Show more
⇄ Σ = Mᄃ² ⇆  

As many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023. This includes: ws-paso-jssdk, pingan-vue-floating, srm-front-util, cloud-room-video, progress-player, ynf-core-loader, ynf-core-renderer, ynf-dx-scripts, and ynf-dx-webpack-plugins.

"Due to the sophisticated nature of the attack and the small number of affected packages, we suspect this is another highly targeted attack"

North Korean Hackers Suspected

blog.phylum.io/sophisticated-h

0
⇄ Σ = Mᄃ² ⇆  

ProtonMail Complied with 5,957 Data Requests in 2022 – Still Secure and Private?

Proton provides data to the FBI and other police agencies

This past week Forbes ran an article on a case where the FBI was able to get data on a U.S. ProtonMail user who was being investigated for harassment (but not charged with any crime).

(they do seem to comply a heck of a lot)

restoreprivacy.com/protonmail-

1
⇄ Σ = Mᄃ² ⇆  

A Huge Scam Targeting Kids With Roblox and Fortnite ‘Offers’ Has Been Hiding in Plain Sight

The wide-ranging scams, often disguised as game promotions, can all be linked back to one network < CPABuild

wired.com/story/poison-pdf-sca

1+
⇄ Σ = Mᄃ² ⇆  

Security News This Week:

ICYMI anything a nice round-up of latest security news

A New Attack Reveals Everything You Type With 95 Percent Accuracy

Plus: A pair of major data breaches rock the UK, North Korea hacks a Russian missile maker, and Microsoft’s Chinese Outlook breach sparks new problems.

wired.com/story/keystroke-atta

0
⇄ Σ = Mᄃ² ⇆  

high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.

"urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center (CERT/CC) said in a Friday advisory.

thehackernews.com/2023/08/new-

0
⇄ Σ = Mᄃ² ⇆  

Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested

"Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available," Europol said in a statement.

thehackernews.com/2023/08/lole

1+
⇄ Σ = Mᄃ² ⇆  

Australians want better privacy protection - unsurprisingly coming from a country with some of the worst surveillance laws.

Australian study shows that citizens ask for better privacy protection and better laws.

tutanota.com/blog/australia-pr

0
⇄ Σ = Mᄃ² ⇆  

BLACK HAT Googlers have lately found not one but two more security vulnerabilities in Intel and AMD processors that can be exploited to steal sensitive data from a vulnerable computer's memory

Both can be abused by malware running on a system, or a rogue logged-in user, to lift passwords, secrets, and other data out of memory that should be off limits. This should be concerning for those who use shared servers in the cloud.

theregister.com/2023/08/09/goo

1
⇄ Σ = Mᄃ² ⇆  

Researchers at Cornell University have discovered a new way for AI tools to steal your data — keystrokes. A new research paper details an AI-driven attack that can steal passwords with up to 95% accuracy by listening to what you type on your keyboard.

arxiv.org/abs/2308.01074

1
⇄ Σ = Mᄃ² ⇆  

'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed

Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.…

theregister.com/2023/08/07/mic

0
⇄ Σ = Mᄃ² ⇆  

Most medical infusion pumps sold via secondary market sources still contain Wi-Fi configuration settings from the original organization that deployed them, cybersecurity firm Rapid7 has discovered.

rapid7.com/blog/post/2023/08/0

1+
⇄ Σ = Mᄃ² ⇆  

Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users.

"Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report

thehackernews.com/2023/08/mali

1
⇄ Σ = Mᄃ² ⇆  

Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination

medium.com/@callyso0414/tracin

0
⇄ Σ = Mᄃ² ⇆  

Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware

The spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Messenger.

"Another snippet from the Android Manifest file shows that the threat actor designed the app to interact with other already installed chat applications," explains CYFIRMA.

cyfirma.com/outofband/apt-baha

0
⇄ Σ = Mᄃ² ⇆  

Western intelligence services and cybersecurity organisations have lately identified many Chinese hacker outfits. These groups are said to be behind global campaigns of digital espionage that are directed at corporations, media outlets, and institutions of international business and the military.

Multiple Chinese Hacker Outfits are Targeting Organisations Worldwide

cysecurity.news/2023/07/multip

1+
⇄ Σ = Mᄃ² ⇆  

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign.

The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell

medium.com/@knownsec404team/pa

0
⇄ Σ = Mᄃ² ⇆  

This is caused by patch gaps, where Google or another vendor fixes a bug, but it takes months for a device manufacturer to roll it out in their own versions of Android.

"These gaps between upstream vendors and downstream manufacturers allow n-days - vulnerabilities that are publicly known - to function as 0-days because no patch is readily available to the user and their only defense is to stop using the device," explains Google's report.

security.googleblog.com/2023/0

1
⇄ Σ = Mᄃ² ⇆  

if a bug is known in Android before Google, it is called a zero-day. However, once Google learns about it, it becomes an n-day, with the n reflecting the number of days since it became publicly known.

Google warns that attackers can use n-days to attack unpatched devices for months, using known exploitation methods or devising their own, despite a patch already being made available by Google or another vendor.

1
⇄ Σ = Mᄃ² ⇆  

ChatGPT's Plug-In Vulnerabilities

cysecurity.news/2023/07/chatgp

0
⇄ Σ = Mᄃ² ⇆  

has taken a big step to strengthen the security of its products in response to the growing cybersecurity threats and a number of recent high-profile attacks. The business has declared that it will offer all users essential security features at no cost. Microsoft is making this change in an effort to allay concerns about the security of its platforms and shield its users from potential cyberattacks.

cysecurity.news/2023/07/micros

1+
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

300

ai

209

linux

88

podcasts

76

cybercrime

38

scotspolitics

23

cosotips

20

privacy

14

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…