⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017
ICYMI(and in case you use it)
Google Password Manager, revealed late last week via blog post, 5 new features to manage your passwords in Chrome
new features include a new "Password Manager" menu in Chrome for easy access and the ability to make a desktop shortcut for Password Manager. You'll also be able to set biometric locks (fingerprints, face scans) on desktop, provided your computer actually supports those features
https://blog.google/products/chrome/google-chrome-password-manager-new-features
Online muggers make serious moves on unpatched Microsoft bugs
Win32k and Visual Studio flaws are under attack
"It poses a significant risk to earlier systems," the researchers wrote. "Exploitation of such vulnerabilities has a notorious track record."
Browser extension developers targeted with schemes and scams
They're being asked to sell, or modify, their code – and trust in your favourite add-ons could be a casualty
creator of a browser extension called "I don't care about cookies" that suppresses EU cookie popup menus, sold his extension code to Avast – a security firm that subsequently merged with NortonLifeLock (which later rebranded as "Gen Digital").
The deal has not been well received by some users of the extension
Google has recently issued a warning to its 1.8 billion Gmail users following a security flaw that was discovered in one of its latest security functions.
https://www.cysecurity.news/2023/06/google-gmail-users-warned-of-security.html
(not related)
Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December.
PSA
Malicious actors are using the AI-based technology to manipulate benign images or videos of victims into explicit content. As deepfake innovation advances, such content is becoming more life-like and cheaper for bad actors to access.
The FBI has warned internet users to be cautious when posting or direct messaging personal photos and videos, after noting complaints about sexually explicit deepfakes circulating on the web.
British Airways, Boots and the BBC have been hit with an ultimatum from the Russian-speaking cybercrime group Clop to begin ransom negotiations after it stole personal details of more than 100,000 staff across the organisations.
Russian-speaking Clop group demands ransom negotiations after stealing data of thousands of staff
The threat is an escalation of conventional ransomware attacks and is known as “doxware”.
Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service.
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
The Picture in Picture Attack
Toyota admits to yet another cloud leak
Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities
These emails pretend to be from a customer of an online store who had $550 deducted from their bank account after an alleged order did not properly go through.
BleepingComputer received one of these emails this week and, after researching the attack, has found it widespread with many submissions to VirusTotal over the past week.
Online sellers targeted by new information-stealing malware
Operation Triangulation
An undisclosed nation state targeted kaspersky
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question
high risk attack
Someone has purchased vx-underground.com.
The domain tries to trick users into downloading malware and/or into calling a phony tech support phone number.
real vx-underground is .org not .com
👀 always be vigilant of that address bar 👀
A Popular Password Hashing Algorithm Starts Its Long Goodbye
The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.
https://www.wired.com/story/bcrypt-password-hashing-25-years/
Netflix's Password-Sharing Ban Offers Security Upsides
The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.
Hidden Cybersecurity Lesson in Netflix's Password Crackdown
https://www.darkreading.com/endpoint/netflix-password-sharing-ban-offers-security-upsides
Chinese hackers used "stealthy" malware to attack critical infrastructure on American military bases in Guam, say Microsoft and Western spy agencies.
Together with the Five Eyes alliance - comprising the intelligence agencies of the US, Australia, Britain, New Zealand and Canada - Microsoft published details of the malware on Wednesday.
an OSINT-based search engine, made an exciting announcement introducing the launch of a Chrome extension called Criminal IP AI-based Phishing Link Checker on May 22, 2023.
This Criminal IP’s Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.
/nosanitize
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices.
tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, 13
Samsung, in an advisory released this month, said it was "notified that an exploit for this issue had existed in the wild," adding it was privately disclosed to the company on Jan 17, 2023
https://thehackernews.com/2023/05/samsung-devices-under-active.html
New breach: Luxoticca had 77M email addresses breached via a partner in 2021. Data also included names, physical addresses, DoBs, genders and phone numbers. 74% were already in haveibeenpwned.
more recently, the database was leaked in its entirety for free on April 30th and May 12th, 2023
read more:
The link between online gaming and hacking
Mike Jones is a Security Researcher who mentors children that have been identified as potential cyber criminals.
He explained that organised criminals are increasingly targeting kids who play video games and coercing them to carry out cyberattacks.
Child hackers: How are kids becoming sophisticated cyber criminals?
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.
particularly budget phones, with a majority of the infections discovered in the U.S., Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, the Philippines, and Argentina.
https://thehackernews.com/2023/05/this-cybercrime-syndicate-pre-infected.html
⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017