Attacks on Flightradar24: For the third time within two days, the flight tracking service Flightradar24.com has had to fight attacks according to its own statements.

The website was still unavailable on Tuesday, September 29.

👀 👉🏼 https://nitter.net/flightradar24/status/1310661019405086720

#flightradar24 #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A new license to hack

The German Federal Intelligence Service (BND) is to be allowed to hack mobile phone and Internet providers quite legally in the future. This is the result of the new BND draft law, which we are publishing. The Federal Constitutional Court had classified the old law as unconstitutional and overturned it.

The German Federal Intelligence Service is looking for hackers (m/f/d) via job advertisement and overwrites an employee story with a license to hack. Business trips abroad belong to the intelligence hackers like "unique" attack tools with which they are supposed to penetrate computer networks and collect data. The focus of the BND is on networks outside Germany. For a long time, the secret service agents considered non-European countries in particular to be "outlawed".

In May, the Federal Constitutional Court set the BND the highest judicial limits. The judges from Karlsruhe made it clear: Even abroad, the German state is bound by basic rights; human dignity and the secrecy of telecommunications apply not only to Germans. The highest court declared the only four-year-old BND law of the Grand Coalition unconstitutional.

The legislator must therefore amend the BND law by the end of 2021. The Federal Chancellery has prepared a draft bill and sent it to the other ministries on Friday. We publish the draft law in full text.

As the employer of the secret service, the Federal Chancellery tries with the new law to comply with the court's requirements on the one hand and to restrict the BND as little as possible on the other hand. This can be seen among other things in the offensive hacking powers.

👀 👉🏼 Translated from German with DeepL:
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/

👀 👉🏼 🇩🇪 Draft law amending the law on the Federal Intelligence Service to implement the provisions of the Federal Constitutional Court's ruling of 19 May 2020 (1 BvR 2835/17)
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/#2020-09-25_Bundeskanzleramt_Referentenentwurf_BND-Gesetz

#bnd #germany #secretservice #law #hacking #netpolitics #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Darknet Diaries - EP 75: Compromised Comms

From 2009 to 2013 the communication channels the CIA uses to contact assets in foreign countries was compromised. This had terrifying consequences.

🎙 https://darknetdiaries.com/episode/72/

#darknetdiaries #truecrime #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Exclusive: Google, Fitbit deal set to win EU okay after fresh concessions - sources

BRUSSELS (Reuters) - Alphabet's Google is set to win EU antitrust approval for its $2.1 billion purchase of fitness tracker maker Fitbit to take on Apple and Samsung in the wearable technology market, people familiar with the matter said.

The world's most popular internet search engine on Tuesday offered fresh concessions to the European Commission in a bid to address concerns the deal could entrench Google's power in online advertising and boost its trove of data.

Google said it had offered to restrict the use of Fitbit data for Google ads and would also tighten the monitoring of that process, confirming a Reuters report. The offer is based on a July proposal.

"We're also formalizing our longstanding commitment to supporting other wearable manufacturers on Android and to continue to allow Fitbit users to connect to third party services via APIs (application programming interfaces) if they want to," Google said in a statement.

Third parties will also continue to have access to Fitbit users' data, with users' consent.

The concessions, reported earlier by Reuters, are set to clear the way for the deal to be approved, the people said.

👀 👉🏼 https://mobile.reuters.com/article/amp/idUSKBN26K1XJ

#google #alphabet #fitbit #antitrust #approval #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Pentagon & Google Partner On COVID-Driven AI “Predictive Health” & The Wuhan Chinese Virologist

As always, take the information discussed in the video below and research it for yourself, and come to your own conclusions.

🎙 https://media.blubrry.com/last_american_vagabond/s/content.blubrry.com/last_american_vagabond/TDWU-9-17-20-FINAL.mp3

📺 https://www.thelastamericanvagabond.com/pentagon-google-partner-on-covid-driven-ai-predictive-health-wuhan-chinese-virologist/

#google #pentagon #covid #ai #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang.

In early September, the Associated Press reported that the district was crippled during its first week of school thanks to a ransomware attack, potentially exposing personal information of employees, including names and Social Security numbers. The Clark County School District (CCSD) quickly confirmed the reporting via a Facebook post, where it noted that three days after school began online, on August 27, it found many of the school’s files to be inaccessible – though online learning platforms weren’t affected. At the time it said that “some private information may have been accessed.”

This week, Brett Callow, a threat analyst with Emisoft, told the Wall Street Journal that student information has turned up in an underground forum.

Callow said that a warning shot was fired last week by the attackers, presumably in retribution for CCSD not paying the ransom of an undisclosed sum. Attackers, he said, released a non-sensitive file to show that they had data access. When that garnered no response they released a raft of sensitive information. That information included employee Social Security numbers, addresses and retirement paperwork; and student data such as names, grades, birth dates, addresses and the school attended. The hackers also announced that the data reveal represents all of the information that it stole from CCSD’s network.

When Threatpost reached out to Emisoft for more details on the data cache, Callow said that in total, the criminals — specifically, the Maze gang — published about 25GBs of data.

👀 👉🏼 https://threatpost.com/las-vegas-students-data-leaked-ransomware/159645/

#usa #lasvegas #students #data #leak #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

🚨 Elon Musk Bitcoin-Scam Alert 🚨

This is a scam !! don´t fall for it.

‼️ https://www.youtube.com/watch?v=G05j6x0fOKE

#alert #scam #bitcoin #giveaway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Microsoft: Some ransomware attacks take less than 45 minutes

Microsoft goes over the recent malware trends in its new "Digital Defense Report."

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.

While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.

👀 👉🏼 (PDF)
https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf

👀 👉🏼 https://www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes

#microsoft #ransomware #attacks #digital #defense #report #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How to compile Windows Server 2003 - and compile Windows XP, (part 1)

From source code to ISO. Sit back, relax, and witness the miracle of creating a new build of Windows :)
Just to be clear from the start: As of now, there is NO way to completely compile Windows from the Source code, as it lacks some stuff... However, this is pretty close.

👀 👉🏼 https://nitter.net/NTDEV_/

https://invidious.snopyta.org/watch?v=bO0daYbti5g

👀 👉🏼 Compiling Windows XP, part 1
https://invidious.snopyta.org/watch?v=8IyW-bwGQTQ

#windows #compiling #sourcecode #leak #video #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

DigitalOcean's Hacktoberfest is Hurting Open Source

For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.

In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.

So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage.

The rate of spam pull requests is, at this time, around four per hour. And it’s not even October yet in my timezone.

👀 👉🏼 https://blog.domenic.me/hacktoberfest/

#cacktoberfest #DigitalOcean
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

North Korea has tried to hack 11 officials of the UN Security Council

New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.

According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.

The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.

Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing "certain individuals throughout the 'lifetime' of their [government] career."

👀 👉🏼 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council

#northkorea #hack #hacker #un #security #council
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware.

"Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.

First detailed by Qihoo 360 in 2017 under the moniker Two-tailed Scorpion (aka APT-C-23 or Desert Scorpion), the mobile malware has been deemed "surveillanceware" for its abilities to spy on the devices of targeted individuals, exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process.

👀 👉🏼 https://thehackernews.com/2020/10/android-mobile-hacking.html

#android #apps #spyware #telegram #threema #SpyC23
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hacker Halted 2020 is a FREE and VIRTUAL event this year!

We are excited to bring you our amazing array of speakers, sponsors, games, and networking – and you get to experience it all from the comfort of your home! Please join us on our event platform to access our features, see the agenda, plan your schedule, and network with peers!

👀 👉🏼 https://www.hackerhalted.com/register-for-hacker-halted-2020

#hackerhalted #event
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Budding cyber crims can now enrol at ‘hacker university’

For a one-off fee of $125, you too can become one of those scumbags who preys on elderly Internet users and small online businesses.

Cybersecurity software provider Armor this week revealed in its latest annual threat report that it has found a so-called ‘hacker university’ offering online courses that teach students how to commit various cyber crimes. These include how to access a router’s admin software; deploying ransomware; locating targets on compromised networks; and trafficking stolen credit card information, among others.

According to Armor, the ‘university’ also plans to sell its own range of ransomware, keyloggers password stealers, and trojans.

All of this is accessible for the low price of $125, paid in Bitcoin or Monero – a cryptocurrency that prides itself in offering anonymous payments.

“Creators of the site advertise that they want to ‘teach people about cybercrime and how to become a professional cybercriminal. By taking the course offered you will gain the knowledge and skills needed to hack an individual or company successfully with whatever malware you have at your disposal’,” said Armor, in its threat report.

Charming. Presumably the university doesn’t offer a course on ethics, where students are encouraged to try and reconcile their idealised image of hackers as modern-day outlaws with the reality that all they are really doing is stealing old peoples’ pensions.

Among the other findings in Armor’s report is an a la carte menu of various dark-Web products and services and their prices.

These include but are not limited to perennial favourites like an individual’s credit card information ($5-$35 depending on nationality and type of card) or DDoS attack ($100-$250 depending on the size of Website), to something a little more exotic, like personal identifiable information – street-name ‘fullz’ – or a white-label turnkey e-commerce platform that enables anyone to set up their own darkweb online store. There is even a service that offers to destroy a rival small business by bombarding it with spam and unwanted items ($185).

👀 👉🏼 https://telecoms.com/506692/budding-cyber-crims-can-now-enrol-at-hacker-university/

#cyber #crims #crime #hacker #university #cybersecurity #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

35 Year-Old Commodore 64 Easter Egg Hidden On Vinyl

In 1984, the Christian rock band Prodigal hid a Commodore 64 program on their album "Electric Eye". See my attempts to retrieve and run this 35-year-old easter egg.

📺 👉🏼 https://www.youtube.com/watch?v=6_CZpFqvDQo

#commodore #easteregg #vinyl #Prodigal #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hackers Congress Paralelní Polis Is Ready to Deliver Fifty-Eight Hours Of Freedom Content

Luptak: The annual Hackers Congress (HCPP) will take place on October 2 to 4 in the stunning venue of Paralelní Polis, Prague. Traditionally, it gathers freedom activists, technology geeks, artists and scientists. Every HCPP has a current topic — a provocative idea behind it. Continuing the trend of previous congresses in the series, which explored diverse topics such as the binding constraints of global political and economic systems, the manifesto of the 7th Hackers Congress (HCPP20) highlights “Digital Totality” as its main narrative and a current threat to humanity.

The event will focus on safeguarding privacy when drones, cameras, databases and hostile AI are more prevalent than ever before. This year’s event will focus on practical skills, with the overall goal of teaching participants to be more secure and private online. All ticket holders will benefit from rare networking opportunities with famous crypto anarchists, hackers, Austrian Economists, crypto evangelists and activists.

👀 👉🏼 https://www.nasdaq.com/articles/hackers-congress-paralelni-polis-is-ready-to-deliver-fifty-eight-hours-of-freedom-content

#hacker #congress #paralelni
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Germany fines H&M 35 million euros for data protection breaches

Sweden's H&M has been fined 35 million euros (31.9 million pounds) by the German authorities for internal data security breaches at its customer service centre in Nuremberg, the fashion retailer said on Thursday.

"The regional data protection authority in Hamburg has imposed an administrative fine of 35 million euros. The H&M group admits shortcomings at the service centre and has taken forceful measures to correct this," it said in its June-August earnings report.

German daily Frankfurter Allgemeine Zeitung last year reported that the State Data Protection Commissioner in Hamburg had launched a probe into H&M management unlawfully sounding out workers about their personal life and storing the details.

According to the paper, H&M collected information on illnesses and other personal circumstances of employees at the centre. H&M said in January the breaches found were unacceptable and it was cooperating with the authorities.

👀 👉🏼 https://www.marketscreener.com/quote/stock/HENNES-MAURITZ-AB-6491104/news/Hennes-Mauritz-Germany-fines-H-M-35-million-euros-for-data-protection-breaches-31455747/

#breach #dataprotection #fine #germany #h&m
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Brussels’ plan to rein in Big Tech takes shape

The Commission is drawing up a list of actions tech companies can and can’t do, especially for the most powerful.

The EU is preparing for its biggest-ever effort to regulate the tech industry — drawing up extensive rules to govern what tech companies can and cannot do.

Three European Commission internal documents, seen by POLITICO, indicate that Brussels is drawing up a wide range of legislative tools to prohibit what it sees as anti-competitive behavior and oblige companies to do more to protect their users against illegal content and activities.

"This crisis has shown the role and the systemic character of certain platforms that often behave as if they were too big to care about legitimate concerns about their roles: too big to care," Internal Market Commissioner Thierry Breton told the European Parliament this week, an apparent reference to "too big to fail," a criticism leveled at powerful banks after the 2008 financial crisis.

The Commission is expected to present its proposals, known collectively as the Digital Services Act (DSA), in December. The legislative package will include content moderation requirements applying to a wide range of online platforms, as well as so-called ex ante rules for the largest tech companies.

The plans come as Big Tech companies are under intense scrutiny on both sides of the Atlantic.

👀 👉🏼 https://www.politico.eu/article/digital-services-act-brussels-plan-to-rein-in-big-tech-takes-shape-thierry-breton-margrethe-vestager/

👀 👉🏼 (PDF)
https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820093011040.pdf

#eu #blacklist #bigtech #DSA #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Unfck the Internet

We love it, we need it, and we can all feel the ways it’s fcked. Together we can unfck it. Start by choosing the only non-profit-backed, people-first browser.

👀 👉🏼 Let’s get started
https://www.mozilla.org/en-US/firefox/unfck/

#unfck #internet #mozilla #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Tracking Mixed Bitcoins

Mixer services purportedly remove all connections betweenthe input (deposited) Bitcoins and the output (withdrawn) mixed Bit-coins, seemingly rendering taint analysis tracking ineffectual. In this pa-per, we introduce and explore a novel tracking strategy, calledAddressTaint Analysis, that adapts from existing transaction-based taint anal-ysis techniques for tracking Bitcoins that have passed through a mixerservice.

👀 👉🏼 (PDF)
https://arxiv.org/pdf/2009.14007.pdf

#analysis #bitcoin #mixer #tracking #tracing #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK Judge to Give Decision on Assange Extradition Early Next Year

The British judge presiding over the extradition trial of WikiLeaks founder Julian Assange said on Thursday that she would give her verdict on the case early next year. Judge Vanessa Baraitser said she would decide whether or not Assange will be extradited to the US on January 4th. Thursday was the 18th day of the hearing and the final day of witness testimony.

If Assange is extradited to the US, he could face up to 175 years in prison for exposing US war crimes. The US indicted the WikiLeaks founder on 17 counts of espionage and one count of conspiring to commit computer intrusion. The charges revolve around US State Department communications and documents on the US wars in Iraq and Afghanistan published by WikiLeaks in 2010.

The charges against Assange essentially criminalize receiving and publishing classified information.

A group of legal professionals, known as Lawyers for Assange, sent a letter to the UK government calling for the immediate release of the publisher. The group warned that Assange would not see a fair trial in the US. The letter said all of the crimes Assange is accused of are standard journalistic practices, and if he is extradited, it would gravely endanger press freedom. The letter was endorsed by hundreds of politicians, parliament members, and heads of state from around the world.

Last week, the Old Bailey heard testimony that Assange has been diagnosed with Aspergers, severe depression, and other conditions that put him at risk of suicide. Medical experts said if Assange is extradited to the US, it will increase his risk of suicide.

On Tuesday, Maureen Baird, a former warden of a high-security prison in New York, told the court that Assange would likely be held in isolation if extradited due to the national security nature of the case. If convicted, Assange would likely be held in isolation in a supermax prison in Colorado, known as ADX, which is home to notorious criminals. Baird warned of the adverse effects isolation causes on the mental health of inmates.

👀 👉🏼 https://news.antiwar.com/2020/10/01/uk-judge-to-give-decision-on-assange-extradition-early-next-year/

#assange #extradition #uk #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag