Penetrum-Security - Security-List

Here at Penetrum we are strong believers in the opensource community. We think knowledge should be free and everyone should have the best tools to do the job at their fingertips.

That's why we decided to come up with a list of tools to help with security implementations, auditing, penetration testing, server management, and much more. Enjoy!

👀 👉🏼 https://github.com/Penetrum-Security/Security-List

#tools #opensource #security #pentesting #auditing
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

iOS uses tracking codes without the users' consent

Third-party providers can track users across different iPhone apps using unique IDs without their consent. noyd has filed two complaints against Apple.

The Austrian NGO noyb ("none of your business") has filed a complaint against Apple for accusations of illegal data collection in Germany and Spain. According to the initiative around data protection activist Max Schrems, the Group uses an identification system comparable to cookies without obtaining the necessary consent from users:inside.

The complaint concerns the so-called Identifier for Advertisers (IDFA) - a unique ID that Apple generates for each iPhone. Third parties can use this ID to track end users through various apps, for example to track purchasing behavior.

The installation or reading of tracking codes should only be possible with the consent of the users, but most of them are unaware of IDFA. The fact that, strictly speaking, these are not cookies is no argument for noyb lawyer Stefano Rossetti: "This very simple rule applies regardless of the tracking technology used. While Apple even plans to block cookies in their browser, they themselves place similar codes in their cell phones without any user consent. This is a clear violation of EU data protection laws".

👀 👉🏼 Translated with DeepL
https://netzpolitik.org/2020/ios-nutzt-tracking-codes-ohne-einwilligung-der-nutzerinnen/

👀 👉🏼 COMPLAINT (PDF)
https://noyb.eu/sites/default/files/2020-11/IDFA_Germany_DEF_Redacted.pdf

#ios #tracking #ngo #noyb #IDFA #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Europol Innovation Laboratory

While end-to-end encryption is to be generally weakened, Europol is developing new applications for secure communication for the police. Some of the measures are part of the "European Police Partnership" proclaimed by the German EU Council Presidency. These include the "WhatsApp for law enforcement officers" project.

👀 👉🏼 (PDF)
https://www.statewatch.org/media/1474/eu-council-europol-innovation-lab-update-12859-20.pdf

#europol #bka #encryption #whatsapp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Introducing Cover Your Tracks!

Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where Panopticlick left off. Panopticlick was about letting users know that browser fingerprinting was possible; Cover Your Tracks is about giving users the tools to fight back against the trackers, and improve the web ecosystem to provide privacy for everyone.

Over a decade ago, we launched Panopticlick as an experiment to see whether the different characteristics that a browser communicates to a website, when viewed in combination, could be used as a unique identifier that tracks a user as they browse the web. We asked users to participate in an experiment to test their browsers, and found that overwhelmingly the answer was yes—browsers were leaking information that allowed web trackers to follow their movements.

n this new iteration, Cover Your Tracks aims to make browser fingerprinting and tracking more understandable to the average user. With helpful explainers accompanying each browser characteristic and how it contributes to their fingerprint, users get an in-depth look into just how trackers can use their browser against them.

👀 👉🏼 https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks

#eff #tool #coveryourtracks #panopticlick #tracking #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Nipe - An engine to make Tor Network your default gateway

Summary

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinary users who care about their privacy in the digital world.

Nipe is an engine, developed in Perl, that aims on making the Tor network your default network gateway. Nipe can route the traffic from your machine to the Internet through Tor network, so you can surf the Internet having a more formidable stance on privacy and anonymity in cyberspace.

👀 👉🏼 Download and install:
https://github.com/htrgouvea/nipe#download-and-install

#nipe #tor #routing #privacy #anonymity #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Tails

Tails is a live operating system that helps to protect privacy, leave no trace on the Internet and avoid surveillance.

This talk will introduce Tails and explain its use: What exactly is Tails? Why is Tails useful? Where can Tails be obtained from, how is Tails installed, how does it work? It also discusses ways to customize Tails (setting up an encrypted persistent storage, installing additional software, etc.). Some of the software packages pre-installed in Tails are also presented.

💡 These file here contains multiple languages. (🇩🇪 🇬🇧)
The file available for download contains all languages as separate audio-tracks.

📺 👉🏼 https://media.ccc.de/v/pw20-342-tails

#tails #pw20 #ccc #talk #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Smart doorbells could be hackers' key to devices inside your home

The consumer watchdog found that smart doorbells sold for enticingly low prices on online marketplaces

Smart doorbells could be used to hack into laptops inside the home due to major security flaws in a number of devices, a Which? investigation has found.

The consumer watchdog found that smart doorbells sold for enticingly low prices on online marketplaces can be easily switched off, stolen or hacked by criminals.

Which? bought 11 smart doorbells, some of which appeared to look very similar to Amazon Ring or Google Nest models, available from popular online marketplaces such as Amazon Marketplace and eBay.

Working with cyber security experts NCC Group, high-risk security issues were found among all of the doorbells, including two rated as critically vulnerable and a further nine rated as high impact.

Flaws included weak password policies, a lack of data encryption and an excessive collection of customers' private information - all of which risk exposing sensitive data to cybercriminals.

Some of these flaws even enabled the physical theft of the doorbell or made it easy for an intruder to switch off the device.

According to the report two devices tested, by Victure and Ctronics, had a critical vulnerability that could allow cybercriminals to steal the network password and use that to hack not only the doorbells and the router, but also any other smart devices in the home, such as a thermostat, camera or potentially even a laptop.

👀 👉🏼 https://www.telegraph.co.uk/news/2020/11/23/smart-doorbells-could-hackers-key-devices-inside-home/

#smart #doorbells #hackers #cybercriminals #security #flaws #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Don’t be duped by performance, Apple’s M1 silicon is all about platform control

With the dust settling on Apple’s first Arm-based Macs and new M1 chip announcements, it’s time to take stock of what this means for one of the industry’s biggest computing ecosystems. The transition to Arm CPUs is a major shift that will be felt across the industry in the coming years. The energy efficiency benefits for consumers are obviously great, but the change is likely to be a headache for software developers who need to go back and rebuild their apps.

While Apple looks to have produced some very powerful silicon based on initial reviews and testing from the tech-sphere, the need for emulation means we should take its performance claims with a pinch of salt. After all, software emulation takes a toll on both performance and power consumption. We’ll be putting the chip and one of Apple’s new laptops through their paces very soon to find out for sure.

However, what we can say is that this transition is already proving to be a pretext for greater ecosystem control.

👀 👉🏼 https://www.androidauthority.com/apple-m1-chip-platform-control-1178210/

#apple #platform #control #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple is lobbying against a bill aimed at stopping forced labor in China

Apple wants to water down key provisions of the bill, which would hold U.S. companies accountable for using Uighur forced labor, according to two congressional staffers

Apple lobbyists are trying to weaken a bill aimed at preventing forced labor in China, according to two congressional staffers familiar with the matter, highlighting the clash between its business imperatives and its official stance on human rights.

The Uyghur Forced Labor Prevention Act would require U.S. companies to guarantee they do not use imprisoned or coerced workers from the predominantly Muslim region of Xinjiang, where academic researchers estimate the Chinese government has placed more than 1 million people into internment camps. Apple is heavily dependent on Chinese manufacturing, and human rights reports have identified instances in which alleged forced Uighur labor has been used in Apple’s supply chain.

The staffers, who spoke on the condition of anonymity because the talks with the company took place in private meetings, said Apple was one of many U.S. companies that oppose the bill as it’s written. They declined to disclose details on the specific provisions Apple was trying to knock down or change because they feared providing that knowledge would identify them to Apple. But they both characterized Apple’s effort as an attempt to water down the bill.

“What Apple would like is we all just sit and talk and not have any real consequences,” said Cathy Feingold, director of the international department for the AFL-CIO, which has supported the bill. “They’re shocked because it’s the first time where there could be some actual effective enforceability.”

👀 👉🏼 https://www.washingtonpost.com/technology/2020/11/20/apple-uighur/

👀 👉🏼 https://www.congress.gov/bill/116th-congress/house-bill/6210

#apple #uighurs #forcedlabor #china #thinkabout #humanrights
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Guelph police have tool to unlock iPhones and copy contents, with no policy on when or how to use it

The Guelph Police Service has a device that can unlock iPhones and copy their contents, and no policy on when or how it should be used – something that privacy experts said raises alarm bells.

According to a letter responding to a request made by the Mercury Tribune under the Municipal Freedom of Information and Protection of Privacy Act, the Guelph Police Service (GPS) confirmed that it owns what is called a GrayKey, a tool developed by Atlanta-based tech company Grayshift.

The GrayKey, according to Grayshift’s website, can unlock iPhones and “extracts encrypted or inaccessible data” from said device.

The letter from GPS adds that there is no internal policy or procedural documents about the device, and no directives have been issued by police leadership on its use. As well, the letter notes that the GrayKey “is used only by our technological crimes detectives.”

👀 👉🏼 https://www.guelphmercury.com/news-story/10272853-guelph-police-have-tool-to-unlock-iphones-and-copy-contents-with-no-policy-on-when-or-how-to-use-it/

#apple #guelph #canada #police #unlock #iphones #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Odyssey-Jailbreak updated with iOS 13.0-13.7 support

What makes Odyssey different to other jailbreaks?

👉🏼 Fast. Really Fast.
Odyssey is the first jailbreak to be written almost entirely in Swift. It's also a snappy, responsive experience that you can't find anywhere else, with full support for all iOS 13.0-13.7 devices.

👉🏼 Completely Open.
Odyssey is completely open source, and welcomes community contributions and pull requests, as a tribute to the dearly departed s0uthwes and his continued optimism and faith in the project.

👉🏼 All new. All improved.
Odyssey comes with the open source Procursus bootstrap, designed from the ground up with openness and compatiblity in mind. Odyssey also comes equipped with full libhooker support, so speed and reliabilty are ensured.

👀 Download 👀
AltStore Repo & Shortcut

👀 IPA Download 👀

Added support for all iOS devices between iOS 13.0-13.7 (thanks to FreeTheSandbox!)
Improved exploit reliability on iOS 13.0-13.5

Download .ipa or Install via AltStore

👀 👉🏼 https://theodyssey.dev/

#theodyssey #jailbreak #apple #ios
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Edward Snowden on the Dangers of Silicon Valley Censorship - System Update with Glenn Greenwald

📺 👉🏼 https://www.youtube.com/watch?v=5qEuKCS-czU

#snowden #siliconvalley #censorship #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple security hampers detection of unwanted programs

Anyone who uses Malwarebytes software is probably familiar with the fact that, in addition to things like malware and adware, Malwarebytes detects potentially unwanted programs (PUPs). These are programs that exhibit a variety of unsavory behaviors, but that, for legal reasons, cannot be called malware.

"PUP (n): a program that may include advertising, toolbars, and pop-ups that are unrelated to the software you downloaded. PUPs often come bundled with other software that you installed."
👉🏼 https://blog.malwarebytes.com/glossary/pup/

For the entire history of Malwarebytes software on iOS—the system that runs on iPhones, iPads, and iPod Touches—there have been things we would consider to be PUPs on the iOS App Store. However, due to limitations imposed by Apple, we’ve been completely unable to scan or remove PUPs from those devices (iPhones or iPads). This is simply the reality of working within Apple’s ecosystem.

On macOS, however, we’ve always been able to detect and remove PUPs. Unfortunately, we’re seeing the first signs that this is starting to change—not just for Malwarebytes, but for all security companies.

👀 👉🏼 https://blog.malwarebytes.com/mac/2020/11/apple-security-hampers-detection-of-unwanted-programs/

👀 👉🏼 🇩🇪 https://t3n.de/news/macos-apple-adware-mackeeper-malware-1340895/

#apple #macos #adware #mackeeper #malware #pub #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Sophos notifies customers of data exposure after database misconfiguration

Exclusive: Company says that only a small subset of customers were impacted.

UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week.

"On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in an email sent to customers and obtained by ZDNet.

Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).

A Sophos spokesperson confirmed the emails earlier today and told ZDNet that only a "small subset" of the company's customers were affected but did not provide an approximate number.

Sophos said it learned of the misconfiguration from a security researcher and fixed the reported issue right away.

"At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers," the company said. "Additionally, we are implementing additional measures to ensure access permission settings are continuously secure. "

👀 👉🏼 https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

#leak #sophos #data #exposure #misconfiguration
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Xiaomi Android 11 Tracker: Here are all the official MIUI beta and stable builds to download and install

Following the arrival of the first public beta of Android 11 back in June, Xiaomi published similar AOSP-style beta builds for the Mi 10/10 Pro and the Redmi K30 Pro (e.g. the Chinese variant of the POCO F2 Pro) later that month. Shortly thereafter, the Chinese OEM started rolling out MIUI 12-based closed beta builds for these phones, however, the underlying layer of Android was still based on the beta codebase. Now that Android 11 hits the stable milestone, Xiaomi has already prepared stable MIUI 12 builds on top of the latest iteration of Android.

The first batch of global devices to receive the MIUI 12-infused stable Android 11 update includes the Xiaomi Mi 10 and Mi 10 Pro. Many more Mi, Redmi, and POCO branded smartphones are expected to get the update in the coming days. This article will serve as the central repository of download links for all Xiaomi devices that have received their official Android 11 updates, including the ones powered by Android One instead of MIUI.

It is worth mentioning that the MIUI versioning scheme doesn’t have a one-to-one correspondence with the version of Android. While Xiaomi is expected to unveil a new version of MIUI — tentatively MIUI 13 — with new features in the near future, the company will continue to produce MIUI 12-based Android 11 builds for compatible devices during the transition phase.

The compatible devices will initially get the taste of Android 11 through the MIUI beta channel (which has now been rebased on top of the stable Android 11 codebase), and then through the stable channel builds. Features on Xiaomi devices are often decided more by their MIUI version and less by their Android version. So you can take a look at our other trackers for MIUI 12 builds.

👀 👉🏼 https://www.xda-developers.com/xiaomi-android-11-update-list-download-install/

#android #smartphone #xiaomi #updates #download #install
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How Saudi Arabia Uses Spy Tech to Hunt Critics Around the World

How does Saudi Arabia use spy tech to hunt critics and dissidents around the world? In this episode, John Scott- Railton and Bill Marczak, dive into the case of Omar Abdulaziz and how the Saudi regime hacks dissidents to intimidate and silence them.

🎙 https://soundcloud.com/thehrf/how-saudi-arabia-uses-spy-tech-to-hunt-critics-around-the-world

#saudiarabia #spionage #pegasus #nsogroup #nso #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Manchester United are being held to RANSOM for millions of pounds by cyberhackers who targeted club computer systems and are demanding cash not to release sensitive data

Manchester United are being held to ransom for millions of pounds by cyber criminals who have crippled the club's systems, Sportsmail can reveal.

United have brought in a team of technical experts to contain the potentially 'disastrous' attack that was launched more than a week ago.

But it's understood the hackers still have United in their grip after the National Cyber Security Centre on Thursday night confirmed they are helping the club to resolve the crisis.

👀 👉🏼 https://www.dailymail.co.uk/sport/sportsnews/article-8989881/Manchester-United-held-RANSOM-cyberhackers-control-computers.html

#cybercriminals #manchesterunited #ransomware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

EU anti-terrorism commissioner warns against video games and pleads for backdoors

According to Gilles de Keroche, terrorists use video games for attack preparation and communication. Platform operators should therefore hand over the plain text of encrypted messages to law enforcement agencies.

In an interview with the news agency AFP, the EU anti-terrorism commissioner demands stronger regulation of computer games. Terrorists could use them to prepare attacks and as a means of communication. Combat games are suitable for testing attack scenarios.

The Belgian emphasizes that extremists already abuse video games for propaganda purposes. Right-wing extremists in Germany in particular have developed titles in which one could shoot at Arabs, the Jewish billionaire George Soros or the German Chancellor. In addition, the politician points out the danger of money laundering via game currencies. The games sector is not problematic as a whole, he said, but from the point of view of counter-terrorism there is too little regulation.

👀 👉🏼 Translated with DeepL:
https://t3n.de/news/anti-terrorbeauftragter-eu-computerspiele-videospiele-warnung-anschlaege-hintertueren-verschluesselung-1341260

#eu #antiterrorism #videogames #encryption #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

You've Got Spam: With this tool you send back your spam mails

You get unwanted emails every day, no matter how often you unsubscribe from mailing lists? With this tool, e-mail revenge is yours.

💡 👉🏼 https://youvegotspam.mschfmag.com

#youvegotspam #email #spam #tool #gmail
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto Wars: Green light for contested EU declaration on decryption

Diplomats have approved the EU Council resolution on encryption drafted by the German government. IT companies should help with decryption.

🇬🇧 EU: Council set to adopt declaration against encryption
https://www.statewatch.org/news/2020/november/eu-council-set-to-adopt-declaration-against-encryption/

👀 👉🏼 🇩🇪 https://data.consilium.europa.eu/doc/document/ST-13245-2020-INIT/de/pdf

#eu #encryption #declaration #cryptowars #netpolitics #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Most Americans Object to Government Tracking of Their Activities Through Cellphones

A new survey found widespread concern among Americans about government tracking of their whereabouts through their digital devices, with an overwhelming majority saying that a warrant should be required to obtain such data.

A new Harris Poll survey indicated that 55% of American adults are worried that government agencies are tracking them through location data generated from their cellphones and other digital devices. The poll also found that 77% of Americans believe the government should get a warrant to buy the kind of detailed location information that is frequently purchased and sold on the commercial market by data brokers.

The Wall Street Journal has reported that several U.S. law-enforcement agencies are buying geolocation data from brokers for criminal-law enforcement and border-security purposes without any court oversight.

Federal agencies have concluded that they don’t require a warrant because the location data is available for purchase on the open market. The U.S. Supreme Court ruled in 2018 that a warrant is required to compel cellphone carriers to turn over location data to law enforcement, but it hasn’t addressed whether consumers have any expectation of privacy or due process in data generated from apps rather than carriers.

Modern mobile-phone applications like weather forecasts, maps, games and social networks often ask consumers permission to record the phone’s location. That data is then packaged and resold by brokers. Computers, tablets, cars, wearable fitness tech and many other internet-enabled devices also have the potential to generate location information that is collected by companies.

The buying and selling of the location data drawn from modern technology have become a multibillion-dollar business—frequently used by corporations for targeted advertising, personalized marketing and behavioral profiling. Wall Street firms, real-estate developers and many other corporations use such information to guide decisions on investments, developments and planning.

👀 👉🏼 https://telegra.ph/Most-Americans-Object-to-Government-Tracking-of-Their-Activities-Through-Cellphones-11-28-2

#usa #gov #tracking #cellphones #mobilephone #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag