-
Posts
1026 -
Joined
-
Days Won
55
Everything posted by Kev
-
Intrebare - Verificare adresa mail pe site-ul haveibeenpwned.com
Kev replied to Scorpionadi's topic in Stiri securitate
Afirmativ On: Dormi linistit, password-urile nu sunt pe google Edit: din 2016 pana in prezent au fost notificati, majoritatea si-au schimbat parolele, d'asta exista sectiunea Stiri Securitate -
There has been a heightened appetite among US consumers for VPN services throughout 2020 and into 2021 Since March 2020 there has been an increase of of VPN (Virtual Private Network) discount-related searches as Americans search for a way to feel secure online, according to a new report. New York, NY-based coupon engine CouponFollow, part of NextGen Shopping surveyed 1,666 US adults before the pandemic and a further 1,834 US adults in February 2021 to understand how Americans view their internet security and data privacy. The report showed that almost seven in ten (69%) of Americans are concerned about the security of their data when using public Wi-fi, and nearly two in three (64%) are worried about it when using the internet at home. A similar percentage (65%) are concerned that their medical or financial data might be shared -- or sold on -- by their ISP. Online privacy worries almost half (47%) of Americans who are concerned about their privacy when using public Wi-Fi. Nearly a third (30%) worry about their privacy even when using the Internet at home. CouponFollow Online fraud and hacking is a concern for Americans with over one in three (35%) knowing someone who has had their social media account hacked or hijacked -- including them. Almost half of Millennials (48%) reported this happening. In October 2020 the UK's data privacy watchdog fined the Marriott hotel chain for a data breach that could have affected up to 339 million guests. Even social media sites like Facebook has suffered data leaks. One in three have had, or know someone who has had their password stolen, and (52%) of Millennials and Gen Z reported the same. Only 12% of Baby Boomers reported having their password stolen, and one in five (20%) had a social media account hacked or hijacked -- reflecting the amount of time they spend online. Although one in three (35%) Americas use a VPN, 33% reported that they do not know what a VPN is. Men are more likely to know what a VPN is, but almost half of Baby Boomers (49%) do not know what a VPN is. Even two in five (40%) of VPN users do not understand what the term VPN means. CouponFollow Using the internet at work does not seem to elicit the same level of concern. This could be due to the levels of antivirus and firewall protections that their employer has implemented on their devices. Perhaps it is due to the type of sites that people browse on their work devices, here, less than one in three (32%) are worried about their security. Less than one in five (18%) are concerned about their privacy when browsing the web from a work device. Over one in ten (12%) started to use a VPN in 2020, and one in five (21%) installed a VPN to enable them to work from home. Up to 35% of Americans already use a VPN for anonymous browsing (45%), work access (45%), or for shopping online (21%). Only 12% use it for Torrenting or P2P file sharing. As hacking attempts and breaches grow Americans have good reason to be cautious. Parler's data leak exposed millions of posts as 70TB of data was scraped from the platform, and The ParkMobile app data breach exposed data from 21 million users. Being ultra-careful online will be the only way to avoid being a victim of the next breach. Via zdnet.com
-
^ Local, nu imi imaginez cauza Uneori
-
Am rezolvat cu wget Totusi nu inteleg de ce nu nu au frames gif-urile salvate, nu este un link anume, exif, etc, problema cred ca este din PC
-
1. Save As -> my computer -> open image.gif Sec 2. Reupload -> myhost.com -> url myhost.com/image.gif Sec in sensul ca devinde cumva .jpg, trebuie sa le urc pe host cumva prin url, iar eu le vreau la mine hostate, nu imgur, postimg etc... de aceea platesc Edit/ salvez o imagine.gif de pe postimg.com iar cand ii fac reupload pe imgbb.com nu are frame-uri
-
Salut, ce va paste de craciun? On: ma confrunt cu o mica problema, incerc sa salvez un oarecare gif in Windows 10 din Opera, Chrome... s.a.m.d, insa imaginile raman intacte cand le deschid cu orice viewer, re-upload la fel. Multumesc
-
Something weird happened minutes before Trump left—US says it was security research. The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a "pilot" project to conduct security research. The number of Pentagon-owned IP addresses announced by the company rose to 56 million by late January and 175 million by April, making it the world's largest announcer of IP addresses in the IPv4 global routing table. The Post wrote: “SWAT team of nerds” The 6-year-old DDS consists of "82 engineers, data scientists, and computer scientists" who "worked on the much-publicized 'hack the Pentagon' program" and a variety of other projects tackling some of the hardest technology problems faced by the military, a Department of Defense article said in October 2020. Goldstein has called the unit a "SWAT team of nerds." The Defense Department did not say what the unit's specific objectives are in its project with Global Resource Systems, "and Pentagon officials declined to say why Goldstein's unit had used a little-known Florida company to carry out the pilot effort rather than have the Defense Department itself 'announce' the addresses through BGP [Border Gateway Protocol] messages—a far more routine approach," the Post said. Still, the government's explanation piqued the interest of Doug Madory, director of Internet analysis at network-security company Kentik. "I interpret this to mean that the objectives of this effort are twofold," Madory wrote in a blog post Saturday. "First, to announce this address space to scare off any would-be squatters, and secondly, to collect a massive amount of background Internet traffic for threat intelligence." New company remains mysterious The Washington Post and Associated Press weren't able to dig up many details about Global Resource Systems. "The company did not return phone calls or emails from The Associated Press. It has no web presence, though it has the domain grscorp.com," an AP story yesterday said. "Its name doesn't appear on the directory of its Plantation, Florida, domicile, and a receptionist drew a blank when an AP reporter asked for a company representative at the office earlier this month. She found its name on a tenant list and suggested trying email. Records show the company has not obtained a business license in Plantation." The AP apparently wasn't able to track down people associated with the company. The AP said that the Pentagon "has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September." Global Resource Systems' name "is identical to that of a firm that independent Internet fraud researcher Ron Guilmette says was sending out email spam using the very same Internet routing identifier," the AP continued. "It shut down more than a decade ago. All that differs is the type of company. This one's a limited liability corporation. The other was a corporation. Both used the same street address in Plantation, a suburb of Fort Lauderdale." The AP did find out that the Defense Department still owns the IP addresses, saying that "a Defense Department spokesman, Russell Goemaere, told the AP on Saturday that none of the newly announced space has been sold." Bigger than China Telecom and Comcast Network experts were stumped by the emergence of Global Resource Systems for a while. Madory called it "a great mystery." At 11:57 am EST on January 20, three minutes before the Trump administration officially came to an end, "[a]n entity that hadn't been heard from in over a decade began announcing large swaths of formerly unused IPv4 address space belonging to the US Department of Defense," Madory wrote. Global Resource Systems is labeled AS8003 and GRS-DOD in BGP records. Madory wrote: In mid-March, "astute contributors to the NANOG listserv highlighted the oddity of massive amounts of DoD address space being announced by what appeared to be a shell company," Madory noted. DoD has “massive ranges” of IPv4 space The Defense Department "was allocated numerous massive ranges of IPv4 address space" decades ago, but "only a portion of that address space was ever utilized (i.e. announced by the DoD on the Internet)," Madory wrote. Expanding on his point that the Defense Department may want to "scare off any would-be squatters," he wrote that "there is a vast world of fraudulent BGP routing out there. As I've documented over the years, various types of bad actors use unrouted address space to bypass blocklists in order to send spam and other types of malicious traffic." On the Defense Department's goal of collecting "background Internet traffic for threat intelligence," Madory noted that "there is a lot of background noise that can be scooped up when announcing large ranges of IPv4 address space." Potential routing problems The emergence of previously dormant IP addresses could lead to routing problems. In 2018, AT&T unintentionally blocked its home-Internet customers from Cloudflare's new DNS service because the Cloudflare service and the AT&T gateway were using the same IP address of 1.1.1.1. Madory wrote: Madory's conclusion was that the new statement from the Defense Department "answers some questions," but "much remains a mystery." It isn't clear why the Defense Department didn't simply announce the address space itself instead of using an obscure outside entity, and it's unclear why the project came "to life in the final moments of the previous administration," he wrote. But something good might come out of it, Madory added: "We likely won't get all of the answers anytime soon, but we can certainly hope that the DoD uses the threat intel gleaned from the large amounts of background traffic for the benefit of everyone. Maybe they could come to a NANOG conference and present about the troves of erroneous traffic being sent their way." Via arstechnica.com
-
The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers. Android mobile phone users across the U.K. are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the country’s National Cyber Security Centre. Victims are asked to download a fake app from a malicious website. Click to enlarge. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is really just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu. The U.K.’s National Cyber Security Centre (NCSC) has issued security guidance about how to identify and remove FluBot malware, while network providers including Three and Vodafone have also issued warnings to users over the text message attacks. So far, most of the phishing texts are branded to look like they are being sent from DHL, the NCSC said, but warned, “the scam could change to abuse other company brands.” One victim posted a message posing as a link from the Royal Mail. Another user on Twitter spotted this scam “Amazon” message which they point out swaps the “o” for a zero in the link. Telecom carriers Vodafone UK, Three UK and EE have all confirmed the scam is traversing their networks, which collectively have more than 58 million subscribers across the country. Anyone who receives what they believe to be a scam text is advised not to click on any links and forward the text to “7726” a “free spam-reporting line” established to combat fraud in the U.K. Finally, delete the message and block the sender. If a user has already clicked on the link, the NCSC warned not to enter any password or other personal information. To remove the malware from the infected device, “Perform a factory reset as soon as possible,” the NSCS guidance reads. “The process for doing this will vary based on the device manufacturer…Note that if you don’t have backups enabled, you will lose data.” The NCSC added that if a user has entered their personal information, it’s critical to change those passwords immediately to prevent further compromise. To prevent future attacks, NSCS said users should back up any important information, only install a minimal number of apps from trusted sources and use available virus protection offered by Google Play and others. SMS Phishing (‘Smishing’) On the Rise These types of SMS phishing scams, also known as “smishing,” aren’t anything new. In February, attackers were harvesting personal data of users in the U..K. with fake messages promising tax refunds for overpayment. Mobile phishing has been a booming business since the start of the COVID-19 pandemic, experts say, which they expect will only continue to grow. Paul Ducklin, researcher at Sophos, explained why smishing is becoming such a popular choice for threat actors in discussing the February campaign. Via threatpost.com
-
Lockdown's getting to everyone – even the social media monkeys British domestic spy agency MI5 wants to dispel the idea it is staffed by martini-quaffing layabouts who spend implausible amounts of time lounging around top-end bars and hotels. It has therefore opened an Instagram account. News of the agency's foray into the Facebook-owned platform, which shows you heavily filtered photographs from the perspective of somebody whose world consists of estate agents' marketing photoshoots and perfume ads, came this morning as part of a recruitment drive. MI5 chief Ken McCallum said in a statement about @mi5official: "You can insert your own joke about whether we will be following you." The account can be viewed here, though to view posts on it you'll need to be a registered user. The first post by MI5 on Instagram was a photo of the entrance to its London HQ. We are sure MI5 is happy to have contributed towards Facebook's object-recognition AI project, given how the agency greedily hoovers up data about Britons' online habits in the hope of finding enemy spies, terrorists, criminals, and so on. We are told that "being more open" is the key to spy agency recruitment in the 2020s, with McCallum adding, for the Daily Telegraph: "We must get past whatever martini-drinking stereotypes may be lingering by conveying a bit more of what today's MI5 is actually like, so that people don't rule themselves out based on perceived barriers such as socio-economic background, ethnicity, sexuality, gender, disability, or which part of the country they happen to have been born in." Exactly how an Instagram account achieves that wasn't explained; the platform is famous for influencers grifters posing in bars, hotels, and holiday destinations while imperiously demanding free stuff from any business they encounter on their travels. The odds of MI5 becoming an influencer are probably low, though perhaps some future incarnation of James Bond's Q could become a profitable robot influencer. Lest anyone be fooled by this twee display, the agency's previous boss used his departure speech to call for E2E encryption on messaging platforms to be backdoored so his employees wouldn't have to work too hard. On the flip side, it does do some good in the world; earlier this week MI5's CPNI offshoot warned of hostile countries targeting British public-sector workers for recruitment as informants via LinkedIn. MI5 is also capable of being too sneaky: Surveyors from BT's mobile arm, EE, nearly proposed installing a Huawei mobile mast on the roof of a secret agency data centre in West London. ® Via theregister.com
-
Automated Binance trading bot with trailing buy/sell strategy This is a test project. I am just testing my code. Warnings I cannot guarantee whether you can make money or not. So use it at your own risk! I have no responsibility for any loss or hardship incurred directly or indirectly by using this code. Before updating the bot, make sure to record the last buy price in the note. It may lose the configuration or last buy price records. Breaking Changes As I introduce a new feature, I did lots of refactoring the code including settings. If the bot version is lower than the version 0.0.57, then the update will cause lost your settings and the last buy price records. You must write down settings and the last buy price records and re-configure after the upgrade. If experiences any issue, simply delete all docker volumes/images and re-launch the bot. How it works Trailing Buy/Sell Bot This bot is using the concept of trailing buy/sell order which allows following the price fall/rise. The bot can monitor multiple symbols. Each symbol will be monitored per second. The bot is only tested and working with USDT pair in the FIAT market such as BTCUSDT, ETHUSDT. You can add more FIAT symbols like BUSD, AUD from the frontend. However, I didn't test in the live server. So use with your own risk. The bot is using MongoDB to provide a persistence database. However, it does not use the latest MongoDB to support Raspberry Pi 32bit. Used MongoDB version is 3.2.20, which is provided by apcheamitru. Buy Signal The bot will continuously monitor the lowest value for the period of the candles. Once the current price reaches the lowest price, then the bot will place a STOP-LOSS-LIMIT order to buy. If the current price continuously falls, then the bot will cancel the previous order and re-place the new STOP-LOSS-LIMIT order with the new price. The bot will not place a buy order if has enough coin (typically over $10 worth) to sell when reaches the trigger price for selling. Buy Scenario Let say, if the buy configurations are set as below: Maximum purchase amount: $50 Trigger percentage: 1.005 (0.5%) Stop price percentage: 1.01 (1.0%) Limit price percentage: 1.011 (1.1%) And the market is as below: Current price: $101 Lowest price: $100 Trigger price: $100.5 Then the bot will not place an order because the trigger price ($100.5) is less than the current price ($101). In the next tick, the market changes as below: Current price: $100 Lowest price: $100 Trigger price: $100.5 The bot will place new STOP-LOSS-LIMIT order for buying because the current price ($100) is less than the trigger price ($100.5). For the simple calculation, I do not take an account for the commission. In real trading, the quantity may be different. The new buy order will be placed as below: Stop price: $100 * 1.01 = $101 Limit price: $100 * 1.011 = $101.1 Quantity: 0.49 In the next tick, the market changes as below: Current price: $99 Current limit price: $99 * 1.011 = 100.089 Open order stop price: $101 As the open order's stop price ($101) is higher than the current limit price ($100.089), the bot will cancel the open order and place new STOP-LOSS-LIMIT order as below: Stop price: $99 * 1.01 = $99.99 Limit price: $99 * 1.011 = $100.089 Quantity: 0.49 If the price continuously falls, then the new buy order will be placed with the new price. And if the market changes as below in the next tick: Current price: $100 Then the current price reaches the stop price ($99.99); hence, the order will be executed with the limit price ($100.089). Sell Signal If there is enough balance for selling and the last buy price is recorded in the bot, then the bot will start monitoring the sell signal. Once the current price reaches the trigger price, then the bot will place a STOP-LOSS-LIMIT order to sell. If the current price continuously rises, then the bot will cancel the previous order and re-place the new STOP-LOSS-LIMIT order with the new price. If the coin is worth less than typically $10 (minimum notional value), then the bot will remove the last buy price because Binance does not allow to place an order of less than $10. If the bot does not have a record for the last buy price, the bot will not sell the coin. Sell Scenario Let say, if the sell configurations are set as below: Trigger percentage: 1.05 (5.0%) Stop price percentage: 0.98 (-2.0%) Limit price percentage: 0.979 (-2.1%) And the market is as below: Coin owned: 0.5 Current price: $100 Last buy price: $100 Trigger price: $100 * 1.05 = $105 Then the bot will not place an order because the trigger price ($105) is higher than the current price ($100). If the price is continuously falling, then the bot will keep monitoring until the price reaches the trigger price. In the next tick, the market changes as below: Current price: $105 Trigger price: $105 The bot will place new STOP-LOSS-LIMIT order for selling because the current price ($105) is higher or equal than the trigger price ($105). For the simple calculation, I do not take an account for the commission. In real trading, the quantity may be different. The new sell order will be placed as below: Stop price: $105 * 0.98 = $102.9 Limit price: $105 * 0.979 = $102.795 Quantity: 0.5 In the next tick, the market changes as below: Current price: $106 Current limit price: $103.774 Open order stop price: $102.29 As the open order's stop price ($102.29) is less than the current limit price ($103.774), the bot will cancel the open order and place new STOP-LOSS-LIMIT order as below: Stop price: $106 * 0.98 = $103.88 Limit price: $106 * 0.979 = $103.774 Quantity: 0.5 If the price continuously rises, then the new sell order will be placed with the new price. And if the market changes as below in the next tick: Current price: $103 The the current price reaches the stop price ($103.88); hence, the order will be executed with the limit price ($103.774). Frontend + WebSocket React.js based frontend communicating via Web Socket: List monitoring coins with buy/sell signals/open orders View account balances Manage global/symbol settings Delete caches that are not monitored Link to public URL Support Add to Home Screen Environment Parameters Use environment parameters to adjust parameters. Check /config/custom-environment-variables.json to see list of available environment parameters. Or use the frontend to adjust configurations after launching the application. How to use 1. Create .env file based on .env.dist. 2. Check docker-compose.yml for BINANCE_MODE environment parameter 3. Launch the application with docker-compose git pull docker-compose up -d or using the latest build image from DockerHub git pull docker-compose -f docker-compose.server.yml pull docker-compose -f docker-compose.server.yml up -d or if using Raspberry Pi 32bit. Must build again for Raspberry Pi. git pull docker build . --build-arg NODE_ENV=production --target production-stage -t chrisleekr/binance-trading-bot:latest docker-compose -f docker-compose.rpi.yml up -d 4. Open browser http://0.0.0.0:8080 to see the frontend When launching the application, it will notify public URL to the Slack. Install via Stackfile In Portainer create new Stack Copy content of docker-stack.yml or upload the file Set environment keys for binance-bot in the docker-stack.yml Launch and open browser http://0.0.0.0:8080 to see the frontend Screenshots Frontend Desktop Sample Trade Chart Buy Orders Sell Orders Last 30 days trade Trade History PNL Analysis Changes & Todo Please refer CHANGELOG.md to view the past changes. Update the bot to monitor all coins every second - #52 Display release version to the frontend - #59 Improve frontend & settings UI - #93 #85 Support all symbols - #104 Improve sell strategy with conditional stop price percentage based on the profit percentage - #94 Add sudden drop buy strategy - #67 Improve buy strategy with restricting purchase if the price is close to ATH - #82 Add minimum required order amount - #84 Add manual buy/sell feature - #100 Add stop loss feature - #99 Support multilingual frontend - #56 Reset global configuration to initial configuration - #97 Add frontend option to disable sorting Allow browser notification in the frontend Secure frontend with the password Develop simple setup screen for secrets Acknowledgments @d0x2f @Maxoos @OOtta @ienthach @PlayeTT @chopeta @santoshbmath @BramFr Contributors chrisleekr Romuald R. hipposen thamlth Download binance-trading-bot-master.zip or git clone https://github.com/chrisleekr/binance-trading-bot.git Source
-
One of the biggest encrypted chat apps in the world just showed how a device used to decrypt messages can be hacked and tampered with. IMAGE: JACK GUEZ/AFP VIA GETTY IMAGES) Moxie Marlinspike, the founder of the popular encrypted chat app Signal, claims to have hacked devices made by the phone unlocking company Cellebrite, which has famously worked with cops to circumvent encryption such as Signal's. In a blog post Wednesday, Marlinspike not only published details of new exploits for Cellebrite devices, but seemed to suggest that Signal's code could be theoretically altered to hack Cellebrite devices en masse. Marlinspike claims (whether you believe this portion of the post or not is up to you) that while he was on a walk he happened to find a Cellebrite phone unlocking device: Cellebrite devices are used by cops to unlock iPhones in order to gather evidence from encrypted devices. This can include photos and messages on the device, potentially including Signal messages. Along with his colleagues, Marlinspike analyzed the device and found that it included several vulnerabilities that could allow an attacker to include an "otherwise innocuous file in an app" that when it gets scanned by a Cellebrite device exploits it and tampers with the device and the data it can access. To be clear, this is a pretty ballsy show of force. Marlinspike published details about the exploits outside of normal "responsible disclosure" guidelines and suggested that he is willing to share details of the vulnerabilities as long as Cellebrite does the same with all the bugs the company uses to unlock phones, "now and in the future." In a slightly nebulous final paragraph. Marlinspike said that future versions of Signal will include files that "are never used for anything inside Signal and never interact with Signal software or data," perhaps implying these could be designed to tamper with Cellebrite devices. We reached out to Signal to ask them to clarify what Marlinspike meant exactly in the last paragraph of his blog post. Cellebrite did not immediately respond to a request for comment. In their analysis of the device, Signal researchers also found that it contained packages signed by Apple, and likely extracted from the Windows installer for iTunes version 12.9.0.167. According to Marlinspike, this could be a copyright violation. Via vice.com
-
off: aunci ce cauti aici? in caz contrar, munca bani, rabdare si xbox ce vrei
-
Nu am cittit ce scrie fantoma in cazul in care ulterior ai o firma si, poti dovedi ca ai fost activ, obtii foarte usor fonduri. PS: multi cer comision PS2: grije ce semnezi
-
Martie,, Aprilie, Decembrie? ce mai e? Posteaza in market
-
^Thanks for your reply Pentru https://crowdo.net are cineva un feedback? testat. Merita?
-
Salut Un link officialde unde pot descarca Xrumer, sau alte programe similare cu sau fara plata PS: blog comment posting (sunt blogurile mele) Multumesc
-
te mănâncă si nu stii cum sa te scarpini
-
The researchers who discovered the bug have earned themselves $200,000. A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services. The latest competition included 23 entries, competing in different categories including web browsers, virtualization software, servers, enterprise communication, and local escalation of privilege. For successful entrants, the financial rewards can be high -- and in this case, Daan Keuper and Thijs Alkemade earned themselves $200,000 for their Zoom discovery. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. In a statement to Tom's Guide, Zoom thanked the Computest researchers and said the company was "working to mitigate this issue with respect to Zoom Chat." In-session Zoom Meetings and Zoom Video Webinars are not affected. Vendors have a 90-day window, which is standard practice in vulnerability disclosure programs, to resolve the security issues found. End-users just need to wait for a patch to be issued -- but if worried, they can use the browser version in the meantime. Other successful attacks of note during the content include: Apple Safari: Jack Dates, kernel-level code execution, $100,000 Microsoft Exchange: DEVCORE, complete server takeover, $200,000 Microsoft Teams: OV, code execution, $200,000 Ubuntu Desktop: Ryota Shiga, standard user to root, $30,000 Via zdnet.com
-
📜 Hover over a variable to view its documentation ➡️ Click on a variable to jump to its definition 🧠 Understands all language constructs (local variables, functions, etc.) ⤴️ Works on pull requests ⚡️ Lightning fast 📝 Works on Java and Go code (more languages coming) Download codewing-master.zip or git clone https://github.com/codewing-dev/codewing.git Sources: github.com https://codewing.dev/
-
Fake job offers lure professionals into downloading the more_eggs backdoor trojan. A threat group called Golden Chickens is delivering the fileless backdoor more_eggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. The phishing emails try to trick a victim into clicking on a malicious .ZIP file by picking up the victim’s current job title and adding the word “position” at the end, making it appear like a legitimate offer. Once downloaded, more_eggs can fetch additional malware and provide access to the victim’s system, the report said. The Golden Chickens group is also selling more_eggs as malware-as-a-service to other cybercriminals, who use it to gain a foothold in victim’s systems to install other types of malware, including banking malware, credential stealers and ransomware, or just to exfiltrate data, eSentire reported. More_Eggs Malware: A ‘Formidable Threat’ Rob McLeod, eSentire’s Threat Response Unit director ,highlighted three specific aspects of the more_eggs trojan that make it what he described as a “formidable threat to business and business professionals.” First, it abuses normal Windows processes to avoid antivirus protections. Second, McLeod pointed out the personalized spear phishing emails are effective in enticing victims to click on the fake job offer. What’s perhaps most pernicious is that the malware exploits job hunters desperate to find employment in the midst of a global pandemic and skyrocketing unemployment rates, he added. While eSentire hasn’t been able to pinpoint the group behind more_eggs, researchers have observed the groups FIN6, Cobalt Group and Evilnum have each used the more_eggs malware as a service for their own purposes. More_Eggs Malware-As-A-Service The financial threat gang FIN6 used the more_eggs malware to target various e-commerce companies back in 2019. At the same time, attackers used more_eggs to breach retail, entertainment and pharmaceutical companies’ online payments systems, which reSentire esearchers haven’t definitively linked to FIN6, but are suspected to be linked. Other groups have used the malware too. Evilnum likes to attack financial tech companies, according to eSentire, to steal spreadsheets, customer lists and trading credentials, while Cobalt Group is usually focused on attacking financial companies with the more_eggs backdoor. Rather than attack someone who is unemployed, experts agree that the goal of the campaign is likely to attack people who are employed and have access to sensitive data. How to Avoid Being a LinkedIn Victim The motivation for the attacks is unclear, researchers said. In the report, eSentire follows the more_eggs LinkedIn attack on someone in the health care technology sector. Chris Hazelton with mobile security provider Lookout told Morales added that to avoid compromise, all users on LinkedIn should be on the lookout for spear-phishing scams. Via threatpost.com
-
Wormhole lets you share files with end-to-end encryption and a link that automatically expires. So you can keep what you share private and make sure your stuff doesn't stay online forever. Link: https://wormhole.app/ Source
-
passwdqc is a password/passphrase strength checking and policy enforcement toolset, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck, pwqfilter, and pwqgen), and a library (libpasswdqc). On systems with PAM, pam_passwdqc is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable. pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts. The pwqfilter program searches, creates, or updates binary passphrase filter files, which can also be used with pwqcheck and pam_passwdqc. libpasswdqc is the underlying library, which can also be used from third-party programs. You can view the latest INSTALL, README, PLATFORMS, CHANGES, and LICENSE files (which are also included in the archives below), as well as screenshots demonstrating the uses and setup of passwdqc on Openwall GNU/*/Linux. There's a wiki page with detailed Solaris-specific instructions and another one with password strength policy considerations (a must read before you possibly override passwdqc's defaults). There's also a tutorial on using the pwqcheck program from PHP scripts. Download (release notes, previous release notes passwdqc 2.0.1 and its signature This includes all components mentioned above. pam_passwdqc 1.0.5 and its signature The final version of pam_passwdqc only, from just before we turned it into passwdqc. This older package does not include nor require libpasswdqc. If applicable, consider passwdqc for Windows Source
-
- 1