Jump to content

livebox

Active Members
  • Content Count

    57
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by livebox

  1. Intr-o luna o sa revina lucrurile la normal in china , iar la noi in europa eu cred ca o sa fie un varf de epidemie prin iunie . deci o sa ne revenim prin septembrie . // daca se procedeaza corect si cu cap . in 2 luni ne revenim . dar nu prea cred.
  2. Investiti in bitcoin/altcoin ! eu am pierdut $30.000 intr o saptamana . dar sunt sigur ca anul asta o sa sara de 15.000 $ ,
  3. livebox

    COVID-19

    Isi freaca mainile toti cu corona asta . abia o asteptau . mai ales la noi in tara . isi mai baga cate 2-3 sute de mii $ in buzunar, politicienii nostrii scumpi si dragi . Abia asteptau toti sa faca din tantar armasar . Mai da-o in ... de gripa ordinara .
  4. niste jeguri . trebuie furati omorati rupti in doua .
  5. O cumpara cei de la Apple
  6. The desire to buy the painting turned out to be more than £ 2 million for the Twente State Museum (Netherlands). According to Bloomberg, the art museum initiated negotiations with British art dealer Simon C. Dickinson Ltd to buy an expensive painting by the English artist John Constable, which the museum director noticed on European art exhibition. For several months, the parties were negotiating by e-mail, at some point the attackers managed to gain access to the systems of one of the organizations and intervene in the correspondence. Under the guise of an art dealer, they sent fake messages to the museum, after which the latter transferred £ 2.4 million ($ 3.1 million) to a bank account in Hong Kong supposedly owned by Simon Dickinson. As a result, the art dealer never received the money owed to him, and the scammers could not be calculated. Now the affected parties in court find out who is to blame for the situation. In a lawsuit filed with the London High Court, the museum accused Simon Dickinson of not revealing email fraud. In turn, the art dealer said that he did not notice someone else's presence in the correspondence, and the museum had to check the account before sending funds to it. In addition, both sides consider each other a source of theft, since each of them allowed a compromise of their systems. The Twente State Museum claims damages. The court did not find the defendant guilty of negligence, but noted that the revised claims for damages could be accepted for consideration. Now the court must decide to whom the ownership of the painting belongs. Source: https://www.securitylab.ru/news/504590.php
  7. A joint group of researchers from the Ruhr and New York Universities has developed a new attack method that makes it possible to impersonate a legitimate user on a mobile network. The technique, called IMP4GT (IMPersonation Attacks in 4G NeTworks), exploits a vulnerability in 4G LTE, namely, the lack of protection of the integrity of user data in LTE. At the time of connecting or activating subscriber equipment in the network, the network starts the authentication procedure and key agreement agreement AKA (Authentication and Key Agreement). The purpose of this procedure is the mutual authentication of the subscriber and the network and the development of the KASME intermediate key. In LTE networks, mutual authentication occurs on the control plane, however, on the user plane there is no verification of the integrity of user data, which an attacker can use to manipulate and redirect IP packets. In addition to the lack of integrity checking, the IMP4GT attack exploits the reflection mechanism in the IP stack of the mobile operating system. Specialists described two attack scenarios affecting the upstream and downstream channels of the network. In the first case, the attacker pretends to be a legitimate device on the network and can use any site disguised as a victim. In this case, all traffic generated by the attacker will be associated with the IP address of the victim. In the second case, the attacker can establish a TCP / IP connection with the phone and bypass any mechanism of the LTE network firewall (does not apply to protective mechanisms above the IP level). According to researchers, an attacker can impersonate a device or network at an IP level and send or receive IP packets under the guise of a stolen identity, but an attacker will not be able to access private e-mail accounts or instant messengers, make calls or crack TLS encryption. In addition, such an attack is quite difficult to implement, since it will require special skills and equipment, and the attacker himself must be close to the victim. Specialists will present more detailed information about the IMP4GT method at the NDSS Symposium 2020 conference, which will be held in San Diego in late February. Source: https://www.securitylab.ru/news/505155.php
  8. Security researcher and developer at NIC.gp. Michel Gaschet found at Microsoft serious problems managing thousands of his subdomains. According to him, the company's subdomains can be easily hacked by attackers and used in attacks on both its users and employees. Over the past three years, Gasket has repeatedly reported to Microsoft about subdomains with incorrect DNS record configurations, but the company either ignored its messages or “silently” fixed bugs, but not all of them. So, in 2017, the researcher notified of 21 vulnerable subdomains of msn.com, and in 2019, another 142 subdomains of microsoft.com. According to Gasket, the company corrected the configuration of no more than 5-10% of the subdomains that he reported. Until recently, vulnerable subdomains did not cause Microsoft any concern. However, now everything seems to have changed. The researcher identified at least one cybercriminal group hacking Microsoft subdomains in order to publish spam on them. On at least four subdomains, Basket found ads from Indonesian online casinos (portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com). According to the researcher, Microsoft is in no hurry to fix vulnerabilities on its subdomains, since this is not included in the reward payment program for detected vulnerabilities. The problem of hacking subdomains is not part of bug bounty and therefore is not a priority. Source: https://www.securitylab.ru/news/505182.php
