Anti-Piracy Firm Asks Google to Block 127.0.0.1

Ukrainian TV channel TRK has sent a rather bizarre takedown request to Google. The company's anti-piracy partner Vindex asked the search engine to remove a search result that points to 127.0.0.1. Tech-savvy people will immediately recognize that the anti-piracy company apparently found copyright-infringing content on its own server.

While search engines are extremely helpful for the average Internet user, copyright holders also see a massive downside.

The fact that “infringing sites” show up in search results has become a source of frustration. As a result, Google and other search engines are facing a steady stream of DMCA takedown notices.

Google alone has processed more than five billion takedown requests and millions of new URLs are reported every week. While the majority of these correctly point to problematic links, there are plenty of mistakes too.

Some copyright holders flag perfectly legitimate websites as piracy havens, which others shoot themselves in the foot by targeting their own websites. The latter happened to the webtoon subscription service Toomics just recently.

‼️Please Take 127.0.0.1 Offline

This week we saw yet another problematic DMCA notice, which is perhaps even worse. TV channel TRK Ukraine asked Google to remove content hosted on the IP-address 127.0.0.1, which is the localhost of a device or server.

https://torrentfreak.com/anti-piracy-firm-asks-google-to-block-127-0-0-1-210808/

#trk #ukraine #dmca #takedown #google
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DEFCON 29 - Uncomfortable Networking

https://y.com.cm/watch?v=jmShE38mqNY

#defcon #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Apple Open to Expanding New Child Safety Features to Third-Party Apps

Apple today held a questions-and-answers session with reporters regarding its new child safety features, and during the briefing, Apple confirmed that it would be open to expanding the features to third-party apps in the future.

Apple's New Child Safety Features

First, an optional Communication Safety feature in the Messages app on iPhone, iPad, and Mac can warn children and their parents when receiving or sending sexually explicit photos. When the feature is enabled, Apple said the Messages app will use on-device machine learning to analyze image attachments, and if a photo is determined to be sexually explicit, the photo will be automatically blurred and the child will be warned.

Second, Apple will be able to detect known Child Sexual Abuse Material (CSAM) images stored in iCloud Photos, enabling Apple to report these instances to the National Center for Missing and Exploited Children (NCMEC), a non-profit organization that works in collaboration with U.S. law enforcement agencies. Apple confirmed today that the process will only apply to photos being uploaded to iCloud Photos and not videos.

Third, Apple will be expanding guidance in Siri and Spotlight Search across devices by providing additional resources to help children and parents stay safe online and get help with unsafe situations. For example, users who ask Siri how they can report CSAM or child exploitation will be pointed to resources for where and how to file a report.

Expansion to Third-Party Apps

Apple said that while it does not have anything to share today in terms of an announcement, expanding the child safety features to third parties so that users are even more broadly protected would be a desirable goal. Apple did not provide any specific examples, but one possibility could be the Communication Safety feature being made available to apps like Snapchat, Instagram, or WhatsApp so that sexually explicit photos received by a child are blurred.

Another possibility is that Apple's known CSAM detection system could be expanded to third-party apps that upload photos elsewhere than iCloud Photos.

https://www.macrumors.com/2021/08/09/apple-child-safety-features-third-party-apps/

#usa #apple #iphones #childabuse #surveillance
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Phishing Sites Targeting Scammers and Thieves

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site:

“Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google.

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In those ads, a crab with my head on it zigs and zags on the sand. This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. Like Mitch.

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective street value of $566 million, and that data was subsequently shared with thousands of financial institutions.

Mitch said he’d just made a deposit of $240 worth of bitcoin at BriansClub[.]com, and was wondering when the funds would be reflected in the balance of his account on the shop.

https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/

#phishing #scammer
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Elementary OS 6 Odin Available Now

It’s finally here, and it’s the biggest update to the platform yet

It’s been a long road to elementary OS 6—what with a whole global pandemic dropped on us in the middle of development—but it’s finally here. elementary OS 6 Odin is available to download now. And it’s the biggest update to the platform yet!

https://blog.elementary.io/elementary-os-6-odin-released/

#elementary #os #odin #linux
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Flaws in John Deere Systems Show Agriculture's Cyber Risk

John Deere, Researchers Spar Over Impact of Vulnerabilities

An Australian researcher who goes by the nickname Sick Codes remotely presented his latest findings on Sunday at the Def Con security conference in Las Vegas. He's part of an independent security research group called Sakura Samurai, which hunts and responsibly discloses security vulnerabilities.

The findings are serious. A combination of issues enabled root access to John Deere's Operations Center, a comprehensive platform for monitoring and managing farm equipment.

https://www.bankinfosecurity.com/flaws-in-john-deere-systems-show-agricultures-cyber-risk-a-17240

https://www.youtube.com/watch?v=zpouLO-GXLo

#JohnDeere #vulnerabilities #defcon #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Did America just lose Afghanistan because of WhatsApp?

In the middle of a conflict, good analysis is hard to come by. Because adversaries do not telegraph their plans to one another, plans depend greatly on the fact patterns surrounding their execution, and no human mind can possibly observe, much less comprehend, the movements of all players on the battlefield, the course of a war, no matter how meticulously planned and no matter how eminently credentialed the planners, frequently defies the plan.

This phenomenon is known as the “Fog of War,” a phrase which originated with Prussian military theorist Carl von Clausewitz in his magnum opus, On War:

"War is the realm of uncertainty; three quarters of the factors on which action in war is based are wrapped in a fog of greater or lesser uncertainty. A sensitive and discriminating judgment is called for; a skilled intelligence to scent out the truth."

...(....)

So what the hell happened?

I’m a tech guy, not a military guy. And in terms of the kind of tech I’m into it’s that weird decentralized crypto tech like Bitcoin, not SaaS.

I do know enough about the war to know that when the Taliban went toe to toe with American and NATO soldiers, the Taliban got its ass kicked basically every single time. No air force, no navy, and no artillery meant that whenever the Taliban revealed themselves on the battlefield they were guaranteed to be cut to pieces by various pieces of intimidating American hardware like A-10 Warthogs or .50-caliber rifles.

It appears the Taliban tried something different this time around. Open source reporting shows that rather than rocking up and going toe to toe with the Afghan national army, they appear to have simply called everyone in the entire country, instead, told them they were in control, and began assuming the functions of government as they went:

https://prestonbyrne.com/2021/08/15/did-america-just-lose-afghanistan-because-of-whatsapp/

#usa #afghanistan #taliban #whatsapp
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hospitals hamstrung by ransomware are turning away patients

The ransomware epidemic continues to grow.

Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations.

The facilities are owned by Memorial Health System, a nonprofit network of services that represents 64 clinics, including hospitals Marietta Memorial, Selby, and Sistersville General in the Marietta, West Virginia, metropolitan area. Early on Sunday, the chain experienced a ransomware attack that hampered the three hospitals’ ability to operate normally.

Beginning at midnight on Sunday, the three hospitals started diverting emergency patients to Camden Clark Medical Center. The facility is an hour's drive from Selby, which has 25 beds. Camden Clark is about a 25-minute drive from the other two Memorial Health System hospitals hit by the breach. Another affected facility providing critical care includes a freestanding emergency room at Belpre Medical Campus in Belpre, Ohio.

Most of the Memorial Health System facilities have also canceled all urgent surgeries and radiology exams for Monday and are advising patients who have an appointment with a surgeon or specialist on Monday to call ahead.

“We will continue to accept: STEMI, STROKE, and TRAUMA patients at Marietta Memorial Hospital,” officials said in a statement. “Belpre and Selby are on diversion for all patients due to radiology availability. It is in the best interest of all other patients to be taken to the nearest accepting facility. If all area hospitals are [on] diversion, patients will be transported to the emergency department closest to where the emergency occurred. This diversion will be ongoing until IT systems are restored.”

https://arstechnica.com/gadgets/2021/08/hospitals-hamstrung-by-ransomware-are-turning-away-patients/

#usa #ransomware #healthsystem #hospitals
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

America's secret terrorist watchlist exposed on the web without a password

On July 19, 2021 I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it.

The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country's no-fly list, which is a subset of the larger watchlist. A typical record in the list contains a full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more.

I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work. The DHS did not provide any further official comment, though.

💡 Timeline of the exposure

On July 19, 2021, The exposed server was indexed by search engines Censys and ZoomEye. I discovered the exposed data on the same day and reported it to the DHS.

The exposed server was taken down about three weeks later, on August 9, 2021. It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it.
What data was exposed?

The exposed Elasticsearch cluster contained 1.9 million records. I do not know how much of the full TSC Watchlist it stored, but it seems plausible that the entire list was exposed.

💡 Each record in the watchlist contained some or all of the following info:

Full name
TSC watchlist ID
Citizenship
Gender
Date of birth
Passport number
Country of issuance
No-fly indicator

The data also included a couple of categorical fields that I was unable to identify, including "tag," "nomination type," and "selectee indicator".

https://www.linkedin.com/pulse/americas-secret-terrorist-watchlist-exposed-web-report-diachenko/

#leak #exposed #terrorist #watchlist
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

US social media firms face new challenge in Afghanistan

Social media firms are split on how to treat content posted by the Taliban as only some of them consider it a rebel group.

The Taliban’s rapid takeover of Afghanistan poses a new challenge for big US tech companies on handling content created by a group considered “terrorists” by some world governments.

Social media giant Facebook confirmed on Monday that it designates the Taliban a terrorist group and bans it and content supporting it from its platforms.

But Taliban members have reportedly continued to use Facebook’s end-to-end encrypted messaging service WhatsApp to communicate directly with Afghans despite the company prohibiting it under rules against dangerous organisations.

A Facebook Inc spokesperson said the company was closely monitoring the situation in the country and that WhatsApp would take action on any accounts found to be linked with sanctioned organisations in Afghanistan, which could include account removal.

The Taliban is on the company’s list of dangerous organisations and therefore any content promoting or representing the group is banned, Adam Mosseri, head of Facebook’s photo-sharing app Instagram, said on Monday during a Bloomberg Television interview.

“We are relying on that policy to proactively take down anything that we can that might be dangerous or that is related to the Taliban in general,” Mosseri said. “Now this situation is evolving rapidly, and with it, I’m sure the risk will evolve as well. We are going to have to modify what we do and how we do it to respond to those changing risks as they happen.”

On Twitter Inc, Taliban spokesmen with hundreds of thousands of followers have tweeted updates during the country’s takeover.

https://www.aljazeera.com/economy/2021/8/17/us-social-media-firms-face-new-challenge-in-afghanistan

💡 Read as well:

Did America just lose Afghanistan because of WhatsApp?
https://t.iss.one/BlackBox_Archiv/2471

#usa #afghanistan #taliban #whatsapp #facebook #socialmedia
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

WhatsApp shuts down Taliban helpline in Kabul

Complaints number meant to act as emergency hotline for civilians to report violence and looting.

WhatsApp has shut down a complaints helpline set up by the Taliban when it took control of Kabul, after the messaging app came under pressure to block the group from using its services.

The complaints number was supposed to act as an emergency hotline for civilians to report violence, looting or other problems. The Taliban advertised the helpline on Sunday when it captured the city, and has used similar WhatsApp hotlines in the past, for example when it took over the city of Kunduz in 2016.

After taking Kabul, the Taliban pledged to create a stable government and not to harm the “life, property and honour” of citizens.

Facebook, the owner of WhatsApp, said it had blocked the number on Tuesday, along with other “official Taliban channels”, and added that it was actively scanning group names, descriptions and profile pictures on the messaging app to try to prevent the Taliban from using it. It added that its team of native Dari and Pashto speakers were “helping to identify and alert us to emerging issues on the platform”.

Critics in the US have attacked WhatsApp, along with other social media platforms, for not taking more action to shut down Taliban communications.

But experts in the region said that shutting down the WhatsApp numbers was “absurd” and “unhelpful” at a time when the military group was in effect governing the country, and citizens in Kabul were facing looting, panic and chaos.

“Preventing communication between people and the Taliban doesn’t help Afghans, it is just grandstanding,” said Ashley Jackson, a former Red Cross and Oxfam aid worker in Afghanistan, and author of a book on the Taliban and its relationship to Afghan civilians.

“If the Taliban all of a sudden can’t use WhatsApp, you’re just isolating Afghans, making it harder for them to communicate in an already panicky situation. [WhatsApp’s actions] are really misguided.”

https://www.ft.com/content/d8e29de8-aebb-4f10-a91e-89d454d4a9f7

#usa #afghanistan #taliban #whatsapp
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Biggest Cryptocurrency Hack Ever - Why Did It Happen? - ThreatWire

Is this the biggest crypto hack ever? Print Spooler is an actual Nightmare, and a hacker claims t-mobile data was stolen in a server hack! All that coming up now on ThreatWire.

https://www.youtube.com/watch?v=UW38I60EmX4

#threatwire #hak5 #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

The World’s Largest Crypto Exchange Keeps Losing CEOs

It’s not even clear who is running Binance’s US arm now.

When the U.S. arm of Binance, the largest cryptocurrency exchange in the world, abruptly announced this spring that it had hired Brian Brooks as its new CEO, it appeared to be a huge win for the company.

Brooks was coming out of a term as the Acting Comptroller of the Currency, where he ran the federal agency that charters and regulates the country’s banks. He assumed that position after several stints at other regulatory bodies and as chief legal officer of Coinbase, the newly public crypto exchange. He was, in other words, exactly the sort of guy you’d want on your team if you were, say, girding yourself for an onslaught of increased regulatory scrutiny for crypto — which new Securities and Exchange Commission chair Gary Gensler seems to be telegraphing.

Binance is the giant in the crypto trading universe: With between $20 billion and $30 billion in transaction volume over a given 24-hour period, it dwarfs its next-largest competitors (Coinbase, by comparison, handles less than a fifth of that). This has made Binance’s founder and CEO, Singapore-based Changpeng Zhao (he goes by CZ ), a multibillionaire — not only one of the wealthiest and most powerful figures in the crypto industry, but arguably in global finance period.

So a heavyweight hire to oversee Binance’s growing U.S. operations made a lot of sense. Recruiting Brooks was such a coup that it was even easy to overlook what it meant for his predecessor, Catherine Coley, who was named CEO of Binance.US when it launched in late 2019. Coley, 32, had been the only woman to serve as CEO of a major crypto exchange, and with Brooks’s ascension, she seemingly was forced out.

A young Wall Street transplant to crypto, Coley was an affable and outspoken evangelist not just for Binance.US, but for the digital asset industry as a whole, often tweeting analogies between crypto and basketball and punctuating her posts with exclamation points. But she had given no sign of resigning and the press release announcing Brooks’s hire made no mention of her, raising questions about whether she’d even been told before the announcement. She’d continued making media appearances in the days leading up to her ouster. Her last tweet was the day before the press release.

https://nymag.com/intelligencer/2021/08/the-worlds-largest-crypto-exchange-keeps-losing-ceos.html

#crypto #binance
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Crypto platform hit by $600 million heist asks hacker to become its chief security advisor

The cryptocurrency platform targeted in a massive heist is now inviting the hacker behind it to become an advisor to the firm, and promising a $500,000 reward for the restoration of user funds.

Poly Network, a so-called decentralized finance or "DeFi" project, was hit with a major attack last week which saw the hacker, or hackers, make off with more than $600 million worth of tokens.

Poly Network lets users swap tokens from one digital ledger to another. Someone exploited a flaw in Poly Network's code which allowed them to transfer the assets to their own crypto wallets.

It is thought to be the largest crypto heist of all time, surpassing the $534.8 million in digital coins stolen from Japanese exchange Coincheck in a 2018 attack and the estimated $450 million worth of bitcoin that went missing from Tokyo-based exchange Mt. Gox in 2014.

In Poly Network's case, the hacker has taken the unusual step of returning most of the stolen money. All but $33 million of the crypto has now been returned.

https://www.cnbc.com/2021/08/17/poly-network-cryptocurrency-hack-latest.html

#PolyNetwork #cryptocurrency #hack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Kryptor FPGA - A one-chip hardware security module (HSM) and MAX10 FPGA dev board

We are extremely excited to finally bring our encryption solution, originally built for professional usage in diverse niche markets (such as the space and drone industries) to a wider audience, including IoT developers and maker communities. Our solution is entirely made in Europe and, as you will know if you’ve been following our recent updates, has been tested and used by the European Space Agency (ESA).

Hence, what you are getting when purchasing SKUDO Kryptor is a solid, well-tested, easy-to-use, plug-and-play module that takes advantage of our verifiable HSM soft-core – an entire Hardware Security Module, with the ability to perform various encryption functions, within a single FPGA chip.

Designed with encryption in mind and built around a single, compact Intel/Altera MAX10 FPGA chip, Kryptor is a professional FPGA development board capable of offering all the functionality of a dedicated Hardware Security Module (HSM) when running our custom soft-core. Combined with that verifiable HSM soft-core, Kryptor brings an easy-to-use, plug-and-play encryption solution to the IoT-developer and maker communities.

https://www.crowdsupply.com/skudo/kryptor-fpga

#kryptor #fpga #encryption
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Apple files appeal notice in copyright lawsuit against cybersecurity firm

(Reuters) - Apple Inc (AAPL.O) on Tuesday filed a notice of appeal in a copyright case it brought against cybersecurity firm Corellium LLC in 2019.

Corellium sells tools to allow security researchers access to a "virtual" software-based version of the iPhone. In its suit, Apple alleged Corellium violated copyrights to its iOS operating system.

A judge in the U.S. District Court for the Southern District of Florida dismissed many of Apple's claims in a summary judgment last year.

https://www.reuters.com/legal/transactional/apple-files-appeal-notice-copyright-lawsuit-against-cybersecurity-firm-2021-08-17/

#apple #appeal #copyright #lawsuite #corellium
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

BlackBerry resisted announcing major flaw in software powering cars, hospital equipment

The former smartphone maker turned software firm resisted announcing a major vulnerability until after federal officials stepped in.

A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment, vulnerable to hackers — and the company opted to keep it secret for months.

On Tuesday, BlackBerry announced that old but still widely used versions of one of its flagship products, an operating system called QNX, contain a vulnerability that could let hackers cripple devices that use it. But other companies affected by the same flaw, dubbed BadAlloc, went public with that news in May.

Two people familiar with discussions between BlackBerry and federal cybersecurity officials, including one government employee, say the company initially denied that BadAlloc impacted its products at all and later resisted making a public announcement, even though it couldn’t identify all of the customers using the software.

The back-and-forth between BlackBerry and the government highlights a major difficulty in fending off cyberattacks on increasingly internet-connected devices ranging from robotic vacuum cleaners to wastewater-plant management systems. When companies such as BlackBerry sell their software to equipment manufacturers, they rarely provide detailed records of the code that goes into the software — leaving hardware makers, their customers and the government in the dark about where the biggest risks lie.

https://www.politico.com/news/2021/08/17/blackberry-qnx-vulnerability-hackers-505649

#vulnerability #blackberry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.

At the time of writing this blog post, ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on their platform. ThroughTek’s clients include IoT camera manufacturers, smart baby monitors, and Digital Video Recorder (“DVR”) products. Unlike the vulnerability published by researchers from Nozomi Networks in May 2021 (also in coordination with CISA), this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.

The Kalay protocol is implemented as a Software Development Kit (“SDK”) which is built into client software (e.g. a mobile or desktop application) and networked IoT devices, such as smart cameras. Due to how the Kalay protocol is integrated by original equipment manufacturers (“OEMs”) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.

This vulnerability has been assigned a CVSS3.1 base score of 9.6 and is tracked as CVE-2021-28372 and FEYE-2021-0020. This blog post discusses the Kalay network and CVE-2021-28372 at a high level. It also includes recommendations from ThroughTek and Mandiant, along with mitigation options.

Mandiant would like to thank both CISA and ThroughTek for their coordination and support in releasing this advisory.

https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html

#iot #vulnerability #mandiant
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Tech Pioneer to Madman - The Bizarre Life of John McAfee

Strap in for a wild ride! ....

https://www.youtube.com/watch?v=tteBgBngES8

#McAfee #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

DNB warning against Binance

The Dutch Central Bank (DNB) announces that Binance* is offering crypto services in the Netherlands without a legally required registration with DNB. This means that Binance is acting in violation of the Prevention of Money Laundering and Terrorist Financing Act (Wwft) and is illegally: (1) offering services for exchanging between virtual currencies and fiduciary currencies, and (2) offering custody wallets.

Customers may be at increased risk of being involved in money laundering or terrorist financing as a result.

https://www.dnb.nl/actueel/algemeen-nieuws/nieuwsberichten-2021/waarschuwing-van-dnb-tegen-binance/

#binance #netherlands #dnb #warning
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv