Backdoor gives hackers complete control over federal agency network

Avast researchers say the malware has ties to a previously seen espionage hack.

A US federal agency has been hosting a backdoor that can provide total visibility into and complete control over the agency network, and the researchers who discovered it have been unable to engage with the administrators responsible, security firm Avast said on Thursday.

The US Commission on International Religious Freedom, associated with international rights, regularly communicates with other US agencies and international governmental and nongovernmental organizations. The security firm published a blog post after multiple attempts failed to report the findings directly and through channels the US government has in place. The post didn't name the agency, but a spokeswoman did in an email. Representatives from the commission didn't respond to an email seeking comment.

https://arstechnica.com/information-technology/2021/12/us-federal-agency-fails-to-respond-to-reports-it-has-been-backdoored/

#usa #feds #agency #backdoored #backdoor #espionage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

#log4j #log4shell
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Researchers have discovered Log4J version 2.16 is vulnerable to DoS via "${${::-${::-$${::-j}}}}"

https://issues.apache.org/jira/browse/LOG4J2-3230

#log4j #log4shell
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Create your own Fossapps Package

Fossapps Creater v.0.2-beta

Choose what FOSS apps you want from below and they will be put into a flashable ZIP for Magisk.

⚠️ Fossapps is still alpha!
Don't expect everything to work 100%. If you run into any issues, please report them on

👉🏽 Github Issues or the Fossapps Suport Group

💡 Requirements:

— Magisk 20 or higher

— Android 8 or higher

https://un.pixel-fy.com/

#fossaps #opensource #apps #android #magisk
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Yggdrasil – end-to-end encrypted IPv6 network

Yggdrasil is an early-stage implementation of a fully end-to-end encrypted IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.

💡 Yggdrasil works on a number of platforms, including Linux, macOS, Ubiquiti EdgeRouter, VyOS, Windows, FreeBSD, OpenBSD and OpenWrt.

Please see our Installation page for more information. You may also find other platform-specific wrappers, scripts or tools in the contrib folder.

https://github.com/yggdrasil-network/yggdrasil-go

https://yggdrasil-network.github.io/

#Yggdrasil #IPv6
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.

"This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," Matthew Warner, CTO of Blumira, said. "At this point, there is no proof of active exploitation. This vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network."

WebSockets allow for two-way communications between a web browser (or other client application) and a server, unlike HTTP, which is unidirectional where the client sends the request and the server sends the response.

While the issue can be resolved by updating all local development and internet-facing environments to Log4j 2.16.0, Apache on Friday rolled out version 2.17.0, which remediates a denial-of-service (DoS) vulnerability tracked as CVE-2021-45105 (CVSS score: 7.5), making it the third Log 4j2 flaw to come to light after CVE-2021-45046 and CVE-2021-44228.

https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html

#log4j #log4shell
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Malaysia Passes Bill to Imprison Illegal Streaming Pirates For Up To 20 Years

Malaysia's House of Representatives has passed amendments to copyright law that will boost the country's deterrent against those who facilitate access to pirate content via illegal streaming. The amendments, which cover both hardware and software, could see offenders imprisoned for up to 20 years.

Laws that forbid the illegal uploading and downloading of copyrighted content are common around the world but the rise of streaming has sometimes exposed gaps in legislation.

Piracy-equipped Kodi devices, illegal streaming apps, and similar tools have led legal specialists to attempt to apply laws that didn’t envision the technology. In Malaysia, for example, it took a decision by the High Court last May to determine that the sale and distribution of streaming devices configured for piracy purposes does indeed constitute infringement under the Copyright Act.

But Malaysia was far from done. After previously informing the United States Patent and Trademark Office (USPTO) that the economic harm being caused to broadcasters and rightsholders in the country was a “serious problem”, Malaysia said it had amendments on the table to more directly tackle the illegal uploading, provision, and sharing of access to copyright works.

https://torrentfreak.com/malaysia-passes-bill-to-imprison-illegal-streaming-pirates-for-up-to-20-years-211218/

#streaming #pirates #malaysia
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

UK High Court: Dubai ruler hacked ex-wife’s phone with Israeli spyware

Sheikh Mohammed bin Rashid Al Maktoum signed off on use of NSO Group technology during legal custody battle

LONDON (AP) — The ruler of Dubai, Sheikh Mohammed bin Rashid Al Maktoum, hacked the phones of his ex-wife Princess Haya and her attorneys during the legal battle over custody of their two children, Britain’s High Court found Wednesday.

Sheikh Mohammed, who is also vice president and prime minister of the United Arab Emirates, gave his “express or implied authority” to hack the phones of the princess and her attorneys using Pegasus spyware produced by NSO Group of Israel, the court said. The software is licensed exclusively to nation-states for use by their security services.

NSO has been at the center of allegations that governments are abusing electronic surveillance technology to spy on political opponents, human rights activists and journalists.

The hacking of Princess Haya’s phone came to light partly through the work of William Marczak, a fellow at Citizen Lab, a cybersecurity watchdog at the University of Toronto. In addition, NSO adviser Cherie Blair, the wife of former British Prime Minister Tony Blair, contacted one of the princess’ lawyers to inform her that the company suspected its software had been “misused” to hack into her phone.

The case highlights the danger posed by unregulated companies selling surveillance technology to “some of the world’s most repressive governments,” Marzcak told The Associated Press.

https://www.timesofisrael.com/uk-high-court-dubai-ruler-hacked-ex-wifes-phone-with-israeli-spyware/

#uk #dubai #spyware #nso
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Women Know Cyber: The Documentary

"WOMEN KNOW CYBER: THE DOCUMENTARY" features women in cybersecurity from across the globe who share their stories in an effort to recruit more female cybercrime fighters to our field.

https://www.youtube.com/watch?v=Kpc31WJ6l2M

#women #cybersecurity #video #docu
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Russian hackers leak confidential UK police data on the 'dark web' after their ransom was rejected

Confidential information held by some of Britain's police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal.

The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called 'dark web' – with the threat of more to follow.

Clop is believed to have demanded a ransom from the company, Dacoll, after launching a 'phishing' attack in October that gave it access to material, including that of the PNC, holding the personal information and records of 13 million people.

https://www.dailymail.co.uk/news/article-10325189/Russian-hackers-leak-confidential-UK-police-data-dark-web-ransom-rejected.html

#uk #russia #hackers #police #leak
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The snapshot of a memory snapshot for Chrome & Edge

While the web apps slowly replacing desktop apps, they are growing more and more complex which in turn they are becoming more memory intensive. Perhaps a decade ago a front-end developer wouldn’t much be concerned about possible memory leaks but considering growing the complexity of our applications, analyzing memory leaks is becoming a necessary skill.

For apps that run inside the browser, in particular, Chrome/Edge, your first line of defense (and perhaps the last unless you attempt to debug v8 engine itself) is the memory snapshot tool. And it is rather surprisingly easy to use. You open your developer tools go to the memory tab and take a snapshot.

https://onurgumus.github.io/2021/12/19/The-snapshot-of-a-memory-snapshot.html

#chrome #edge #memory #snapshot
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

What’s new in the 2D world? All the information, news and the most important things for the upcoming #rC3 Event

In this blog post you will find information, news and the most important things to come through the upcoming rC3.

https://events.ccc.de/2021/12/20/rc3-was-wie-wo/#rc3-was-wie-wo-en

#ccc #event #rC3
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Am I vulnerable to Log4shell ? (v5.0, updated with higher impact for CVE-2021-45046)

https://nitter.pussthecat.org/Dick_Reverse/status/1471957167213318149

via Twitter

#log4j #log4shell
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Kim Dotcom Suffers Setback in His U.S. Extradition Battle

Kim Dotcom and former colleagues Mattias Ortmann and Bram van der Kolk have encountered a setback in their attempt to avoid extradition to the United States. The Supreme Court of New Zealand has denied an appeal of a previous court ruling, rejecting the defendant's argument that there was a miscarriage of justice.

https://torrentfreak.com/kim-dotcom-suffers-setback-in-his-u-s-extradition-battle-211221/

#dotcom #extradition
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 107: Alethe

Alethe (https://twitter.com/AletheDenis) is a social engineer. Professionally she tries to trick people to give her passwords and access that she shouldn’t have. But her journey to this point is interesting and in this episode she tells us how she became a social engineer.

https://darknetdiaries.com/episode/107/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

How Tutanota fought an anti encryption law in Belgium - and won!

The Belgian government has removed 'backdoor requirement' from new law after international protest.

Oftentimes when governments announce plans to weaken citizens' privacy rights for the sake of 'security', the public outcry is loud and clear: If you weaken security in online services to catch criminals, you weaken the security online for all citizens. However, oftentimes this warning is ignored by governments. But this is not the story we want to share with you today; this one is a different story.

https://tutanota.com/blog/posts/belgian-encryption-backdoor-law-stopped/

#tutanota
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Advanced DnSpy tricks in .NET reversing - Tracing, Breaking, dealing with VMProtect

This Video covers: Advanced usage of DnSpy, Module Breakpoints, Class Breakpoints, Advanced usage of Class, Tracepoints, Evaluation of expression in Breakpoints\Tracepoints, Execution-Flow tracing and logging into file, Dealing with VMProtected .NET Assembly

Guide and sample to download (Github)

⚠️ Always remember to use these techniques, instructions, or hardware only on devices whose owners or users have allowed it. Unauthorized access to other people's infrastructure is punishable by law. (https://t.iss.one/BlackBox_Archiv/2102)

https://www.youtube.com/watch?v=yxw4h82mQ2s

#educational #video #dnspy
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Hidden Networks in TP-Link Routers

I was debugging my WiFi settings this week when I noticed something strange. WiFi Analyzer was showing two hidden networks coming from my router, one for each frequency: 2.4GHz and 5GHz. Networks which I haven't configured and didn't appear in my router's admin interface. WTF?

A quick search revealed a forum thread where people had the exact same problem. Turns out, TP-Link thinks it's a great idea to have hidden pre-configured always-on networks on all of their routers. Just in case someone wanted to use their "OneMesh" product.

This is of course a terrible idea. Not only are these networks a security risk and a waste of energy, they also add to the existing WiFi spam plaguing cities. Having it enabled by default is just ridiculous, not providing an option to disable it is ludicrous! Sure, having multiple SSIDs under a single access point isn't as bad as having multiple access points, but there's still an unnecessary overhead and risk being introduced.

TP-Link has since very slowly been rolling out "beta" firmware updates to fix this. Specifically for anyone who sees it as a problem. Unfortunately, my router model has yet to receive one and without a timeline, I'm pretty much just waiting indefinitely. Third party firmware like OpenWrt aren't supported on this model either. I even tried reverse engineering the backups, looking for a workaround that doesn't exist.

This problem is exactly why critical software should fall under right to repair. Clearly TP-Link is unwilling or does not have the resources to provide a proper solution for all of their past, present and future models. Firmware should be open source so that we can fix these issues ourselves.

https://jahed.dev/2021/12/19/hidden-networks-in-tp-link-routers

#tplink #router
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We got hacked today

A letter to the Fractal community

Dear Fractal community,

Earlier today, approximately 373 of our community members fell victim to a scam posted on our Discord. We are sorry. We are going to make this right.

The hacker made out with ~800 sol (~$150,000) by managing to post a fake mint link in our #announcements channel. With over 100,000 members in our community, it’s quite impressive that the hacker only managed to dupe .3% of our community.

Here are the things we are doing to address this:

https://fractal.medium.com/dear-fractal-community-70173e8a5ea7

#fractal #hacked
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

You can pentest your Android apps on Windows 11 using WSA

Many would argue that the best way to perform mobile application penetration testing on Android is physically connecting a bunch of Android smartphones to a PC or Mac and debugging them. This combination does offer a plethora of control options for pentesting, and for many testing scenarios, a higher degree of swiftness you can’t get from typical Android emulators.

Even if you don’t have access to multiple devices, then Android Studio’s built-in virtual device (AVD) has typically been the go-to for such testing jobs. Rooting the AVD is possible and it integrates perfectly with the debuggers, so everything works out of the box.

But if you’re running Windows 11 and you want to dip your toes into the Android app pentesting, you can easily do so without relying on emulators or VMs, courtesy of Windows Subsystem for Android (WSA).

https://www.xda-developers.com/wsa-android-apps-pentesting-windows-11/

#windows #android #pentesting #wsa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government first

China’s internet security regulator has disciplined Alibaba Group Holding’s cloud computing services unit for failing to first report to the government a critical vulnerability in Apache’s Log4j software that has alarmed the cybersecurity community, Chinese media reported on Wednesday.

The Ministry of Industry and Information Technology (MIIT) is suspending work with Alibaba Cloud as a cybersecurity threat intelligence partner for six months because the company did not immediately report a severe bug in the widely used logging software to the government agency, the 21st Century Business Herald reported. The ministry also said it would reassess whether to resume the partnership at that time, based on measures Alibaba has taken to correct the problem.

https://www.scmp.com/tech/big-tech/article/3160670/apache-log4j-bug-chinas-industry-ministry-pulls-support-alibaba-cloud

#log4j #log4shell #alibaba #china
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv