yaracroft @venom@nanao.cybtex.fr

Am I FLoCed ?

https://amifloced.org/

How FLoC works ?

https://cxl.com/blog/floc-dovekey/

Disables Google's FLoC tracking for your Wordpress by adding a 'Permissions-Policy' HTTP header.

https://wordpress.org/plugins/disable-floc/

Opt-out of FLoC on your WordPress website

https://roytanck.com/2021/04/15/opt-out-of-floc-on-your-wordpress-website/

Last summer, 580 cybersecurity researchers spent 13,000 hours trying to break into a new kind of processor called Morpheus. They all failed. University of Michigan's Todd Austin explains how his team's processor defeated every attack in DARPA's hardware hacking challenge.

https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers

pfSense v2.5.1 est une mise à jour qui corrige de nombreux bugs apportés avec pfSense 2.5.0. Autre point, WireGuard est retiré de pfSense.

https://www.provya.net/?d=2021/04/15/09/46/18-pfsense-251-est-disponible

This post introduces how one can debug the entire system including system management mode (SMM) code with Windbg and Direct Connect Interface (DCI). As an example use case, we will debug the exploit of the kernel-to-SMM local privilege escalation vulnerability I reported.

https://standa-note.blogspot.com/2021/03/debugging-system-with-dci-and-windbg.html

This is a report and an exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303 (https://github.com/tandasat/SmmExploit)

Codecov - On Thursday, April 1, 2021, we learned that someone had gained unauthorized access to our Bash Uploader script and modified it without our permission.

https://about.codecov.io/security-update/

Biden administration has a plan to harden the security of the US power grid to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace - such as Russia, Iran, North Korea, and China.

https://www.tripwire.com/state-of-security/featured/white-house-plan-protect-critical-infrastructure-against-cyber-attacks/

A gang nicknamed Cl0p, FIN11, and TA505 has been hacking and extorting hundreds of companies for years

https://www.vice.com/en/article/wx5eyx/meet-the-ransomware-gang-behind-one-of-the-biggest-supply-chain-hacks-ever

Tasmania's lone casino operator confirms it is being held to ransom in a cyber attack that has impacted its pokies machines and hotel bookings system for more than a week.

https://www.abc.net.au/news/2021-04-13/ransomware-attack-hits-federal-group-casino-operator/100064038

How ransomware gangs are connected, sharing resources and tactics

https://www.redpacketsecurity.com/how-ransomware-gangs-are-connected-sharing-resources-and-tactics/

Les serveurs informatiques et le système de messagerie de la ville d'Elancourt (elancourt.fr) perturbés par une attaque informatique

https://www.facebook.com/VilleElancourt/posts/1484454968553239

Suite à une infection par ransomware une partie de l'informatique du groupe In Extenso, spécialiste des services aux TPE et PME, est paralysée, jusqu’à la téléphonie de certaines de ses 250 agences en France

https://www.lemagit.fr/actualites/252499315/In-Extenso-vient-allonger-la-liste-des-victimes-de-cyberattaques

Brazil: Two arrested in global hunt to catch child predators

Extensive research and image analysis led the investigators to a social media profile that matched the victim and allowed them to identify the perpetrators as the victim's parents. The Federal Police acted immediately, arresting both of them the same day. Child sexual abuse material circulates in anonymous and dark corners of the Internet but, as this case shows, its human impact is real and devastating.

https://www.interpol.int/News-and-Events/News/2021/Brazil-Two-arrested-in-global-hunt-to-catch-child-predators

An estate agent has been forced to apologise after exposing the seller's personal information in a virtual house tour. Unblurred family photos and financial documents were publicly visible in the 3D tour posted on Rightmove by Devon-based Fowlers. Confidential items such as a shares dividend cheque and an insurance policy paper and the names of beloved pets could be easily read by zooming in. Such viewing methods could be exploited by criminals.

https://www.dailymail.co.uk/news/article-9469205/Estate-agent-apologises-3D-tour-revealed-sellers-private-information.html

The vulnerability in Moodle ( an open-source educational platform used by 179,000 sites and has 242 million users ) had existed for 6 years before being discovered : millions of users of popular educational platform exposed..

https://www.wizcase.com/blog/moodle-vulnerability-research/

Indian Supply-chain Giant Bizongo Suffered Devastating Data Breach (643GB - 2,532,610 files exposed)

Bizongo left customer data sitting unsecured on their misconfigured Amazon Web Services (AWS) S3 bucket, a widely-used cloud storage service.

https://www.websiteplanet.com/blog/bizongo-breach-report/