  9. Nu ma asteptam sincer sa existe asa ceva :))) Mai bine nu-mi timiteai :)))
  10. 10300 ceva de genu ..
  11. Mda.. . usor usor acum il ai acum nu-l mai ai , cum spuneam mai devreme , mereu am pierdut , de exemplu am pierdut acum vreo 700-800 $ Bitcoin Balance 1.08721992 BTC
  12. NU, Mereu am pierdut . cand am incercat sa tin btc-ul si sa nu il schimb pentru cash am pierdut de fiecare data . Iar de atunci nu tin mai mult de o luna fara sa schimb, cand am nevoie cumpar si tot asa . Cineva din familia mea are 15 btc cumparati pe la $4000 , si-a dublat banii , inca nu a schimbat nimic , spera sa se imbogateasca .. dar sti cum e , nemultumitului i se ia darul , sper sa nu.
  13. Asa e, nu strica niciodata un sistem in plus de securitate, cat despre malware poate fi detectat dar acestia sunt f putini . sa spun %20 din leads. dupa ceva timp . Intr-adevar poti sa te incadrezi in cei 20% . Ai dreptate .
  14. La dracu cu toate AV pentru cunoscatori (azor dupa 4000 de install uri). Tot nu inteleg de ce sa mai folosesc av cand oricum este degeaba . Mai imi vand si datele....toate sunt niste mizerii File: file ℹ️ Size: 973312 bytes | (973.31 KB) ℹ️ MD5: 188a0fe730dfee8b173ac1dd1cb401ca ℹ️ VT Status: clean ⏱ Scan time: 31-01-2020 16:15:44 ⌛️ Scanned in: 7 sec ✅ adaware: [CLEAN] ✅ ahnlab: [CLEAN] ✅ alyac: [CLEAN] ✅ avast: [CLEAN] ✅ avg: [CLEAN] ✅ avira: [CLEAN] ✅ bitdef: [CLEAN] ✅ bullguard: [CLEAN] ✅ clam: [CLEAN] ✅ comodo: [CLEAN] ✅ drweb: [CLEAN] ✅ emsisoft: [CLEAN] ✅ nod32: [CLEAN] ✅ fortinet: [CLEAN] ✅ fsec: [CLEAN] ✅ ikarus: [CLEAN] ✅ kasper: [CLEAN] ✅ mcafeetp: [CLEAN] ✅ mbytes: [CLEAN] ✅ pandagp: [CLEAN] ✅ sophos: [CLEAN] ✅ trend: [CLEAN] ✅ webroot: [CLEAN] ✅ mssec: [CLEAN] ✅ zonealarm: [CLEAN] ✅ zillya: [CLEAN] ✅: 26 👹: 0
  15. General Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601. The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory. The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory. Vulnerability explanation NSA description: NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include: HTTPS connections Signed files and emails Signed executable code launched as user-mode processes The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners. If you really want to deep dive in the cryptographic part and understand better the root cause of this vulnerability, Tal Be'ery published today a very didactic explanation: Tal Be'ery Medium BlogPost Part 1 Tal Be'ery Medium BlogPost Part 2 EXPLOIT Publicly available: YES PoC published the 2020-01-16 1208 AM GMT+1 (PoC1) Interesting nuggets: RSA 2048, use NIST P-384 (secp384r1) curve, 365 days default expire date. 1 Sample uploaded on VTI, seems related to the previous PoC, but no confirmation https://www.virustotal.com/gui/file/95597ed5ed579d4fe1e9a2177c29178038e4f837998bc058c94ede6ec55b7547/details Updated PoC (2020-01-16 1448) Updated include new nuggets: 10000 days default expire date, now abuse CA: "Microsoft ECC Product Root Certificate Authority 2018", still use NIST P-384 (secp384r1) curve, added a mark in the end "Signed by ollypwn" PoC published the 2020-01-16 1214 AM GMT+1 [PoC2] Interesting nuggets: default serial number = 0x5c8b99c55a94c5d27156decd8980cc26, use NIST P-384 (secp384r1) curve, 500 days default expire date, configured to abuse USERTrust ECC Certification Authority, some others hardcoded information but could be changed easily, C = CH, ST = Vaud, L = Lausanne, O = Kudelski Security, CN = 85.184.255.36. Privately available: YES (Around 10 private PoC) In The Wild Exploitation: YES Source : https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d
  16. On the 0patch platform, a temporary micropatch has been made available for the actively exploited vulnerability (CVE-2020-0674) of remote code execution in Internet Explorer 11 until an official patch from Microsoft is released. According to Microsoft, exploiting the vulnerability “allows memory corruption in such a way that an attacker could execute arbitrary code in the context of the current user.” If a user logs in to the system with administrator rights on a compromised device, attackers can gain full control over the system, which allows you to install malicious programs, manipulate data or create accounts with full user rights. The critical vulnerability is contained in jscript.dll and affects Internet Explorer versions 9, 10, and 11 on devices running Windows 7, Windows 8.1, Windows 10, and Windows Server. Although Microsoft has proposed a number of measures to prevent exploitation of the vulnerability, their implementation "may lead to a decrease in the functionality of components or functions that depend on jscript.dll." The workaround is also accompanied by a number of other negative side effects, including Windows Media Player refusal to run MP4 files, printing disruption through Microsoft Print to PDF, and denial of proxy auto-configuration scripts. The micropatch is ready for use on devices running Windows 7, Windows 10 (v1709, v1803, v1809), Windows Server 2008 R2, and Windows Server 2019. “Our micropatch works on the principle of a switch that prohibits or allows the use of the vulnerable jscript.dll file by the Internet Explorer browser component in various applications (IE, Outlook, Word, etc.),” explained Mitja Kolsek, co-founder of 0patch. Users can download the micropatch on the 0patch platform after creating an account, downloading the 0patch agent, and registering the agent on the device. Source: https://www.securitylab.ru/news/504304.php
  17. De ce sa nu se inregistreze in baza de date ? le vrei separat?
  18. Check Point specialists published a report on serious vulnerabilities in the popular TikTok application. With their help, attackers could not only steal user data, but also manipulate their status in the profile and video. In particular, vulnerabilities allowed you to access other people's accounts and manipulate their content, delete and upload videos, make hidden videos visible to everyone, and disclose personal information stored in your account (for example, email address). In a study of application security, experts found that the TikTok website allows you to send SMS messages to any phone number on your behalf. An attacker can spoof a message by changing the download_url parameter in an intercepted HTTP request, insert any link, including a malicious one, and send it to the user on behalf of the TikTok team. An attacker can re-engineer a fake link and send TikTok requests along with the victim's cookies. Other vulnerabilities discovered by researchers can be exploited here. Even without cross-site request forgery, an attacker can execute JavaScript code and perform actions on behalf of the user. Using a combination of POST and GET requests, an attacker can change the privacy settings of hidden videos, create new videos and publish them to the victim's account. Running JavaScript code also allows you to obtain victim’s personal information through existing API calls, but for this, the attacker will first have to bypass the SOP (domain restriction rule) and CORS (resource sharing between different sources) security mechanisms. The application developer fixed the vulnerabilities before the publication of the researchers report. Source: https://www.securitylab.ru/news/503899.php
  19. Vulnerabilities in software that allow compromising the system without user intervention (for example, without clicking on a malicious link by the victim) are of great interest to security researchers. Experts from Google Project Zero, who have devoted the study of this issue over the past few months, are no exception. On Thursday, January 9, Google Project Zero security researcher Samuel Gross of Google Project Zero demonstrated how you can remotely hack your iPhone, access passwords, messages, email and activate the camera with a microphone with just one Apple ID in a few minutes. The researcher described his attack method in three separate articles on the Google Project Zero blog. The first provides technical details about the vulnerability, the second describes how to hack ASLR, and the third explains how to remotely execute code on an attacked device bypassing the sandbox. During the attack, Gross exploited the only vulnerability in iOS 12.4 (CVE-2019-8641), fixed by Apple in August last year with the release of iOS 12.4.1. With its help, he circumvented ASLR technology, designed to complicate the operation of certain types of vulnerabilities. ASLR provides for changing the location in the process address space of important data structures (executable file images, loaded libraries, heaps and stacks). However, the attack demonstrated by Gross casts doubt on the effectiveness of ASLR. “The study was mainly motivated by the following question: is it possible to use remote vulnerability for memory corruption to achieve remote code execution on iPhone without using other vulnerabilities and without any user interaction? A series of publications on this blog proves that yes, it is indeed possible, ”Gross said. Source: https://www.securitylab.ru/news/503917.php
  20. On New Year's Eve, REvil ransomware operators (also known as Sodinokibi) attacked the computer systems of the exchange provider Travelex, as a result of which the British banks Lloyds, Barclays, HSBC and Royal Bank of Scotland were unable to process the transactions. Initially, cybercriminals demanded a ransom of $ 3 million in exchange for encrypted customer data, but now the amount has doubled and amounts to $ 6 million. According to Travelex representatives, the security system blocked the data as a “precaution” immediately after the virus was detected, and the client’s data didn’t were compromised. “At present, we are blocking the virus and are working to restore our systems to resume normal operation as soon as possible. The Travelex network continues to provide manual currency exchange services, ”Travelex said. As the BBC reported, citing criminals, the attackers downloaded 5 GB of data about the exchange’s customers and plan to sell them in six days if the exchange does not pay the ransom. Travelex has partnered with the UK's National Crime Agency (NCA) and the London metropolitan police to conduct a criminal investigation into the incident. Source: https://www.securitylab.ru/news/503937.php
×
×
  • Create New...