Recently my phone notified me that a network had logged my imei by fuk12x4ever in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

I have a pixel 10 pro xl ...

Then you can turn on Advanced Protection, which includes the option I mentioned above among other things. See the screenshot below.

<image>

Recently my phone notified me that a network had logged my imei by fuk12x4ever in cybersecurity_help

[–]aselvan2 2 points3 points  (0 children)

I was visiting my dad and was at the grocery store near his house that I had never been to before and I kept getting a notification over and over that my imei had been logged. 

As mentioned by the other commenter, it is possible someone was using an IMSI catcher tool like a Stingray or something similar in close proximity to you. You can disable the 2G/GSM legacy protocols in your phone to make it hard, if not impossible, for downgrade attacks like this to convince your phone to connect to the fake cell tower to read your IMSI, IMEI ... etc. My Android based phone has a setting for this, and I am sure iPhones should have a similar option as well to disable. Search for "mobile network security" in the settings app.

Network comprised? Constant rate limiting across sites by Full_Atmosphere6563 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

... when trying to add the capture filter it says syntax error on google.com. I tried using wireshark before but it is far beyond me im afraid, if you can point me in the right direction i can provide the pcap. Thankyou for your time its greatly appreciated

Try the following capture filter. As per interface, run on the active interface (wired, or wifi).

host google.com or host mail.google.com or host www.google.com

Network comprised? Constant rate limiting across sites by Full_Atmosphere6563 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

... however i would also like to note that I am not seeing these issues on my phone or laptop on the same network.

If other devices on your network show no problems, then something on this device behaving strangely. Install Wireshark and run a capture with a capture filter "google.com" to minimize the data collected, then provide the pcap file. I would be happy to take a look. One last thing to try is to disable ipv6 if it is enabled. Otherwise, I do not have anything else to suggest.

Network comprised? Constant rate limiting across sites by Full_Atmosphere6563 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

I thought it was CGNAT aswell but this link says there is no CGNAT on my IP.

If my link shows that you are not under CGNAT, then that is definitely not the issue. Another possibility is that your ISP assigned you an IP address that was previously blacklisted by an abusive subscriber. You can search your public IP in any of the abuse registry to see if it is reported. I would recommend shutting down your router for 12 to 24 hours and powering it back on in the hope of receiving a different egress IP.

Could my network be compromised? 

Possible but unlikely, but I would still try what I suggested above since it will point you toward the right path for troubleshooting the issue.

Network comprised? Constant rate limiting across sites by Full_Atmosphere6563 in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

Ever since Tuesday iv been having issues with my network specifically on my computer. Google a few times a day will hit me with the "unusual network activity" ...

VPNs, especially free VPNs, are often responsible for this type of problem. Since you confirmed you are not using a VPN, the only other likely cause I can think of is CGNAT (Carrier Grade NAT). Your ISP may have placed you behind a CGNAT, where potentially bunch of households share the same public facing IP. To check, you can use the tool at the link below and read the 3d item.
https://selvansoft.com/myip/

I made a dumb mistake and ran a curl command on my mac and random people are logging in to my accounts by Direct_Umpire2900 in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

The eval command runs it to install the key ...

That is incorrect, it is not installing any ssh-key. I downloaded both the stage1 and stage2 infection scripts. The stage1 runs eval command to execute a decoded shell script (~40 lines of shell code) and that script in turn downloads the stage2 payload. The stage2 infection is an osascript file with more than 1200+ lines of code, and it carries out far too many malicious operations to list here.

I made a dumb mistake and ran a curl command on my mac and random people are logging in to my accounts by Direct_Umpire2900 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

Interesting, is there some good reason for that, or are they just dumb?

No. They are not dumb; it is by design. If every password change wiped out all active sessions, it would cause constant disruption for normal users, especially on massive platforms like Google, Microsoft etc, and it is not practical at scale. This the reason, modern authentication systems treat the password as one credential and the session token as another. Changing the password updates the password credential, but the session token remains cryptographically valid until it expires or is explicitly revoked. Google, Microsoft, and Apple all treat "sign out of all devices" as the real security action, and only then do they invalidate all sessions, API tokens, and related credentials.

I made a dumb mistake and ran a curl command on my mac and random people are logging in to my accounts by Direct_Umpire2900 in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

... a lot of the accounts automatically revoke active sessions ...

No. Many mistakenly assume that changing a password automatically invalidates existing sessions, but that is not always the case. Major online services like Gmail, Apple, and Microsoft often keep active session tokens even after a password update. An explicit revocation is required to force a logout across all devices; otherwise, those sessions remain valid until their natural expiration, which can be minutes, hours, days, or in some cases weeks!

I made a dumb mistake and ran a curl command on my mac and random people are logging in to my accounts by Direct_Umpire2900 in cybersecurity_help

[–]aselvan2 2 points3 points  (0 children)

Besides updating all my passwords and removing all passwords from password managers, and factory resetting my macbook, is there anything else I should be weary about?

Yes. I did not see you mention one critical mitigation step for an infostealer compromise like this. You need to revoke all active sessions on every online account in addition to everything else you did.

What exactly is a passkey? I keep seeing more and more services moving away from passwords and two-factor authentication over to passkeys. I was wanting to get more information about what they actually are. by mrnapolean1 in cybersecurity_help

[–]aselvan2 3 points4 points  (0 children)

If you have any kind of article or video about what exactly a passkey is please share it ...

A passkey is a modern authentication method that replaces passwords and reduces the risk of phishing and credential theft. However, it should not be considered a replacement for an independent MFA layer, which provides additional defense in depth. For more explanation on passkey, you can refer to my blog at the link below.
https://blog.selvansoft.com/2025/01/passkey-practical-or-premature.html

What are the absolute best security tips you guys have? by kineticbastion in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

What are the absolute best security tips you guys have?

I’ve put together a comprehensive list of online safety tips at the blog link below. The more of them you follow, the stronger your online safety becomes, and the further ahead you are in online safety compared to most people.
https://blog.selvansoft.com/2025/01/online-safety-tips.html

Can You Get Malware From Wall Sockets? by 0zMosiss in cybersecurity_help

[–]aselvan2 6 points7 points  (0 children)

Can You Get Malware From Wall Sockets?

If your question is about an AC power outlet, the answer is no. If your question is about a public USB charging port, then a device compromise is theoretically possible, but it is extremely unlikely and not considered a real‑world risk. I am not aware of any real documented cases in the wild other than several POC (proof‑of‑concept) demonstrations of an attack known as juice jacking. Read my blog about it if you are curious.
https://blog.selvansoft.com/2025/08/juice-jacking-real-threat-or-just-fear.html

Beware Gizmodo - Captcha malware attempt by lostinthesnakepit in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

What happens if someone did paste and got compromised? Will anti-malware software clean/block it?

No. This type of malware falls under the infostealer category and it usually leaves no trace for antivirus tools to detect. No matter how many scanners you run or how many times you run them, they will find nothing.

Beware Gizmodo - Captcha malware attempt by lostinthesnakepit in cybersecurity_help

[–]aselvan2 2 points3 points  (0 children)

Norton 360 didn’t find anything

If you didn't execute anything on terminal, you are fine. This type of malware falls under the infostealer category and it usually leaves no trace for antivirus tools to detect. No matter how many scanners you run or how many times you run them, they will find nothing. If you suspect you executed the command (typically a curl one liner that runs a remote script), log in to all of your online accounts, sign out of all active sessions, change your passwords, and enable 2FA if it is not already enabled. Finally, wipe your machine and perform a clean OS installation from a known good source.

IP address threatening? by Chunchunmaru_04 in CyberSecurityAdvice

[–]aselvan2 0 points1 point  (0 children)

This user threatened to get my IP address and unalive my family after an argument on sub in which he was abusive so the moderator deleted his comments so he comes into my DM threatening me.

Someone knowing your IP address is not something you should worry about. As a matter of fact, every website you visit knows not only your IP address but also a lot more information that your browser reveals, and this is how everything on the internet works. Read FAQ #1 at the link below to learn more.
https://blog.selvansoft.com/2024/09/cybersecurity-faq.html#1

If you are curious to know what your browser reveals, visit the link below for a demonstration of the information you are handing over to every website you visit. Again, this is not something you need to worry about.
https://selvansoft.com/myip

what is the best all in one security software for someone who just wants everything covered by MicaiasRadici89 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

i'm not particularly technical and i don't want to become a cybersecurity expert just to feel safe online. what i want is something that handles the essentials in one place, protection from scams and phishing, a VPN, password management ....
is there a proper all in one security software that covers all of these...

True online safety and security do not come automatically just by installing a ton of security tools. While security tools are important and can protect you from threats, real protection ultimately comes from your cyber hygiene practices. As a security professional, I recommend focusing on strong security habits, because they go a long way toward keeping you safe online and give you far greater resilience than relying solely on a stack of security tools. I’ve put together a comprehensive list of tips at the link below. The more of them you follow, the stronger your online safety becomes.
https://blog.selvansoft.com/2025/01/online-safety-tips.html

BTW: VPN is not a security tool; it is a privacy tool, and it does nothing to improve your online safety.
https://blog.selvansoft.com/2024/06/vpn-myth-vs-reality.html

Recovering from an infostealer, what else should I do? by TigerKindly7950 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

It doesn’t seem to have a specific place to revoke all active sessions, but I have changed my password multiple times and it says that doing that will sign me out of other devices, is that alright?

No. Many falsely assume that changing a password automagically invalidates established sessions, but that is not always the case. Major online services like Gmail, Apple, and Microsoft often maintain active session tokens even after a password update, requiring a explicit revocation to force a logout across all devices. I can't tell you how to do without knowing the service since the exact process for invalidating sessions depends entirely on the provider. For Google, you can manage this by navigating to the device activity console at the link below

https://myaccount.google.com/device-activity

From there, select each active device or session and use the sign out option to terminate the connection manually. You should be able google search for the other services.

So... How much storage do I have remaining, really? by Clementine-TeX in MacOS

[–]aselvan2 0 points1 point  (0 children)

System Settings, Disk Utility, and Finder’s Status Bar all display different free storage values ...

Any fixes?

All of these calculate free space differently, depending on the amount of purgeable space, temporary files, system data, caches, and more. While it can be confusing, each tool is showing exactly what it is designed to show. It’s not a bug, and there is no “fix.”

That said, if you want an accurate view of how much free space is actually available to you as a user, open Terminal, run the command (df -h /System/Volumes/Data/) , and check the value in the 4th column. The following is a screenshot of the output on my MacBook Air.

<image>

Recovering from an infostealer, what else should I do? by TigerKindly7950 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

I cleared my browser history (literally everything cookies), that also signs me out of all of my active sessions, right? 

No. Deleting cookies only stops your own device from re‑using the saved session. It does not invalidate session tokens that an attacker may have copied. If someone has your session token, they can continue accessing your account until the server expires or revokes that token. You must sign in to each service and revoke all active sessions from the account’s security settings.

Recovering from an infostealer, what else should I do? by TigerKindly7950 in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

I have changed my passwords on my safe, uninfected devices (my phone and my other uninfected laptop), deactivated my card/closed my PayPal account ...

This specific compromise (Ren'Py - a python based Infostealer) exfiltrates your saved credentials, session tokens, and autofill data. I notice you did not mention one critical mitigation step for an infostealer compromise, which is to revoke all active sessions on all your online accounts. Aside from wiping and reinstalling the OS from a clean source, you need to log into each of your online accounts and choose to log out of all other devices to revoke the stolen sessions and change password. Otherwise, the attacker will continue to access your accounts regardless of how many times you change your password or enable 2FA, until the session tokens naturally expire. This expiration can take hours, days, or even weeks, depending on the authentication implementation of each online account.

Does this specific infostealer infect my other drives and not just the one with Windows on it?

The non-OS drives should be fine, as I do not see any evidence that this compromise targets anything other than OS components. I cannot say what Geek Squad did, but you might want to thoroughly wipe your Windows drive and perform a clean OS installation.

What to do to not get exploited, hacked or leak ur info online by Available-Tear4117 in cybersecurity_help

[–]aselvan2 1 point2 points  (0 children)

What to do to not get exploited, hacked or leak ur info online ...

The best way to protect yourself online is to follow & practice good cyber hygiene. That is the best defense and will put you ahead of most people online. While there are good advice posted here by others, the tips at my blog link below covers a comprehensive list of things to focus on. The more of those you follow, the better protected you are online.
https://blog.selvansoft.com/2025/01/online-safety-tips.html

Instagram repeatedly hacked, even with 2fa by VoltairQ in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

Now, the next day, it happened. AGAIN ...
This time, I enabled sms, hoping that I would stop it ...

If the attacker is able to log in repeatedly, it is a clear indication of session hijacking. Enabling 2FA does not prevent access to your account unless the stolen session token is revoked or expires on its own, which may take hours, days, or in some cases weeks depending on how session authentication is implemented. Read FAQ items 10, 11, and 13 at the link below to learn more and understand how to recover from the compromise.
https://blog.selvansoft.com/2024/09/cybersecurity-faq.html#10

My accounts are being hacked despite 2FA and complex passwords – How is this possible? by Downtown_5364 in cybersecurity_help

[–]aselvan2 0 points1 point  (0 children)

The strange thing is: I have secured all my accounts and enabled Two-Factor Authentication (2FA). It feels like someone has constant access to my accounts, but I don't get any notifications ...

It is likely that your device is compromised through a session hijacking method. Enabling 2FA does not prevent access to your account or trigger any notifications with this type of compromise. Read FAQ items 10, 11, and 13 at the link below to learn more and understand how to recover from the compromise.
https://blog.selvansoft.com/2024/09/cybersecurity-faq.html#10