U.S. looking at banning Chinese social media apps, including TikTok

(Reuters) - Secretary of State Mike Pompeo said on Monday that the United States is “certainly looking at” banning Chinese social media apps, including TikTok, suggesting it shared information with the Chinese government, a charge it denied.

“I don’t want to get out in front of the President (Donald Trump), but it’s something we’re looking at,” Pompeo said in an interview with Fox News.

U.S. lawmakers have raised national security concerns over TikTok’s handling of user data, saying they were worried about Chinese laws requiring domestic companies “to support and cooperate with intelligence work controlled by the Chinese Communist Party.”

Pompeo said Americans should be cautious in using the short-form video app owned by China-based ByteDance.

“Only if you want your private information in the hands of the Chinese Communist Party,” Pompeo remarked when asked if he would recommend people to download TikTok.

👀 Read more 🇬🇧:
https://www.reuters.com/article/us-usa-tiktok-china-pompeo/pompeo-says-u-s-looking-at-banning-chinese-social-media-apps-including-tiktok-fox-idUSKBN2480DF

👀 Read in 🇩🇪:
https://t3n.de/news/social-media-apps-china-visier-1297614

#DeleteTikTok #TikTok #usa #china #pompeo #ToddlerTrump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Darknet Diaries - EP 69: Human Hacker

We all know that computers and networks are vulnerable to hacking and malicious actors, but what about us, the humans who interface with these devices? Con games, scams, and strategic deception are far older than computers, and in the modern era, these techniques can make humans the weakest link in even the most secure system. This episode, security consultant and master social engineer, Christopher Hadnagy, joins us to share his stories and wisdom. He describes what it was like to be a social engineer before the world knew what social engineering was and tells some of his amazing stories from his long career in penetration testing.

🎧 https://darknetdiaries.com/episode/69/

#DarknetDiaries #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Introducing Project Freta - Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service

Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.

The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.

The project is named after Warsaw's Freta Street, the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I.

"Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button — no setup required."

The objective is to infer the presence of malware from memory, at the same time gain the upper hand in the fight against threat actors who deploy and reuse stealthy malware on target systems for ulterior motives, and more importantly, render evasion infeasible and increase the development cost of undiscoverable cloud malware.

https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/

https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

#microsoft #linux #cloud #Freta #forensics #research #rootkit #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Police data - BlueLeaks server confiscated near Zwickau (Germany)

A few weeks ago, the transparency collective Distributed Denial of Secrets published hundreds of thousands of internal data from 200 police stations in the USA. The case now also occupies the public prosecutor's office in Zwickau, which apparently confiscated a server of the collective.

Zwickau police have confiscated a server on which data from US police departments known as BlueLeaks was available for download. This was announced by Emma Best via Twitter, a person associated with the Leaking collective Distributed Denial of Secrets (DDoS). The server is the "primary public download server" and no sources are in danger due to the confiscation.

In another tweet, an excerpt from an e-mail from the provider is attached, in which the provider states the file number and writes that he should only now have informed the persons concerned. He was not allowed to say more about the case. This provider is apparently the company Hetzner, which maintains a data centre near Zwickau. A used IP address of DDoS also refers to Hetzner.

A short-term inquiry by netzpolitik.org on Tuesday evening, on what basis the server was seized and what the operators are accused of, has not yet been answered by the Zwickau public prosecutor's office.

https://twitter.com/NatSecGeek/status/1280519169151205381

More info 🇩🇪:
https://netzpolitik.org/2020/polizei-daten-blueleaks-server-bei-zwickau-beschlagnahmt/

#BlueLeaks #DDoS #Zwickau
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

White Hat and Black Hat: Racism debate about designations for hackers

Do the hacker terms white hat and black hat evoke racist associations? The head of Android security sees it that way and causes a debate.

https://twitter.com/DaveKSecure/status/1279472868712013824

#lostnfound #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Microsoft takes legal action against COVID-19-related cybercrime

Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.

Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts. The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information. Based on patterns discovered at that time, Microsoft utilized technical means to block the criminals’ activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years. According to the FBI’s 2019 Internet Crime Report, the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes, with losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime. While most of the public’s attention in recent years has justifiably focused on the malign acts of nation state actors, the increasing economic harm caused by cybercriminals must also be considered and confronted by the public and private sectors. For our part, Microsoft and our Digital Crimes Unit will continue to investigate and disrupt cybercriminals and will seek to work with law enforcement agencies around the world, whenever possible, to stop these crimes.

https://blogs.microsoft.com/on-the-issues/2020/07/07/digital-crimes-unit-covid-19-cybercrime/

#microsoft #DCU #cybercrime #corona
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Firefox Send offline due to malware distribution

Mozilla has taken his Firefox send offline. This is due to malware abuse of the file transfer. The service is being revised.

The Firefox Send web service, which was launched by browser manufacturer Mozilla just under a year ago, is offline. However, this is not a short failure or error. Mozilla itself pulled the plug on the service, which is supposed to transfer files quickly, easily and encrypted over the web.

On the service's website it says: "Firefox Send is temporarily unavailable while we work on product improvements. Thank you for your patience as we improve the Firefox Send experience". Details or a public statement as to why the Service is currently unavailable from Mozilla are not available on the website.

https://send.firefox.com/

👉🏼 Read more 🇬🇧:
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/mozilla-firefox-send-wegen-malware-verbreitung-offline-2007-149529.html

#mozilla #ff #firefox #send #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bunker.is - a non-profit isp

collaborating to create shared platforms with open products and no vendor lock-in

👉🏼 #Cloud:
A nextcloud instance for our contributors

👉🏼 #VPN:
We provide vpn services to our contributors

👉🏼 #Search:
A non-tracking search engine

👉🏼 #Etherpad:
A shared open etherpad instance

👉🏼 #Mail:
We provide mail accounts to our contributors

👉🏼 #Ethercalc:
An open public ethercalc instance

👉🏼 #Cryptpad:
We provide an open public instance of cryptpad

Our free services are possible due to the generosity of our users. Becoming a contributor gives you access to a wider range of services.

We dont think the users should be the product. We think you should know who has access to your data and why. Meet us and find out more.

👉🏼 https://bunker.is/ 👈🏼

#bunker #isp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

PimEyes - A Polish company just abolishes our anonymity

Research by netzpolitik.org shows the potential for abuse of PimEyes, a free search engine for 900 million faces. All of whom have photos on the Internet could already be part of their database.

Dylan smiles into the camera, arm in arm with the other guests of a queer boat party. Behind them, glasses glisten on the shelves of a bar. Eight years ago a party photographer uploaded this snapshot on the internet. Dylan had already forgotten it - until today. Because with a reverse search engine for faces, everyone can find this old party photo of Dylan. All they have to do is upload his profile picture from the Xing career network, free of charge and without registration. But Dylan wants to keep his private and professional life separate: During the day he works as a banker in Frankfurt am Main.

The name of the search engine is PimEyes. It analyses masses of faces on the Internet for individual characteristics and stores the biometric data. When Dylan tests the search engine with his profile picture, it compares it with the database and delivers similar faces as a result, shows a preview picture and the domain where the picture was found. Dylan was recognized even though, unlike today, he did not even have a beard then.

Our research shows: PimEyes is a wholesale attack on anonymity and possibly illegal. A snapshot may be enough to identify a stranger using PimEyes. The search engine does not directly provide the name of a person you are looking for. But if it finds matching faces, in many cases the displayed websites can be used to find out name, profession and much more.

👀 👉🏼 🇬🇧 PimEyes - A Polish company just abolishes our anonymity
https://netzpolitik.org/2020/pimeyes-face-search-company-is-abolishing-our-anonymity/

👀 👉🏼 🇩🇪: https://netzpolitik.org/2020/gesichter-suchmaschine-pimeyes-schafft-anonymitaet-ab/

👀 👉🏼 🇬🇧 https://www.bbc.com/news/technology-53007510

👀 👉🏼 🇬🇧 https://petapixel.com/2020/06/11/this-creepy-face-search-engine-scours-the-web-for-photos-of-anyone/

👀 👉🏼 🇩🇪 Automated face recognition -
Enforce our data protection rights at last!
https://netzpolitik.org/2020/automatisierte-gesichtserkennung-setzt-unsere-datenschutzrechte-endlich-auch-durch/

#PimEyes #facialrecognition #searchengine #privacy #anonymity #ourdata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Atlas of Surveillance - A project of the Electronic Frontier Foundation

The Atlas of Surveillance database, containing several thousand data points on over 3,000 city and local police departments and sheriffs' offices nationwide, allows citizens, journalists, and academics to review details about the technologies police are deploying, and provides a resource to check what devices and systems have been purchased locally.

👀 👉🏼 https://atlasofsurveillance.org/ 👈🏼 👀

👀 👉🏼 https://www.eff.org/press/releases/eff-launches-searchable-database-police-agencies-and-tech-tools-they-use-spy

#eff #atlas #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.

The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm.

👀 👉🏼 https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/

👀 👉🏼 https://gist.github.com/campuscodi/226b0758e08592df2e5d898979d1da17

#DataViper #leak #breach #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Quantum Hardening Cryptographic Protocols

This talk is an introduction to the field of quantum hardening. The introduction of practical quantum computers will render existing cryptographic protocols unsafe. At what point we need to start worrying and what can be done to remedy this problem is the focus of this talk. The talk begins with an introduction to the design of modern cryptographic protocols in general.

If you would like to skip the crypto introduction and cut to the quantum hardening part, jump to minute 29:00

📺 👉🏼 🇬🇧 https://media.ccc.de/v/DiVOC-19-quantum-en

📺 👉🏼 🇩🇪 https://media.ccc.de/v/DiVOC-19-quantum

#ccc #DiVOC #video #quantum #hardening
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Startpage.com interview: still the most discreet search engine?

StartPage.com has always presented itself as a data-saving alternative. Since the sale of the majority of shares to a data broker last autumn, the provider has been vehemently criticized. We are of course interested in the background of the takeover, but not only.

Of course we have addressed this issue in our detailed interview. We give the operators the opportunity to comment on the incident themselves. With the help of our community we have collected the questions in advance. At this point, I would like to thank Jörg Bauer, the press spokesman of Startpage, who dealt with the countless questions. Many thanks also to Sunny, who organized numerous questions and the translation into English. You can find the german interview here.

👀 👉🏼 🇬🇧 https://tarnkappe.info/startpage-com-interview-still-the-most-discreet-search-engine/

👀 👉🏼 🇩🇪 https://tarnkappe.info/startpage-com-im-interview-noch-immer-die-diskreteste-suchmaschine/

#startpage #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google offers data pledge in bid to win EU okay for Fitbit buy

Alphabet Inc’s (GOOGL.O) Google has offered not to use health data of fitness tracker company Fitbit to help it target ads in an attempt to address EU antitrust concerns about its proposed $2.1 billion acquisition, the U.S. tech company said late on Monday.

The bid, announced in November last year, would help Google take on market leader Apple (AAPL.O) and Samsung (005930.KS) in the fitness-tracking and smart-watch market, alongside others including Huawei [HWT.UL] and Xiaomi (1810.HK).

“This deal is about devices, not data. We appreciate the opportunity to work with the European Commission on an approach that safeguards consumers’ expectations that Fitbit device data won’t be used for advertising,” Google said in an emailed statement.

Reuters reported last week that such a data pledge may likely help Google secure EU approval for the deal.

With just 3% of the global wearables market as of the first quarter of 2020, Fitbit is far behind Apple’s 29.3% share and also trails Xiaomi, Samsung and Huawei, according to data from market research firm International Data Corp.

👀 👉🏼 When Google listens to you breathe
https://t.iss.one/BlackBox_Archiv/1003

👀 👉🏼 https://www.reuters.com/article/us-fitbit-m-a-alphabet-eu-exclusive-idUSKCN24E2X5?taid=5f0cf7d82841fc000146e530

#google #DeleteGoogle #Fitbit #healthdata #advertising #ourdata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

AssangeLeaks

DDoSecrets Announcement About This Folder

With the Justice Department's superseding indictment against Assange, public access to the evidence becomes critical. The documents in this file illuminate that case and illustrate how WikiLeaks operates behind closed doors. AssangeLeaks is not for or against Julian Assange or WikiLeaks, and is only interested in the evidence.

👀 👉🏼 https://assangeleaks.org/

#DDoSecrets #leak #Assange #FreeAssange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.

The British Government decides to ban Huawei. More on the malware associated with Golden Tax software package. The Molerats appear to be behind some spyware misrepresenting itself as a secure chat app. The Porphiex botnet is back distributing a new ransomware strain. The odd case of the Data Viper breach. Ben Yelin tracks a ruling from the DC circuit court on the release of electronic surveillance records. Our guest is Ann Johnson from Microsoft discussing her keynote at RSA APJ, The Rise of Digital Empathy. And SAP has a patch out--if you’re a user, CISA advises you to take this one seriously.

🎧 👉🏼 https://thecyberwire.com/podcasts/daily-podcast/1129/notes

#cyberwire #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Confirmed: Spotify launches in Russia (and 12 other countries); service now reaches 92 markets globally

Spotify is launching in Russia as you read this, in addition to 12 other European markets, the streaming company has announced.

In addition to Russia, the 13 new markets in which Spotify is launching today include Albania, Belarus, Bosnia & Herzegovina, Croatia, Kazakhstan, Kosovo, Moldova, Montenegro, North Macedonia, Russia, Serbia, Slovenia and Ukraine.

👀 👉🏼 https://www.musicbusinessworldwide.com/confirmed-spotify-launches-in-russia-and-12-other-countries-service-now-reaches-92-markets-globally/

#spotify #russia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Huawei is facing a lawsuit regarding Image Processing patents

Huawei, the known smartphone maker, is being sued by Cedar Lane Technologies. The latter had filed a lawsuit earlier this week for patent infringement and claims that Huawei infringed on their image processing patents and even used these patented methods in their systems and devices.

According to Cedar Lane Technologies, the Chinese tech giant has infringed on multiple different patents including JPEG compression, scene recognition, electro-luminescent devices, image processing systems, VR camera, and more. Cedar Lane alleged that the smartphone maker has infringed one particular patent on a variety of its products such as smartphones like the Mate Xs, Mate X, Mate 20, Mate 20 Pro, Honor View 10, Honor 8 and even tablets like the MediaPad M5, MediaPad M6, and MediaPad T5.”

Cedar Lane said that these products have been “made, used, sold, imported, and offered for sale by Defendant.” The infringement from Huawei revolves around one particular patent, namely 527 patent, which covers “[a] method for interfacing analog/digital converting means and JPEG compression means, said JPEG compression means having a built-in memory device, comprising the steps of: sequentially reading a predetermined number of image lines from the image data output of said analog/digital converting means.”

👀 👉🏼 https://www.gizmochina.com/2020/07/15/huawei-facing-lawsuit-image-processing-patents/

#huawei #lawsuit #image #processing #patents #CedarLane
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google sued for 'blatant lies' about user privacy

A new suit alleges that Android and potentially iOS users are secretly having their personal data harvested by "voyeur extraordinare" Google, even if they are not using Google's own apps.

In its second suit against Google in as many months, law firm Boies Schiller Flexner is accusing the search giant of illicitly gathering user data from mobile users. Where the previous suit was specifically regarding the use of Google Chrome, this one concerns the use of many apps on the Android platform — and potentially on iOS, too.

"Google is always watching," the suit, seen by Law360, says. "Even when it promises to look away, Google is watching. Every click, every website, every app — our entire virtual lives. Intercepted. Tracked. Logged. Compiled. Packaged. Sold for profit."

As the suit notes, Google has an optional setting to prevent tracking of "web & app activity," but it alleges that this and other reassurances about privacy are "blatant lies."

👀 👉🏼 https://appleinsider.com/articles/20/07/15/google-sued-for-blatant-lies-about-user-privacy

👀 👉🏼 https://www.law360.com/articles/1292121/boies-schiller-files-new-privacy-suit-against-voyeur-google

#DeleteGoogle #lies #android #ios #privacy #ourdata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security measures in an essential part of a cybersecurity product is not just shocking. It also shows a total disregard for standard VPN practices that put their users at risk.

The vpnMentor research team, led by Noam Rotem, uncovered the server and found Personally Identifiable Information (PII) data for potentially over 20 million VPN users, according to claims of user numbers made by the VPNs.

Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple instances of internet activity logs on their shared server. This was in addition to the PII data, which included email addresses, clear text passwords, IP addresses, home addresses, phone models, device ID, and other technical details.

The VPNs affected are UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all of which appear to be connected by a common app developer and white-labeled for other companies.

👀 👉🏼 https://www.vpnmentor.com/blog/report-free-vpns-leak/

#vpn #breach #leak #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Massive Bitcoin fraud wave rolls over Twitter

Do not send Bitcoins! They will certainly not be doubled.

Prominent Twitter accounts such as those of Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Apple and Uber currently promise to double Bitcoins sent to certain wallets. Numerous crypto currency exchanges also tweet similar "invitations". Some refer to an alleged "Crypto for Health" campaign.

This is a large-scale fraud attempt. The most likely scenario at present is a security hole in Twitter, which allows the perpetrators to access numerous, perhaps even all, Twitter accounts. Therefore, it cannot be ruled out that the perpetrators will send less conspicuous tweets to any Twitter account. Now, special caution is required when interpreting tweets.

👉🏼 👀 🇬🇧 https://www.coindesk.com/hackers-take-over-prominent-crypto-twitter-accounts-in-simultaneous-attack

https://twitter.com/TwitterSupport/status/1283518038445223936

👀 👉🏼 🇩🇪 https://www.heise.de/news/Massive-Bitcoin-Betrugswelle-ueberrollt-Twitter-4844911.html

#twitter #fraud #bitcoin #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag