‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.
YOUR ORDER HISTORY. Your credit card information. Even your intimate health data.
Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the company's efforts to protect the information it collects are inadequate, according to insiders who warn the company's security shortfalls expose users' information to potential breaches, theft and exploitation.
The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S. — who told POLITICO they had repeatedly tried to alert senior leadership in the company's Seattle HQ, only to be sidelined, dismissed or pushed out of the company in what they saw as professional retaliation.
The EU-based employee is fighting dismissal from Amazon through European courts. All three spoke on condition of anonymity out of concern they could face retaliation or difficulties in the job market for discussing the details of non-public legal proceedings.
Put together, their accounts paint a picture of a corporate culture at Amazon that they say prioritizes growth over other factors, such as the security of customers' information, compliance with rules designed to safeguard that data and the careers of employees the company hired specifically to flag problems.
“Imagine if a company the size of Amazon had a breach? The issue is millions of people's personal identifiable information is at risk,” the first former U.S.-based information-security employee said.
https://www.politico.eu/article/data-at-risk-amazon-security-threat/
#amazon #DeleteAmazon #data #security #risk #threat #yourdata #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.
YOUR ORDER HISTORY. Your credit card information. Even your intimate health data.
Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the company's efforts to protect the information it collects are inadequate, according to insiders who warn the company's security shortfalls expose users' information to potential breaches, theft and exploitation.
The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S. — who told POLITICO they had repeatedly tried to alert senior leadership in the company's Seattle HQ, only to be sidelined, dismissed or pushed out of the company in what they saw as professional retaliation.
The EU-based employee is fighting dismissal from Amazon through European courts. All three spoke on condition of anonymity out of concern they could face retaliation or difficulties in the job market for discussing the details of non-public legal proceedings.
Put together, their accounts paint a picture of a corporate culture at Amazon that they say prioritizes growth over other factors, such as the security of customers' information, compliance with rules designed to safeguard that data and the careers of employees the company hired specifically to flag problems.
“Imagine if a company the size of Amazon had a breach? The issue is millions of people's personal identifiable information is at risk,” the first former U.S.-based information-security employee said.
https://www.politico.eu/article/data-at-risk-amazon-security-threat/
#amazon #DeleteAmazon #data #security #risk #threat #yourdata #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
POLITICO
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
The Chinese hacking group used the malicious add-on to collect Gmail and Firefox data from their victims.
Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems.
The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of TA413.
https://www.zdnet.com/article/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on/
#china #cyberspies #tibetans #malicious #firefox #addon
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Chinese hacking group used the malicious add-on to collect Gmail and Firefox data from their victims.
Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems.
The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of TA413.
https://www.zdnet.com/article/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on/
#china #cyberspies #tibetans #malicious #firefox #addon
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total.
The VPN services whose data has been allegedly exfiltrated by the hacker are SuperVPN, which is considered as one of the most popular (and dangerous) VPNs on Google Play with 100,000,000+ installs on the Play store, as well as GeckoVPN (10,000,000+ installs) and ChatVPN (50,000+ installs).
The forum user is selling deeply sensitive device data and login credentials – email addresses and randomly generated strings used as passwords – of more than 21 million VPN users for an undisclosed sum.
We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked the providers if they could confirm that the leak was genuine but we have received no responses at the time of writing this report.
💡 What was leaked?
The author of the forum post is selling three archives, two of which allegedly contain a variety of data apparently collected by the providers from more than 21,000,000 SuperVPN, GeckoVPN, and ChatVPN users, including:
❌ Email addresses
❌ Usernames
❌ Full names
❌ Country names
❌ Randomly generated password strings
❌ Payment-related data
❌ Premium member status and its expiration date
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/
#android #vpn #SuperVPN #GeckoVPN #ChatVPN #hacked #leak #exposed
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total.
The VPN services whose data has been allegedly exfiltrated by the hacker are SuperVPN, which is considered as one of the most popular (and dangerous) VPNs on Google Play with 100,000,000+ installs on the Play store, as well as GeckoVPN (10,000,000+ installs) and ChatVPN (50,000+ installs).
The forum user is selling deeply sensitive device data and login credentials – email addresses and randomly generated strings used as passwords – of more than 21 million VPN users for an undisclosed sum.
We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked the providers if they could confirm that the leak was genuine but we have received no responses at the time of writing this report.
💡 What was leaked?
The author of the forum post is selling three archives, two of which allegedly contain a variety of data apparently collected by the providers from more than 21,000,000 SuperVPN, GeckoVPN, and ChatVPN users, including:
❌ Email addresses
❌ Usernames
❌ Full names
❌ Country names
❌ Randomly generated password strings
❌ Payment-related data
❌ Premium member status and its expiration date
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/
#android #vpn #SuperVPN #GeckoVPN #ChatVPN #hacked #leak #exposed
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Cybernews
Best VPN services for 2024
Read this article to learn what’s the best VPN service for your specific needs. We tested numerous providers to uncover the top-quality VPNs in 2024.
This media is not supported in your browser
VIEW IN TELEGRAM
Deep Nostalgia uses video reenactment technology to animate faces in still photos
Those family photos hung on the wall might soon take on a new life.
The genealogy platform MyHeritage released a feature that animates faces in still photos using video reenactment technology.
The feature, called Deep Nostalgia, produces a realistic depiction of how a person could have moved and looked if they were captured on video.
https://eu.usatoday.com/story/tech/2021/02/25/deep-nostalgia-technology-animates-faces-still-photos/6814516002/
#deep #nostalgia #technology #video #reenactment #MyHeritage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Those family photos hung on the wall might soon take on a new life.
The genealogy platform MyHeritage released a feature that animates faces in still photos using video reenactment technology.
The feature, called Deep Nostalgia, produces a realistic depiction of how a person could have moved and looked if they were captured on video.
https://eu.usatoday.com/story/tech/2021/02/25/deep-nostalgia-technology-animates-faces-still-photos/6814516002/
#deep #nostalgia #technology #video #reenactment #MyHeritage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Amazon rainforest plots sold via Facebook Marketplace ads
Parts of Brazil's Amazon rainforest are being illegally sold on Facebook, the BBC has discovered.
The protected areas include national forests and land reserved for indigenous peoples.
Some of the plots listed via Facebook's classified ads service are as large as 1,000 football pitches.
Facebook said it was "ready to work with local authorities", but indicated it would not take independent action of its own to halt the trade.
"Our commerce policies require buyers and sellers to comply with laws and regulations," the Californian tech firm added.
The leader of one of the indigenous communities affected has urged the tech firm to do more.
And campaigners have claimed the country's government is unwilling to halt the sales.
"The land invaders feel very empowered to the point that they are not ashamed of going on Facebook to make illegal land deals," said Ivaneide Bandeira, head of environmental NGO Kanindé.
https://www.bbc.com/news/technology-56168844
#DeleteFacebook #facebook #marketplace #amazon #rainforest #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Parts of Brazil's Amazon rainforest are being illegally sold on Facebook, the BBC has discovered.
The protected areas include national forests and land reserved for indigenous peoples.
Some of the plots listed via Facebook's classified ads service are as large as 1,000 football pitches.
Facebook said it was "ready to work with local authorities", but indicated it would not take independent action of its own to halt the trade.
"Our commerce policies require buyers and sellers to comply with laws and regulations," the Californian tech firm added.
The leader of one of the indigenous communities affected has urged the tech firm to do more.
And campaigners have claimed the country's government is unwilling to halt the sales.
"The land invaders feel very empowered to the point that they are not ashamed of going on Facebook to make illegal land deals," said Ivaneide Bandeira, head of environmental NGO Kanindé.
https://www.bbc.com/news/technology-56168844
#DeleteFacebook #facebook #marketplace #amazon #rainforest #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
BBC News
Amazon rainforest plots sold via Facebook Marketplace ads
Protected land reserved for Brazil's indigenous communities is being traded on the social network.
A judge has accepted a $650 million settlement of a privacy lawsuit filed against Facebook over facial picture marking.
A federal judge has accepted a $650 million deal between Facebook and users who sued the company over the tagging feature
The deal was a "landmark result," according to US Judge James Donato of the Northern District of California, who described it as "one of the largest-ever from a privacy lawsuit." According to the complaint, at least $345 would be paid to around 1.6 million individuals who entered the action.
"Overall, the settlement is a major win for consumers in the hotly contested area of digital privacy," wrote Judge Donato. "The standing issue makes this settlement all the more valuable because Facebook and other big tech companies continue to fight the proposition that a statutory privacy violation is a genuine harm."
In Illinois, a class-action lawsuit was first filed in 2015. Users claimed that Facebook had defied the state's Biometric Identity Protection Act, which forbids private organizations from collecting, storing, or using biometric identification or information without advance notice and written consent.
According to the complaint, beginning in June 2011, Facebook created and stored a face design for Illinois users as part of a feature to facilitate tagging - or marking - individuals in images.
The settlement order said, "The class members alleged that Facebook collected and stored their biometric data - namely digital scans of their faces - without prior notice or consent"
https://blog.newspen.in/2021/02/a-judge-has-accepted-650-million.html
#DeleteFacebook #facebook #privacy #lawsuit
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A federal judge has accepted a $650 million deal between Facebook and users who sued the company over the tagging feature
The deal was a "landmark result," according to US Judge James Donato of the Northern District of California, who described it as "one of the largest-ever from a privacy lawsuit." According to the complaint, at least $345 would be paid to around 1.6 million individuals who entered the action.
"Overall, the settlement is a major win for consumers in the hotly contested area of digital privacy," wrote Judge Donato. "The standing issue makes this settlement all the more valuable because Facebook and other big tech companies continue to fight the proposition that a statutory privacy violation is a genuine harm."
In Illinois, a class-action lawsuit was first filed in 2015. Users claimed that Facebook had defied the state's Biometric Identity Protection Act, which forbids private organizations from collecting, storing, or using biometric identification or information without advance notice and written consent.
According to the complaint, beginning in June 2011, Facebook created and stored a face design for Illinois users as part of a feature to facilitate tagging - or marking - individuals in images.
The settlement order said, "The class members alleged that Facebook collected and stored their biometric data - namely digital scans of their faces - without prior notice or consent"
https://blog.newspen.in/2021/02/a-judge-has-accepted-650-million.html
#DeleteFacebook #facebook #privacy #lawsuit
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
News Pen
A judge has accepted a $650 million settlement of a privacy lawsuit filed against Facebook over facial picture marking.
A federal judge has accepted a $650 million deal between Facebook and users who sued the company over the tagging feature. The deal was a "...
Youtube Employing Favicon Tracking Method
It comes to no surprise to me, that it seems Youtube/Google has been making use of favicon tracking.
After taking a quick look in my favicon database, this is what shows up.
https://www.reddit.com/r/privacy/comments/lvgx54/youtube_employing_favicon_tracking_method/
#privacy #youtube #google #DeleteGoogle #favicon #tracking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
It comes to no surprise to me, that it seems Youtube/Google has been making use of favicon tracking.
After taking a quick look in my favicon database, this is what shows up.
https://www.reddit.com/r/privacy/comments/lvgx54/youtube_employing_favicon_tracking_method/
#privacy #youtube #google #DeleteGoogle #favicon #tracking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Setup for testing Android app vulnerabilities
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
💡 Contents
✅ Choosing a virtualization approach
✅ Setting up Android SDK
✅ Minimal proof of concept Android app
✅ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
💡 Contents
✅ Choosing a virtualization approach
✅ Setting up Android SDK
✅ Minimal proof of concept Android app
✅ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Almost Secure
Setup for testing Android app vulnerabilities
Documenting my setup: Android emulator, minimal Android app and instrumenting the target app via Soot to get debugging info.
Full-Report-Digital-1.pdf
13.9 MB
Final Report - National Security Commission on Artificial Intelligence
Americans have not yet grappled with just how profoundly the artificial intelligence (AI) revolution will impact our economy, national security, and welfare. Much remains to be learned about the power and limits of AI technologies. Nevertheless, big decisions need to be made now to accelerate AI innovation to benefit the United States and to defend against the malign uses of AI.
https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdf
#national #security #commission #artificial #intelligence #report #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Americans have not yet grappled with just how profoundly the artificial intelligence (AI) revolution will impact our economy, national security, and welfare. Much remains to be learned about the power and limits of AI technologies. Nevertheless, big decisions need to be made now to accelerate AI innovation to benefit the United States and to defend against the malign uses of AI.
https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdf
#national #security #commission #artificial #intelligence #report #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Upgrading your Chrome build as quickly as possible is recommended.
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.
The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."
Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.
Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.
The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.
Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.
https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/
#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
ZDNET
Google patches actively exploited Chrome browser zero-day vulnerability
Upgrading your Chrome build as quickly as possible is recommended.
How to turn off the ANDROID TRACKING SERVICES [ROOT required]
Let's start:
👉🏼 Download Termux from Google Playstore and install and open it.
Install Packages:
https://drive.google.com/drive/folders/1_G6-M8ToF0PsjY0HIrZIAVrTHT6nbptE
💡 (Please always use the latest version)
👉🏼 Unpack to 👉🏼 /sdcard and then enter the following command...:
👉🏼 Then enter:
tsu
After that, just reboot your device and the job is done.
#root #android #tracking #services #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Let's start:
👉🏼 Download Termux from Google Playstore and install and open it.
Install Packages:
pkg install aapt jq tsu curl -y( Asks for root privileges, allow this ❗️👇🏽)
cd /data/data/com.termux/files/usr/bin👉🏼 Download the script from here:
cp -R aapt /system/xbin/aapt
cp -R jq /system/xbin/jq
cp -R curl /system/xbin/curl
chmod +x /system/xbin/aapt
chmod +x /system/xbin/jq
chmod +x /system/xbin/curl
https://drive.google.com/drive/folders/1_G6-M8ToF0PsjY0HIrZIAVrTHT6nbptE
💡 (Please always use the latest version)
👉🏼 Unpack to 👉🏼 /sdcard and then enter the following command...:
termux-setup-storage (grant permission)👉🏼 Then enter:
cd /sdcard(with root) 👇🏽
tsu
bash DisableTrackers.sh sys (Add ❗️)After that, just reboot your device and the job is done.
#root #android #tracking #services #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.
In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.
Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.
Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.
Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")
Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.
The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.
https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/
#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.
In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.
Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.
Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.
Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")
Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.
The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.
https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/
#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Register
Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web
Notes an 'erosion of trust' – gee, wonder who could be responsible for that...
India’s new intermediary liability and digital media regulations will harm the open internet
Last week, in a sudden move that will have disastrous consequences for the open internet, the Indian government notified a new regime for intermediary liability and digital media regulation. Intermediary liability (or “safe harbor”) protections have been fundamental to growth and innovation on the internet as an open and secure medium of communication and commerce.
By expanding the “due diligence” obligations that intermediaries will have to follow to avail safe harbor, these rules will harm end to end encryption, substantially increase surveillance, promote automated filtering and prompt a fragmentation of the internet that would harm users while failing to empower Indians. While many of the most onerous provisions only apply to “significant social media intermediaries” (a new classification scheme), the ripple effects of these provisions will have a devastating impact on freedom of expression, privacy and security.
As we explain below, the current rules are not fit-for-purpose and will have a series of unintended consequences on the health of the internet as a whole:
https://blog.mozilla.org/netpolicy/2021/03/02/indias-new-intermediary-liability-and-digital-media-regulations-will-harm-the-open-internet/
#india #digital #media #regulations #blog #mozilla #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Last week, in a sudden move that will have disastrous consequences for the open internet, the Indian government notified a new regime for intermediary liability and digital media regulation. Intermediary liability (or “safe harbor”) protections have been fundamental to growth and innovation on the internet as an open and secure medium of communication and commerce.
By expanding the “due diligence” obligations that intermediaries will have to follow to avail safe harbor, these rules will harm end to end encryption, substantially increase surveillance, promote automated filtering and prompt a fragmentation of the internet that would harm users while failing to empower Indians. While many of the most onerous provisions only apply to “significant social media intermediaries” (a new classification scheme), the ripple effects of these provisions will have a devastating impact on freedom of expression, privacy and security.
As we explain below, the current rules are not fit-for-purpose and will have a series of unintended consequences on the health of the internet as a whole:
https://blog.mozilla.org/netpolicy/2021/03/02/indias-new-intermediary-liability-and-digital-media-regulations-will-harm-the-open-internet/
#india #digital #media #regulations #blog #mozilla #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Open Policy & Advocacy
India’s new intermediary liability and digital media regulations will harm the open internet
In in a sudden move that will have disastrous consequences for the open internet, the Indian government has notified a new regime for intermediary liability protections.
Top 21 Data Mining Tools - What is data mining?
Data mining is a world itself, which is why it can easily get very confusing. There is an incredible number of data mining tools available in the market. However, while some might be more suitable for handling data mining in Big Data, others stand out for their data visualization features.
As is explained in this article, data mining is about discovering patterns in data and predict trends and behaviours. Simply put, it is the process of converting vasts sets of data into relevant information. There is not much use in having massive amounts of data if we do not actually know what it means.
💡 Table of contents
1 .. What is data mining?
1.2 The Steps of Data Mining Process?
1.3 The difference between data mining and data warehouse
2 .. Data Mining Tools
2.1 R vs Python
2.2 Integrated data mining tools for statistical analysis
2.3 Open-source data mining solutions
2.4 Data mining tools for Big Data
2.5 Small scale solutions for data mining
2.6 Cloud solutions for data mining
2.7 Data Mining tools for neural networks
2.8 Data mining tools for data visualization
3 .. Conclusion
https://www.imaginarycloud.com/blog/data-mining-tools/
#data #mining #bigdata #tools #knowhow
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Data mining is a world itself, which is why it can easily get very confusing. There is an incredible number of data mining tools available in the market. However, while some might be more suitable for handling data mining in Big Data, others stand out for their data visualization features.
As is explained in this article, data mining is about discovering patterns in data and predict trends and behaviours. Simply put, it is the process of converting vasts sets of data into relevant information. There is not much use in having massive amounts of data if we do not actually know what it means.
💡 Table of contents
1 .. What is data mining?
1.2 The Steps of Data Mining Process?
1.3 The difference between data mining and data warehouse
2 .. Data Mining Tools
2.1 R vs Python
2.2 Integrated data mining tools for statistical analysis
2.3 Open-source data mining solutions
2.4 Data mining tools for Big Data
2.5 Small scale solutions for data mining
2.6 Cloud solutions for data mining
2.7 Data Mining tools for neural networks
2.8 Data mining tools for data visualization
3 .. Conclusion
https://www.imaginarycloud.com/blog/data-mining-tools/
#data #mining #bigdata #tools #knowhow
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Imaginarycloud
Top 21 Data Mining Tools
Data mining is a process that uses intelligent methods to discover patterns and extract relevant information from data. Find out the top data mining tools!
Researcher finds 5 privilege escalation vulnerabilities in Linux kernel
A researcher at Positive Technologies found five similar vulnerabilities in the kernel of Linux operating systems that can allow an attacker to escalate local privileges on a victim’s network.
The flaws, discovered by security researcher Alexander Popov, could allow an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications. Popov was able to successfully test an exploit of one of the vulnerabilities on Fedora Server 33, notifying the Linux Foundation, a non-profit consortium designed to standardize support for the open-source Linux system, and other parties through email on February 5.
“Hello! Let me inform you about the Linux kernel vulnerabilities that I’ve found in AF_VSOCK implementation. I managed to exploit one of them for a local privilege escalation on Fedora Server 33 for x86_64, bypassing SMEP and SMAP,” Popov wrote to the group, adding he planned to share more details about the exploit techniques with them “later.”
Popov said in the email that he had already developed a patch and followed responsible disclosure guidelines throughout the process. He submitted his findings to the National Institute of Standards and Technologies’ National Vulnerability Database, which developed them into CVE-2021-26708.
The vulnerabilities received a 7.0 out of 10 for severity by the Common Vulnerability Scoring System. According to Popov, the vulnerable kernel modules are race conditions that are present in all major GNU/Linux distributions and automatically load when creating a socket through the AF_VSOCK core, which is designed to communicate between guest virtual machines and their host.
https://www.scmagazine.com/home/security-news/vulnerabilities/researcher-finds-5-privilege-escalation-vulnerabilities-in-linux-kernel/
#linux #kernel #vulnerabilities #privilege #escalation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A researcher at Positive Technologies found five similar vulnerabilities in the kernel of Linux operating systems that can allow an attacker to escalate local privileges on a victim’s network.
The flaws, discovered by security researcher Alexander Popov, could allow an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications. Popov was able to successfully test an exploit of one of the vulnerabilities on Fedora Server 33, notifying the Linux Foundation, a non-profit consortium designed to standardize support for the open-source Linux system, and other parties through email on February 5.
“Hello! Let me inform you about the Linux kernel vulnerabilities that I’ve found in AF_VSOCK implementation. I managed to exploit one of them for a local privilege escalation on Fedora Server 33 for x86_64, bypassing SMEP and SMAP,” Popov wrote to the group, adding he planned to share more details about the exploit techniques with them “later.”
Popov said in the email that he had already developed a patch and followed responsible disclosure guidelines throughout the process. He submitted his findings to the National Institute of Standards and Technologies’ National Vulnerability Database, which developed them into CVE-2021-26708.
The vulnerabilities received a 7.0 out of 10 for severity by the Common Vulnerability Scoring System. According to Popov, the vulnerable kernel modules are race conditions that are present in all major GNU/Linux distributions and automatically load when creating a socket through the AF_VSOCK core, which is designed to communicate between guest virtual machines and their host.
https://www.scmagazine.com/home/security-news/vulnerabilities/researcher-finds-5-privilege-escalation-vulnerabilities-in-linux-kernel/
#linux #kernel #vulnerabilities #privilege #escalation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
SC Media
Researcher finds 5 privilege escalation vulnerabilities in Linux kernel
The vulnerabilities, which were patched before public disclosure, could have allowed an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications.
Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System
Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports.
This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
https://arxiv.org/abs/2103.02282
#apple #security #privacy #bluetooth #location #tracking #analysis
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports.
This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
https://arxiv.org/abs/2103.02282
#apple #security #privacy #bluetooth #location #tracking #analysis
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering Conspiracy Crimes
John McAfee, the eccentric founder of the cybersecurity company McAfee, was indicted Friday on charges related to securities fraud and money laundering, according to the Justice Department.
Details: McAfee and his adviser Jimmy Watson have been accused by federal prosecutors in New York of using McAfee's Twitter account to promote cryptocurrencies to his 1 million+ followers in order to artificially inflate their market price.
What they're saying: “As alleged, McAfee and Watson exploited a widely used social media platform and enthusiasm among investors in the emerging cryptocurrency market to make millions through lies and deception," Manhattan U.S. Attorney Audrey Strauss said in a statement.
https://telegra.ph/John-David-McAfee-And-Executive-Adviser-Of-His-Cryptocurrency-Team-Indicted-In-Manhattan-Federal-Court-For-Fraud-And-Money-Laund-03-06
via www.justice.gov
https://telegra.ph/John-McAfee-indicted-for-alleged-cryptocurrency-pump-and-dump-scheme-03-06
via news.yahoo.com
#mcafee #indicted #cryptocurrency #usa #manhattan #fraud #moneylaund
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
John McAfee, the eccentric founder of the cybersecurity company McAfee, was indicted Friday on charges related to securities fraud and money laundering, according to the Justice Department.
Details: McAfee and his adviser Jimmy Watson have been accused by federal prosecutors in New York of using McAfee's Twitter account to promote cryptocurrencies to his 1 million+ followers in order to artificially inflate their market price.
What they're saying: “As alleged, McAfee and Watson exploited a widely used social media platform and enthusiasm among investors in the emerging cryptocurrency market to make millions through lies and deception," Manhattan U.S. Attorney Audrey Strauss said in a statement.
https://telegra.ph/John-David-McAfee-And-Executive-Adviser-Of-His-Cryptocurrency-Team-Indicted-In-Manhattan-Federal-Court-For-Fraud-And-Money-Laund-03-06
via www.justice.gov
https://telegra.ph/John-McAfee-indicted-for-alleged-cryptocurrency-pump-and-dump-scheme-03-06
via news.yahoo.com
#mcafee #indicted #cryptocurrency #usa #manhattan #fraud #moneylaund
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Telegraph
John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering…
Audrey Strauss, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today the unsealing of an…
86: The LinkedIn Incident
Darknet Diaries - EP 86: The LinkedIn Incident
In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened.
https://darknetdiaries.com/episode/86/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened.
https://darknetdiaries.com/episode/86/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
Porn-blocking bill wins final legislative OK
HB72 would require manufacturers to activate adult content filters.
A bill that would require new cellphones and tablets sold in Utah to come with activated pornography filters won final approval in the state Legislature, although some lawmakers argued the proposal is unworkable and could raise constitutionality concerns.
Even proponents of the measure, HB72, conceded that the bill is imperfect. But one supporter pointed out that the legislation won’t take effect until five other states pass a similar law, which means Utah will probably have plenty of time to refine the proposal.
“It gives us years, most likely, to iron out all of the problems, if there are problems,” Sen. Todd Weiler, R-Woods Cross, said Thursday to his colleagues. “But it does send a strong message.”
The state Senate passed the bill 19-6, sending it to the governor for consideration after the House previously approved it.
Several years ago, Utah lawmakers passed a resolution that declared pornography a “public health crisis” and recognized the need for education, prevention, research and policy changes to control a “pornography epidemic.” Last year, legislators approved a bill to require that all pornography in Utah come with a warning label.
This year’s legislation, sponsored by South Jordan Republican Susan Pulsipher requires every new mobile device and tablet sold in Utah after Jan. 1, 2022, to have adult content filters turned on at the time of purchase. Pulsipher has said this requirement will assist parents who want to protect their children from harmful online content but don’t have the technological know-how to block it from their devices.
https://www.sltrib.com/news/politics/2021/03/05/porn-blocking-bill-wins/
#usa #utah #porn #blocking #HB72
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
HB72 would require manufacturers to activate adult content filters.
A bill that would require new cellphones and tablets sold in Utah to come with activated pornography filters won final approval in the state Legislature, although some lawmakers argued the proposal is unworkable and could raise constitutionality concerns.
Even proponents of the measure, HB72, conceded that the bill is imperfect. But one supporter pointed out that the legislation won’t take effect until five other states pass a similar law, which means Utah will probably have plenty of time to refine the proposal.
“It gives us years, most likely, to iron out all of the problems, if there are problems,” Sen. Todd Weiler, R-Woods Cross, said Thursday to his colleagues. “But it does send a strong message.”
The state Senate passed the bill 19-6, sending it to the governor for consideration after the House previously approved it.
Several years ago, Utah lawmakers passed a resolution that declared pornography a “public health crisis” and recognized the need for education, prevention, research and policy changes to control a “pornography epidemic.” Last year, legislators approved a bill to require that all pornography in Utah come with a warning label.
This year’s legislation, sponsored by South Jordan Republican Susan Pulsipher requires every new mobile device and tablet sold in Utah after Jan. 1, 2022, to have adult content filters turned on at the time of purchase. Pulsipher has said this requirement will assist parents who want to protect their children from harmful online content but don’t have the technological know-how to block it from their devices.
https://www.sltrib.com/news/politics/2021/03/05/porn-blocking-bill-wins/
#usa #utah #porn #blocking #HB72
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Salt Lake Tribune
Porn-blocking bill wins final legislative OK
A bill that aims to prevent Utah children from accessing pornography on their smartphones and other devices passed the Legislature on Thursday.
A new type of supply-chain attack with serious consequences is flourishing
New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.
A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.
The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.
“Given the daily volume of suspicious npm packages being picked up by Sonatype’s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,” Sonatype researcher Ax Sharma wrote earlier this week.
https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
https://blog.sonatype.com/pypi-and-npm-flooded-with-over-5000-dependency-confusion-copycats
#dependency #confusion #attacks #microsoft #amazon #slack #lyft #zillow
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.
A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.
The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.
“Given the daily volume of suspicious npm packages being picked up by Sonatype’s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,” Sonatype researcher Ax Sharma wrote earlier this week.
https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
https://blog.sonatype.com/pypi-and-npm-flooded-with-over-5000-dependency-confusion-copycats
#dependency #confusion #attacks #microsoft #amazon #slack #lyft #zillow
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Ars Technica
A new type of supply-chain attack with serious consequences is flourishing
New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.
Let's Encrypt's performance is currently degraded due to a DDoS attack
Our services' performance is currently degraded due to a Distributed Denial of Service (DDoS) attack, which we are working to mitigate.
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6044830be2838505358d3108
#letsencrypt #ddos #attacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Our services' performance is currently degraded due to a Distributed Denial of Service (DDoS) attack, which we are working to mitigate.
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6044830be2838505358d3108
#letsencrypt #ddos #attacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag