yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Group-IB, one of the leading providers of solutions dedicated to detecting and preventing #cyber attacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has supported INTERPOL in its Lyrebird operation that resulted in the identification and apprehension of a threat actor presumably responsible for multiple attacks, including on telecommunications companies in #France, the county's major banks and multinational corporations, following a two-year investigation. The alleged perpetrator, who turned out to be a citizen of #Morocco, was arrested in May 2021 by the Moroccan #police based on the data about his cybercrimes that was provided by Group-IB.
A certification authority (CA) official website was harboring #malware and facilitated downloads of a backdoored client to users. Attackers clearly intended to spread malware to users in Mongolia by compromising a trustworthy source, which in this case is a CA in Mongolia
https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/
(fr) Le site web bitcoin.org cible d'une attaque #DDoS « absolument massive ». Inaccessible durant des heures, bitcoin.org a ensuite reçu une demande de rançon s'élevant à la moitié d'un #Bitcoin, soit approximativement 14,000 € . (en) bitcoin.org, one of the first bitcoin-related websites, was the target of a major #ransomware assault. It was attacked with a DDoS assault, and the hackers wanted 0.5 Bitcoin as a ransom.
Russian government hackers APT29 breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive #ransomware attack.
How to write an effective pentest report vulnerability reports
https://cobalt.io/blog/how-to-write-an-effective-pentest-report-vulnerability-reports
(Golang) Fast golang web crawler for gathering URLs and JavaSript file locations.
CVE-2021-30116 SQL injection vulnerability in Kaseya Virtual System Administrator (VSA) allows remote malicious users to execute arbitrary SQL commands.
(Golang) Gotator is a tool to generate DNS wordlists through permutations.
On July 4, the day of the site' official launch, a hacker broke into and defaced some of the site's most prominent users, including its founder Jason Miller, former CIA director Mike Pompeo, former Trump advisor Steve Bannon, and pro-Trump congresswoman Marjorie Taylor Greene
https://www.businessinsider.com/gettr-trump-allies-get-accounts-hacked-july-4-launch-day-2021-7
Hackers have scraped the new right-wing social media platform GETTR, getting 90,000 usernames and email addresses
https://www.vice.com/en/article/dyv44m/hackers-scrape-90000-gettr-user-emails-surprising-no-one
#Ransomware statistics for 2021 : Q2 report
https://blog.emsisoft.com/en/38864/ransomware-statistics-for-2021-q2-report/
Robert Graham is trying to create perfect screen captures of SDR #wifi #bluetooth
https://blog.erratasec.com/2021/07/some-quick-notes-on-sdr.html
Realtek #WiFi Firmware and a Fully 8051-based Keylogger Using RealWOW Technology
- The Realtek rtl8821ae Chip+The Basic Firmware Structure
- Dumping the Mask ROM
- The Bluetooth Firmware
- How the Driver Sends Packets
- Welcome to use Realtek RealWoW Tech
- A Purely 8051-based Keylogger
« The funny thing is that this is effectively a keylogger that does not run any code on the CPU while it is running. » #informatique
https://8051enthusiast.github.io/2021/07/05/002-wifi_fun.html
Without too much effort, we now have a pretty powerful #python script for continuously testing our firmware for basic BLE functionality.
Solène Rapenne shared simple cheatsheet to manage Gentoo systems
https://dataswamp.org/~solene/2021-07-05-gentoo-cheatsheet.html
What led to « bags of gas ? » #Ransomware puts the #US's failings in #cyber security policy on full display.
https://www.linkedin.com/pulse/what-led-bags-gas-ransomware-puts-uss-failings-policy-alice-albl/
At least Five Australian MSPs, 300 customer sites hit in Kaseya #ransomware attack
The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for #cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds.
Privacy vs The Government: Why backdoors are a security nightmare
There are indeed valid arguments for why the government should have access to data necessary to ensure public safety and stop #terrorism. But the question is at what cost does the government obtain this information ?
It's not a matter of whether the government can access data. It's a matter of whether anyone can access it. There's no way to design a system such that only the « good guys » have access. It's a question of security vs insecurity. This is the opinion of most people who deal professionally with #cryptography and communications #security, and the government would do well to finally start taking the advice of these security people. What the government has expressly stated they want is not only access to information held by #technology companies, but also a backdoor into information that technology companies don't have access to.
https://serpentsec.1337.cx/privacy-vs-the-government-why-backdoors-are-a-security-nightmare
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
