Infosec Press

Reader

Read the latest posts from Infosec Press.

from Kevin Neely's Security Notes

Nextcloud administration notes

These instructions and administrative notes were written for the pre-built Nextcloud provided by hosting provider Vultr. As a way to de- #Google my life and take back a bit of #privacy, I have been using a Vultr-hosted instance for a couple years now and it has run quite well. These notes are really aimed at the small instance for personal use. Please don’t use my notes if you’re responsible for an enterprise server!

Upgrading Nextcloud

#Nextcloud, with all it's PHP-based functionality, can become temperamental if not upgraded appropriately.  These are my notes to remind me how to now completely break things. When upgrading, the first pass will usually bring you to the most up-to-date version of Nextcloud in your major release, e.g. an instance running 27.1.4 would be brought up to 27.1.11. Running the script again would bring the instance to 28.0.x.

To update a Nextcloud server running on the #Vultr service to the latest version, you need to follow the steps below:

  1. Backup your Nextcloud data: Before starting any update process, it's always a good idea to create a backup of your Nextcloud data. This will ensure that you can restore your data in case of any unexpected issues during the update process.
    1. Shutdown the OS with shutdown -h now
    2. Power down the instance in Vultr
    3. Create a snapshot
    4. Wait
    5. Wait some more – depending on how much data is hosted on the system
    6. Power it back up
  2. SSH into the Vultr server: To update the Nextcloud server, you need to access the server using SSH. You can use an SSH client such as PuTTY to connect to the Vultr server.
  3. Switch to the Nextcloud user: Once you are logged in, switch to the Nextcloud user using the following command: sudo su -s /bin/bash www-data.
  4. Navigate to the Nextcloud directory: Navigate to the Nextcloud directory using the following command: cd/var/www/html  (could be /var/www/nextcloud or other.  Check what's in use)
  5. Stop the Nextcloud service: To avoid any conflicts during the update process, stop the Nextcloud service using the following command (as www-data): php occ maintenance:mode --on 
  6. Update the Nextcloud server: To update the Nextcloud server, you need to run the following command(as www-data): php updater/updater.phar. This will start the update process and download the latest version of Nextcloud.
  7. Update the OS, as needed, with apt upgrade
  8. Start the Nextcloud service: Once the update is complete and verified, you can start the Nextcloud service using the following command: sudo -u www-data php occ maintenance:mode --off.
  9. Verify the update: After the update process is complete, you can verify the update by accessing the Nextcloud login page. You should see the latest version of Nextcloud listed on the login page.
  10. Assuming all is running smoothly, the snapshot that was created in step 1 can be safely deleted. Otherwise, they accrue charges on the order of pennies / gigabyte / day.

Some other notes

Remove files in the trash

When a user deletes files, it can take a long time from them to actually disappear from the server.

root@cloud:/var/www/html# sudo -u www-data php -f /var/www/html/cron.php root@cloud:/var/www/html# sudo -u www-data php occ config:app:delete files_trashbin background_job_expire_trash

Set files to expire

root@cloud:/var/www/html# sudo -u www-data php occ config:app:set —value=yes iles_trashbin background_job_expire_trash

 
Read more...

from Sirius

O historiador grego do século I a.C., Diodoro, é considerado um compilador de fontes antigas, dentre elas alguns dos ensinamentos de Demócrito de Abdera. Em sua obra, Biblioteca de História (Tomo I, Capítulo 8), encontramos um relato da origem dos seres vivos e dos primeiros homens, que são atribuídos aos ensinamentos de Demócrito por especialistas como Diels, Vlastos, Reinhardt e Beresford. Dando início a meus estudos sobre Protágoras que, como discípulo de Demócrito, compartilhava com ele algumas concepções naturalistas e humanistas, apresento uma tradução do relato da pré-história de Diodoro. Felizmente a obra Biblioteca de História, de Diodoro, foi disponibilizada em inglês pela Universidade de Chicago nesse site.

Transcrevo a seguir o relato dos primeiros homens de Diodoro, como texto inicial para o estudo da conexão do pensamento de Demócrito com o de Protágoras (inclusive as semelhanças e diferenças com o mito de Prometeu e Epimeteu, atribuído a Protágoras no diálogo homônimo, de Platão):

(…) os primeiros homens a nascer (…) levavam uma vida indisciplinada e bestial, saindo um a um para garantir sua subsistência e alimentando-se tanto das ervas mais tenras quanto dos frutos das árvores selvagens. Então, como foram atacados pelas feras, vieram em auxílio uns dos outros, sendo instruídos pela necessidade, e, quando se reuniram dessa maneira devido ao medo, gradualmente começaram a reconhecer suas características mútuas. E embora os sons que produziam fossem no início incompreensíveis e indistintos, aos poucos conseguiram articular sua fala, e, ao concordar entre si sobre símbolos para cada coisa que se apresentava a eles, tornaram conhecido entre si o significado que deveria ser atribuído a cada termo. Mas, como grupos desse tipo surgiram por todas as partes do mundo habitado, nem todos os homens tinham a mesma linguagem, uma vez que cada grupo organizou os elementos de sua fala por mero acaso. Esta é a explicação da existência atual de todos os tipos concebíveis de linguagem e, além disso, a partir desses primeiros grupos formados surgiram todas as nações originais do mundo.

