IMGUI Clipboard bug caused by Bitcoin address seeking malware

User submits a mysterious clipboard issue
@PathogenDavid patiently digs into system locales, encoding conversions, line-endings etc., fails to repro but somehow finds a fix involving line-endings format.

- Someones shows up with an answer *ouch*

https://nitter.pussthecat.org/ocornut/status/1383002610790174721

#IMGUI #clipboard #bug #bitcoin #malware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.

Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf

#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
📡 @nogoolag 📡 @blackbox_archiv

Bug allows running tcpdump without root through xscreensaver on Debian

Hello, I noticed that at least debian (maybe others) ship xscreensaver
hack with cap_net_raw enabled:

$ getcap /usr/libexec/xscreensaver/sonar
/usr/libexec/xscreensaver/sonar cap_net_raw=p

That seems like a bug, you can just load some driver and get a raw
socket. I wrote a quick exploit, this script will run tcpdump without
needing root.

$ bash sock.sh
17:43:55.000000 IP (tos 0x0, ttl 64, id 14541, offset 0, flags [DF], proto ICMP (1), length 84)
    debian > sfo07s17-in-f78.1e100.net: ICMP echo request, id 59166, seq 1, length 64
17:43:55.000000 IP (tos 0x0, ttl 128, id 42276, offset 0, flags [none], proto ICMP (1), length 84)
    sfo07s17-in-f78.1e100.net > debian: ICMP echo reply, id 59166, seq 1, length 64

I sent a report to debian, jwz and mesa. We concluded no embargo is
necessary, so continuing the discussion here.

Summary of discussion so far:

https://www.openwall.com/lists/oss-security/2021/04/17/1

#tcpdump #xscreensaver #debian
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Domino's India database likely hacked, 1 million credit card details leaked along with mail IDs, cell numbers

An Israeli cyber-crime expert alleges that data of Domino's India customers, including over 1 million credit card details, is on sale in the dark web.

Hackers reportedly have access to Domino’s India 13TB of internal data. Employee details, order, and credit card details of customers have likely been compromised. The hackers are aiming to sell the entire database for $550,000.

Popular pizza outlet Domino’s India seems to have fallen victim to a cyber attack. According to Alon Gal co-founder of an Israeli cybercrime intelligence, the hackers have access to Domino’s India 13TB of internal data which includes employee details of over 250 employees across verticals such as IT, Legal, Finance, Marketing, Operations, etc.

The hackers claim to have got all customer details and 18 crore order details which include customer's names, phone numbers, email IDs, delivery address, payment details including more than 10 lakh credit card details used to purchase on Domino’s India app.

Further, the hackers are aiming to sell the entire data to a single buyer. According to Alon Gal, the hackers are looking for $550,000 (around Rs 4 crores) for the entire database. The hackers also have plans to build a search portal to enable querying the data.

The sale is apparently happening in the dark web and likely on a website frequented by cyber scammers. For now, Domino's India has neither confirmed nor denied that data of its consumers has been stolen or leaked from its servers.

https://www.indiatoday.in/technology/news/story/domino-s-india-database-likely-hacked-1-million-credit-card-details-leaked-along-with-mail-ids-cell-numbers-1792305-2021-04-18

#dominos #india #hacker #attack #hacked #database #leak #breach
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Malware Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps.

XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.

XCSSET modules come with the capabilities to steal credentials, capture screenshots, inject malicious JavaScript into websites, plunder user data from different apps, and even encrypt files for a ransom.

Then in March 2021, Kaspersky researchers uncovered XCSSET samples compiled for the new Apple M1 chips, suggesting that the malware campaign was not only ongoing but also that adversaries are actively adapting their executables and porting them to run on new Apple Silicon Macs natively.

https://thehackernews.com/2021/04/malware-spreads-via-xcode-projects-now.html

#malware #xcode #apple #macs
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

DDoS attack trends for 2021 Q1

Last week was Developer Week at Cloudflare. During that week, our teams released a bunch of cool new products, including a bunch of improvements to Workers. And it's not just our customers that love deploying apps with Workers, but also our engineering teams. Workers is also what powers our Internet traffic and attack trends on Cloudflare Radar. Today, along with this deep-dive analysis blog, we’re excited to announce the new Radar DDoS Report page, our first fully automated data notebook built on top of Jupyter, Clickhouse, and Workers.

Last month, we introduced our autonomous edge DDoS (Distributed Denial of Service) protection system and explained how it is able to drop attacks at wire speed without impacting performance. It runs in our networks’ edge, analyzes traffic asynchronously to avoid impacting performance, and pushes mitigation rules in-line immediately once attacks are detected. All of this is done autonomously, i.e., without requiring centralized consensus.

Today, we’d like to share the latest DDoS insights and trends that are based on attacks that our system mitigated during the first quarter of 2021. When we analyze attacks, we calculate the “DDoS activity” rate, which is the percent of attack traffic out of the total traffic (attack + clean). This allows us to normalize the data points and avoid biases towards, for example, a data center that sees more traffic and therefore also more attacks.

https://blog.cloudflare.com/ddos-attack-trends-for-2021-q1/

#ddos #attack #trends #cloudflare
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Neural Network Telegram Bot

Neural network Telegram bot with StyleGAN and GPT-2

The Beginning

So we have already played with different neural networks. Cursed image generation using GANs, deep texts from GPT-2 — we have seen it all.

This time I wanted to create a neural entity that would act like a beauty blogger. This meant it would have to post pictures like Instagram influencers do and generate the same kind of narcissistic texts.

Initially I planned to post the neural content on Instagram but using the Facebook Graph API which is needed to go beyond read-only was too painful for me. So I reverted to Telegram which is one of my favorite social products overall.

The name of the entity/channel (Aida Enelpi) is a bad neural-oriented pun mostly generated by the bot itself.

https://guitargz.github.io/posts/202104151136-neural-network-telegram-bot/

#neural #network #telegram #bot
📡 @nogoolag 📡 @blackbox_archiv

UK government intervenes in Nvidia takeover of chip designer Arm

The UK government has intervened in the sale of computer chip designer Arm Holdings to a US company on national security grounds.

Japan's SoftBank intended to sell the UK tech company to Nvidia for about $40bn (£29.5bn).

But Digital Secretary Oliver Dowden said he wanted the UK's competition watchdog to assess its implications.

"Following careful consideration of the proposed takeover, I have today issued an intervention notice," he said.

"As a next step and to help me gather the relevant information, the UK's independent competition authority will now prepare a report on the implications of the transaction, which will help inform any further decisions."

Arm's technology is at the heart of most smartphones and smart devices, underpinning processors made by Apple, Samsung and Huawei.

In January, the Competition and Markets Authority (CMA) announced it was looking into the takeover amid concerns it could lead Arm to withdraw, raise prices or reduce the quality of its intellectual property licensing services to Nvidia's rivals.

But Mr Dowden has now ordered it to begin a "phase one" investigation, which will decide whether a full "phase two" investigation is needed that could lead to the deal being blocked.

The CMA will have until 30 July to submit its findings to the digital secretary.

https://www.bbc.co.uk/news/business-56804007

#nvidia #takeover #arm
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Some Rogers wireless customers hit by outages across Canada

Several police forces warn not to hang up if you call 911, because they can't call back.

Rogers says some wireless customers Canada-wide are experiencing intermittent service interruptions for both voice and data services.

"Our team is working quickly to restore services as soon as possible," Rogers said in a message on its help site Monday. "We apologize for the inconvenience and will continue to provide regular updates."

The site describes the outages as "Canada-wide" and ongoing. The outage is also affecting Fido customers.

The website Downdetector was showing Rogers outages beginning overnight and spiking to more than 12,000 reports in the daylight hours. The outages appeared most prevalent in southern Ontario and Montreal.

Social media had many posts of people struggling with the outage.

https://www.cbc.ca/news/business/rogers-outage-1.5992954

https://www.cbc.ca/news/business/rogers-outage-1.5992954

#canada #rogers #outage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

This Company Monitors Prisoners In Xinjiang. It Won An “Innovation” Award At An Event Sponsored By Amazon

The Chinese government’s use of prisons and detention camps in Xinjiang is part of what the US and other countries have called a genocide.

With an Amazon logo behind him and luminaries from Shanghai’s booming venture capital scene in front of him, the executive onstage delivered his pitch. His company, Renwei Electronics, helps authorities in China track prisoners and detainees — alerting guards to their movements and even fitting them with heart rate monitors.

Renwei deploys its “smart prison” system in China’s Xinjiang region, where more than 1 million Muslim minorities have been locked up.

Yet this did not interfere with the warm welcome for Renwei at an event cohosted by an Amazon-backed “joint innovation center” in November. Event organizers gave Renwei’s executive a platform to deliver an “investor road show”–style speech to some of China’s most prestigious investors. And Renwei received a “product innovation award” recognizing it as one of six “outstanding entrepreneurial companies.”

Sent a detailed list of questions, Amazon declined to comment on the record. Renwei did not respond to a request for comment.

A growing list of multinational corporations are under pressure to move their supply chains away from Xinjiang, amid mounting evidence of mass detention and forced labor there, as part of what the US and other countries have recently called a genocide. Congress is considering a bill banning imports from Xinjiang tainted by forced labor, and US customs have already banned products made from tomatoes and cotton in the region, among other goods.

Amazon shut down its e-commerce business in China in 2019, but other parts of its sprawling empire still work with Chinese customers, including its highly profitable cloud computing subsidiary, Amazon Web Services.

https://www.buzzfeednews.com/article/meghara/amazon-xinjiang-prison-surveillance-award

#china #renwei #amazon #DeleteAmazon #xinjiang #prison #surveillance #thinkabout #why
📡 @nogoolag 📡 @blackbox_archiv

It has come to our attention that the MIUI custom rom Minovo which demands illegitimate payment for code they stole from MIUI contains code used for phishing of their users personal data such as usernames, password and credit card details.

If you have installed Minovo, remove it immediatly, change your passwords and keep an eye on your bank account. If you have paid for it, try to get a refund. Please spread the news and draw the attention of other users of this rom on the matter.

CC @RedmiK20Updates

#SNFP
🔗 @xiaomiui | TR | Chat | PT | @miui_download | @xiaomiuimods | Update Chat | App | Instagram | Twitter | YouTube

Using a Raspberry Pi to hack grandma (Part2)

One Raspberry Pi, two red teamers and a simple mission: hack grandma.

After building a Raspberry Pi “attack box”, of course I want to kick the wheels and take it for a spin before I get called into my next red team operation.

But what to do?

I could do the normal thing and ping our CEO Spencer Thompson and do a basic web penetration test against our site. But our site is pretty limited and doesn’t offer a lot of “meat” to go after. Plus, I’ve done about a million of these so I want to try something new.

Part of being a red teamer means being creative. Thinking outside of the box. Ideas, ideas, ideas…

I’ve got it! With the world shut down and everyone working from home, what if I plug my Raspberry Pi into my home network and see if I can gain a foothold onto one of my in-law’s devices! They’ve been staying with us to help take care of James, my 8-month old son. Challenge accepted.

https://feed.prelude.org/p/easy-as-pi

👉🏼 How to build a disposable attack box using a Raspberry Pi
https://t.iss.one/BlackBox_Archiv/1937

#disposable #attackbox #grandma #raspberry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Nextdoor launches anti-racism notification to prevent discriminatory language

Nextdoor is introducing a new anti-racism notification, which asks users to reconsider posting content if the app thinks it may be offensive. As with its previous Kindness Reminder, if a user tries to post something with words or phrases Nextdoor thinks may be objectionable, it will give them the option to edit the post before it actually goes live. The users can, however, ignore the warning and post it anyway.

https://blog.nextdoor.com/2021/04/19/nextdoor-launches-anti-racism-notification-to-prevent-discriminatory-language/

https://www.theverge.com/2021/4/19/22392304/nextdoor-anti-racism-notification-community-moderation

https://www.youtube.com/watch?v=0yLUWsZp5Ug

#nextdoor #racist #antiracism #notification #discriminatory #language #video #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Social Media ‘Likes’ Change the Way We Feel About Our Memories

Summary: Sharing our personal experiences on social media may negatively impact how we feel about our memories, especially if the post doesn’t get many likes, a new study reports.

Memories are often considered very personal and private. Yet, in the past few years, people have got used to notifications from social media or phone galleries telling them they have a “memory”.

These repackaged versions of the past affect not just what we remember but also the attachments we have with those memories. In a new study, we found social media has the potential to change how people feel about their memories.

Social media metrics such as Facebook “likes” can negatively impact how people feel about certain memories, especially if these memories are shared without getting many likes. Beyond this, the anticipation of social media judgements about the past can also impact on what memories people share and how.

With the aim of understanding the everyday presence of these automated memories, we drew upon detailed interviews and focus groups with around 60 social media users. In particular, we looked at how people use features such as Timehop, Facebook memories and Apple memories.

We asked participants about their experiences of being reminded of memories by these different features. While some found the features to be creepy and invasive, others found them a useful reminder of previous experiences they’d forgotten.

We also asked whether the number of likes a shared memory received had any impact on them. In some cases participants felt differently about their memories depending on the number of likes.

https://neurosciencenews.com/memory-social-media-18263/

#social #media #facebook #DeleteFacebook #likes #memories #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Improving Cognitive Health in COVID-19 Survivors Through Digital Therapeutics - Clinical Trial Details

The primary objective of this study is to investigate the efficacy of AKL-T01, a remotely-delivered digital cognitive intervention, relative to a waitlist control in improving cognitive functioning in COVID-19 survivors.

Emerging evidence suggests a subgroup of survivors of COVID- 19 have residual difficulties with cognition and daily functioning. These deficits are pronounced in cognitive domains including attention, learning and executive skills, and may continue to impact quality of life after recovery from other COVID-19 symptoms. This study aims to investigate the efficacy of AKL-T01 (Akili Interactive), a remotely-delivered digital cognitive intervention, in targeting and improving cognition and functional outcomes in individuals recovering from COVID-19. The efficacy of the AKL-T01 intervention will be measured relative to a waitlist control group.

https://jcto.weill.cornell.edu/open_clinical_trials/improving-cognitive-health-in-covid-19-survivors-through-digital-therapeutics

https://www.theverge.com/2021/4/19/22391587/long-covid-brain-cognitive-treatment-video-game-akili

#clinical #digital #therapeutics #covid #brain #cognitive #treatment #videogame
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Hackers Used to Be Humans. Soon, AIs Will Hack Humanity

Like crafty genies, AIs will grant our wishes, and then hack them, exploiting our social, political, and economic systems like never before.

IF YOU DON'T have enough to worry about already, consider a world where AIs are hackers.

Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long.

As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage.

Okay, maybe this is a bit of hyperbole, but it requires no far-future science fiction technology. I’m not postulating an AI “singularity,” where the AI-learning feedback loop becomes so fast that it outstrips human understanding. I’m not assuming intelligent androids. I’m not assuming evil intent. Most of these hacks don’t even require major research breakthroughs in AI. They’re already happening. As AI gets more sophisticated, though, we often won't even know it's happening.

AIs don’t solve problems like humans do. They look at more types of solutions than us. They’ll go down complex paths that we haven’t considered. This can be an issue because of something called the explainability problem. Modern AI systems are essentially black boxes. Data goes in one end, and an answer comes out the other. It can be impossible to understand how the system reached its conclusion, even if you’re a programmer looking at the code.

https://www.wired.com/story/opinion-hackers-used-to-be-humans-soon-ais-will-hack-humanity/

#opinion #hackers #humans #ai #humanity
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Hunting phishing websites with favicon hashes

HTTP favicons are often used by bug bounty hunters and red teamers to discover vulnerable services in a target AS or IP range. It makes sense – since different tools (and sometimes even different versions of the same tool) use different favicons[1] and services such as Shodan calculate MurmurHash values[2] for all favicons they discover and let us search through them, it can be quite easy to find specific services and devices this way.

But while the use of favicon hashes is common in the “red” community, significant number of blue teamers don’t use them at all. Which is unfortunate, given that – among their other uses – they can provide us with a simple way of identifying IPs hosting phishing kits. After all, this was the reason why searches using HTTP favicon hashes have been introduced into Shodan in the first place[3].

As an example, we will show how to detect IPs hosting phishing pages by looking for sites that try to pass themselves of as login portals for O365 and other Microsoft services, however the same principle would work for any other service as well. One could therefore for example calculate hashes of unique favicons used by systems specific to a company one is trying to protect (e.g. favicon from a company website) and use periodical lookups of these on Shodan and other services in order to implement a – admittedly fairly simple – phishing detection/brand protection mechanism...

So how would one look for fake Microsoft login portals? First, we need to calculate a MurmurHash value of a favicon that we expect might be reused on a phishing website to make it look more trustworthy. Looking at official Microsoft websites, it seems that they use the favicon located at https://c.s-microsoft.com/favicon.ico.

https://isc.sans.edu/diary/Hunting+phishing+websites+with+favicon+hashes/27326

#hunting #phishing #websites #favicon #hashes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Forced unemployment and second-class status: The life of Google's data center contractors

Contractors love the good pay and engaging work in Google's data centers. They resent that Google and its staffing firm, Modis Engineering, make them quit every two years.

Shannon Wait felt a muscle pull in her shoulder as she knelt to lug a 50-pound battery into its rack, but she ignored the pain and kept going. She had 20 batteries to replace in the cavernous, 85-degree warehouse that day.

Hauling batteries is a major part of the job for Wait and hundreds of other workers like her at Google's data centers. They'd tried switching to automated machines during her two years working in the Berkeley County, South Carolina facility, but that stopped after only a few weeks when one of the machines pinned a co-worker to a wall.

Despite the heavy lifting, many of the workers in Google's 14 U.S. data centers at least start out enjoying the work. It's a tech job for people with no tech experience. It pays relatively well ($15 per hour for most contract workers). And while it's physically demanding, it's nothing like working at an Amazon fulfillment center or the local Walmart.

But Wait and other workers like her who keep the data centers running are not actually Google employees. While as many as half the workers in some data centers actually work for Google, make Google salaries and get all those famous Google perks, the other half don't. For data center contractors specifically, that difference can extend beyond second-tier social status to job insecurity and forced unemployment.

Protocol spoke with four contract and full-time Google employees in three of the 14 U.S. locations for this story, all of whom were granted anonymity for fear of losing their jobs (except for Wait, whose data center contract recently ended).

https://www.protocol.com/google-contractors-forced-unemployment

#google #DeleteGoogle #data #center #contractors #unemployment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’

Updated: More scraping incidents are "expected" in the future.

An internal email accidentally leaked by Facebook to a journalist has revealed the firm's intentions to frame a recent data scraping incident as "normalized" and a "broad industry issue."

Facebook has recently been at the center of a data scraping controversy. Earlier this month, Hudson Rock researchers revealed that information belonging to roughly 533 million users had been posted online, including phone numbers, Facebook IDs, full names, and dates of birth.

The social media giant confirmed the leak of the "old" data, which had been scraped in 2019. A functionality issue in the platform's contact platform, now fixed, allowed the automatic data pillaging to take place.

The scraping and subsequent online posting of user data raised widespread criticism and on April 14, the Irish Data Protection Commission (DPC) said it planned to launch an inquiry to ascertain if GDPR regulations and/or the Data Protection Act 2018 have been "infringed by Facebook."

Now, an internal email leaked to the media (Dutch article, translated) has potentially revealed how Facebook wishes to handle the blowback.

https://www.zdnet.com/article/facebook-internal-email-reveals-intent-to-frame-data-scraping-as-broad-industry-issue-and-normalized/

https://datanews.knack.be/ict/nieuws/interne-mail-toont-hoe-facebook-veiligheidsproblemen-wil-normaliseren/article-news-1724927.html

#facebook #DeleteFacebook #data #scraping #internal #email #thinkabout #why
📡 @nogoolag 📡 @blackbox_archiv

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out.

OF ALL THE mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode.

Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the volume of its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.

“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.

As O’Sullivan says, this menu isn’t documented in any owner’s manual for the Taylor digital ice cream machines that are standard equipment in more than 13,000 McDonald’s restaurants across the US and tens of thousands more worldwide. And this opaque user-unfriendliness is far from the only problem with the machines, which have gained a reputation for being absurdly fickle and fragile. Thanks to a multitude of questionable engineering decisions, they’re so often out of order in McDonald’s restaurants around the world that they’ve become a full-blown social media meme. (Take a moment now to search Twitter for “broken McDonald’s ice cream machine” and witness thousands of voices crying out in despair.)

But after years of studying this complex machine and its many ways of failing, O’Sullivan remains most outraged at this notion: That the food-equipment giant Taylor sells the McFlurry-squirting devices to McDonald’s restaurant owners for about $18,000 each, and yet it keeps the machines’ inner workings secret from them. What's more, Taylor maintains a network of approved distributors that charge franchisees thousands of dollars a year for pricey maintenance contracts, with technicians on call to come and tap that secret passcode into the devices sitting on their counters.

https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/

#mcdonalds #hacked #icecream #coldwar
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances.

This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices, persisting across upgrades, and maintaining access through webshells.

The investigation by Pulse Secure has determined that a combination of prior vulnerabilities and a previously unknown vulnerability discovered in April 2021, CVE-2021-22893, are responsible for the initial infection vector.

Pulse Secure’s parent company, Ivanti, released mitigations for a vulnerability exploited in relation to these malware families and the Pulse Connect Secure Integrity Tool for their customers to determine if their systems are impacted. A final patch to address the vulnerability will be available in early May 2021.

Pulse Secure has been working closely with Mandiant, affected customers, government partners, and other forensic experts to address these issues.

There is no indication the identified backdoors were introduced through a supply chain compromise of the company’s network or software deployment process.

https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

#zeroday #alert #pulsesecure #vpn #backdoor
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag