Show more
⇄ Σ = Mᄃ² ⇆  

$105k/yr to run Security Copilot(that's a real price)

humor

0
⇄ Σ = Mᄃ² ⇆  

Musk's aerospace manufacturing and space transport services firm, SpaceX, is believed to have experienced a cybersecurity incident involving a data breach with Hunters International, an infamous hacker group that allegedly released samples of the SpaceX data breach.

SpaceX Data Breach: Hunters International Publishes Alleged Stolen Data

cysecurity.news/2024/04/spacex

1
⇄ Σ = Mᄃ² ⇆  

Japanese police create fake support scam payment cards to warn victims

By placing the dummy cards in the electronic money sections of 34 local convenience stores, the Echizen Police have been testing a new method to fight tech support scams.

bleepingcomputer.com/news/secu

Their purpose is to warn elder victims seeking payment cards at the instructions of fraudsters.

The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card,"

0
⇄ Σ = Mᄃ² ⇆  

"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years,"

"When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation."

it.slashdot.org/story/24/04/27

counter.social/@ecksmc/1123209

1
⇄ Σ = Mᄃ² ⇆  

A novel attack on Android TVs, where people might sign into their Google account in an Airbnb or an office. Usually they're locked down, but by downloading other software an attacker can access the entire contents of the Google account, email, drive, more

404media.co/android-tvs-can-ex

Gee, you mean a £300- TV from China shouldn’t be trusted with your Google account?

1+
⇄ Σ = Mᄃ² ⇆  

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device

The malware is delivered through a fake Google Chrome update that is shown while using the web browser

Researchers at fraud risk company ThreatFabric found Brokewell after investigating a fake Chrome update page that dropped a payload, a common method for tricking unsuspecting users into installing malware.

threatfabric.com/blogs/brokewe

1+
⇄ Σ = Mᄃ² ⇆  

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.

securityweek.com/russian-cyber

0
⇄ Σ = Mᄃ² ⇆  

New citizen lab report finds vulnerabilities in the security of cloud-based pinyin keyboard apps from vendors Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal what a user types (keystrokes).

Having your keystrokes intercepted is a huge privacy and security risk.

Read full report

citizenlab.ca/2024/04/vulnerab

1
⇄ Σ = Mᄃ² ⇆  

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.

The malicious Redline payloads impersonate demos of cheating tools called "Cheat Lab" and "Cheater Pro" through URLs linked to Microsoft's 'vcpkg' GitHub repository.

bleepingcomputer.com/news/secu

McAfee threat researchers report

mcafee.com/blogs/other-blogs/m

0
⇄ Σ = Mᄃ² ⇆  

Dozens arrested and thousands of victims contacted after scam site taken offline

As many as 70,000 UK victims were tricked by LabHost's scams

LabHost's scams, which obtained 480,000 card numbers and 64,000 PINs globally.

Set up in 2021 by a criminal network, LabHost enabled users to set up phishing websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

met.police.uk/advice/advice-an

1+
⇄ Σ = Mᄃ² ⇆  

humor 😆

1+
⇄ Σ = Mᄃ² ⇆  

a spy site is scraping Discord, archiving users’ messages/activity across servers including what voice channels they join, and then selling access to that data for as little as $5.

The site is called Spy Pet. "Have you ever wondered where your friend hangs out on Discord? [...] Look no further!" its site reads. It says it's scraping more than 14,000 Discord servers, more than 4 billion messages

404media.co/a-spy-site-is-scra

1+
⇄ Σ = Mᄃ² ⇆  

Muted the audio? That's an advert. Paused a video? That's an advert

Roku TVs of the future may throw up targeted ads on the screen whenever you pause a video.

theregister.com/2024/04/17/rok

0
⇄ Σ = Mᄃ² ⇆  

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.

Cybersecurity firm Forescout is tracking the campaign under the codename Connect:fun owing to the use of ScreenConnect and Powerfun for post-exploitation.

forescout.com/blog/connectfun-

0
⇄ Σ = Mᄃ² ⇆  

with the emergence of an audacious group of young criminal hackers from the U.S., U.K. and Canada the FBI calls Scattered Spider. More troubling, they have teamed up with Russia's most notorious ransomware gang.

cbsnews.com/news/cybersecurity

Scattered spider

cisa.gov/news-events/cybersecu

0
⇄ Σ = Mᄃ² ⇆  

According to a recent discovery by Varonis Threat Labs, two new techniques have emerged that pose a significant threat to data security within SharePoint, a widely used platform for file management. These techniques enable users to evade detection and retreat files without triggering alarm bells in audit logs.

report:

varonis.com/blog/sidestepping-

0
⇄ Σ = Mᄃ² ⇆  

Sysdig Threat Research Team has uncovered a Romanian cybercriminal group it believes has been operational for at least ten years. The researchers have named the group RubyCarp.

This raises two immediate questions: why do they believe the group is Romanian, and how can a criminal group be undiscovered for ten years?

1
⇄ Σ = Mᄃ² ⇆  

House Votes to Extend—and Expand—a Major US Spy Program

The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information. - Section 702 permits the US government to wiretap communications between Americans and foreigners overseas.

wired.com/story/house-section-

0
⇄ Σ = Mᄃ² ⇆  

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection.

Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel.

Credit card skimmer hidden in fake Facebook pixel tracker report:

blog.sucuri.net/2024/04/credit

1+
⇄ Σ = Mᄃ² ⇆  

The right pentesting approach can provide valuable insights and direction to help organizations strengthen their security posture and navigate the complex threat landscape with increased confidence and peace of mind.

Exploring How Penetration Tests Are Classified – Pentesting Aspirant Guide 2024

gbhackers.com/penetration-test

0
Show more

⇄ Σ = Mᄃ² ⇆
@[email protected]

⇄ Σ = Mᄃ² ⇆'s choices:

cososec

1.23K

tipsandtricks

438

jussayin

298

ai

209

linux

88

podcasts

75

cybercrime

38

scotspolitics

23

cosotips

20

privacy

13

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…