Show more
⇄ Σ = Mᄃ² ⇆  

Following the scent of trickgate:

6yr old packer used to deploy the most wanted malware

Cyber criminals increasingly rely on packers to carry out their malicious activities. The packer, also referred to as “Crypter” and “FUD” on hacking forums, makes it harder for antivirus programs to detect the malicious code

research.checkpoint.com/2023/f

0
⇄ Σ = Mᄃ² ⇆  

Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber-attack.

bbc.com/news/business-64452986

0
⇄ Σ = Mᄃ² ⇆  

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, tho beware bricking

theregister.com/2023/01/30/chr

0
⇄ Σ = Mᄃ² ⇆  

An update on the information operation network of spammy influence content across multiple platforms — and TAG's ongoing work to track and disrupt.

blog.google/threat-analysis-gr

Meta and Twitter have also removed fake content from China that looks and sounds very similar to Dragonbridge's efforts

blog.twitter.com/en_us/topics/

about.fb.com/news/2019/08/remo

0
⇄ Σ = Mᄃ² ⇆  

UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,”

Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types

ncsc.gov.uk/news/spear-phishin

ncsc.gov.uk/news/uk-cyber-expe

1
⇄ Σ = Mᄃ² ⇆  

LastPass owner GoTo shares more bad news about November’s security breach

theverge.com/2023/1/24/2356910

ICYMI

LastPass Data Breach: It's Time to Ditch This Password Manager

wired.com/story/lastpass-breac

0
⇄ Σ = Mᄃ² ⇆  

if you are using Bitwarden, or any password manager, do this

"generate a random passphrase using the diceware approach

Using a dictionary for 5 dice (7776 dictionary words) and picking out four random words, you get a password with slightly over 50 bits of entropy"

words are easier to remember when it comes to master-passwords

random passphrases are stronger and take longer to crack

wikiwand.com/en/Diceware

1
⇄ Σ = Mᄃ² ⇆  

Bitwarden design flaw: Server side iterations

we look at how Bitwarden describes the process in their security whitepaper, there is an obvious flaw: the 100,000 PBKDF2 iterations on the server side are only applied to the master password hash, not to the encryption key. This is pretty much the same flaw that I discovered in LastPass in 2018

palant.info/2023/01/23/bitward

1
⇄ Σ = Mᄃ² ⇆  

Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.

It's worth noting here that the shortcoming only impacts Samsung devices that are running Android 12 and before, and does not affect those that are on the latest version (Android 13).

thehackernews.com/2023/01/sams

0
⇄ Σ = Mᄃ² ⇆  

Massive ad-fraud op dismantled after hitting millions of iOS devices

What the team pieced together was an expansive malvertising operation in which the bad actors injected JavaScript into ad creatives they issued, and then stacked a whole bunch of video players on top of one another, getting paid for all of the ads when none of them were visible to the person using the device. - HUMAN

humansecurity.com/learn/blog/t

1
⇄ Σ = Mᄃ² ⇆  

Avanan researchers have seen a new attack dubbed “Blank Image” spreading throughout the globe wherein hackers include blank images in HTML attachments. When opening the attachment, the user is automatically redirected to a malicious URL

The link to DocuSign will take you to the official DocuSign website if they click the “View Completed Document” button the “Blank Image” assault is launched if they try to open the HTML attachment.

avanan.com/blog/the-blank-imag

1+
⇄ Σ = Mᄃ² ⇆  

T-Mobile US, Inc. discovered that a malicious attacker was illegally accessing data through a single Application Programming Interface (“API”).

The research revealed that the threat actors accessed information for about 37 million active postpaid and prepaid customer accounts using this API, however many of these accounts did not include the complete data set.

Date of report (Date of earliest event reported): January 19, 2023

sec.gov/Archives/edgar/data/12

0
⇄ Σ = Mᄃ² ⇆  

Nearly 35,000 PayPal user accounts fell victim to a recent credential-stuffing attack that exposed personal data likely to be used to fuel additional, follow-on attacks.

PayPal submitted a breach disclosure that revealed that the attack began on Dec. 6, 2022 and continued until it was discovered on Dec. 20, 2002.

As a result, the names, addresses, Social Security numbers, tax identification numbers, and/or dates of birth for 34,942 users were exposed.

jdsupra.com/legalnews/paypal-i

1
⇄ Σ = Mᄃ² ⇆  

Mailchimp 'fesses up to second digital burglary in five months

Social engineering helped intruders break into customers' inboxes again

This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a straight face – that it takes the security of users' data seriously.

theregister.com/2023/01/19/mai

1
⇄ Σ = Mᄃ² ⇆  

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

bleepingcomputer.com/news/secu

1+
⇄ Σ = Mᄃ² ⇆  

PSA:

watch out for sponsored links on google

twitter.com/NFT_GOD/status/161

virustotal.com/gui/file/2de689

1
⇄ Σ = Mᄃ² ⇆  

WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities << December 19, 2022

Yesterday, the researcher disclosed technical details about each vulnerability with proof of concept exploits using the SLEEP function to demonstrate how the flaws work.

blackhatethicalhacking.com/new

0
⇄ Σ = Mᄃ² ⇆  

At $39.99 with a $3 coupon option for Amazon Prime members, the T95 Android 10.0 TV box might seem like a good value

But when an unsuspecting but cybersecurity-savvy customer ordered one up, he said it came "festooned" with malware

no extra charge >> all malware FREE

Daniel Milisic warned consumers in Reddit and GitHub posts that he just happened to have bought the box to run Pi-hole tracker blocking — and that he immediately made a startling discovery

reddit.com/r/Android/comments/

1
⇄ Σ = Mᄃ² ⇆  

Don’t trust your inbox: protect your organization from modern attacks against your #1 business application — email. Defend against evolving threats and gain insights into bad actors’ next moves, with Cloudflare Area 1.

Email Link Isolation: your safety net for the latest phishing attacks

blog.cloudflare.com/area1-eli-

0
⇄ Σ = Mᄃ² ⇆  

The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge as well as all chromium browsers

(Report)

the Imperva team found that the first fix, introduced in Chrome 107, did not fully address the issue. The team notified Google of this, and the issue was fully resolved in Chrome 108

imperva.com/blog/google-chrome

0
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

300

ai

209

linux

88

podcasts

78

cybercrime

38

scotspolitics

23

cosotips

20

privacy

14

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…