This article details how to set up and configure a Wireguard VPN server on OpenBSD, Amazon Linux, and Debian, along with instructions for configuring a GL.iNet travel router to connect to it.
**General Security Practices (Apply to All Users):**
* **Use End-to-End Encryption:** Adopt a secure messaging app like Signal (compatible with iOS & Android).
* **Secure Messaging App Hygiene:**
* Be wary of social engineering attempts (account compromise scams).
* Verify group invitations through separate channels.
* Be suspicious of unexpected security alerts *within* the app.
* Enable message expiration features (check organizational policies first).
* Regularly review and remove unintended linked devices.
* **Enable FIDO Authentication:** Use phishing-resistant MFA (hardware keys like Yubico/Google Titan preferred, passkeys acceptable) for valuable accounts (email, social media, etc.). Disable less secure MFA methods after enabling FIDO.
* **Migrate Away from SMS MFA:** Do *not* use SMS for two-factor authentication. Use authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) as a better alternative, but FIDO is strongest. Disable SMS after enabling an authenticator app.
* **Use a Password Manager:** Store all passwords in a password manager (Apple Passwords, LastPass, 1Password, etc.). Use a strong passphrase to protect the vault. Regularly update passwords with the manager.
* **Set a Telco PIN:** Add a PIN/passcode to your mobile account with your provider to prevent SIM-swapping. Also, change your mobile account password.
* **Regularly Update Software:** Update operating systems and apps weekly; enable auto-updates.
* **Upgrade Hardware:** Use the latest hardware version from your phone manufacturer for optimal security features.
* **Avoid Personal VPNs:** They can increase the attack surface. Use organization-provided VPNs if required.
**iPhone-Specific:**
* **Enable Lockdown Mode:** Reduces the attack surface.
* **Disable "Send as Text Message":** Ensures iMessage (end-to-end encrypted) is used when available.
* **Protect DNS Queries:** Use Apple iCloud Private Relay or encrypted DNS services (Cloudflare, Google, Quad9).
* **Enroll in iCloud Private Relay:** Enhances privacy and security for Safari browsing.
* **Review App Permissions:** Restrict access to sensitive data (location, camera, microphone).
**Android-Specific:**
* **Prioritize Secure Manufacturers:** Choose Android phones from manufacturers with strong security track records and long-term update commitments (check Android Enterprise Recommended).
* **Use RCS with Encryption:** Only use RCS (Rich Communication Services) if end-to-end encryption is enabled (Google Messages).
* **Configure Android Private DNS:** Use a trusted DNS resolver (Cloudflare, Google, Quad9).
* **Enable Secure Connections in Chrome:** Ensure all website connections default to HTTPS.
* **Enable Enhanced Protection in Chrome:** Provides an extra layer of protection against malicious websites.
* **Enable Google Play Protect:** Regularly review app scans for threats. Be cautious with third-party app stores.
* **Review App Permissions:** Restrict access to sensitive data.
* **Use End-to-End Encryption:** Adopt a secure messaging app like Signal (compatible with iOS & Android).
* **Secure Messaging App Hygiene:**
* Be wary of social engineering attempts (account compromise scams).
* Verify group invitations through separate channels.
* Be suspicious of unexpected security alerts *within* the app.
* Enable message expiration features (check organizational policies first).
* Regularly review and remove unintended linked devices.
* **Enable FIDO Authentication:** Use phishing-resistant MFA (hardware keys like Yubico/Google Titan preferred, passkeys acceptable) for valuable accounts (email, social media, etc.). Disable less secure MFA methods after enabling FIDO.
* **Migrate Away from SMS MFA:** Do *not* use SMS for two-factor authentication. Use authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) as a better alternative, but FIDO is strongest. Disable SMS after enabling an authenticator app.
* **Use a Password Manager:** Store all passwords in a password manager (Apple Passwords, LastPass, 1Password, etc.). Use a strong passphrase to protect the vault. Regularly update passwords with the manager.
* **Set a Telco PIN:** Add a PIN/passcode to your mobile account with your provider to prevent SIM-swapping. Also, change your mobile account password.
* **Regularly Update Software:** Update operating systems and apps weekly; enable auto-updates.
* **Upgrade Hardware:** Use the latest hardware version from your phone manufacturer for optimal security features.
* **Avoid Personal VPNs:** They can increase the attack surface. Use organization-provided VPNs if required.
**iPhone-Specific:**
* **Enable Lockdown Mode:** Reduces the attack surface.
* **Disable "Send as Text Message":** Ensures iMessage (end-to-end encrypted) is used when available.
* **Protect DNS Queries:** Use Apple iCloud Private Relay or encrypted DNS services (Cloudflare, Google, Quad9).
* **Enroll in iCloud Private Relay:** Enhances privacy and security for Safari browsing.
* **Review App Permissions:** Restrict access to sensitive data (location, camera, microphone).
**Android-Specific:**
* **Prioritize Secure Manufacturers:** Choose Android phones from manufacturers with strong security track records and long-term update commitments (check Android Enterprise Recommended).
* **Use RCS with Encryption:** Only use RCS (Rich Communication Services) if end-to-end encryption is enabled (Google Messages).
* **Configure Android Private DNS:** Use a trusted DNS resolver (Cloudflare, Google, Quad9).
* **Enable Secure Connections in Chrome:** Ensure all website connections default to HTTPS.
* **Enable Enhanced Protection in Chrome:** Provides an extra layer of protection against malicious websites.
* **Enable Google Play Protect:** Regularly review app scans for threats. Be cautious with third-party app stores.
* **Review App Permissions:** Restrict access to sensitive data.
New research reveals that DeepSeek-R1 produces more security vulnerabilities in code generated from prompts containing politically sensitive topics for China, such as Tibet or Uyghurs.
An article about theHarvester, a Linux tool that maps your online footprint by gathering public data from search engines and repositories, revealing exposed emails, subdomains, and more.
HiR Information Report - Personal page of ax0n, featuring projects, blog entries, social media links, and professional background in cybersecurity and technology.
An opinion piece detailing how the EU's Cyber Resilience Act will impact open source developers, with a focus on the distinctions between commercial and non-commercial developers and the potential benefits for the open source community.
The first-ever malicious Model-Context-Prompt (MCP) server, a trojanized npm package named `postmark-mcp`, has been discovered exfiltrating sensitive data from users’ emails. The package copied every email processed to a server controlled by the attacker.
Replays of the .conf25 Global Broadcast sessions, including the Welcome Keynote, Product Keynote, and various sessions covering topics like AI, security, observability, and Splunk platform updates.
Fly.io provides a secure and fast platform for deploying AI workflows and LLM-generated code using ephemeral, kernel-isolated virtual machines (Fly Machines). It offers features like secure sandboxing, fast startup times, a clean slate for each run, a simple API, and support for whole applications, not just code snippets.
This week's security roundup covers the Anubis web AI firewall, AI exploit generation, a vulnerability in CodeRabbit, the potential illegality of adblocking in Germany, a Microsoft Copilot audit log issue, and a disputed Elastic EDR vulnerability.
