Navigate to the photo you wish to share, and open it.
  3. Tap the share button. This will be in a different location for everyone, depending on the device or photo gallery app.
  4. Select Scrambled Exif.
  5. A second prompt will pop up asking you where to share the photo again.
  6. Now, select the service or app you wish to share the photo on.

You can download Scrambled Exif from the app's Gitlab page at the link below.

Download Scrambled Exif

How to remove EXIF metadata on iOS

This is one of the many realms iOS has a leg up on Android as far as privacy is concerned. Whereas Android requires the use of a third-party app to remove EXIF metadata, iOS has this feature built into the OS. Here's how to use it:

  1. Open the iOS Photos app.
  2. Navigate to the photo you wish to share, and tap it.
  3. Now tap the share button toward the bottom left.
  4. Here, you will see a few different options. Navigate to “ViewExif,” and tap it.
  5. First, you'll see the metadata available for this photo. Should you want to share it without any of this information, tap the share button again, but this time it'll be at the top left.
  6. You'll be given the option to save and share this photo without metadata, or even to share it as is. Tap Save without Metadata or Share without Metadata.
  7. If you save the photo, it will appear at the bottom of your camera roll. If you chose to share it, you can now select the service or app you wish to share the photo on.

How to remove EXIF metadata on Windows, Mac, or Linux

There are many different ways to remove EXIF data from photos on the desktop. I've already touched on a Linux desktop application in the past called Metadata Cleaner. You can check that out in my post highlighting 3 Linux apps to boost your digital privacy.

If you aren't on Linux or you don't want to use Metadata Cleaner for some reason, I have another cross-platform option for you. It's a piece of free software called ExifCleaner, and here's how to use it:

  1. Download and install ExifCleaner for your desktop of choice.
  2. Once installed, open the app.
  3. Drag and drop any photos you wish to remove EXIF metadata from.
  4. ExifCleaner will automatically remove metadata from these photos and save them to the same location they were originally stored.
  5. Now, you can share those photos online anywhere you wish.

You check out ExifCleaner's website at the link below.

Download ExifCleaner

Closing thoughts

Keep in mind, many apps and services will actually remove EXIF metadata when you share photos on their platform. That being said, there is no harm in going through these few extra steps, regardless of where you are sharing the photo. It will assure that as little private EXIF data as possible leaks online without you knowing.

I'd also like to reiterate that most people shouldn't need to sweat this too much, though it obviously depends on your threat model. In general, it's a good practice to be in once you get in the habit of first going through these steps before sharing photos online.

Do you have a technique or app for removing EXIF metadata and wish to share it with everyone? Feel free to leave a comment about it below.


from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlights 🚸 Hackers are targeting a surprising group of people: young public school students Don't be afraid, but please be aware

🔑 Open Source Password Managers: Overview, Pros & Cons Use a password manager! Please!!!

For All

💁‍♀️ Microsoft says Windows 10 21H2 support is ending in June

✂ CISA forced to take two systems offline last month after Ivanti compromise

🎭 CEO of Data Privacy Company Founded Dozens of People-Search Firms

🎦 Airbnb is banning indoor security cameras

📷 Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries

↔️ How to share sensitive files securely online

🎨 ASCII art elicits harmful responses from 5 major AI chatbots

👃 Hackers can read private AI-assistant chats even though they’re encrypted TL;DR sniffing traffic can be enough

👨‍🦯 British authorities have never detected a breach of ransomware sanctions — but is that good or bad news?

Incognito Corner My big one this week. Bad guys acting like bad guys. What a surprise! 💣 Incognito Market: The not-so-secure dark web drug marketplace ♟ Incognito Darknet Market Mass-Extorts Buyers, Sellers 💰 Millions in BTC, XMR possibly stolen after reports of darknet market ‘exit scam’

more, For the Curious

⏱ Risky Biz News: NIST NVD stopped enriching CVEs a month ago Recommending the main story of this weekly news summary

👩‍✈️ Microsoft’s Security Copilot Enters General Availability Scaaary! 😱

🧆 Misconfiguration Manager – knowledge base for Microsoft Configuration Manager tradecraft and hardening guidance

🧹 Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th)

🎡 What a Cluster: Local Volumes Vulnerability in Kubernetes CVE-2023-5528 writeup

🦜 PixPirate: The Brazilian financial malware you can’t see

🧞 Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

👨‍⚖️ On the new Dutch Intelligence and Security Law

👻 GhostRace – Exploiting and Mitigating Speculative Race Conditions

💹 RisePro stealer targets Github users in “gitgub” campaign

🤪 Real-time, privacy-preserving URL protection

🧦 The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

🧵 The 2024 Sophos Threat Report: Cybercrime on Main Street

💼 Beware of the Messengers, Exploiting ActiveMQ Vulnerability Good read if you want to know a liitle more about “ActiveMQ”

⚙ AUTOATTACKER: A Large Language Model Guided System to Implement Automatic Cyber-attacks