Infosec Press

Reader

Read the latest posts from Infosec Press.

from YouTube Growth Tips

Choosing Between YouTube and Dailymotion: Which Platform Offers Higher CPM Rates?

As a video content creator exploring monetization options, one key question might be which platform—YouTube or Dailymotion—offers better CPM (cost per thousand impressions) rates. Both platforms provide avenues for earning revenue, but their CPM rates can be quite different. This guide will compare the CPM rates of YouTube and Dailymotion to help you determine the best platform for your needs.

YouTube: The Giant in Video Monetization

YouTube is the world’s largest video-sharing platform, with over two billion active users each month. It’s also the most popular choice for creators looking to monetize their videos. YouTube features various ad formats, including pre-roll ads, mid-roll ads, and post-roll ads. The CPM rates on YouTube are highly variable and influenced by factors such as the advertiser, type of content, and audience demographics. On average, YouTube's CPM rate is around $7.60 but can range from as low as $0.50 to more than $10 per thousand impressions.

Defining CPM and Its Importance

CPM stands for cost per mille, a metric that measures the cost of an advertisement per thousand views. This metric is crucial for content creators on platforms like YouTube and Dailymotion because it determines potential revenue from ad impressions. The calculation involves dividing the total cost of an ad campaign by the number of views it received and then multiplying by 1,000.

How CPM Impacts Earnings

The CPM rate directly affects how much revenue content creators can generate from ads on YouTube and Dailymotion. A higher CPM indicates that advertisers are willing to pay more for their ads, resulting in higher earnings per thousand views for creators. Conversely, a lower CPM means reduced earnings per thousand views.

Dailymotion: A Viable Alternative in Monetization

Dailymotion might not have the massive user base that YouTube enjoys, but it offers unique monetization opportunities. The platform’s average CPM ranges between $4 and $6—generally lower than YouTube's rates. However, Dailymotion provides a fixed revenue share of 70%, offering a different approach to monetization for creators.

Comparing CPM Rates: YouTube vs. Dailymotion

YouTube's average CPM ranges between $6 and $8 but can fluctuate based on factors such as content type, audience demographics, and advertiser budgets. Additionally, YouTube's revenue share model allows creators to earn up to 55% of the ad revenue generated by their videos.

On the other hand, Dailymotion’s average CPM ranges between $4 and $6. Although these rates are generally lower than those on YouTube, Dailymotion’s fixed revenue share offers a different monetization strategy that may appeal to some creators.

Strategies for Maximizing Earnings on Both Platforms

Boosting Your CPM on YouTube

To maximize your CPM on YouTube, focus on creating high-quality content that engages your audience. Longer videos often generate more ad revenue due to increased ad placements. Additionally, targeting niche content that appeals to a specific audience can lead to higher CPM rates.

Furthermore, diversifying your revenue streams through affiliate marketing, sponsorships, and merchandise sales can help increase your total income and reduce dependence on ad revenue alone.

Optimizing Revenue on Dailymotion

Dailymotion offers several features to help video creators boost their revenue. These include pre-roll ads, mid-roll ads, and post-roll ads. While Dailymotion's ad rates are generally lower than those of YouTube, focusing on niche content that appeals to a specific audience can enhance earnings.

Engagement is also crucial on Dailymotion. Building a loyal following through features like “Followers,” which notifies subscribers when new content is uploaded, can increase engagement and revenue from advertising and other streams.

A Comparative Analysis of Revenue Opportunities

Dailymotion monetization vs YouTube monetization offers distinct advantages and disadvantages when it comes to monetization opportunities. YouTube boasts a larger audience and more established revenue streams such as subscriptions and channel memberships. In contrast, Dailymotion provides more flexibility in monetization options and enables quicker earning potential from content.

Ultimately, choosing the best platform for maximizing earnings depends on your niche, audience demographics, and content type. By understanding each platform's strengths and weaknesses and employing the right strategies, you can increase your revenue and achieve greater success as a video creator.

In conclusion, understanding the differences in CPM rates between YouTube and Dailymotion is crucial for content creators looking to maximize their earnings from video monetization. By focusing on key factors that influence CPM rates and optimizing your content accordingly, you can significantly enhance your revenue potential across both platforms.

 
Read more...

from Mudd

Starting a new blog to document my progress in modern tech

There's a term that a character uses in a book named something like “churn” but the classic interpretation is when customers just stop using a product. My skills, I've noticed in the last eight years, are generalist and I'm capable of doing lots of tasks. However, it seems having the skills is now just.. “expected.” I'm being churned!

I can code and document/write technically. I can do databases, firewalls, networking. I've built home labs (still do!) to keep up to date. I learned how to do things with the ELK stack when documentation on just getting started was minimal if not missing (for the current version that just released, that was). I'm learning how to do proper API and backend engineering now, and it's really neat.

I can do DFIR, imaging, examinations, manual carving. Scripting, reverse engineering, finances, woodworking/carpentry are in my bag of skills. Heck, if it's anything dealing with technology in the years I've been alive, I've used it, dabbled with it, implemented it and administrated it in some form or fashion. Heck, give me permission and I'll pick your locks you need open.

Lately, though, what's EDR? XDR? Why is suddenly everyone looking for SOC jobs? Why are there suddenly 300 certifications for things? Why is everything suddenly about blockchains? Didn't we figure out the scalability of this was a mess? Why is everything using ML and LLMs to generate.. everything?

What did I miss!? WHAT YEAR IS IT!?

Rust, though, is pretty cool. I like it. Along with a lot of other programming languages, but with Rust I can write code that I can be proud of when it works.

I'll write my musings here. Apparently having soft skills is a thing supersede actual skills. I feel like I need a Rosetta Stone for translating my old skills to what new jobs want and what titles they apply to. I guess I'll also need to specialize in something, but I like being able to do every part to some degree.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

🔒 Sichere und datenschutzfreundliche Browser: Meine Empfehlungen – Teil 1 privacy – Detailed analysis of browser security and privacy features, recommendations for multiple browsers, focusing on anti-tracking and anti-fingerprinting measures. https://www.kuketz-blog.de/sichere-und-datenschutzfreundliche-browser-meine-empfehlungen-teil-1/


News For All

🐱‍💻 Germany's Christian Democratic party hit by 'serious' cyberattack cybercrime – Germany's CDU faces 'serious' cyberattack; takes IT systems offline. https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/

📺 Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op cybercrime – Pro-Russian groups spread fake violence threats for Paris Olympics. https://cyberscoop.com/russia-tom-cruise-ai-paris-olympics/

ℹ️ Experts found information of European politicians on dark web privacy https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html

💼 5 Reasons Why You Should Use a Password Manager security news – using a password manager is a wise move to secure data. https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/

⚕️ Rural hospitals are particularly vulnerable to ransomware, report finds security news – highly susceptible due to limited resources and critical access roles. https://cyberscoop.com/rural-hospital-ransomware-cyber/

👶 Microsoft accused of tracking kids with education software privacy – Noyb requests Austrian data protection authority to investigate Microsoft 365 Education for potential GDPR violations regarding transparency. https://www.theregister.com/2024/06/04/noyb_microsoft_complaint/

⚡ TikTok warns of exploit aimed at 'high-profile accounts' cybercrime – TikTok addresses account takeover campaign targeting high-profile users; malware spreads via direct messages. https://therecord.media/tiktok-exploit-high-profile-accounts

🤖 Zoom CEO envisions AI deepfakes attending meetings in your place security news – Zoom CEO envisions AI-powered digital twins to attend meetings on behalf of individuals. https://arstechnica.com/?p=2028754

🦦 Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) malware – Phishing emails distribute HTML files prompting users to run malicious PowerShell commands via pasting (CTRL+V), leading to the execution of the DarkGate malware. https://asec.ahnlab.com/en/66300/

🐡 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics warning – Mandiant warns of elevated cyber threat risks facing the 2024 Paris Olympics, including cyber espionage, disruptive operations, and financially motivated activity. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/

📽️ Cisco addressed Webex flaws used to compromise German government meetings security news – vulnerabilities allowed unauthorized access to meeting information, including topics and participants. https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html

🏳️‍🌈 Language app Duolingo removes LGBTQ+ content from Russian platforms security news – in compliance with Roskomnadzor's request, which labels LGBTQ+ advocates as 'extremists' in Russia. https://therecord.media/language-app-duolingo-lgbtq-removes

🎯 Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys cybercrime – Victims are encouraged to contact the FBI for help in decrypting their data and to assist in ongoing cybercrime investigations. https://www.tripwire.com/state-of-security/hit-lockbit-fbi-waiting-help-you-over-7000-decryption-keys

🦆 DuckDuckGo offers “anonymous” access to AI chatbots through new service security news – enabling interaction with various language models from OpenAI, Anthropic, Meta, and Mistral, ensuring chats are anonymized and promptly deleted to uphold privacy. https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/

😤 AI jailbreaks: What they are and how they can be mitigated security research – AI jailbreaks are techniques that bypass guardrails in AI systems, leading to undesired outcomes; Microsoft outlines the risks, characteristics, and mitigation strategies for AI jailbreaks, emphasizing defense in depth and detection mechanisms to prevent unauthorized data access, content misuse, and system subversion. https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/


Recall Corner 🥷 Malware can steal data collected by the Windows Recall tool security research – Researchers demonstrated accessing and extracting Recall-captured snapshots stored in an unencrypted database. https://securityaffairs.com/164181/digital-id/malware-steal-data-windows-recall-tool.html

🤷 Microsoft Research chief scientist has no issue with Recall security news – Jaime Teevan, chief scientist at Microsoft Research, dismissed concerns about Microsoft's Recall feature despite privacy and security risks raised by critics; Recall builds an archive of user screenshots and logs activities, stored locally. https://www.theregister.com/2024/06/06/microsoft_research_recall/

🙃 Update on the Recall preview feature for Copilot+ PCs security news – Microsoft provides an update on the Recall feature for Copilot+ PCs. https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

🧻 Microsoft rolls back ‘dumbest cybersecurity move in a decade’ security news – Microsoft revises Recall feature after severe criticism over privacy concerns; changes include opt-in, biometric enrollment, and enhanced encryption amid backlash from security researchers over potential data exposure in screenshots of users' screens. https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/


Some More, For the Curious

🦠 PikaBot: a Guide to its Deep Secrets and Operations malware – Detailed analysis of PikaBot malware, including anti-analysis techniques and C2 infrastructure. https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

👆 Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools security research – Increase in ransomware activity observed in 2023, reliance on legitimate tools for attacks, escalation of extortion tactics, rise of new ransomware families, and common tactics observed. https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/

🙅 Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster security news – Snowflake denies responsibility for Ticketmaster and Santander breaches; joint statement with CrowdStrike and Mandiant supports claim. https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details

🛋️ Most of the security teams’ work has nothing to do with chasing advanced adversaries security news – Security teams' day-to-day reality involves mundane tasks like communication, cross-functional collaboration, security evangelism, tooling management, and resource planning, contrary to the glamorous portrayal in movies and marketing. https://ventureinsecurity.net/p/most-of-the-security-teams-work-has

💐 Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab security news – sophisticated attack named Operation Triangulation targeted iPhones of Kaspersky employees and Russian diplomats. https://therecord.media/kaspersky-apple-bug-bounty-declined

💭 Shostack + Friends Blog > The Universal Cloud TM security research – Rich Mogull and Chris Farris released 'The Universal Cloud Threat Model' (UCTM), designed to update traditional threat modeling for public cloud operations. https://shostack.org/blog/universal-cloud-threat-model-threat-model-thurs/

👾 New York Times source code compromised via exposed GitHub token data breach – The New York Times' source code and data were leaked on 4chan by an anonymous user who targeted the company's GitHub repositories in January 2024 using an exposed GitHub token, with confirmation from The New York Times that the leaked data is legitimate. https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html

🧑‍🌾 What is RansomHub? Looks like a Knight ransomware reboot malware – RansomHub likely Knight ransomware rebrand; exploits ZeroLogon vulnerability. https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/

🚪 Microsoft shows venerable and vulnerable NTLM security protocol the door security news – Microsoft deprecates NTLM protocol, advises switch to Kerberos for security. https://www.theregister.com/2024/06/06/microsoft_deprecates_ntlm/

⚔️ Leveraging Escalation Attacks in Penetration Testing Environments – Part 1 security research – Exploring AD CS vulnerabilities and attacks in penetration testing. https://www.guidepointsecurity.com/blog/leveraging-escalation-attacks-in-penetration-testing-environments-part-1/

💸 Pandabuy was extorted twice by the same threat actor cybercrime – Pandabuy extorted twice by same threat actor after paying ransom. https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html

🪲 Nasty bug with very simple exploit hits PHP just in time for the weekend vulnerability – Critical PHP vulnerability allows code execution on Windows; urgent action required. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/


CISA Corner

📢 Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access security news – Snowflake warns of cyber threats targeting accounts, urges vigilance. https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access

💣 CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Oracle WebLogic Server vulnerability to exploited list. https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog

 
Read more...

from Nicholas Spencer

I recently spent a weekend going down an AI rabbit hole. The idea was sparked by learning that it was possible set up an AI Large Language Model (LLM) to run locally, using a tool called Ollama that significantly simplifies the process.

What?

My weekend fascination was with AI began when I learned of Daniel Meissler's fabric framework, which has interesting use cases such as extracting the important wisdom from articles and videos. The other main component that made me realise just how simple setting up my own pet AI had become was ollama. Ollama is a tool that abstracts all the complicated parts of setting up a LLM into a simple command to download a model and expose a local API.

I started by reading up on these tools, I read far more than necessary, but it was all interesting nonetheless. I should mention that I also ended up using another awesome Ollama integration, Obsidian Copilot, more on that later.

Why?

At this point, I should mention why I wanted my own local AI. The main reason is that, although tools like fabric and Obsidian Copilot work well with API keys for commercial LLMs like ChatGPT or Anthropic's Claude, I wanted the benefit of privacy.

Using Obsidian Copilot, I would be asking the AI about my personal notes, which I didn't want to be sending off to any server that I didn't control. Also, I didn't want to be paying API fees when I could use my local AI for free (well, free of direct costs anyway).

Ollama setup

The main task was to set up a locally running LLM on my computer. I actually didn't set it up on my main computer, as I mostly use a Framework laptop with no dedicated GPU. Luckily, I have another computer which does have a decent NVIDIA graphics card, and Ollama exposes a simple HTTP API that I could easily make use of over my local network.

The actual setup of Ollama was quite easy. I set it up on a Windows computer, so the entire installation process was downloading the official .exe and running it. It felt a bit too easy, but I now had an Ollama daemon running on my computer.

As for actually setting up the LLM, this is where Ollama shines. I went with Meta's llama3 model, which is freely available, designed for general AI assistance tasks and scores well in benchmarks. As my computer only had 32GB of RAM, I went with the smaller 8 Billion parameter model, rather than the gigantic 70B version.

The actual install was one command in Command Prompt: ollama run llama3. A few minutes of downloading later and I had an interactive chat AI running in the command window. But I wasn't stopping there, I wanted access to AI from my Obsidian notes, my web browser and more.

Connecting to an Ollama server

I mentioned before that my main computer is a Framework laptop. I actually run Linux (Mint OS if you must know) as I find Windows too annoying. But my Ollama server was on a different machine, which, as it turns out, was not much of a barrier at all.

Ollama exposes a HTML API out of the box. Just go to localhost:11434 in a browser to see “Ollama is running”. All I needed to do was follow the Ollama FAQ and open the server to my local network by changing the OLLAMA_HOST environment variable. I was now good to go.

Of course I did a few quick tests using curl in my terminal, but I needed a smoother way to interact with my “pet” AI.

Ollama integrations – fabric and Page Assist

The first integration that I wanted to use was fabric. Unfortunately after install I was having issues connecting it to Ollama over the network. Normally I would keep trying things until it worked, but I knew that fabric was being overhauled to run in Go rather than Python with release due in only a few weeks, so I decided to wait for the new version and move on with other integrations.

One simple integration was Page Assist, a browser extension that can connect to a local Ollama server, including one running over the network. All I had to do was install the Firefox extension (A Chrome plugin is also available), put my Ollama IP address in the settings and it was up and running.

The main feature of Page Assist is that it has a nice clean UI to chat with my AI, but it does even more than that. It can use the current webpage as context, allowing me to ask my AI to summarise webpages or describe their content.

It can also perform web searches and use the results to form its answers. It does this by using Retrieval Augmented Generation (RAG), which requires a different LLM to create embeddings, translating the content into vectors that are stored and added to the prompt when relevant.

Luckily, it was very easy to set up an embedder LLM with Ollama: ollama pull nomic-embed-text.

Page Assist was now all set up, ready for general queries, processing web pages and searching the web for answers. However, I wanted to be able to easily use the AI on my notes, which is where Obsidian Copilot comes in.

Using Obsidian Copilot with Ollama

For those who don't know, Obsidian is essentially a notes app where all notes are just linked text files, formatted with markdown. This means that all my notes are ready to be input into a text-based LLM, with the possibility of powerful functionality.

Obsidian Copilot makes this integration simple, providing not just a chat window, but also integrating options to work on specific notes, manipulate highlighted text or use RAG to answer questions based on a whole vault of notes.

Installation of Obsidian Copilot was again very easy. I just browsed the community plugins in Obsidian settings and installed it. I then just had to point it at my ollama server in the settings, for both the main LLM model and the embedding model for RAG.

A few more tweaks were needed, namely setting Olllama's origin policy and expanding its context window so that it could work on more input at once, but I only had to follow a few simple instructions to complete the setup.

With Obsidian Copilot installed and connected to Ollama, I could now prompt my local AI with commands based on my highlighted text, any note in my vault or use RAG to ask questions based on my entire Zettelkasten of notes.

Of course, I didn't want to stick to the default prompts available, like summarising text or changing its tone, so I explored the custom prompts options that Obsidian Copilot provides. I actually based some of my custom prompts on those found in the fabric framework, such as summarising an article in a structured format, or improving the grammar of selected text. I found many powerful ways to get more out of my own notes, or text copied into Obsidian.

Ollama on my phone

Before the weekend was over, there was one more method of talking to my “pet” AI that I wanted to setup. I had found an Android app simply named Ollama App. All I had to do was download it on my phone, install it (I already had installation of non-playstore apps enabled) and point it to my local Ollama server.

I currently only works while I am at home, as I obviously have not exposed my Ollama server to the public internet. However, a simple VPN such as Wireguard running on my home NAS (TrueNAS Scale if you are interested) would allow me to access my local LLM from anywhere.

Conclusion

The weekend was now over and I had succeeded. I now had a local LLM which I could use from my web browser, my notes app and my phone, with powerful integrations to make use of my own private content.

Sure, I could just use ChatGPT, but many of these uses would require connecting to the API, which isn't free, also perhaps more importantly, this keeps all my data locally on servers that I control.

That was my weekend, I just felt like writing about it after going down that rabbit whole for two straight days. At least I have some useful tools to show for it.

P.S This was written by me, my AI only contributed a little bit of feedback.

 
Read more...

from Bruno Miguel

I don't know what the fuck is going on, but my sleep quality, which was already bad, has decreased dramatically over the last weeks. I can sleep, but I have a very light sleep and wake up much more tired than I used to. Somedays, I feel so exhausted and dizzy that it takes me over an hour to get out of bed, and even then, I stumble on everything during the first hour or two after getting up. I can't even go down the stairs without grabbing the railing to avoid falling.

#Fibromyalgia #Sleep #ChronicPain

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

⛳ CERT.at Sicherheitslücke in Check Point Network Security Gateways (Mobile Access) vulnerability – Security vulnerability in Check Point Network Security Gateways. https://www.cert.at/de/warnungen/2024/5/sicherheitslucke-in-check-point-network-security-gateways-mobile-access-fix-verfugbar

Operation Endgame ⚔️ Operation Endgame, the largest law enforcement operation ever against botnets security news – Operation Endgame, led by Europol and involving multiple countries, targeted various botnets like IcedID, SystemBC, and Pikabot used to facilitate malicious activities including ransomware deployment. https://securityaffairs.com/163876/cyber-crime/operation-endgame.html 🎯 ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security security news – Operation Endgame targets malware droppers, disrupts infrastructure and arrests suspects in a coordinated international law enforcement effort. Europol seizes servers and domains, adding criminals to Most Wanted list. https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ 🔚 Troy Hunt: Operation Endgame security news – Law enforcement agencies provide 16.5M email addresses and 13.5M unique passwords to Have I Been Pwned (HIBP) as part of Operation Endgame. The data, gathered from a botnet takedown, helps identify compromised credentials and inform impacted individuals to strengthen their online security practices. https://www.troyhunt.com/operation-endgame/


News For All

📰 Risky Biz News: Google distrusts GlobalTrust certs Austrian business!! security news – Google plans to stop trusting GlobalTrust TLS certificates, recent cyberattacks and threat intel highlights. https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/

🛹 How scammers trick message board users cybercrime – Scammers target message board users in buyer and seller scams, using phishing links for financial theft. https://securelist.com/message-board-scam/112691/

🫦 WordPress Plugin abused to install e-skimmers in e-commerce sites malware – Threat actors abuse WordPress plugin to insert e-skimmers in e-commerce sites, stealing credit card data. https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html

🍘 Researchers crack 11-year-old password, recover $3 million in bitcoin security research – after failed attempts by others, Grand and a friend successfully recover the password. https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/

🥅 Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security cybercrime – Alleged operator of 911 S5, a large botnet used to facilitate cybercrime, arrested. Service turned computers into proxies for traffic relay. Billions lost in online fraud. https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/

🧑‍💼 Three-day DDoS attack batters the Internet Archive security news – The Internet Archive has been targeted by a sustained DDoS attack affecting services like the online library and the Wayback Machine. However, the bigger threat comes from ongoing lawsuits by major US book publishing companies and record labels alleging copyright infringement and seeking significant damages, potentially endangering the non-profit archive's future. https://www.theregister.com/2024/05/29/ddos_internet_archive/

🐠 From Phish to Phish Phishing: How Email Scams Got Smart security news – Evolution of phishing scams from simple to AI-driven complex attacks. https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/

🤝 A list of cybersecurity-focused charities and nonprofits security news – A list of cybersecurity-focused charities and nonprofits aimed at helping individuals and organizations within the cybersecurity industry, advancing the field, and contributing to a better world. https://ventureinsecurity.net/p/a-list-of-cybersecurity-focused-charities

🥙 Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature warning – Observed suspicious activity starting on April 15. The attacks exploited the cross-origin authentication feature in Customer Identity Cloud (CIC), posing a risk of unauthorized access to user accounts. https://securityaffairs.com/163867/cyber-crime/okta-credential-stuffing-cross-origin-authentication.html

🦄 Phones of journalists and activists in Europe targeted with Pegasus security news – European journalists and activists targeted with Pegasus spyware, highlighting continued threat to press freedom. Recommendations for moratorium on spyware. EU faces criticism for lack of action on spyware issues. https://cyberscoop.com/spyware-europe-nso-pegasus/

🏛️ EU Parliament member suspected of being paid to promote Russian propaganda security news – Belgian and French police search properties of European Parliament employee suspected of receiving money from Russia to promote propaganda. Investigation involves promotion of Kremlin propaganda via Voice of Europe news website. https://therecord.media/eu-parliament-member-paid-propaganda

🧟 Stalkerware app pcTattletale announces it is 'out of business' after suffering data breach and website defacement security news – Leaked data included customer details and spyware victims' data. Lessons on cybersecurity importance and ethical usage of stalkerware highlighted. https://www.bitdefender.com/blog/hotforsecurity/stalkerware-app-pctattletale-announces-it-is-out-of-business-after-suffering-data-breach-and-website-defacement/

🎫 Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage data breach – Ticketmaster and Santander Bank data breaches, potentially affecting millions of users, traced back to attacks on Snowflake cloud storage. https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage

📺 Twitch ditches expert safety advisors for 'ambassador' team security news – Twitch reportedly disbands its Safety Advisory Council and plans to replace it with Twitch ambassadors. Twitch ambassadors are active users contributing positively to the community, but it is unclear if they are experts on online safety. https://www.theregister.com/2024/05/31/twitch_safety_advisory_council/


Some More, For the Curious

🎃 The Pumpkin Eclipse malware – 600,000 routers rendered inoperable by Chalubo RAT. https://blog.lumen.com/the-pumpkin-eclipse/

💣 DDoS-as-a-Service: The Rebirth Botnet cybercrime – RebirthLtd offers DDoS-as-a-Service targeting gamers for profit. https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/

👅 CVE-2024-22058 Ivanti Landesk LPE vulnerability – Exploit for Ivanti Landesk Local Privilege Escalation. https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

🔍 Check Point – Wrong Check Point (CVE-2024-24919) vulnerability – Check Point CloudGuard Network Security vulnerability exploited in the wild for arbitrary file read. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

⛹️‍♂️ Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges vulnerability – Cisco Talos' team discovers vulnerabilities in Adobe Acrobat Reader, Foxit PDF Reader, PLC CPU modules, and an image-processing library; patches released for all vulnerabilities. https://blog.talosintelligence.com/vulnerability-roundup-may-29-2024/

🔙 NIST expects to clear backlog in vulnerabilities database by end of fiscal year security news – NIST has awarded a contract to address the backlogged vulnerabilities in the National Vulnerability Database; the backlog is due to increased submissions and changes in interagency support.. https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024

🦠 Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.) security research – A threat actor is distributing malware disguised as cracked versions of legitimate software like Hangul Word Processor, infecting many systems in South Korea. The attacker adds layers to the infection by registering to the Task Scheduler, enabling persistence. https://asec.ahnlab.com/en/66017/

🌐 Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices security news – The attacks, by nation-backed actors like 'CyberAv3ngers' and pro-Russian hacktivists, underscore the urgent need to enhance OT device security to prevent critical infrastructure from becoming vulnerable. https://www.microsoft.com/en-us/security/blog/2024/05/30/exposed-and-vulnerable-recent-attacks-highlight-critical-need-to-protect-internet-exposed-ot-devices/

🦑 LilacSquid APT targeted orgs in the U.S., Europe, and Asia security research – Uncovered APT group LilacSquid launches data theft campaigns since 2021. Their TTPs overlap with North Korea-linked APT groups. https://securityaffairs.com/163927/apt/lilacsquid-targeted-orgs-in-us-europe-asia.html

🪒 Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud vulnerability – A detailed account of an XML External Entity (XXE) injection vulnerability found in SharePoint that affects both on-prem and cloud instances. https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

CISA Corner KEV – Checkpoint, Linux Kernel, JAVS, Google Chromium https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/29/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog Industrial Advisories https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-releases-seven-industrial-control-systems-advisories https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-releases-one-industrial-control-systems-advisory


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Sirius

Reflexões sobre a memória, a oralidade, a escrita e a retórica.

Thoth

Sócrates (segundo Platão) no diálogo Fedro, em determinado momento nos apresenta o seguinte mito, relativo à linguagem escrita:

Bem, ouvi dizer que na região de Náucratis, no Egito, houve um dos velhos deuses daquele país, um deus a que também é consagrada a ave chamada íbis. Quanto ao deus, porém, chamava-se Thoth. Foi ele que inventou os números e o cálculo, a geometria e a astronomia, o jogo de damas e os dados, e também a escrita. Naquele tempo governava todo o Egito, Tamuz, que residia ao sul do país, na grande cidade que os egípcios chamam Tebas do Egito, e a esse deus davam o nome de Amon. Thoth foi ter com ele e mostrou-lhe as suas artes, dizendo que elas deviam ser ensinadas aos egípcios. Mas o outro quis saber a utilidade de cada uma, e enquanto o inventor explicava, ele censurava ou elogiava, conforme essas artes lhe pareciam boas ou más. Dizem que Tamus fez a Thoth diversas exposições sobre cada arte, condenações ou louvores cuja menção seria por demais extensa. Quando chegaram à escrita, disse Thoth: “Esta arte, caro rei, tornará os egípcios mais sábios e lhes fortalecerá a memória; portanto, com a escrita inventei um grande auxiliar para a memória e a sabedoria.” Responde Tamuz: “Grande artista Thoth! Não é a mesma coisa inventar uma arte e julgar da utilidade ou prejuízo que advirá aos que a exercerem. Tu, como pai da escrita, esperas dela com o teu entusiasmo precisamente o contrário do que ela pode fazer. Tal coisa tornará os homens esquecidos, pois deixarão de cultivar a memória; confiando apenas nos livros escritos, só se lembrarão de um assunto exteriormente e por meio de sinais, e não em si mesmos. Logo, tu não inventastes um auxiliar para a memória, mas apenas para a recordação. Transmites para teus alunos uma aparência de sabedoria, e não a verdade, pois eles recebem muitas informações sem instrução e se consideram homens de grande saber, embora sejam ignorantes na maior parte dos assuntos. Em consequência, serão desagradáveis companheiros, tornar-se-ão sábios imaginários ao invés de verdadeiros sábios.

Outro dia desses me dispus a gravar um áudio vídeo e nas primeiras tentativas tentei ser espontâneo, tendo muita dificuldade para falar. Parei, escrevi o conteúdo do que iria falar, fiz algumas correções e alterações. Somente assim, seguindo esse roteiro, consegui, enfim, gravar o vídeo de maneira satisfatória.

Recorri a essa tecnologia, criticada por Sócrates no mito, que é o recurso da linguagem escrita. Quão imerso estou na necessidade de uso da linguagem escrita?! A ponto de reconhecer certa incapacidade de me expressar oralmente de forma espontânea?! E vocês? Sentem essa dificuldade?!

Pois bem, recentemente recordei um diálogo que tive com a minha irmã faz alguns anos. Ela, que, diferentemente de mim (ateu), é do candomblé, e historiadora, e certa vez me disse que a história de sua religião é passada oralmente, pois a tradição não confia na escrita.

Recordei-me, cabe mencionar, porque um amigo meu me compartilhou uma matéria sobre a necessidade de alargarmos o conceito de “música clássica”, pois além da música de câmara europeia, mostrava a riqueza de músicas tradicionais de outras culturas: na Índia, Japão e, finalmente, na África.

Em relação à África, fiquei fascinado com a beleza da sonoridade da kora (uma espécie de alaúde-harpa), conforme a imagem abaixo, tocada por bardos (chamados Jali) do Guiné , Guiné-Bissau , Mali e Senegal.

Kora

Os Jali são historiadores, genealogistas e contadores de histórias tradicionais que possuem uma incrível memória e inteligência, transmitindo suas músicas, histórias e arte aos seus descendentes.

As capacidades dessas pessoas são completamente destoantes das nossas, no que diz respeito a conseguirem armazenar memórias e acessarem sua mente diretamente (ao invés de ir consultar anotações em um caderno) ao serem consultadas sobre algum fato ou evento histórico, sendo certo que a música ainda as auxilia na rememoração, uma coisa simplesmente bela.

Fico pensando, então, o quanto nos limitamos e somos diferentes dos bardos e oradores do passado, ao adotarmos prioritariamente a linguagem escrita e que tipo de humanos estamos nos tornando...

Podemos até deter conhecimento científico moderno, podemos estar perto de alguma veracidade, mas como transmitimos o que sabemos, sem a prática de acessar imediatamente a memória e o intelecto que a oralidade nos propicia?!

Em um debate contra cínicos, fascistas, propagandistas de mentiras e embustes, teríamos capacidade de responder de imediato, com precisão cirúrgica, ao contrário do que vimos no debate do sr. Álvaro com Arthur do Val, no podcast “inteligência limitada”?!

Termino aqui com um agradecimento ao Guilherme Celestino (amigo do CPII e professor de filosofia) por trocar ideias comigo sobre textos filosóficos, tendo inclusive me lembrado recentemente deste mito presente no diálogo Fedro, e acrescento mais um trecho do mencionado diálogo, em que Sócrates imagina uma resposta que a habilidade/arte da retórica, tão criticada por ele, daria-lhe, caso ele continuasse a avaliar levianamente:

que estais a tagarelar, homens ridículos? Eu não obrigo ninguém que ignore a verdade a que aprenda a falar. Mas aquele que seguir o meu conselho tratará de adquirir primeiro os conhecimentos acerca da verdade para, depois, se dedicar a mim. Mas uma coisa posso afirmar com orgulho: sem as minhas lições, a posse da verdade de nada servirá para persuadir.

#Filosofia #Linguagem #Oralidade #Retórica #Platão

 
Leia mais...

from PlayingAround

Failing to Analyze Hajime Mirai

The following is my attempt analyzing the Hajime Mirai variant, including wondering why ida wouldn’t disassemble, why upx wasn’t unpacking the malware sample, and what I learned over the process. The main reason why was I gave myself a one week crash course on malware analysis and looking into IOC and tried a live sample MJH and I pulled from a honeypot we have setup the past few weeks ago. I have learned many things despite my failings that is presented in this blog post.

Static analysis

The first thing when I downloaded the malware sample is to run strings and hexdump. It didn’t pull any significant information no tangible words other than the fact it was an elf file for linux. Digging though I than attempted to run through IDA on linux in an attempt to reverse it into assembly and then continued to struggle wondering why it wouldn’t open this led me into an adventure into packers.

Packers, UPX, unpacking, and a continued struggle session

I ran into the detect it easy packer for linux it a really good tool that reads the hex values and detects which packer is used if one is used. I figured the reason the malware wasn’t running was the fact that it was in a packer was encoding it preventing ida from doing it’s magic. That isn’t how it works, but I was on the right track about the packer being involved with malware. After using D.I.E (detect it easy) I was given this.

figure1 Figure 1 a snapshot of the packer upx as it’s packer.

So, simple enough I just have to run the sample though upx and we have our malware we can analyze, or at least that what I thought.

figure2 Figure 2 upx not detecting any packing.

So now I was confused for awhile now I was trying to play with LZMA part of it, but after awhile I figured I was just struggling to struggle and gave up.

Any run and trying to walk around the issue.

Now after some googling I know Hajime was based of Mirai, but there was a lot I didn’t know about Hajime, like how it was p2p iot botnet. It accessed and issued commands based on a Distributed Hash Table. So I figured I’d try to piggy back off other peoples work and dig into Hajime and other similar samples. Now there are Hajime samples on anyrun, but searching the hash leads to these results

figure3 Figure 3. everyone trying to run an elf binary on windows.

Eventually I found abuse.ch yara scanner and desided to throw it threw the yara scanner and it dumped out this.

figure4 Figure 4 yara results of abuse.ch yara scanner

so there is a detection against unpacking so I know I’m on the right track

I eventually gave up and removed the network card and tried to run the malware and see what would happened and “bash: ./020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0.elf: cannot execute binary file: Exec format error”

The reason I was having such a hard time is that it’s arch was MIPS R3000 I am currently googling how to emulate MIPS R3000 on x86_64 now and trying to figure out my next step, but I wanted something to show for it.

Malware sample sha256: 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0 It can be downloaded via malware bizarre https://bazaar.abuse.ch/download/020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0/

 
Read more...

from LearningNeon

Intro (h1)

The following is my attempt in reversing and analyzing the Mirai variant, including wondering why ida wouldn’t disassemble, why upx wasn’t unpacking the malware sample, and what I learned over the process. The main reason why was I gave myself a one week crash course on malware reversing and tried a live sample MJ and I pulled from a honeypot we have setup the past few weeks ago. I have learned many things despite my failings that is presented in this blog. If you have any experience in any of these fields you will look at this thinking what was I thinking and to be frank I wasn't just trying out some new things and some shooting from the hip.

Static analysis (h2)

The first thing when I downloaded the malware sample is to run strings and hexdump. It didn’t pull any significant information no tangible words other than the fact it was an elf file for linux. Digging though I than attempted to run through IDA on linux in an attempt to reverse it into assembly and then continued to struggle wondering why it wouldn’t open this led me into an adventure into packers.

Packers, UPX, unpacking, and a continued struggle session (h2)

I ran into the detect it easy packer for linux it a really good tool that reads the hex values and detects which packer is used if one is used. I figured the reason the malware wasn’t running was the fact that it was in a packer was encoding it preventing ida from doing it’s magic. That isn’t how it works, but I was on the right track about the packer being involved with malware. After using D.I.E (detect it easy) which saw the packer UPX[LZMA, brute modified]

upx

So, simple enough I just have to run the sample though upx and we have our malware we can analyze, or at least that what I thought.

upx not detecting anything

So now I was confused for awhile now I was trying to play with LZMA part of it, but after awhile I figured I was just struggling to struggle and gave up.

Now after some googling I know Hajime was based of Mirai, but there was a lot I didn’t know about Hajime, like how it was p2p iot botnet. It accessed and issued commands based on a Distributed Hash Table. So I figured I’d try to piggy back off other peoples work and throw the hash into anyrun and got this.

anyrun

Everyone trying to run this elf binary on a windows system. I don't really know the backstory if it's a automated process, but it didn't help much.

Eventually I found abuse.ch yara scanner and desided to throw it threw the yara scanner and it dumped out this.

yara-scan

so there is a detection against unpacking so I know I’m on the right track

I eventually gave up and removed the network card on my VM and tried to run the malware and see if I can do any dynamic analysis.

“bash: ./020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0.elf: cannot execute binary file: Exec format error”

The reason I was having such a hard time is that it’s arch was MIPS R3000 I am currently googling how to emulate MIPS R3000 on x86_64 now and trying to figure out my next step, but I wanted something to show for it, so I wrote this, hopefully you had fun reading my blunders.

Malware sample sha256: 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0 It can be downloaded via malware bizarre https://bazaar.abuse.ch/download/020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0/

 
Read more...

from Not Simon 🐐

Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 85th special Service Centre (GTsSS) Military Intelligence Unit 26165. Objective: Espionage

Aliases:

  • APT28 (MITRE, Mandiant)
  • Fancy Bear (CrowdStrike)
  • Sofacy (F-Secure)
  • Sednit or Sednit Group (ESET)
  • Group 74 (Cisco Talos Intelligence)
  • IRON TWILIGHT (Secureworks)
  • Strontium (formerly used by Microsoft)
  • Forest Blizzard (Microsoft)
  • Pawn Storm (Trend Micro)
  • Swallowtail (Symantec)
  • BlueDelta (Recorded Future)
  • UAC-0028 (CERT-UA)
  • TA422 (Proofpoint)
  • Fighting Ursa (Unit 42)
  • FROZENLAKE (Google Threat Analysis Group)
 
Read more...