Agora, os primeiros homens, uma vez que nenhuma das coisas úteis para a vida havia sido descoberta ainda, levavam uma existência miserável, não tendo roupas para se cobrir, não sabendo o uso de habitações e fogo, e também sendo totalmente ignorantes de alimentos cultivados. Pois como também negligenciaram até mesmo a colheita dos alimentos selvagens, não acumularam nenhum estoque de seus frutos contra suas necessidades; consequentemente, um grande número deles pereceu nos invernos devido ao frio e à falta de alimentos. Pouco a pouco, no entanto, a experiência os ensinou tanto a buscar as cavernas no inverno quanto a armazenar os frutos que podiam ser preservados. E quando se familiarizaram com o fogo e outras coisas úteis, as artes também e tudo o que é capaz de promover a vida social do homem foram gradualmente descobertos. De fato, falando de modo geral, em todas as coisas foi a própria necessidade que se tornou a professora do homem, fornecendo de maneira apropriada instrução em todos os assuntos a uma criatura que foi bem dotada pela natureza e que tinha, como assistentes para todos os propósitos, mãos, logos (razão) e anchinoia (sagacidade mental).

E no que diz respeito à primeira origem dos homens e seu modo de vida mais primitivo, nos contentaremos com o que foi dito, uma vez que desejamos manter a devida proporção em nosso relato.

#Filosofia #Demócrito #Protágoras

 
Leia mais...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

🐦 Einladung ins Fediverse: Mastodon als Alternative zu X, Instagram und Co. privacy – The article invites readers to consider Mastodon as a privacy-friendly alternative to popular social media platforms like X and Instagram, encouraging sharing and engagement through various channels. https://www.kuketz-blog.de/einladung-ins-fediverse-mastodon-als-alternative-zu-x-instagram-und-co/

🛡️ Kritische Sicherheitslücke in Laravel Framework – Updates verfügbar warning – The article about a critical vulnerability in Laravel is provided by CERT.at, Austria's Computer Emergency Response Team. https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar


News For All

❓ Brauchst du wirklich ein VPN? privacy – The article explores whether a VPN is necessary for online privacy and security, highlighting both its benefits and limitations in protecting personal data. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

💼 Hacker erbeuten Firmendaten des Statistischen Bundesamtes data breach – A hacker group has stolen and is selling sensitive data from Germany's Federal Statistical Office, including contact details and access credentials, raising significant privacy concerns. https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html

💳 200,000 SelectBlinds customers have their cards skimmed in malware attack data breach – SelectBlinds revealed a breach affecting over 206,000 customers due to malware on its checkout page, compromising sensitive information, including credit card details. Users are advised to reset passwords and monitor statements. https://www.bitdefender.com/en-us/blog/hotforsecurity/200-000-selectblinds-customers-card-details-skimmed-malware-attack/

🔑 These are the passwords you definitely shouldn’t be using security news – NordPass released its annual list of the most common passwords, revealing a lack of creativity with '123456' topping the chart. Users are urged to create more secure passwords or consider using passkeys. https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024

🕵️‍♀️ The WIRED Guide to Protecting Yourself From Government Surveillance privacy – With the potential expansion of government surveillance under a new administration, experts recommend various privacy protections, including encrypted communications, device encryption, and careful management of location and financial data. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

🚨 Criminals Exploiting FBI Emergency Data Requests cybercrime – Cybercriminals have exploited compromised police accounts to impersonate law enforcement and request user data, resulting in unauthorized access to sensitive information from companies. This highlights vulnerabilities in lawful-access mechanisms. https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html

📃 'FYI. A Warrant Isn’t Needed': Secret Service Says You Agreed To Be Tracked With Location Data privacy – Internal emails reveal the Secret Service's debate on needing warrants for location data from apps, claiming users consented through terms of service, despite concerns over illegal usage of the data. https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/

🔓 Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns data breach – Delta and Amazon confirmed that employee data was stolen from a vendor via a MOVEit vulnerability. The leaked data, including contact information, has reignited concerns about previous breaches tied to the Clop ransomware gang. https://therecord.media/delta-amazon-vendor-breach-confirmed

👁️ ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won privacy – Immediately following Trump's election, ICE sought contracts to enhance surveillance technologies for monitoring non-citizens awaiting deportation, anticipating a dramatic increase in those under surveillance from 200,000 to over 5 million. https://www.wired.com/story/ice-surveillance-contracts-isap/

📱 Safer with Google: New intelligent, real-time protections on Android to keep you safe security news – The article discusses Google's latest advancements in online security features aimed at enhancing user safety through intelligent systems and real-time protection mechanisms. https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html

🎧 These Guys Hacked AirPods to Give Their Grandmas Hearing Aids hacking write-up – Three technologists in India hacked AirPods Pro 2 to enable hearing aid features by creating a Faraday cage to bypass Apple's location restrictions, allowing their grandmothers to use the technology. https://www.wired.com/story/apple-airpods-hearing-aid-hack/

👶 Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover privacy – The 'What to Expect' pregnancy tracking app is neglecting serious vulnerabilities, including one enabling full account takeover, which risks exposing users' sensitive reproductive health information amid rising concerns for privacy and safety. https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/

💬 An Interview With the Target & Home Depot Hacker – Krebs on Security cybercrime – Mikhail Shefel, the identity behind the Rescator alias, discusses his role in the Target and Home Depot breaches, his connections to other hackers, and his current financial struggles following legal issues and arrests. https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/

🤏 ShrinkLocker Ransomware: What You Need To Know malware – ShrinkLocker is a new ransomware that uses VBScript and BitLocker to encrypt victims' files, locking them out without providing a password. It changes drive names to an attacker's contact, but Bitdefender offers a free decryption tool. https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know

📬 Scammers resort to physical Swiss post to spread malware cybercrime – Switzerland's NCSC warns of a new scam where malware is spread through fake letters mimicking official weather alerts. Recipients are tricked into downloading a malicious app containing the Coper trojan, targeting banking information. https://www.theregister.com/2024/11/16/swiss_malware_qr/


Some More, For the Curious

🤔 Newag admits: Dragon Sector hackers did not modify software in Impuls trains I missed this one a few weeks earlier. security news – Newag's lawsuit against hackers reveals that while they claim no software modifications were made, they still face questions about intentional software locks in their trains. The truth remains elusive. https://rys.io/en/175.html

🦠 A new fileless variant of Remcos RAT observed in the wild malware – Fortinet has identified a phishing campaign distributing a new variant of Remcos RAT, using an Excel document to exploit vulnerabilities and stealthily execute malware, granting attackers remote access. https://securityaffairs.com/170791/security/a-new-fileless-variant-of-remcos-rat-phishing.html

💻 North Korean-linked hackers were caught experimenting with new macOS malware malware – Researchers found North Korean hackers embedding malware in macOS applications using an open-source SDK, capable of bypassing Apple's security. The malware shows ties to cryptocurrency intrusions but its use remains uncertain. https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/

⚙️ Exploit code released for RCE attack on Citrix VDI solution vulnerability – Researchers released a PoC exploit for a vulnerability in Citrix's Virtual Apps and Desktops, allowing remote code execution via HTTP requests. Citrix disputes the claim of unauthenticated access, urging users to apply hotfixes. https://www.theregister.com/2024/11/12/http_citrix_vuln/

🔧 Zero Day Initiative — The November 2024 Security Update Review security news – Adobe and Microsoft released significant patches in November, addressing numerous vulnerabilities across various products. Key issues include critical RCE flaws in Windows and multiple critical updates from Adobe. https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review

🥼 Inside the DemandScience by Pure Incubation Data Breach data breach – The article discusses the DemandScience data breach, revealing how personal data was aggregated and sold. It highlights public concerns about data privacy, expectations of notification, and the implications of data misuse. https://www.troyhunt.com/inside-the-demandscience-by-pure-incubation-data-breach/

🌐 A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats security research – The article analyzes the complex ecosystem of Chinese state-sponsored cyber operations, highlighting the roles of the PLA, MSS, and MPS, along with the involvement of private companies and patriotic hackers in cyber offensives. https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/

🔗 China's Volt Typhoon botnet has re security research – The Volt Typhoon botnet has resurfaced, using the same infrastructure and techniques to target critical infrastructure in the U.S. and Guam. Despite previous disruptions, it remains a significant threat, exploiting outdated devices. https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html

📉 NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely security news – NIST announced it has cleared a backlog of unanalyzed exploited vulnerabilities with support from CISA and the private sector. However, it will not meet its goal of clearing all vulnerabilities by year-end due to data processing challenges. https://therecord.media/nist-vulnerability-backlog-cleared-cisa

💰 Crimeware and financial predictions for 2025 security news – Kaspersky's report predicts an increase in AI-powered cyberattacks, supply chain attacks, and financial threats targeting central banks and smartphones in 2025, highlighting evolving tactics in the crimeware landscape. https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/

🔑 Good Essay on the History of Bad Password Policies security research – Stuart Schechter discusses the history of ineffective password policies, highlighting mistakes made by Morris and Thompson in assuming that their interventions would lead to strong passwords without adequate testing or metrics. https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html

🔍 NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents security news – Court documents reveal NSO Group cut off 10 customers for abusing its Pegasus spyware, which exploited WhatsApp vulnerabilities. The revelations raise concerns about NSO's operations and the use of its tools against individuals, including high-profile targets. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/

🪪 Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation cyber defense – Misconfigurations in Active Directory Certificate Services can lead to serious vulnerabilities, enabling attackers to gain unauthorized access and escalate privileges within a domain. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/


CISA Corner

🔒 2023 Top Routinely Exploited Vulnerabilities security news – A joint advisory from cybersecurity agencies highlights an increase in zero-day vulnerabilities exploited in 2023, urging software developers and end-users to implement secure practices and timely patching to mitigate risks. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has included five new vulnerabilities in Atlassian Jira, Cisco ASA, Metabase GeoJSON and Microsoft Windows to its Known Exploited Vulnerabilities Catalog, emphasizing their active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-9463 and CVE-2024-9465, both related to Palo Alto Networks Expedition, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

🏭 CISA Releases Nineteen Industrial Control Systems Advisories vulnerability – CISA has published nineteen advisories addressing security vulnerabilities in Industrial Control Systems. Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories 🏭 CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories detailing security vulnerabilities and exploits related to various Industrial Control Systems. Subnet, Hitachi, Rockwell, Mitsubishi, Snap One https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories

🔒 Fortinet Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products 🛡️ Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products 🔐 Microsoft Releases November 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates 🔧 Ivanti Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products 🔒 Citrix Releases Security Updates for NetScaler and Citrix Session Recording https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Stoyan


Отговор на въпрос. Впоследствие разбрах, че това било част от течението на солипсизма.

