⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017
Hewlett-Packard disclosed to the SEC that they were compromised by APT29 a/k/a/ Cozy Bear a/k/a/ Midnight Blizzard
MavenGate Supply Chain Attack Let Attackers Hijack Java & Android Apps
https://gbhackers.com/mavengate-hijack-apps/
Given the recent supply chain attacks in the “web world”, we have conducted a study on the possibility of supply chain attacks in the mobile application world.
A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…
Among the information revealed in the publicly accessible and seemingly insecurely configured database were 118,441 coronavirus test certificates, 506,663 appointment records, 660,173 testing samples and "a small number" of internal files.
database of 26 billion leaked records has been discovered, in what has been called the "Mother of all Breaches."
The massive 12-terabyte leak was discovered by cybersecurity researcher Bob Dyachenko, working alongside the team at Cybernews
https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches
Fortunately, it actually isn't as bad as it sounds - The leak is in fact a compiled collection of data from thousands of previous breaches, and doesn't appear to contain any new information.
when a breach isn't a breach
Outlook vulnerability that can be used to extract NTLMv2 hashes by exploiting Outlook, Windows Performance Analyzer (WPA), and Windows File Explorer has been identified.
Flaw Let Attackers Access Hashed Passwords
Microsoft has completely patched this vulnerability in December 2023. However, unpatched systems are still vulnerable to exploitation and stealing of hashed passwords.
The first unlock after a reboot causes multiple cryptographic keys to move to the quick access memory so installed apps to work properly and the device switches to a "not at rest" state.
The GrapheneOS team highlights that locking the screen after using the device does not place it back into the "at rest" state because some security exemptions persist.
Malware hunters at SentinelOne on Thursday flagged a newly discovered Python-based hacking tool being used by cybercriminals to hijack cloud platforms and payment services.
The tool, called FBot, is capable of credential harvesting for spamming attacks, AWS account hijacking and functions to enable attacks against PayPal and various SaaS accounts
Google kicked off 2024 with the release of patches for 58 vulnerabilities in the Android platform, along with fixes for three security bugs in Pixel devices.
“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.
https://www.securityweek.com/androids-january-2024-security-update-patches-58-vulnerabilities/
YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software
https://www.hackread.com/youtube-channels-hacked-lumma-stealer-software/
Hacking a Google Account Without the Password
Back in October 2023, using an AI digital risk platform, security firm CloudSEK spotted that a threat actor called PRISMA had announced a “potent 0-day solution addressing challenges with incoming sessions of Google accounts” on their Telegram channel.
As of January 2024, Google is yet to roll out a comprehensive solution to the flaw, CloudSEK says.
ChatGPT-powered productivity apps rising in popularity, but be cautious sharing personal information
A recent investigation into privacy policies of popular personal productivity apps by security researchers at Private Internet Access (PIA) found “troubling” examples of poor transparency. One particular app was a popular AI chat assistant that uses the ChatGPT API and its existing database to tailor its answers to the user’s prompt.
https://www.privateinternetaccess.com/blog/productivity-apps-safe/
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable.
Let’s take a closer look at what it is exactly, and how cybercriminals can use it.
Explained: SMTP smuggling
https://www.malwarebytes.com/blog/news/2024/01/explained-smtp-smuggling
23andMe Blames Victims for Data Breach in Letter to Some Users
even after tweaking its terms of service to make legal claims against the company more difficult
the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” < when in doubt blame your users << stinking move
Encrypted Messaging App Wickr Is Dead
https://www.404media.co/wickr-closed-down-is-dead/
The app’s end-to-end encryption, simple interface, and self-destructive messages made it a go-to for hackers, journalists, drug dealers—and, unfortunately, traders in child sexual abuse materials
But after Amazon acquired Wickr in 2021, it announced in early 2023 that it would be shutting down the service at the end of the year, and it appears to have held to that deadline
ARTIFICIAL INTELLIGENCE
The Emerging Landscape of AI-Driven Cybersecurity Threats: A Look Ahead
While AI can significantly bolster defense mechanisms, it also equips adversaries with powerful tools to launch sophisticated cyberattacks
https://www.securityweek.com/the-emerging-landscape-of-ai-driven-cybersecurity-threats-a-look-ahead/
Threat actors responsible for attacking Ledger’s connector library have stolen assets valued at approximately $484,000
https://www.cysecurity.news/2023/12/hackers-steal-assets-worth-484000-in.html
Broader Implications for the DeFi Community
This incident has raised major concerns regarding the security infrastructure of decentralized applications. DeFi protocols frequently rely on code from multiple software providers, including Ledger, which leaves them vulnerable to multiple potential points of failure.
When receiving an unprompted 2FA code, the account holder should assume their credentials were stolen and log directly into Amazon, without clicking on any links in text messages or emails, to change their password.
It is also important to not think that since 2FA protected your account you no longer need to change your password. This is a false sense of security, as threat actors have figured out ways to bypass MFA in the past
MongoDB, a leading database management company, has fallen victim to a security incident resulting in unauthorized access to certain corporate systems. The breach, detected on the evening of December 13th, 2023, US Eastern Standard Time, has prompted an immediate and comprehensive investigation by the company
PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid detection by antivirus programs, making it challenging for security measures to identify and mitigate its presence:-
Polymorphic coding
Rootkit functionalities
Encryption
that's why PlugX malware stands out as a challenging and evasive malware in the ever-evolving landscape of cybersecurity threats.
⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017