⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017
American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3
Systems Secured, Billing Paused
In a regulatory filing with the US Securities and Exchange Commission (SEC) on Monday, American Water confirmed that the attack had not impacted the operation of its water and wastewater facilities, which continue to function normally.
/nosanitize
More than 200,000 people in Southeast Asia have been forced to run online scams in recent years, often being enslaved and brutalized, as part of criminal enterprises that have netted billions in stolen funds.
The Pig Butchering Invasion Has Begun
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
https://samcurry.net/hacking-kia
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal
More here:
https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/
New twist on sextortion scam includes pictures of people's homes
The extortion attempt arrives as an email with a PDF attached. When opened, the document includes a photo of a family's home, and often the person's address and phone number. The scammers claim that the recipient has been spotted in unseemly places on the internet, and they can destroy that evidence — for a fee.
https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes
Thread: (if ya want the pdf holla see pinned post)
Meanwhile: some skullduggery afoot
Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning.
UltraAV force-installed on Kaspersky users' PCs
According to many online customer reports
including BleepingComputer's forums
https://www.bleepingcomputer.com/forums/t/801324/kaspersky-deleted-itself-and-installed-ultraav/
UltraAV's software was installed on their computers without any prior notification
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware
New PondRAT Malware Hidden in Python Packages Targets Software Developers
https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html
Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users.
"You can set up a six-digit PIN by default, or select 'PIN options' to create a longer alpha-numeric PIN," Chrome product manager Chirag Desai said.
Did you know?
1 in 4 people are victims of scams
Seraph Secure proactively:
Blocks scam websites
Stops scammers accessing your computer
Alerts you when loved ones are at risk
Seraph Secure was founded in 2022 by Kitboga, a YouTuber and streamer who has been exposing scammers and their tactics through his content for the past seven years. He and his team have worked together to create anti-scam software dedicated to stopping scams before they start
Researchers at Sophos published on Tuesday its second report covering what they call Crimson Palace — a Southeast Asia-based espionage campaign run by Chinese state-backed hackers.
https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/
Sophos examined activities last year by the three groups carrying out the campaign but after a brief hiatus researchers saw renewed activity from two of them in the fall of 2023 and throughout this year
https://therecord.media/chinese-hacking-groups-stole-from-se-asia
It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But that’s exactly what happened recently to Benjamin Harris.
Harris, the CEO and founder of security firm watchTowr, did all of this by registering the domain dotmobilregistry.net.
Today TheRecord_Media released an article regarding Ford's new patent: targeted advertisements by actively monitoring and listening to passengers conversations.
It sounds bad, but reading the article it's actually x100 worse.
More information:
https://therecord.media/ford-patent-application-in-vehicle-listening-advertising
300K Victims' Data Compromised in Avis Car Rental Breach
Though the company reports that data was exfiltrated in the breach, it has remained tightlipped regarding the kind of data that was exposed.
According to the letter it is sending out to those who have been affected, a threat actor gained unauthorized access to its business applications.
The most dangerous vulnerability you've never heard of - Active Directory Certificate Services vulnerabilities.
#Cybersecurity #CoSoSec #InfoSec
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
explore why AD CS vulnerabilities are so dangerous and how they work.
https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html
Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers.
Phone scams are on the rise, and they’re getting more sophisticated. The statistics are dizzying. On imposter scammers alone, the FTC reports that US consumers lost $2.7 billion in 2023, and the numbers are increasing each year
https://consumer.ftc.gov/consumer-alerts/2024/02/think-you-know-what-top-scam-2023-was-take-guess
12 common phone scams and how to avoid them
https://www.androidauthority.com/phone-scams-3474545/
Wise up to the criminals who want to part you with your hard-earned cash.
VX-Underground >> Our interview with 'Grep' — impersonating a journalist.
https://x.com/vxunderground/status/1827002916856627556
😆
"That's why our malware is blue"
(Breaking Bad reference)
(Screenshot is just a snippet click URL above for full interview)
Oilfield-services company Halliburton HAL has joined the growing ranks of firms hit by cyberattacks - In a filing with the Securities and Exchange Commission, Halliburton said it has discovered that an unauthorized party had gained access to some of its systems, and the Houston company has taken some systems offline to help protect them
French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.
"backdoor" allows the instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
(PDF)
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users - Using this type of apps in phishing campaigns allows evading detection, bypass app installation restrictions
Cybersecurity company ESET reports that it is currently tracking two distinct campaigns relying on this technique
By now, you’ve heard about the massive hack that revealed nearly 3 billion records.
The records contain names, dates of birth, addresses, and phone numbers on a wide swath of the population.
cybersecurity firm Pentester have compiled the database and made it searchable in seconds
Check now: Was your SSN exposed in huge data leak?
⇄ Σ = Mᄃ² ⇆
- keybase
- https://ecksmc.keybase.pub
- https://twitter.com/exksmc
- CoSo PLP
- https://counter.social/@ecksmc
- Twitter 2.0
- https://twitter.com/3ck5mc
E = Mc2 - Energy Milk Coffee
Fáilte Abhaile 🏴 “a nod’s as guid as a wink tae a blind horse”
ta be aff yer heid helps
Joined Nov 2017