Дали когато това дърво е издало някакъв звук при падането си, ако никой не го е чул. Опитах се да го разгледам в тотален детайл, за да си го само- обясня по пътя. Според мен случаят може да се разгледа в две основни направления :

То (дървото), като организъм престава да бъде живо само по себе си, когато се прекърши, удари го гръмотевица, отсече се, постепенно изсъхне и т.н. Това вероятно не е моментен процес, както откъснатите цветя не увяхват веднага след като бъдат откъснати. Но то спира да живее в този смисъл на живота, независимо дали някой е бил там, за да свидетелствува. От измислените ни теории за това как света работи, можем да направим извода, че:

  1. Земното притегляне го е накарало да падне, подкрепа за това твърдение намираме в състоянието му, когато го видяхме.

  2. Звукът е механична вълна, която може да се движи само в “среда”. В случая- среда има- съвкупността от газове, които наричаме въздух. Знаем, че това може да бъде среда, защото самите ние я използваме, за да общуваме.

  3. През него (въздуха) могат да преминават както енегрийните вълни, които наричаме звук, така и други обекти и частици, в нашия случай дърво.

Енергията, която то набира от гравитацията се предава на нещата, които се е случило да се намират под него- камъни, пръст, листа, животни, насекоми. Те (нещата), приемайки енергията на падащото дърво, дадена му от гравитацията, създават (малко или много) звукова/механична вълна, която на теория може да се “чуе” малко след точния момент на предаването на енергията, взависимост от скоростта, която е правопропорционална на предаваната енергия, която е правопропорционална на звуковата/ механичната вълна.

От друга страна, съществува Eфекта на Наблюдателя в квантовата физика, който за мен е подобен на ефекта с котката на Schrödinger.

Observer effect: https://en.wikipedia.org/wiki/Observer_effect_(physics)

Съществува и нещо наречено – предразсъдък, обясняващ склонността на наблюдателя да не вижда/чува/усеща/изживява/Бъде това, което е налице, а това, което очаква да види/чуве/усети/изживее/Бъде/ се случи.

Observer bias: https://en.wikipedia.org/wiki/Observer_bias

 
Read more...

from Stoyan


  • Макхтуб – Арабската дума, която се превежда като записано е, завързано е, казано е. Има тежестта на небесата.

Предсказанията като исторически и културен феномен -

Представляват издърпването на щипка информация от бъдещето и представяйки я в настоящето. Но за това трябва да приемем, че времето е линеарен феномен, т.е. има начало. Трябва също да се приеме, че предсказанията са тип позволен анахронизъм.

Някои от феномените на този парадокс могат да бъдат:

  • Интуиция

  • Дежа Вю

  • Предсказването на събитие, точно преди то да се случи.

Би могло да се отнесе към интуицията, макар че тя е осъзнато знание или чувствено предположение за това какво ще се случи, интуицията е предизвикана и повикана от егото, за да се реши някакъв проблем, докато това за което говоря се случва почти изцяло подсъзнателно, като единствено нишка от него понякога достига будното ни същество в тази реалност, информирайки, че нещо ще се случи.

  • Когато си мислим нещо и от външния свят се чуе дума или звук, който е точно по темата, която ни трябва.

  • Символи по земята и небето

Най- известният пример за това би бил горящият храст от историята за Моисей. Класически примери могат да се търсят във всички религии и митологии. Всеки знае за себе си единия символ, който му се появява пред очите или му се нашепва.

  • В музикалните произведения, които успяват да се приближат до преживявания на духа, можем също да намерим свои символи в тоновете, които се изпълняват по точно определена структура, подобно на рецептите в Шумер.

  • Преди да заспиш чуваш гласове или виждаш картини – Хипнагогия.

  • Вятъра нашепва (в приказките)

  • Пътуването до долната земя

Всички тези реалности крият нещо в себе си. Част от тях за мен не биха могли да не бъдат необозрими освен в празното пространство. Ако изхождам от това, значи ежедневно преминаваме през такива празни пространства, “червееви дупки” ако щете, които ни пренасят за момент през друго място, което се отнася към нашата реалност, която живеем в момента.

 
Read more...

from Stoyan


Японската дума “Ма” представлява празнота, пълна с възможности, подобно на обещание, което все още не е изпълнено, тишината между нотите, която реално създава музиката.

Празното пространство брои ли се за време? Колко бързо или бавно тече едно празно пространство?

Празното пространство (когато е известно) никога не е оставено на произвола, тоест то винаги се отнася Към нещо. За да е празно празното пространство не бива никой да знае, че то съществува, защото то веднага ще получи принадлежност. Ако не се узнае, то То все още притежава в себе си магията на свиващото се и разширяващото се, подобно на диафрагмата в телата ни време.

Може ли да съществува време без пространство или пространство без време?

 
Read more...

from Tai Lam in Science

I need to figure out how to reasonably deal mail and deliveries privately.

How it started

I donated to a local nonprofit in 2024, and I really shouldn't say this, but I honestly wish I never did. However, this is not due to a reason you probably expect.

I started to receive significantly more junk mail from charitable nonprofits and groups, more so than usual (at least since the 2020 COVID-19 pandemic). I won't name specific names, but this was a local nonprofit which has a total annual budget size between the order of $1 million and $10 million.

(To the reader: if we know each other IRL, then I'll tell you who the offending org is; and if your savvy with implementing an actionable fix with the issue below, then maybe we can work out a way for me to get out of this rut of a “situation” — as if this is or should be by highest priority project to take on right now. Let's just say that some of you will be surprised by the org I have in mind, which either intentionally uses the services of data brokers, or at least has some heuristic workflow that is leaking donor info to data brokers. The overall situation has a bit of a tragic irony.)

I'm (usually) not a vengeful person, at least when it comes to nonprofit orgs genuinely acting in good faith; but I am keeping a running list of these others orgs that engage in buying/selling/sharing snail mail lists as orgs I won't donate money to in the future, due to their respective disregard for mail privacy. However, there are 3 national-level orgs that have (so far) never sold out to physical mail lists: the ACLU, including state chapters; the EFF; and the Freedom of the Press Foundation. I am purposefully excluding comparatively technical groups that would respect the privacy and security of others in general, such as the Signal Foundation and The Tor Project.

On the other hand, the only other way to avoid excessive physical mail list tracking is to donate to small local nonprofits. (Any method is fine — if you're super concerned about protecting your membership info, using a PO box for your mailing address and renewing your member dues via paper check is more than sufficient for most local community members.) This is because these groups literally don't have the money to spend for mass mail solicitations or blanket marketing.

After this happened, I expressed to a local activist about how I'm going to go straight for a paid plan on Privacy.com (at least the lower tier) and skip the free plan. Additionally, I commented that I reaction was essentially the “I can't believe you've done this” meme. (Somehow, I was initially confused this with the “Charlie bit my finger” meme.)

How it's going (and the future)

I no longer think it's safe for me to order computers and ship the delivery to my residential address, using my own debit card. (That does remind me – I really should get a credit card for better payment protection and everything else that encompasses.)

I remembered that I ordered the HP Dev One in 2022 and the box's outer shipping box wasn't even taped closed when it arrived on my doorstep. Due to my living situation since 2020, I no longer trust anything that goes through the mail, and after Andrew “bunnie” Huang's assessment of overall supply chain security after the 2024 exploding pager incident in Lebanon, I think it's about high time I figure out the logistics of shipping to a private mail box (PMB) – or maybe I use a friend's address and/or credit card to purchase an online only computer (while I pay my friend for the cost, of course).

However, quite a few large computer manufacturers, who primarily have B2B (business-to-business) though also some minor B2C (business-to-consumer) sales, will tell customers that sending deliveries to a PO Box is not allowed during checkout. This includes Lenovo, HP, and even Framework. (I have to double check for System76.) This is partly why I was sad when Costco no longer sold any in-store ThinkPad laptops anymore (one probable cause might be the pandemic, but that's another matter).

If you have any somewhat serious considerations to become a Linux distro maintainer or even a package manager (such as the AUR/MPR), you should at least consider this while threat modeling. I recall Ariadne Conill tweeting about how a Lenovo ThinkPad laptop that they tried ordering online was suspiciously redirected to Langely, Virginia while en route to their home in early 2022, which was symptomatic of mail interdiction. However, those tweets were deleted around late 2022 or early 2023.

 
Read more...

from lobster

There is always something new to try... https://soapbox.pub/servers/

BUT I am now a concentrate and focus. Too much candy? Too many ideas and possibilities? It all depends on the priorities we need. In other words what is your hat colour? Black, white, grey or red? No hats for me, not even green or hoody.

Security for me is transparency or zero preference. Otherwise I am spending all my time on noise and “AI” generated attempts to fathom my rousing browsing. I am already using too many browsers, except TOR. Which is one rocky peek too many.

Slow too. Too slow. Like my keyboard. Old and clunky. Noisy and dusty. Good enough...

 
Read more...

from Tai Lam in Science

There was a guide from early 2023 on what to change in the default KDF settings of Bitwarden.

(The guide has been saved on the Wayback Machine and archive.today.)

You must log in via browser to edit these settings. (Neither the desktop apps nor the mobile apps can change the following settings.)

  1. From the main screen in Bitwarden, navigate through the following menus: Security (vertical menu) > Keys (horizontal)
  2. Select Argon2id for “KDF algorithm” and enter 10 for “KDF iterations”.
  3. Enter 64 for “KDF memory (MB)” and 8 for “KDF parallelism” (number of threads).
  4. If you changed any settings, then click on the “Change KDF” button to save any changes (and Bitwarden will log you out of your account on all devices).
    • Otherwise, if no changes were made, then you can leave the “Keys” menu.

Personal context

I need to make sure I have something I can reference when I set up organization accounts on Bitwarden for colleagues and friends.

I vaguely remember that this was discussed roughly around the same about how the default KDF for LUKS (full disk encryption on Linux) was set up. Back in April-May 2023, the sources for episode 132 of the the Surveillance Report podcast was released during the time when the podcast released roughly biweekly – so the podcast lagged at least 1-2 weeks behind current events.

This forum thread helped to date this news story, as well as this assessment.

 
Read more...

from lobster

Remember KISS? Keep It Simple Stewpit,

We do not have to spread ourselves thinly. We can rely on the wheel being invented. We can focus on less but better and complete and cooperate and merge efforts. That is why I trust my experience and others who are offering real services I need. Real alternatives. Really simple. Really.

 
Read more...

from beverageNotes

This evening it's Old Granddad 114. I picked it up at Costco for under $30. I've heard good things about it, so I thought it was time to try it.

The proof makes it hot, so I'm having it with some ice. On the nose, I'm getting maple, chipotle, and maybe some anise. I don't notice anything right away on the tongue, but the maple shows up with some cinnamon. The heat, along with the flavors, lingers on the tongue. There's briefly a hint of anise later. The heat sticks around and follows the swallow and hangs around.

I'm kind of reminded of whisky's that have been finished in amburana casks, but the maple isn't quite as strong.

We'll see how the second dram this evening goes...

 
Read more...

from Bruno Miguel

Winter is coming. Not with some sort of ice zombies and dragons, but with colds, probably flu. Oh, and the damn fucking sinusitis.

This last one is a bitch! Every few years, my sinusitis headaches become so bad that it feels like I spent a week hitting my head on the walls. This year is an example of this: it's not even winter, and I've had a headache from sinusitis for almost two weeks, with some days so bad that I could barely keep my eyes open and had to take almost twice the recommended amount of pills just to be able to decrease it a little.

The flu wouldn't cause me this much pain.

If this is already happening during autumn, it will probably be much more painful during winter. This is just what I needed: even more pain... It's not like the fibromyalgia keeps me in a ton of pain 24/7...

#Sinusitis #Ramblings

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🦹 Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies cybercrime – A complex hacking ecosystem fueled by infostealer malware is behind major breaches, as hackers exploit stolen credentials from pirated software. https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

🏆 Valorant is winning the war against PC gaming cheaters security news – Riot Games' Vanguard anti-cheat system has significantly reduced cheating in Valorant by employing advanced detection methods. https://www.theverge.com/2024/11/4/24283482/valorant-is-winning-the-war-against-pc-gaming-cheaters

🎫 Hacker suspected in massive Ticketmaster, AT&T breaches arrested in Canada cybercrime – Canadian authorities arrested a man suspected of breaching around 165 companies, including Ticketmaster and AT&T, by exploiting Snowflake's cloud storage with stolen credentials. https://www.theverge.com/2024/11/5/24288654/alleged-snowflake-hacker-arrested-ticketmaster-att-data-breaches

📉 Mozilla Foundation lays off 30% staff, drops advocacy division security news – The Mozilla Foundation has laid off 30% of its staff, eliminating its advocacy and global programs divisions to streamline operations and focus on its mission amidst significant changes in the tech landscape. https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/

💸 South Korean authorities fine Meta $15.6 million for sharing user data with advertisers privacy – South Korea fined Meta $15.6 million for sharing sensitive data of 980,000 Facebook users with advertisers without consent, violating the Personal Information Protection Act. https://therecord.media/facebook-south-korea-privacy-regulator-fine

🐍 ToxicPanda Android banking trojan targets Europe and LATAM malware – The ToxicPanda Android banking trojan has infected over 1,500 devices, targeting banks in Europe and Latin America. It employs On-Device Fraud techniques to bypass security measures, indicating a potential shift in attack strategies by Chinese-speaking threat actors. https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html

👮‍♂️ Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs cybercrime – Interpol's Operation Synergia resulted in 41 arrests and the takedown of over 22,000 malicious IP addresses linked to cybercrime, preventing numerous phishing and ransomware attacks worldwide. https://therecord.media/interpol-operation-arrests-takedowns

🕺 Canada ordered ByteDance to shut down TikTok operations in the country over security concerns privacy – Canada has ordered ByteDance to dissolve TikTok Technology Canada due to security concerns, though Canadians can still access the app. The decision follows a national security review amid ongoing scrutiny of TikTok's data practices. https://securityaffairs.com/170653/security/canada-ordered-bytedance-to-shut-down-tiktok-operations.html

💽 Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices vulnerability – Synology patched a critical vulnerability (CVE-2024-10443) in DiskStation and BeePhotos NAS devices that allowed remote code execution without user interaction, affecting millions. Users are urged to apply updates immediately. https://securityaffairs.com/170602/hacking/synology-fixed-critical-bug-in-diskstation-and-beephotos-nas.html

🦠 SteelFox Trojan imitates popular products to drop stealer and miner malware security research – The SteelFox Trojan, disguised as software activators, spreads via torrent and forum posts, stealing sensitive data and mining cryptocurrency. It targets popular applications like AutoCAD and Foxit PDF Editor, employing sophisticated techniques to evade detection. https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

🚫 Major Ukrainian university bans Telegram to reduce cyberthreats security news – Taras Shevchenko National University of Kyiv has banned Telegram for official communications, citing security concerns over Russian access to user data. The ban follows similar restrictions for state officials, prompting discussions about alternative communication platforms. https://therecord.media/ukraine-university-bans-telegram

🧢 How early-stage companies can go beyond cybersecurity basics cyber defense – To combat evolving cyber threats, early-stage companies should adopt a proactive cybersecurity strategy that transcends basic compliance, focusing on risk management, layered security, employee training, and incident response planning. https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/

🧪 What Is Penetration Testing? security news – Penetration testing simulates attacks to identify vulnerabilities within an organization's security systems. By employing various techniques, it helps organizations strengthen defenses, comply with regulations, and improve incident response capabilities. https://www.blackhillsinfosec.com/what-is-penetration-testing/

🎮 Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw security news – A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players by sending messages containing specific strings. https://techcrunch.com/2024/11/07/hacker-says-they-banned-thousands-of-call-of-duty-gamers-by-abusing-anti-cheat-flaw/

🚗 Zero Day Initiative — Multiple Vulnerabilities in the Mazda In vulnerability – Multiple vulnerabilities in the Mazda Connect CMU system allow physical attackers to exploit insufficient input sanitization via USB devices, enabling arbitrary code execution with root privileges, posing significant security risks. https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system

🔒 A new iOS 18 security feature makes it harder for police to unlock iPhones privacy – iOS 18 introduces an inactivity timer that reboots iPhones after four days of inactivity, entering a more secure state that complicates police access to locked devices and limits data extraction capabilities. https://www.theverge.com/2024/11/9/24292092/ios-18-security-inactivity-reboot-police-complain-unlocking-iphone-difficult


Some More, For the Curious

🐰 Fortinet FortiGate CVE-2024-23113 – A Super Complex Vulnerability In A Super Secure Appliance In 2024 vulnerability – A Format String vulnerability in Fortinet's FortiGate SSLVPN devices allows remote code execution. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/

🔀 A look at the latest post-quantum signature standardization candidates security research – NIST advances 14 post-quantum signature schemes for cybersecurity, highlighting their need to resist quantum attacks. The migration to these standards poses challenges, particularly regarding performance and data overhead in TLS connections. https://blog.cloudflare.com/another-look-at-pq-signatures

🎟️ Strengthening Local Admin Security in Windows 11 with Local Administrator Protection security news – Windows 11's new Local Administrator Protection feature enhances security by providing just-in-time admin privileges, reducing exposure to malware and minimizing risks associated with local admin rights. https://call4cloud.nl/local-administrator-protection-privilege-protection/

🦘 Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems security research – The SANS report highlights rising attacks on ICS/OT systems, primarily through IT network vulnerabilities, with non-ransomware incidents outnumbering ransomware. https://www.darkreading.com/ics-ot-security/attackers-breach-network-provider-ot-ics-network

💼 Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale security research – Cybercriminals are exploiting DocuSign's APIs to send realistic fake invoices using genuine accounts, bypassing traditional phishing defenses. https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

🤖 AIs Discovering Vulnerabilities security research – Research into AI capabilities for discovering software vulnerabilities is advancing, with tools like ZeroPath uncovering critical flaws missed by traditional methods. https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html

🔍 Typosquat campaign impersonates 287+ popular npm packages cybercrime – A new typosquatting campaign targets developers by publishing malicious npm packages that mimic legitimate ones, utilizing Ethereum smart contracts for command-and-control. https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/

💰 Schneider Electric reports cyberattack, its third incident in 18 months *security news – Schneider Electric confirmed a cyberattack involving unauthorized access to its project tracking platform, with the HellCat ransomware group demanding a $150,000 ransom in baguettes after claiming to steal over 40GB of data.* https://cyberscoop.com/schneider-electric-energy-ransomware-hellcat/

🔐 Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments security research – Mandiant's Red Team demonstrated how attackers can exploit Intune permissions to achieve lateral movement and privilege escalation within Microsoft Entra ID. https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/

💯 Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw vulnerability – Cisco has issued a critical alert for CVE-2024-20418, a vulnerability in its Ultra-Reliable Wireless Backhaul systems that allows remote attackers to gain admin access via crafted HTTP requests, necessitating immediate patching. https://www.theregister.com/2024/11/07/cisco_uiws_flaw/

🤖 AI Industry is Trying to Subvert the Definition of “Open Source AI” security news – The Open Source Initiative's new definition of 'open source AI' has sparked controversy for permitting secretive practices in training data, raising concerns about true transparency in AI development. Critics argue for a clear distinction between 'open source' and 'open weights' models. https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html

🚔 FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information security news – The FBI warns that hackers are exploiting compromised government email addresses to submit fraudulent emergency data requests, enabling them to steal private user information from tech companies like Apple and Meta. https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

🏜️ Palo Alto Networks warns of potential RCE in PAN vulnerability – Palo Alto Networks alerts customers to a potential remote code execution vulnerability in PAN-OS management interface, urging them to restrict access and follow security best practices to mitigate risks. https://securityaffairs.com/170697/security/palo-alto-networks-warns-potential-pan-os-rce.html

📇 Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks security research – This guide emphasizes the importance of limiting high-privilege accounts and monitoring for unusual replication requests to defend against DCSync attacks on Active Directory. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/

🤖 With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers security research – Attackers exploited a leaked automation token to inject malicious code into popular NPM package versions, highlighting vulnerabilities in software supply chains and 2FA limitations. https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/


CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities affecting PTZOptics cameras to its Known Exploited Vulnerabilities Catalog, highlighting the risks of OS command injection and authentication bypass to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including privilege escalation and authentication flaws, highlighting significant risks for federal agencies that must address these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on November 7, 2024, addressing security vulnerabilities in Beckhoff Automation, Delta Electronics, and Bosch Rexroth ICS products, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-releases-three-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from lobster

Dear Blog friends,

Please forgive my ignorant rambling. My first post is an intro I tended, like all of us, in my Puppy Linux days, to run quite happily as root on my personal computer.

These days random password generators are driving me mad. As for key safes, prefer writing down on sticky notes. BUT changing passwords are another unnecessary, well for me anyways.

My last Puppy Linux computer still has a random noise generator, written in javascript (not by me). It opens random web sites from the background, to obscure my browsing. Probably old black hat now...

I expect a Chinese Turing multiprocessor eventually or something retro but still fast for future reference.

End of ramble. As you were.

 
Read more...

from Ducks

More and more sites popping up. Some results from urlscan.io as of today (8. nov. 2024): advokatiks.info advokats.blog advokats.info canada-pol.best canada-pol.biz canada-pol.site cyber-payback.pro cyber-police.site cyberfundreturn.pics cyberfundreturn.pro cyberreturnfund.digital cyberpl.info digital-recover.cyou digital-recovery.autos digital-recover.best digital-recovery.best digital-recovery.blog digital-recovery.bond digital-recovery.site digital-recovery.xyz digitalrecovery.autos digitalrecovery.cam digitalrecovery.site digitalrefund.apicil.group euro-pol.art euro-polc.blog euro-polc.site europol-eu.com europol-police.pro europol-refund.info europolonline.net germam-pol.xyz german-police.blog germanic-pol.auction gretcomp-invest.com gretcomp-invest.com interfundreturned.digital internet-cyberpolice.network queenscreekcapital.com refunds-money.site secureinvestments.cfd uk-advokats.site uk-pol.site Some of those are probably gone when you read this.

If you are registered at urlscan.io, here is a list with “dynamic” results based on one common file : https://urlscan.io/search/#filename:%22bg-important2.png%22 There are some duplicates and maybe a few not related. And there is probably better ways to find more related domains.

One example of whois info. Somehow I mistrust the registrant info, one may wonder about globaldomaingroup.com and its resellers. They seem to be involved in several of these domains. This domain was registered on Sept. 24 this year and is still alive as of Nov. 8 (2024): whois advokatiks.info (some info skipped for readability) organisation: Identity Digital Limited (included in administrative contact info) contact: administrative name: Vice President, Engineering organisation: Identity Digital Limited address: 10500 NE 8th Street, Suite 750 address: Bellevue WA 98004 address: United States of America (the) phone: +1.425.298.2200 fax-no: +1.425.671.0020 e-mail: tldadmin@identity.digital contact: technical (included in administrative contact info) nserver: A0.INFO.AFILIAS-NST.INFO 199.254.31.1 2001:500:19:0:0:0:0:1 nserver: A2.INFO.AFILIAS-NST.INFO 199.249.113.1 2001:500:41:0:0:0:0:1 nserver: B0.INFO.AFILIAS-NST.ORG 199.254.48.1 2001:500:1a:0:0:0:0:1 nserver: B2.INFO.AFILIAS-NST.ORG 199.249.121.1 2001:500:49:0:0:0:0:1 nserver: C0.INFO.AFILIAS-NST.INFO 199.254.49.1 2001:500:1b:0:0:0:0:1 nserver: D0.INFO.AFILIAS-NST.ORG 199.254.50.1 2001:500:1c:0:0:0:0:1 ds-rdata: 5104 8 2 1af7548a8d3e2950c20303757df9390c26cfa39e26c8b6a8f6c8b1e72dd8f744 whois: whois.nic.info whois.globaldomaingroup.com Domain Name: ADVOKATIKS.INFO Registry Domain ID: 977211288a584007a5ea216ae869c497-DONUTS Registrar WHOIS Server: whois.globaldomaingroup.com Registrar URL: http://www.globaldomaingroup.com Updated Date: 2024-09-25T09:24:07.0Z Creation Date: 2024-09-24T15:36:20.0Z Registrar Registration Expiration Date: 2025-09-24T15:36:20.0Z Registrar: Global Domain Group LLC Registrar IANA ID: 3956 Registrar Abuse Contact Email: abuse@globaldomaingroup.com Registrar Abuse Contact Phone: +1.8053943992 Reseller: Andro Givan Registry Registrant ID: C-1408273 Registrant Name: Anya Cruk Registrant Street: Сумы Registrant City: Суми Registrant State/Province: Сумська область Registrant Postal Code: 01001 Registrant Country: UA Registrant Phone: +380.508445774 Registrant Email: hasladus@gmail.com Registry Admin ID: C-1408275

(admin/tech info same as Registrant info)

Name Server: daniella.ns.cloudflare.com Name Server: milan.ns.cloudflare.com DNSSEC: unsigned >>> Last update of WHOIS database: 2024-09-25 02:24:07 -0700 <<<

And one may also wonder a bit about Cloudflare: ~ % dig advokatiks.info ;; ANSWER SECTION: advokatiks.info. 300 IN A 172.67.170.22 advokatiks.info. 300 IN A 104.21.39.85 ;; WHEN: Fri Nov 08 2024

 
Read more...