Found 4945 bookmarks
Custom sorting
Three Lessons from Threema: Analysis of a Secure Messenger
Three Lessons from Threema: Analysis of a Secure Messenger
Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.
#breakingthe3ma#Threema#EN#2023#paper#vulnerabilies#attacks#cryptographic#protocols
·breakingthe3ma.app·
Three Lessons from Threema: Analysis of a Secure Messenger
Advertising ID: APPLE DISTRIBUTION INTERNATIONAL fined 8 million euros
Advertising ID: APPLE DISTRIBUTION INTERNATIONAL fined 8 million euros
On 29 December 2022, the CNIL's restricted committee imposed an administrative fine of 8 million euros on the company APPLE DISTRIBUTION INTERNATIONAL because it did not collect the consent of iPhone's French users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.
#CNIL#EN#2023#Apple#administrative#fine#collect#iPhone#France#ads#advertising
·cnil.fr·
Advertising ID: APPLE DISTRIBUTION INTERNATIONAL fined 8 million euros
I scanned every package on PyPi and found 57 live AWS keys
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤
#tomforb#EN#2022#leak#scan#AWS#keys#PyPi
·tomforb.es·
I scanned every package on PyPi and found 57 live AWS keys
OPWNAI : Cybercriminals Starting to Use ChatGPT
OPWNAI : Cybercriminals Starting to Use ChatGPT
At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyberattacks. In Check Point Research’s (CPR) previous blog, we described how ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, capable of accepting commands in English. The question at hand is whether this is just a hypothetical threat or if there are already threat actors using OpenAI technologies for malicious purposes. CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.
#checkpoint#EN#2023#research#deepweb#OpenAI#ChatGPT#cybercriminals#malicious#tools
·research.checkpoint.com·
OPWNAI : Cybercriminals Starting to Use ChatGPT
CircleCI warns of security breach — rotate your secrets!
CircleCI warns of security breach — rotate your secrets!
CircleCI, a software development service has disclosed a security incident and is urging users to rotate their secrets. The CI/CD platform touts having a user base comprising more than one million engineers who rely on the service for "speed and reliability" of their builds."speed and reliability" of their builds.
#bleepingcomputer#EN#2023#CircleCI#DevOps#Security-Incident
·bleepingcomputer.com·
CircleCI warns of security breach — rotate your secrets!
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work. While we were visiting the University of Maryland, we came across a fleet of electric scooters scattered across the campus and couldn't resist poking at the scooter's mobile app. To our surprise, our actions caused the horns and headlights on all of the scooters to turn on and stay on for 15 minutes straight. When everything eventually settled down, we sent a report over to the scooter manufacturer and became super interested in trying to more ways to make more things honk. We brainstormed for a while, and then realized that nearly every automobile manufactured in the last 5 years had nearly identical functionality. If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely.
#samcurry#EN#2023#Auto#Industry#Critical#Vulnerabilities#BMW#Rolls#Royce#Porsche#car-hacking#API
·samcurry.net·
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure.
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure.
Researchers in China claim to have reached a breakthrough in quantum computing, figuring out how they can break the RSA public-key encryption system using a quantum computer of around the power that will soon be publicly available. Breaking 2048-bit RSA — in other words finding a method to consistently and quickly discover the secret prime numbers underpinning the algorithm — would be extremely significant. Although the RSA algorithm itself has largely been replaced in consumer-facing protocols, such as Transport Layer Security, it is still widely used in older enterprise and operational technology software and in many code-signing certificates.
#therecord#EN#2023#Breaking#2048-bit#RSA#Quantum#computer#China
·therecord.media·
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure.
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.
#minerva-labs#EN#2022#CatB#analysis#DLL#Hijacking#Ransomware
·minerva-labs.com·
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
Shc Linux Malware Installing CoinMiner
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
#asec#2023#EN#Shell#Script#Compiler#analysis#Linux#Malware#CoinMiner#Shc
·asec.ahnlab.com·
Shc Linux Malware Installing CoinMiner
More than 200 U.S. institutions hit with ransomware in 2022: report
More than 200 U.S. institutions hit with ransomware in 2022: report
More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.
#therecord#EN#2023#annual#report#ransomware#2022#governments#universities#school
·therecord.media·
More than 200 U.S. institutions hit with ransomware in 2022: report
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
#PyTorch#EN#2022#Linux#pip#Compromised#dependency#Supply-chain-security
·pytorch.org·
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike, the head of U.S. Cyber Command said. U.S. Army General Paul Nakasone said the cyber effort to secure the vote began before the Nov. 8 vote and carried through until the elections were certified. "We did conduct operations persistently to make sure that our foreign adversaries couldn't utilize infrastructure to impact us," Nakasone, who is also the director of the U.S. National Security Agency, told reporters.
#reuters#EN#2022#safeguard#midterm#vote#cyber#infrastructure#operations#US
·reuters.com·
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
Ransomware gang gives decryptor to Toronto’s SickKids Hospital
Ransomware gang gives decryptor to Toronto’s SickKids Hospital
In a New Year's Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto's Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.
#itworldcanada#EN#2023#canada#Hospital#LockBit#ransomware#gang#affiliate#regret
·itworldcanada.com·
Ransomware gang gives decryptor to Toronto’s SickKids Hospital
Russian cyberattacks - Special Services - Gov.pl website
Russian cyberattacks - Special Services - Gov.pl website
With the ongoing war in Ukraine, in the Polish cyberspace, there are more and more occurrences classified as computer incidents, including attacks perpetrated by Russian hackers. This is a response of the Russian Federation to the Poland’s support provided to Ukraine and an attempt to destabilise the situation in our country.
#Gov.pl#EN#2022#official#Ukraine#russia-ukraine-war#Polish#attacks
·gov.pl·
Russian cyberattacks - Special Services - Gov.pl website