Infosec Press

Reader

Read the latest posts from Infosec Press.

from Bruno Miguel

I recently found out I have stage two high blood pressure, the level just below a hypertensive crisis. My blood pressure is between 160 and 165 (systolic) and 100 and 108 (diastolic).

I should've known. For a few months, I felt a few chest pains occasionally, but I attributed them to fibromyalgia and the stress it has brought into my life. I was wrong, so very wrong. If you feel your chest hurts, see a doctor ASAP. Don't be a dumbass like me. Moving on...

A high and irregular heart rate was detected during routine exams by the end of 2023. Further exams concluded it was a mix of high blood pressure and arrhythmia. Yay for two health issues that can cause a heart attack. I guess I didn't have enough health issues and needed two more... ŧ߀» ←»↓𶢔ŋ

Speaking of heart attack, just a few days ago, I got a glimpse of what that might feel like. After a very stressful event, I felt a lot of pain in my chest, it seemed like my heart was being squeezed, and my arms began to feel numb. It was terrifying! I was terrified! I had to take an extra pill for the blood pressure and do breathing exercises, and even then, it took almost two hours to start to get some relief. I was an inch close to calling an ambulance.

The next day, I began thinking about how to avoid stress. I don't fool myself: I know I can't completely avoid stress. However, I can do something to reduce the number of stressful situations. How I'll do it, that's the question. I have a few ideas, some more radical than others: do yoga, stop smoking, or cut some people out of my life. But I haven't decided on any. I need to think more about it and maybe even do some readings.

If you have some suggestions, feel free to ping me on Mastodon. My handle is @brunomiguel@masto.pt.

#Health #Stress #HighBloodPressure #Heart

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

👨‍👩‍👧‍👦 One in five children found to engage in illegal activity online https://www.nationalcrimeagency.gov.uk/news/one-in-five-children-found-to-engage-in-illegal-activity-online

📶 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data https://securityaffairs.com/159003/security/public-wi-fi-attacks.html

😨 Quarter of polled Americans say they use AI to make them hotter in online dating https://www.theregister.com/2024/02/12/generative_ai_online_dating_boost/

🛍️ Angreifer spoofen Temu – German! https://www.zdnet.de/88414209/angreifer-spoofen-temu/

👩‍⚖️ Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/

👀 EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme https://www.securityweek.com/eu-watchdog-urged-to-reject-meta-pay-for-privacy-scheme/

♻ Meta says risk of account theft after phone number recycling isn't its problem to solve https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

🗳 Global Malicious Activity Targeting Elections is Skyrocketing https://securityaffairs.com/159062/hacking/global-malicious-activity-targeting-elections.html

🤱 Broker sold Planned Parenthood visitor location data to pro-life group, senator says Nothing to hide... https://therecord.media/broker-sold-planned-parenthood-data-wyden

🏥 A ransomware attack took 100 Romanian hospitals down https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html


more, For the Curious

🧩 Rhysida ransomware cracked! Free decryption tool released https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released

🆓 Broadcom terminates VMware's free ESXi hypervisor https://www.theregister.com/2024/02/13/broadcom_ends_free_esxi_vsphere/

💫 Raspberry Robin spotted using two new 1-day LPE exploits https://securityaffairs.com/158969/malware/raspberry-robin-1-day-exploits.html

🐬 Flipper Zero takes to the big screen Flipper with video output! https://www.theregister.com/2024/02/13/flipper_zero_vgm/

🐞 New critical Microsoft Outlook RCE bug is trivial to exploit https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

💸 Pennsylvania county pays $350,000 cyberattack ransom https://therecord.media/pennsylvania-county-pays-cyberattack-ransom

🧧 US, Estonia to send confiscated Russian funds to Ukraine. Are ransomware proceeds next? https://therecord.media/us-estonia-sending-confiscated-russian-funds

⚡ Espressif ESP32: Breaking HW AES with Electromagnetic Analysis Glitching your thing https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-electromagnetic-analysis/


CISA Advisory Corner Microsoft – Actively Exploited! Ⓜ Microsoft Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/microsoft-releases-security-updates-multiple-products Adobe 🅰 Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/adobe-releases-security-updates-multiple-products BIND 9 🅱 ISC Releases Security Advisories for BIND 9 https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9 🏭 CISA Releases Seventeen Industrial Control Systems Advisories A lot of Siemens https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-releases-seventeen-industrial-control-systems-advisories 🧱 CISA Adds Two Known Exploited Vulnerabilities to Catalog Cisco ASA and Exchange https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-adds-two-known-exploited-vulnerabilities-catalog

 
Read more...

from Bruno Miguel

I'm a Football Manager player. You probably already read a blog post I published about this game series. Despite playing the game for years, I haven't done a true journeyman save. I've had saves where I start in the lower division available in a country and take the team to win the Champions League, but not one of these. I attempted to do one a while back but stayed at the first team I managed – task failed successfully. I'll explain what a journeyman save is for those who don't know. You create a save game where you start unemployed, apply to whatever manager roles are available, and manage whatever team offers you a contract (if you get more than one offer, you are free to choose whatever team you prefer). If you want to terminate your contract and/or apply to another team, you are free to do so. Of course, you can do this in any save, but most players start with a team and keep managing it.

For this save, I loaded Germany, Belgium, England, Portugal, Spain, Denmark, France, Italy, Norway, The Netherlands, and Sweden's main divisions. I would've loaded lower divisions from these countries with more RAM and a faster CPU because I would've had a very slow gaming experience if I had done it with my current hardware. Loading several countries forced me to start as a professional manager (you can start as an amateur manager if you choose to), or I would have stayed unemployed for a long time, and I didn't want that.

There were a few teams with no manager, including Ajax. I applied to all of them, but Mechelen, from Belgium, was the first to offer me a contract and accept my terms. The team is weak, but thankfully, the other teams from the league are not world-class, so I've managed to stay in first place with eight games played so far.

As with every weaker team I manage, my strategy is to get players without a contract and on loan from other clubs. To earn revenue, I try to win as many trophies as possible and sell performing players so that I can then replace better players on free transfers or loans. Keeping the wages in check is another thing I have to do, or the club's finances will suffer.

This season's objective is to finish in a position that allows me to play European football, hopefully in the Champions League, and at least reach Belgium's cup semi-final. I know these are hefty objectives, but I play to win as much as possible. I already secured some players on loan that improve the squad quality, and I have two future free transfers that will also increase the grade of the attack, an area the team lacks in quality.

#FootballManager #FM #Gaming

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight 🪥 How to tell if your toothbrush is being used in a DDoS attack https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Wanna know more? See end of post.

🏙 Betrug: Falsche Briefe der Stadt verschickt https://wien.orf.at/stories/3243868/


For All

🏴‍☠️ How are user credentials stolen and used by threat actors? https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

👩‍🏭 Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

🔲 QR Codes – what's the real risk? https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk

🥸 Fake LastPass password manager spotted on Apple-s App Store https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

🕵️‍♀️ Buying Spying: How the commercial surveillance industry works and what can be done about it Wanna know more? Full report by Google further down https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

🧹 Mozilla’s new service tries to wipe your data off the web https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

🏷 Meta announcement: Labeling AI-Generated Images on Facebook, Instagram and Threads https://about.fb.com/news/2024/02/labeling-ai-generated-images-on-facebook-instagram-and-threads/

🌆How to Protect Your Social Media Accounts Good tips. You can skip the score... https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-your-social-media-accounts/

👑 Want to watch porn in Britain? Get your passport ready https://www.politico.eu/article/the-great-british-porn-block-is-back/


more, For the Curious

👨‍🔧OT Maintenance Is Primary Source of OT Security Incidents: Report https://www.securityweek.com/ot-maintenance-is-primary-source-of-ot-security-incidents-report/

🔨 mlcsec/proctools: Small toolkit for extracting information and dumping sensitive strings from Windows processes https://github.com/mlcsec/proctools

🚘 How I Also Hacked my Car https://goncalomb.com/blog/2024/01/30/f57cf19b-how-i-also-hacked-my-car

🧾 Full Report by Google – Buying Spying Insights into Commercial Surveillance Vendors https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

🔓 VIDEO: Breaking Bitlocker – Bypassing the Windows Disk Encryption (by stacksmashing) https://www.youtube.com/watch?v=wTl4vEednkQ

🩲 The Real Shim Shady – How CVE-2023-40547 Impacts Most Linux Systems https://eclypsium.com/blog/the-real-shim-shady-how-cve-2023-40547-impacts-most-linux-systems/

📡 CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom

📵 Taking Apart an Android SMS Stealer https://vaktibabat.github.io/posts/Android_SMS_Stealer/

💫 Combining Cybersecurity Frameworks: An Alternative to Incident Reporting https://medium.com/@s.lontzetidis/combining-cybersecurity-frameworks-an-alternative-to-incident-reporting-9d642d9a5456

Doubt corner – don't believe everything! 📹 Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ !! Doubtfull story. Source article seems to be this from scmp.com. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html

🦷 3 million smart toothbrushes were just used in a DDoS attack. Really !! ⚠ NOT true!! @GossiTheDog@cyberplace.social and Forbes https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really/

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight ☝️ Fingerabdruck-Sensor: Tochter kann Google Pixel 8 entsperren TL:DR in English: Saving the same finger twice leads to more collisions https://www.kuketz-blog.de/fingerabdruck-sensor-tochter-kann-google-pixel-8-entsperren/


For All

📳How to stop location tracking on your Android phone (mostly) https://www.theverge.com/21401280/android-location-tracking-history-stop-how-to

🧢 Fake Bill Ackman and Jim Cramer Instagram Ads are Trying to Take My Money https://www.404media.co/fake-bill-ackman-and-jim-cramer-instagram-ads-are-trying-to-take-my-money/

🫥 Rise of deepfake threats means biometric security measures won't be enough https://www.theregister.com/2024/02/01/deepfake_threat_biometrics/

🕵️‍♂️ NSA Buying Bulk Surveillance Data on Americans without a Warrant https://www.schneier.com/blog/archives/2024/01/nsa-buying-bulk-surveillance-data-on-americans-without-a-warrant.html

🚘 A mishandled GitHub token exposed Mercedes-Benz source code https://www.bleepingcomputer.com/news/security/a-mishandled-github-token-exposed-mercedes-benz-source-code/

🏠 So werden Sie bei der Wohnungssuche abgezockt https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/

🥸 Spyware Targets Human Rights Watch Staff in Jordan https://www.hrw.org/news/2024/02/01/spyware-targets-human-rights-watch-staff-jordan


more, For the Curious

🐧 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

📃 CISA adds multiple new KEV entries. These are two of them. Apple – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog Ivanti – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog-0

👮 Exclusive: US disabled Chinese hacking network targeting critical infrastructure https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/

🦃 Cloudflare Blog – Thanksgiving 2023 security incident https://blog.cloudflare.com/thanksgiving-2023-security-incident

💾 The Data Breach “Personal Stash” Ecosystem https://www.troyhunt.com/the-data-breach-personal-stash-ecosystem/

📄 Südwestfalen-IT: Forensik-Bericht zu Ransomware-Angriff So geht man mit einem Incident um! https://forumwk.de/2024/01/25/suedwestfalen-it-forensik-bericht-mit-erkenntnissen-zu-ransomware-angriff/

🖨️ A Practical Guide to PrintNightmare in 2024 https://itm4n.github.io/printnightmare-exploitation/

🐘 Critical Mastodon Vulnerability – Update now https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

🍯 There Are Too Many Damn Honeypots https://vulncheck.com/blog/too-many-honeypots

Ivanti Corner 🚧 New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Ivanti gets bigger and bigger... https://www.cisa.gov/news-events/alerts/2024/01/30/new-mitigations-defend-against-exploitation-ivanti-connect-secure-and-policy-secure-gateways

🚫 Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Oh, wow. CISA Orders to “...disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Corner 🛂 AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html 🛂 AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials https://securityonline.info/anydesk-breach-2024-dark-web-sale-of-18317-credentials/

 
Read more...

from Hyperscale Security

Earlier this week, someone asked me for my top 5-10 things I would recommend to an organization lifting & shifting workloads to public cloud. I thought that was a good starting point. “Refactor” for cloud-native is the common answer, but the reality is that everybody lifts & shifts, so why not recognize that.

So, here are my top 5... and I'll add a sixth as a bonus.

  1. Centralize and automate cloud account creation and billing, and ensure that all are in your public cloud Organization. This will allow you to apply policies centrally, and more easily deploy cloud-native security tooling.

  2. Apply cloud guardrails at that Organization level to apply basic preventative controls and make your cloud accounts behave more secure-by-default. These are likely the cheapest and most effective security controls you can apply to enforce logging, encryption standards, network restrictions, MFA enforcement, etc.

  3. Get a Cloud-Native Application Protection Platform (CNAPP). This can be deployed via Organization policy and provides broad visibility to your cloud estate, across providers and for multiple use cases, including asset discovery, CSPM and vulnerability management.

  4. Related to that, while lifting & shifting your workloads, resist the urge to lift & shift your secure tooling from the data center. Look at what the CNAPP gives you, and see whether you may not be able to rationalize your security stack, retire point solutions you no longer need, and reduce cost.

  5. Cloud APIs give you the opportunity to describe the infrastructure and services you want and have the cloud materialize that for you, rather than do everything yourself. It is designed for automation. Use Infrastructure-as-Code (IaC) to create your infrastructure, network and service configuration, create compute instances and deploy your VM images. IaC allows you to redeploy from known-good state, which accelerates patching, system configuration and restoration, while making deployments more predictable.

The Cloud is Metered

One bonus recommendation, given the difference between owned and rented compute, network and storage resources. Remember that everything in the cloud is metered and that your architectural choices have potential significant cost impacts. Don't size like in data centers with head room to spare. Figure out what your workload needs. Smaller instances but many of them may be cheaper than fewer large instances. If the workload is variable (seasonal, variable during the day), consider autoscaling. If the workload is static, use reserved instances at lower cost.

And after you have done all that, feel free to refactor!

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices


more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Highlights 🪧 IT-KV: Verhandlungen erneut unterbrochen – Demonstration am 24. Jänner I know. It's not much security and just a little cyber https://www.gpa.at/kollektivvertrag/information-und-consulting/informationstechnologie/2024/it-kv-sechste-runde

🚨 Watch out for “I can't believe he is gone” Facebook phishing posts https://www.bleepingcomputer.com/news/security/watch-out-for-i-cant-believe-he-is-gone-facebook-phishing-posts/


For All

👻 Vorsicht vor Kryptoscams, die in Wien auf der Straße liegen https://www.derstandard.at/story/3000000203274/vorsicht-vor-kryptoscams-die-in-wien-auf-der-strasse-liegen

🏢 Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers Official blog post in second link https://www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

😾 Meta won't remove fake Instagram profiles used for obvious catfishing https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

📴 GrapheneOS: Frequent Android auto-reboots block firmware exploits https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

🍎 A reboot a day can keep the ******** away https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

📘 Each Facebook User is Monitored by Thousands of Companies !!!!! !!!!!! https://themarkup.org/privacy/2024/01/17/each-facebook-user-is-monitored-by-thousands-of-companies-study-indicates

👨‍⚖️ IT-Experte wegen Nutzung einer Zugriffssoftware verurteilt https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

👩‍⚖️ FTC settles second case with geolocation data broker in two weeks https://therecord.media/ftc-settles-data-broker-case-geolocation

🥟 Researcher uncovers one of the biggest password dumps in recent history For more info, see the very last entry of this week 😉 https://arstechnica.com/?p=1996879

⛺ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

📻 Amazon plans to charge for Alexa in June—unless internal conflict delays revamp https://arstechnica.com/gadgets/2024/01/alexa-is-in-trouble-paid-for-alexa-gives-inaccurate-answers-in-early-demos/ |sarcasm on| Amazon beeing like: If you are dumb enough to put a listening spy-device in your home you are also dumb enough to pay monthly for it (Sorry, but this is just borderline idiotic to me).

🗣 OpenVoice: Versatile Instant Voice Cloning https://research.myshell.ai/open-voice

🏭 Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game https://securityonline.info/researcher-details-critical-buffer-overflow-vulnerability-in-popular-factorio-game/

🏛 Unseen images of code breaking computer that helped win WW2 Not news, but soooo cool https://www.bbc.com/news/technology-67997406


more, For the Curious

🔮 EasyEASM – Zero-dollar Attack Surface Management Tool https://www.kitploit.com/2024/01/easyeasm-zero-dollar-attack-surface.html

🗡️ BobTheSmuggler: Your Covert Cyber Swiss Knife for Undetectable Payload Delivery https://medium.com/@TheCyb3rAlpha/bobthesmuggler-your-covert-cyber-swiss-knife-for-undetectable-payload-delivery-bc84f3037522

Ⓜ️ Microsoft Teams Covert Channels Research https://blog.compass-security.com/2024/01/microsoft-teams-covert-channels-research/

👷Is Hardware-Glitching your Thing? 1 https://sec-consult.com/blog/detail/secglitcher-part-1-reproducible-voltage-glitching-on-stm32-microcontrollers/ 2 https://www.synacktiv.com/en/publications/how-to-voltage-fault-injection

💽 CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

📃 CISA Added the current Ivanti Vulnerability to their KVE list I kind of avoided mentioning the big one. I guess it had to happen. https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

💦 CISA, FBI and EPA release an Incident Response Guide for the WWS Sector There are some cool resources in there, if you dare shaving the yak. https://www.cisa.gov/news-events/alerts/2024/01/18/incident-response-guide-wws-sector

📨 Stealing your email with a .txt file https://blog.strikeready.com/blog/stealing-your-email-with-a-.txt-file/

🚪 Inside the Massive Naz.API Credential Stuffing List https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/

 
Read more...

from Bruno Miguel

Black and white painting of a camera on a wall Image source

Eduardo wrote an excellent piece for EDRi about Portugal's disastrous attempts at data retention laws. Here is a snippet: > However, as argued by D3, the new data retention regime is not any less problematic. The new law does not dictates a data retention scheme directly, but allows it through an authorisation from a special section of the Supreme Court. It will be up to the Supreme Court to define the terms of each data retention authorisation, with the law solely requiring them to be proportional and for the purpose of investigating serious crime. The law does not set duration limits, specific legal grounds for data retention to be authorised, or the criteria for it to be considered proportional.

Check the full article at EDRi's website.

#Privacy #DataRetention #Portugal

 
Read more...

from Bruno Miguel

Hackerman

Check my external IP

function myip {
	case "$1" in
		4 | 6)
				echo
				tput bold; echo -e '\e[0;93mIPv'$1; tput sgr0
				curl -s "http://v$1.ipv6-test.com/api/myip.php"
				;;
		*)
				echo
				tput bold; echo -e '\e[0;93mIPv4'; tput sgr0
				curl -4 -s "http://ipv6-test.com/api/myip.php"
				echo -e "\n"
				tput bold; echo -e '\e[0;93mIPv6'; tput sgr0
				curl -6 -s "http://ipv6-test.com/api/myip.php"
				;;
	esac
	echo
}

Check the current weather

CurrentWeather ()
{
	curl 'wttr.in/City?m&lang=pt&format=%l:+%C+%c+\nFeels:%f+\nTemp:%t\n'
}

System update and cleanup

function sysupdate {

		local native() {
			tput bold;
			echo "\n\e[0;93mUpdating native packages..."
			tput sgr0;
			paru -Syyuv;
		}

		local fltpk() {
			tput bold;
			echo "\n\e[0;93mUpdating flatpaks..."
			tput sgr0;
			flatpak update;
		}

		local cleanup() {
				array=($HOME/.cargo $HOME/.cache/go-build $HOME/.npm $HOME/.cache/paru $HOME/.cache/winetricks $HOME/.cache/wine $HOME/.cache/spotify $HOME/.cache/pnmp $HOME/.cache/pip $HOME/go)

				for ((i = 1; i <= $#array; i++)) {
					if [ -d $array[i] ]; then
						tput bold;
						echo -e "\n\e[0;93mDeleting $array[i]...";
						tput sgr0;
						rm -rfv -- $array[i];
					fi
				}

				tput bold;
				echo -e "\n\e[0;93mDeleting native package cache...";
				tput sgr0;
				paru -Sccc
		}

		case "$1" in
				-p)
						native;;
				-f)
						fltpk;;
				-c)
						cleanup;;
				-a)
						native; fltpk; cleanup;;
				-h | *)
						echo -e "-p\t Update native packages\n-f\t Update Flatpaks\n-c\t Cleanup after system update. Also includes stuff from ~/.cache\n-h\t Show help";;
		esac
}

#Shell #Functions #CLI #Terminal

 
Read more...

from acrypthash

End of the Year Wrap Post

Greetings fellow hackers! I hope everyone had a productive and prosperous year! This blog post is going to be pretty big and all over the place as I discuss what I have been up to over the past few months. It's been quite a ride :D. I am so grateful for this year and how much I've grown.

TLDR; DailyPay Okta breach, Malvertising and it's woes, security conferences, learning, GCP security, what's to come in 2024.

The first thing we will discuss is a security event that happen with a vendor called DailyPay. For those of you who don't know, “DailyPay is an American financial services company founded in 2015, which provides payroll services such as earned wage access.” The vendor was experiencing odd API requests coming from customer tokens (insert sweaty cat here). We started seeing notifications of odd logins and reached out. Apparently this was related to the Okta breach. Ultimately we rotated tokens, assured user logins all had 2FA (which they mostly did), and sat tight. A bit anticlimactic but we managed to avoid something bad from happening. It also taught me the value of actually calling up a vendor when you suspect something odd.

Malvertising is a TTP that is difficult for end-users to understand. It's hard to identify and easy to fall for. We work hard to train and explain these things in terms that end users can understand, but to get someone to actually remember to think with security in mind for their day to day is difficult and not realistic. For our organization, we need browser level security. We are a Google Workspace shop, so we could do some management at a browser level in Chrome, but that is limited and not ideal. ZScaler or a full fledged MDM is probably going to be the solution for us. In the past month we had an end user that fell for this TTP when they googled “Amazon” and clicked on an ad that redirected them to a phishing site. The phishing site is meant to trick you into thinking you had to call “Microsoft Support”.

I have also attended several security conferences this year! – PancakesCon (virtually) – BSides Harrisburg – BSides Philadelphia – Secure World Philadelphia – Defcon 31 – JawnCon – Cybersecurity Summit – Hardford, CT

Attending all of these conferences throughout the year has been such a fun and exciting learning experience. I've networked, learned new skills, learned lockpicking, and I have even started doing talks of my own at Penn State!

I have spent a lot of time reading whitepapers and learning the granular things that comes to writing malware and exploits. I have tested these exploits against the environment at work and have learned a lot about remediation! I've learned how to program in Python, Rust, and C! I've learned the classic VirtualAllocEx –> WriteProcessMemory and why not to use it in new malware that I write. I have learned the inner workings of process injection as well. By no means am I an expert, but my understanding in all of this has dramatically increased over the last year. I plan to continue to learn more about malware, about defense evasion methods and more.

We are Google shop and with that we inherit GCP. I am quite impressed with GCP security. There are several out of the box configs that aren't super great, but you are able to lock things down pretty easily. I had implemented things like terraform scans back when I first started, but now we are ingesting a lot of really interesting data into Datadog. With Datadog, I am able to get alerts in real-time on what our K8s are doing and so much more. We have also integrated Datadog alerting into various Slack channels.

The beginning of 2024 is going to be busy. We are deploying our new phishing campaign out to end users, I am building another IR tabletop to do by the end of January, among other things. I am actually utilizing a bit of AI into building the template for my IR tabletop. Due to CitrixBleed being so popular, I think that is what our topic is going to be about.

2024 is going to be having several major projects such as: – LLM build out for IR training and input (more to come) – 2 IR tabletops (one Citrix, the other pending) – Better coding and reverse engineering skills – New training for all employees – More blog posts that have more value

I am so excited for more blog posts and projects! LETS GO!

 
Read more...

from Personal Blog

2023 has been a huge year for me, for many lows in my career, as well as amazing highs. However I’ve always felt something missing, an urge left unscratched, so I’m making this post to plan out my 2024 personal projects and learnings that I want to undertake; a sort of “reflection journal” if you will.

Throughout 2024, I plan to revisit this post to reflect on what I’d like to achieve and how I’m tracking in achieving my goals. This will be followed up with a post detailing how everything is going, what my highlights have been and any potential blockers I’m facing. So, let’s begin with the goal setting!

In no particular order: – Publishing 2-3 articles on my security blog: I’m already in the draft stages of 1 post, however I got lazy and sort of lost interest. Once I can get that closed off, I have a feeling the rest will come more naturally and I should be able to achieve this quite comfortably. – Filling out my repo with content: Standing up my repo and filling it with content is a huge item on my list for the coming year. This will not only help my personal understanding of my security work but also give me something tangible I can use throughout my career. – Filling up my Wazuh instance with agents and directing logs to it via Syslog: Mid-2023 I stood up a Wazuh instance on my internal network, on a Raspberry Pi 4. Currently, I only have 1 agent connected to it and I don’t check it nearly as often as I should. Going forward, I want all computers to have agents installed, and gather logs from my IoT devices to ensure nothing dodgy is connecting to my network. On top of this, working on automations so I don’t have to check things manually will be a huge assist. Having an internal SIEM isn’t something I’ve stood up because I’m paranoid, rather it will help me gain skills across other platforms to help further my career. – Stick to a fitness plan: Looking after my health isn’t something that’s been top priority for me through my 20s, but with 30 fast approaching I’m starting to feel the repercussions of not taking it seriously. In 2024, I want to become much more disciplined with my health, going for runs, lifting weights and generally being more healthy so I’m around on this Earth for as long as possible.

Here’s to a prosperous 2024, for everyone! 🥂

 
Read more...

from Ducks

Telegram account: hxxps://t.me/oluxshopsite/ 2 336 subscribers Olux Buy Tools, Shells, web shell, RDP, SSH, cPanel, Mailer, SMTP, Leads, Webmail, Cards, Account, Pages, olux, Olux SHOP, olux store

hxxps://t.me/oluxshopsite/729: Tutorial Video Cpanel & shell & Smtps & Mailler 1$-10$ Rdps & Office logs & Leads & Numbers 1$-20$ Accounts & webmails & Pages & Methods 1$-500$

you can top up your account instantly few seconds with bitcoin Send the exactly number of Bitcoin or more don't close the payment page. u can refresh page

Any Problem with the order:Submit report to seller Seller didn't fix problem within 5 hours.We will refund Buyer. Buyer didn't reply within 24 hours after seller.We will Close report. Note:avoid multi reply. hxxps://olux.li hxxps://oluxshop.li t.me/oluxshopsite/729 edited Sep 28 at 07:43

cdn4.cdn-telegram.org/file/cff2fa7546.mp4 —> not able to catch that one.

IP-address 162.55.238.94

I first stumbled across a cryptofraud site on that IP. But I also found sites one the same IP with hidden content. One or more lines with the following content on one or more pages on the same domain, first example: view-source:hxxps://www.bitwealthasset.com/ : hxxps://www.oxo.si/'>Buy Spamming Tools, Shells, web shell, RDP, SSH, cPanel. I don't know the value of this, some kind of “seo” maybe? Other domains with the same or variations of the code:

bluerichfoods.com bxplorer.online tocpharmaceuticals.com euphoriaeventplace.com (24 rows with the code) abbasheartinternationalministries.com abdanielstradomedhospital.com caishencharteredtrust.com capitalgrowinvest.com capitecfin.com cattyinvest.com cheeckstox.com educurrency.top

citricosartaca.com is apparently a blank page, but contains almost 40 lines, but with additional domains and keywords in the code. Contains links to the following domains: oxo.vc (gone), oxo.si (127.0.0.1) and oxo.is (which celebrates christmas). “Buy Leads”and “SMTP” has sneaked in some places in what “services” they seem to provide.

clarity-options-trade.com climaxpaytrading.com coinswalletsapp.com commercial-trading.com conexriseltd.com crescent-funds.com crownenergy-investment.com cryptohive.online cryptohubmine.com cryptoinxhange.com cryptotradinggai.com bettercryptoinvestment.net climatefitsolutions.com educurrency.top (redirectet from chuksblog.top) clarity-options-trade.com climaxpaytrading.com cloudminingcity.com coinstitude.com combdb.com commercial-trading.com corporateuniontrustbank.com couttss.com cryptnetverse.com cryptoevolution.info cryptohubmine.com cryptoinxhange.com cryptoref.info cryptospotpro.online daily-gt.com dashtradefx.com debulad.com decentralisedincome.com deroyaleservices.com doubleyielders.com empablockmarket.live eqtycdf.com euphoriaeventplace.com expertminer.online firstcornerstoneb.com firstmidwsb.com firstspringcu.online flaretrustline.app ftxdailyincome.com fx-primetradhub.com fxnetworktrading.com getmypins.com/manage/ ggemfx.com glimcoinfx.com globalbestcutbutchers.com (in total 190 lines of code) globalbinarycpro.com globalprimefinance.com globalsignalexpertmarkets.com globewritershub.com glockamory.com gnbancorp.com godfelhrconsultancy.com goldenmovicltd.com grandoption.org grantbakingonline.com greencoastonline.org greenpathtb.com greenpathtrust.com gricunashr.com hakkbully.com hakkdomain.com hakknocrat.com haloinvestpro.com hashmarketfx.com heritagecapitalfx.com heritagecf.net heritagepvltd.com hfplatform.live hoardblockexplorer.info hoardfx.com hoperbookings.online horizonjury.com icbcsbnk.com iconiccanna.com trades.idealtradesignal.com instaplug01.com intconib.com intertrustbk.com itechglobehack.com jkcostant.online kathleencahillmariconda.com kryptofxcore.com legacycrf.com legcreditf.com liamfinancing.com liteinterext.online luminerybank.com lumineryfb.com luxorrtech.com masterfxtrade.live mauricugointernational.com mectomfx.com megafxoptions.com midascryptotrade.com milesassetltd.com digitechcompany.cloud/en/public/ (redirects from minecoins.online) moleystonescapitals.com mycrypai.com mypnconline.com myviasupport.com nationalcreditunion.online niketradeprime.com northcelly.com northernsb.com omegafinanceleasing.com optimoser.com optimuminternationalmarkets.com ordezenterprise.com peakhash.com pinb.online premier-option.com primeglobalinvestments.live/home/ profxcrypto.com prohakks.com propertiesloans.com prudcrb.comstockstradersfx.com standardcorpb.com stuartfellstaffordshirebullterriers.com successfulfx.online suisepay.com surfhakks.com swisslitebank.online syngenresources.com tcloudusdt.com tescoinv.com titantrustb.com tnbancorp.com tocpharmaceuticals.com (on a buttload of links on this domain) tokssphere.com tonensiadiamonds.com top-m.online topromedics.com torchcart.com trippydelics.store tsbcadvisor.com ualliancecrdu.com ultimafxoption.com ultimaterealistic.com ultimatexplorer.info

ultrafxoption.com * A bit interesting is that the code did not exist on ultrafxoption.com on November 30th 2022 according to urlscan.io. But shows up in a scan in December 2023. Did all sites got this code injected in this timeframe? Can only speculate. Or use a lot of time trying to find out.

uniqueglobaloptions.com vacationdepts.info vertextradings.com vitalityplc.online waxiprofit.com wcouservice.biz web-gmd.com westagefinance.com * According to urlscan this domain contained the code also on December 4th 2023 winnersviewoptioninvestment.org wisgodynamic.com wmovelogistics.com wolf-trademarket.cfd world-miners.com wourld-cour.com xiloans.com xpressct.com xtrafcb.com xtrainterextcorp.com xtrainterextfb.com xtrainterextfcb.com xtratreasury.com ysmbundle.com ziraatinternationalcorporation.com * According to urlscan this domain contained the code also on September 11th 2023

citricosartaca.com is apparently a blank page, but contains almost 40 lines, but with different additional domains and keywords in the code. Contains links to the following domains: oxo.vc (gone), oxo.si (127.0.0.1) and oxo.is which celebrates christmas. “Buy Leads”and “SMTP” has sneaked in some places in what “services” they provide.

Various search engines gives hits to other sites on the same IP, but the hidden stuff is now gone: fujowillbusiness.com/sample-page/ wmtips.com/tools/info/sh3elltools.to hxxps://www.hotelfontana.de/magazin/tag/ayurvedische-reinigungskur/ hxxps://albertfinni.com/gva_template/crowdfunding-single-template/

Some sites appear in searches, but are now gone: lufix.pro, lufix.to, oluxshop.to

Domains, variatons of oluxshop.[tld] oluxshop.to (127.0.0.1)

Domains, variatons of olux.[tld] olux.to

ICQ: hxxps://icq.im/oluxshop

A now apparent dead facebook account: hxxps://www.facebook.com/groups/buywebshell/ sh3elltools.to seems somwehat related.

 
Read more...