-
Posts
1026 -
Joined
-
Days Won
55
Everything posted by Kev
-
Computing giant tries to reassure users that the tool won’t be used for mass surveillance. Apple provided additional design and security details this week about the planned rollout of a feature aimed at detecting child sexual abuse material (CSAM) images stored in iCloud Photos. Privacy groups like the Electronic Frontier Foundation warned that the process of flagging CSAM images essentially narrows the definition of end-to-end encryption to allow client-side access — which essentially means Apple is building a backdoor into its data storage, it said. Apple’s new document explained that the tool is only available to child accounts set up in Family Sharing and the parent or guardian must opt-in. Then, a machine-learning classifier is deployed to the device in the messaging app, which will trigger a warning if the app detects explicit images being sent to or from the account. If the account is for a child under 13 years old, the parent or guardian will also receive a notification, according to Apple. The image is not shared with the parent, only a notification, Apple added. Apple Explains How It Protects Privacy While Monitoring CSAM Content The feature also detects collections of CSAM images uploaded to iCloud photos, Apple said. First it runs code on the device that compares any photo being uploaded to a known database of CSAM images. After a certain number of images is detected, the images are sent to a human reviewer and if an issue is detected, the information is turned over to the National Center for Missing and Exploited Children who will notify law enforcement as necessary. First, Apple said it generated a CSAM device database by combining information from two separate child-safety agencies. The company added that the database is never updated or shared over the internet. Apple added that it will publish a Knowledge Base article with a root hash of the encrypted database with each iOS update, to allow for independent third-party technical audits. It’s unclear how any of these details will reassure critics of the move. Via threatpost.com
-
Cyber Forensics, pe langa hamburgeri si gogosi ai undeva la aproximativ 4.000 € lunar
-
Overview Traccar SMS Gateway is an Android messaging app. The key difference from other messaging apps is an option to expose HTTP API for sending SMS messages through the phone. The project is based on another open open source project - QKSMS. Team Anton Tananaev (anton@traccar.org) License GNU General Public License, Version 3 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Download: Google Play or git clone https://github.com/traccar/traccar-sms-gateway Source
-
- 1
-
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
Kev replied to Nytro's topic in Stiri securitate
Lorem ipsum -
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456. Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malware. In a new report, Proofpoint details how the group TA456, associated with the Iranian Revolutionary Guard, invested years in developing the false profile of a fantasy woman named Marcella Flores, an impossibly shiny haired aerobics instructor from the U.K., to rein in unsuspecting targets. The first signs of Marcella on social media started in 2018, according to Proofpoint’s analysis. Starting about eight months ago, Proofpoint found TA456 used the Marcella Flores profile to slowly build a relationship with someone who worked for a subsidiary of an aerospace defense contractor in the U.S. Over the months, Marcella shared many emails, pictures and even a video to build trust. “Marcella’s” Facebook profile. Source: Proofpoint. It wasn’t until early June that the attackers sent an email from Marcella Flores with the malware, the report added. TA456 Lempo Malware Once it gains a foothold in a target’s system, Lempo performs reconnaissance and exfiltrates data to an email account controlled by TA456. Then, it deletes the host artifacts to cover its tracks, the report explained. As for the attack chain, an Excel macro drops the Lemgo reconnaissance tool and Windows does the rest. Lempo collects sensitive domain data, computer and username information, firewall rules, IP config information and tons of other useful stuff that could be used to launch a successful supply-chain attack on the government or various contractors. In fact, Proofpoint’s Sherrod DeGrippo told Threatpost the fake “Marcella” profile they found was also connected on social media with others who publicly identify themselves as employees of defense contractors. Alluring Photos Are a Standard Scammer Tactic Besides general cybersecurity hygiene and awareness training, DeGrippo advises those who work in sensitive industries — like aerospace and defense — to avoid shoring too much personal information on social media, which could ultimately be used by threat actors to build a detailed personal profile on you for abuse. Catfishing by cyberattackers isn’t new; in 2020, Hamas was caught taking a classic catfish approach to tempt Israeli soldiers into installing spyware on their phones. Members posed as teen girls who are looking for quality chat time. Iran-linked threat actors have used similar tactics on LinkedIn and WhatsApp before, targeting industries of geo-political interest to the country, Sean Nikkel, threat intelligence analyst from Digital Shadows told Threatpost. Unfortunately, there’s no one simple answer to eliminating the risk of these types of sophisticated social-engineering attacks, according to Dirk Schrader from New Net Technologies. Via threatpost.com
-
Fisu lui Prigoana il are, si-a facut miliarde, dar el nu declara On: declari frumos la FISC si aia e, dovada scrisa-n negru pe alb
-
@Nytro este cu dll-uri and win
-
The Malwarebytes report said a new threat actor may be targeting Russian and pro-Russian individuals. Hossein Jazi and Malwarebytes' Threat Intelligence team released a report on Thursday highlighting a new threat actor potentially targeting Russian and pro-Russian individuals. The attackers included a manifesto about Crimea, indicating the attack may have been politically motivated. The attacks feature a suspicious document named "Manifest.docx" that uniquely downloads and executes double attack vectors: remote template injection and CVE-2021-26411, an Internet Explorer exploit. Jazi attributed the attack to the ongoing conflict between Russian and Ukraine, part of which centers on Crimea. The report notes that cyberattacks on both sides have been increasing. But Jazi does note that the manifesto and Crimea information may be used as a false flag by the threat actors. Malwarebytes' Threat Intelligence team discovered the "Манифест.docx" ("Manifest.docx") on July 21, finding that it downloads and executes the two templates: one is macro-enabled and the other is an html object that contains an Internet Explorer exploit. The analysts found that the exploitation of CVE-2021-26411 resembled an attack launched by the Lazarus APT. According to the report, the attackers combined social engineering and the exploit in order to increase their chances of infecting victims. Malwarebytes was not able to attribute the attack to a specific actor, but said that a decoy document was displayed to victims that contained a statement from a group associating with a figure named Andrey Sergeevich Portyko, who allegedly opposes Russian President Vladimir Putin's policies on the Crimean Peninsula. Jazi explained that the decoy document is loaded after the remote templates are loaded. The document is in Russian but is also translated into English. The attack also features a VBA Rat that collects victim's info, identifies the AV product running on victim's machine, executes shell-codes, deletes files, uploads and downloads files while also reading disk and file systems information. Jazi noted that instead of using well known API calls for shell code execution which can easily get flagged by AV products, the threat actor used the distinctive EnumWindows to execute its shell-code. Via zdnet.com
-
Cum?
-
vezi in sectiunea de stiri PS: bine ca nu ti-ai lasat adersa
-
Pentru ca nu sunt banii tai, daca nu ai semnatura digitala (PGP) iti iei adio de la ei
-
The software-engineering platform is urging users to patch the critical flaw ASAP. Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that’s used by 180,000 customers to engineer software and manage projects, and Jira is its proprietary bug-tracking and agile project-management tool. On Wednesday, Atlassian issued a security advisory concerning the vulnerability, which is tracked as CVE-2020-36239. The bug could enable remote, unauthenticated attackers to execute arbitrary code in some Jira Data Center products. BleepingComputer got ahold of an email Atlassian sent to enterprise customers on Wednesday that urged them to update ASAP. The vulnerability has to do with a missing authentication check in Jira’s implementation of Ehcache, which is an open-source, Java distributed cache for general-purpose caching, Java EE and lightweight containers that’s used for performance and which simplifies scalability. Atlassian said that the bug was introduced in version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Management Data Center (known as Jira Service Desk prior to 4.14). According to Atlassian’s security advisory, that list of products exposed a Ehcache remote method invocation (RMI) network service that attackers – who can connect to the service on port 40001 and potentially 40011 – could use to “execute arbitrary code of their choice in Jira” through deserialization, due to missing authentication. RMI is an API that acts as a mechanism to enable remote communication between programs written in Java. It allows an object residing in one Java virtual machine (JVM) to invoke an object running on another JVM; Often, it involves one program on a server and one on a client. The advantage of RMI, as BleepingComputer describes it, is that Workings of RMI. Source: Wikipedia. Atlassian “strongly suggests” restricting access to the Ehcache ports to only Data Center instances, but noted that there’s a caveat: “Fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service,” according to the advisory. Affected Versions These are the affected versions of Jira Data Center and Jira Service Management Data Center: Jira Data Center, Jira Core Data Center, and Jira Software Data Center – ranges 6.3.0 <= version < 8.5.16 8.6.0 <= version < 8.13.8 8.14.0 <= version < 8.17.0 Jira Service Management Data Center – ranges 2.0.2 <= version < 4.5.16 4.6.0 <= version < 4.13.8 4.14.0 <= version < 4.17.0 Jira Data Center, Jira Core Data Center, and Jira Software Data Center All 6.3.x, 6.4.x versions All 7.0.x, 7.1.x , 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.x, 7.7.x, 7.8.x, 7.9.x, 7.10.x, 7.11.x, 7.12.x, 7.13.x versions All 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x versions All 8.5.x versions before 8.5.16 All 8.6.x, 8.7.x, 8.8.x, 8.9.x, 8.10.x, 8.11.x, 8.12.x versions All 8.13.x versions before 8.13.8 All 8.14.x, 8.15.x, 8.16.x versions Jira Service Management Data Center All 2.x.x versions after 2.0.2 All 3.x.x versions All 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x versions All 4.5.x versions before 4.5.16 All 4.6.x, 4.7.x, 4.8.x, 4.9.x, 4.10.x, 4.11.x, 4.12.x versions All 4.13.x versions before 4.13.8 All 4.14.x, 4.15.x, 4.16.x versions Atlassian’s advisory said that customers who have downloaded and installed any affected versions “must upgrade their installations immediately to fix this vulnerability.” Having said that, Atlassian also noted that the “critical” rating is its own assessment and that customers “should evaluate its applicability to your own IT environment.” Non-Affected Versions Here’s the list of products that aren’t affected by the flaw: Atlassian Cloud Jira Cloud Jira Service Management Cloud Non-Data Center instances of Jira Server (Core & Software) and Jira Service Management Also, customers who have upgraded Jira Data Center, Jira Core Data Center, Jira Software Data Center to versions 8.5.16, 8.13.8, 8.17.0 and/or Jira Service Management Data Center to versions 4.5.16, 4.13.8 or 4.17.0 are off the hook: They don’t need to upgrade. Atlassian is Attacker Catnip Some of the largest enterprises with the most sophisticated product development use Atlassian products. Among its more than 65,000 users, Jira counts some big fans, including the likes of the Apache Software Foundation, Cisco, Fedora Commons, Hibernate, Pfizer and Visa. Unfortunately, its popularity – particularly with the big fish – and its capabilities make it a tempting target for attackers. In June, researchers uncovered Atlassian bugs that could have led to one-click takeover: A scenario that brought to mind the potential for an exploit that would have been similar to the SolarWinds supply-chain attack, in which attackers used a default password as an open door into a software-updating mechanism. Chris Morgan, senior cyber-threat intelligence analyst at digital-risk provider Digital Shadows, said that the vulnerability at the heart of Wednesday’s advisory is just the latest in a series of bugs facing software engineering and management platforms that, if exploited, “could lead to a range of pernicious outcomes.” While there’s no evidence of active exploitation at this time, we can expect attempts to show up in the coming one to three months, Morgan predicted. He pointed to several recent supply-chain attacks, including attacks against software providers Accellion and Kaseya, that have leveraged vulnerabilities to gain initial access and to compromise software builds “known to be used by a diverse client base.” Other security experts agreed with Morgan’s assessment. Andrew Barratt, managing principal of solutions and investigations at cybersecurity advisory firm Coalfire, told Threatpost on Thursday that the vulnerability Atlassian disclosed on Wednesday “shows that attackers are still looking to leverage economies of scale and compromise multiple parties using single platform-wide vulnerabilities.” Expect Exploitation, In the Wild Attacks TL;DR: Apply the update ASAP, or implement Atlassian’s workarounds, Morgan emphasized. On the optimistic side, the issue may blow over before it gets dire, given that Atlassian is already issuing patches and advising on temporary mitigations, Barratt added. Barratt thinks that the most concerning thing should be “the renewed focus on potentially a gold mine of opportunity.” While targeting developers isn’t new, he said, targeting their tools, platform and reducing potential confidence in the product “shows the need for security orchestration tools that can help bring the diversity of the problem to single-management view.” On the technical side of things, Shawn Smith – director of infrastructure at application security provider nVisium – posited that supply-chain attacks are a good argument against auto-updating dependencies, but “this also means that security teams have to monitor and manage them effectively and efficiently,” as he told Threatpost via email on Thursday. Via threatpost.com
-
Pentru? Gaming, Design,... ASUS - Nvidia ®
-
Dude, nenorocit, antet, subtext nu aveti?, alineat.... Ma angajez eu la baut vodka Amin!
-
Iti trimit un colet cu mezeluri, lapte, grâu, ... alimente, imbracaminte pentru varsta de 2 ani nu am, lasa-mi mesaj privat Edit: + 10 bonuri de 20% reducere la Kaufland
-
Malaysian authorities did not mess around when they broke up a cryptocurrency mining farm and charged the operators with stealing electricity. As Bitcoin’s price surged this spring to a new all-time high, the spotlight shining on its controversial mining process only got brighter. Bitcoin, Ethereum, and many other cryptocurrencies use an energy-intensive “proof-of-work” process that makes computers on its decentralized network compete to solve complex mathematical equations to verify a batch of transactions; this makes the network less susceptible to certain attacks, and earns miners crypto rewards. Given the competitive element in the quest for valuable cryptocurrency, powerful mining rigs—essentially, PCs purpose-built to maximize mining rewards—are the preferred tool of serious crypto miners. They are expensive, and persistent demand and manufacturing delays can mean months-long waits for rigs to be delivered. This week, police in Malaysia crushed 1,069 of them with a steamroller. Authorities in the city of Miri in Sarawak, Malaysia seized 1,069 rigs from miners alleged to have stolen electricity for their operations, per a report from local publication The Star. The devices were seized in a joint operation between Miri police and Sarawak Energy Berhad between February and April, and have an estimated value of RM5.3 million ($1.25 million USD), according to the outlet. Six individuals were arrested for electricity theft in the operation, and “have been fined up to RM8,000 and jailed for up to eight months," according to a statement from Miri police chief ACP Hakemal Hawari that was quoted by The Star. Local Sarawak news outlet Dayak Daily adds that the rigs were collected over the course of six separate raids. Sarawak Energy Berhad estimates that it lost RM8.4 million ($2 million USD) in energy that was stolen from its lines for the mining operation, the outlet reported. Dayak Daily also uploaded a video to YouTube showing the miners being steamrolled. Neither outlet stated why the police felt it was necessary to destroy the machines in such dramatic fashion, though it certainly sends a strong message. Electricity theft is a persistent issue in numerous regions where Bitcoin is mined, as some operators use illegal means to secure the cheap electricity necessary to make a big profit mining cryptocurrency. According to the report, the mining rigs were demolished in the parking lot of the Miri district police headquarters this week, as seen in the video above. Bitcoin enthusiasts might watch the video and see dreams of prospective crypto wealth crushed to bits, while anti-mining advocates are likely to see Bitcoin’s ecological impact being slightly curtailed amidst all of that e-waste. Bitcoin’s distributed ledger design ensures the security and stability of the blockchain network, but the mining model requires exorbitant amounts of energy. Digiconomist estimates that the Bitcoin network now uses as much energy annually as the entire county of Sweden, and the energy use of the network is sure to rise as more mining power is added to the network (and vice versa). The leading cryptocurrency’s early-year surge was halted in part by Tesla announcing in May that it would no longer accept Bitcoin payments, citing concerns over the use of fossil fuels in mining. It was an about-face for the electric car maker, which announced in February that it had purchased $1.5 billion worth of Bitcoin to hold on its balance sheet, and soon after began accepting Bitcoin payments for a brief span. Tesla CEO Elon Musk, the terminally-online Dogecoin member, has since become reviled by many crypto enthusiasts for his perceived meddling in the scene, including the formation of a “Bitcoin Mining Council.” Bitcoin’s price fell swiftly following Tesla’s announcement, and at a current price just above $32,000 per coin, it’s worth about half of its all-time high set in April. China’s increasing crackdown on cryptocurrency has also recently dampened enthusiasm around the industry. Crypto mining has been banned in multiple provinces, causing the Bitcoin network’s hash rate (or total computational power) to sink as miners shut down or move abroad. The People’s Bank of China also told top banks and payments services to root out cryptocurrency users and implement stricter know-your-customer processes. Earlier this week, the Ukrainian Security Service (SBU) similarly busted a crypto mining operation for allegedly stealing electricity from a nearby regional energy provider. That bust had its own unique hook: some 3,800 PlayStation 4 consoles made up the majority of the seized devices, as the systems had apparently been modified to mine an unidentified cryptocurrency. Game consoles are significantly less powerful than dedicated PC mining rigs, but there’s still potential for profit when the energy cost is zero. Via vice.com
-
Conteaza pasta, te poti spala si cu peiruita din par de porc
-
Ati deviat de la subiect toti cu psihologia lui On: omul a intrebat cum poate tine mai multe tab-uri deschise fara sa-i bubuie capul On2: vezi in market ce gasesti
-
frânã bããã Ioane, hooo
-
Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It's also used (in combination with other tools and techniques) in the MythX security analysis platform. If you are a smart contract developer, we recommend using MythX tools which are optimized for usability and cover a wider range of security issues. Whether you want to contribute, need support, or want to learn what we have cooking for the future, our Discord server will serve your needs. Installation and setup Get it with Docker: $ docker pull mythril/myth Install from Pypi: $ pip3 install mythril See the docs for more detailed instructions. Usage Run: $ myth analyze <solidity-file> Specify the maximum number of transaction to explore with -t <number>. You can also set a timeout with --execution-timeout <seconds>. Example (source code) > myth a killbilly.sol -t 3 ==== Unprotected Selfdestruct ==== SWC ID: 106 Severity: High Contract: KillBilly Function name: commencekilling() PC address: 354 Estimated Gas Usage: 574 - 999 The contract can be killed by anyone. Anyone can kill this contract and withdraw its balance to an arbitrary address. -------------------- In file: killbilly.sol:22 selfdestruct(msg.sender) -------------------- Transaction Sequence: Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0 Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0 Instructions for using Mythril are found on the docs. For support or general discussions please join the Mythril community on Discord. Building the Documentation Mythril's documentation is contained in the docs folder and is published to Read the Docs. It is based on Sphinx and can be built using the Makefile contained in the subdirectory: cd docs make html This will create a build output directory containing the HTML output. Alternatively, PDF documentation can be built with make latexpdf. The available output format options can be seen with make help. Vulnerability Remediation Visit the Smart Contract Vulnerability Classification Registry to find detailed information and remediation guidance for the vulnerabilities reported. Download mythril-develop.zip or git clone https://github.com/ConsenSys/mythril.git Source
-
- 2
-
Este fake news, 1 nu avea gluga, 2 nicio legatura cu fraudele bancare, 3 nu are asociere dintre tex si ce montaje facute de protv Si tu si andreea esca si cu tot cu tinkode
-
ce umflati stirile, de parca nu ar aduce bani in tara
-
Mercedes Benz Data Leak Includes Card and Social Security Details
Kev replied to Nytro's topic in Stiri securitate
implementat in board un system de avarie -
Storage giant fingers 'critical' bug allowing remote factory resets that wipe contents. Western Digital has alerted customers to a critical bug on its My Book Live storage drives, warning them to disconnect the devices from the internet to protect the units from being remotely wiped. In an advisory, the storage firm said My Book Live and My Book Live Duo devices were being "compromised through exploitation of a remote command execution vulnerability" CVE-2018-18472. The exploit is described as a root remote command execution bug which can be triggered by anyone who knows the IP address of the affected device – and is currently being "exploited in the wild in June 2021 for factory reset commands." Reports of the issue emerged on Thursday after owners of the NAS devices took to Western Digital's support forums to complain. Device logs published on the Western Digital forums show the devices were remotely factory reset, although the culprits have not been found. In a statement earlier today, the company said it didn't believe its own servers were compromised. The Western Digital My Book Live connects to a host computer via USB, with internet access coming via an Ethernet port on the back. Remote access is obtained via Western Digital's own cloud servers. NAS drives have a storied history of falling victim to malicious actors. In April, Taiwanese storage giant QNAP urged customers to update their drives in the face of two specifically targeted ransomware strains, Qlocker and eCh0raix. Via theregister.com