Google has been DDoSing SourceHut for over a year

Just now, I took a look at the HTTP logs on git.sr.ht. Of the past 100,000 HTTP requests received by git.sr.ht (representing about 2½ hours of logs), 4,774 have been requested by GoModuleProxy — 5% of all traffic. And their requests are not cheap: every one is a complete git clone. They come in bursts, so every few minutes we get a big spike from Go, along with a constant murmur of Go traffic.

This has been ongoing since around the release of Go 1.16, which came with some changes to how Go uses modules. Since this release, following a gradual ramp-up in traffic as the release was rolled out to users, git.sr.ht has had a constant floor of I/O and network load for which the majority can be attributed to Go.

I started to suspect that something strange was going on when our I/O alarms started going off in February 2021 (we eventually had to tune these alarms up above the floor of I/O noise generated by Go), correlated with lots of activity from a Go user agent. I was able to narrow it down with some effort, but to the credit of the Go team they did change their User-Agent to make more apparent what was going on. Ultimately, this proved to be the end of the Go team’s helpfulness in this matter.

I did narrow it down: it turns out that the Go Module Mirror runs some crawlers that periodically clone Git repositories with Go modules in them to check for updates. Once we had narrowed this down, I filed a second ticket to address the problem.

https://drewdevault.com/2022/05/25/Google-has-been-DDoSing-sourcehut.html

#ddos #sourcehut #google
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Belgium wants to ban Signal – a harbinger of European policy to come

Last week, the Belgian government launched a proposal that would ban Signal. What's going on?

Just over seven years ago, a Dutch court threw out the Dutch Telecommunications Data Retention Act. Under that law, telecommunication providers were obliged to retain metadata about our communications for up to two years. This did not concern the content of a message or conversation, but information about who has contact with whom. And when. And the location of the participants. It was almost inevitable that the court would invalidate this law: European judges previously declared the European Data Retention Directive invalid, and the Dutch law was its national implementation.

https://edri.org/our-work/belgium-wants-to-ban-signal-a-harbinger-of-european-policy-to-come/

#belgium #signal
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

CTI Fundamentals

A collection of essential resources related to cyber threat intelligence theory.

https://github.com/curated-intel/CTI-fundamentals

#cti #collection
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Dangerzone - Convert Suspect PDFs, Office-Documents, Images to Safe PDFs

Have you ever heard the computer security advice, “Don’t open attachments”? This is solid advice, but unfortunately for journalists, activists, and many other people, it’s impossible to follow. Imagine if you were a journalist and got an email from someone claiming to work for the Trump Organization with “Donald Trump tax returns.pdf” attached. Are you really going to reply saying, “Sorry, I don’t open attachments” and leave it at that?

The truth is, as a journalist, it’s your job to open documents from strangers, whether you get them in an email, a Signal or WhatsApp message, or through SecureDrop. Journalists also must open and read documents downloaded from all manner of websites, from leaked or hacked email dumps, or from any number of other potentially untrustworthy sources.

Dangerzone aims to solve this problem. You can install Dangerzone on your Mac, Windows, or Linux computer, and then use it to open a variety of types of documents: PDFs, Microsoft Office or LibreOffice documents, or images. Even if the original document is dangerous and would normally hack your computer, Dangerzone will convert it into a safe PDF that you can open and read.

You can think of it like printing a document and then rescanning it to remove anything sketchy, except all done in software.

https://dangerzone.rocks/about.html

https://github.com/freedomofpress/dangerzone

#dangerzone #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

GhostTouch attack allows attackers to use electromagnetic signals to control touchscreen devices.

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens."

GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.

The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events.

https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

#GhostTouch
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Australian digital driving licenses can be defaced in minutes

Brute force attack leaves the license wide open for undetectable alteration, but back end data remains unchanged

An Australian digital driver's license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure.

New South Wales, Australia's most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of the state's eight million people use the "Service NSW" app that displays the DDL and offers access to many other government services.

Now, a security researcher at cybersecurity company Dvuln claims he was able to brute force his way into the app with nothing but a Python script and a consumer laptop. Once inside, he found numerous security flaws that made it simple to alter the DDL stored in the app.

https://www.theregister.com/2022/05/30/nsw_digital_drivers_licenses_hackable/

#australia #drivinglicense #attack #ddl
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Killing the Bear

Killing the Bear aims to centralize and compile and classify, in the simplest and most up-to-date way possible, all information concerning APTs and organized groups in general.

Using information from external sources and reports from researchers around the world, it extracts IOCs and other data of interest to help keep emerging threats in the spotlight.

All extracted IOCs are stored by target and date in AlienVault.

Parallel to this Gitbook, there is also a newsletter that I publish on my Linkedin for my entire network of contacts with the most up-to-date news and IOCs from my targets.

https://github.com/Ud0g-Py/Killing-The-Bear

#KillingTheBear #apt #tool
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Digital Forensics Fellowship

We are thrilled to launch the Digital Forensics Fellowship, a new programme that will run from July 2022 to May 2023 with a first cohort of 5 Fellows.

Amnesty Tech – a global collective of advocates, hackers, researchers, and technologists – is excited to announce the launch of the inaugural Digital Forensics Fellowship.
This innovative Fellowship is an opportunity for five human rights defenders (HRDs), researchers, or technologists from around the world to learn and work with Amnesty Tech's Security Lab to build skills and knowledge on advanced digital threats and forensics investigation techniques. This is a part-time Fellowship that will last 10 months and comes with a renumeration stipend.

https://careers.amnesty.org/vacancy/digital-forensics-fellowship-3390/3418/description/

#amnesty #digital #forensics #fellowship
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We are experiencing a network-wide DDoS attempt
https://status.torproject.org/

#tor #ddos
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Shanghai police database for sale in what could be China’s biggest ever data breach

A database purportedly containing information about one billion Chinese residents has been listed for sale on Breach Forums for 10 Bitcoin, or approximately US$200,000.

Attracting 177 replies and 300,000 views within hours, the listing was posted a short time ago by an anonymous user named ChinaDan.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many terabytes of data and information on Billions of Chinese citizens,” said the post.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID Number, mobile number, all crime/case details.”

The seller has provided what he claims is a sample data set, with 750,000 files from the database. The sample data has been uploaded to the forum’s servers.

https://www.asiamarkets.com/shanghai-police-database-for-sale-in-what-could-be-chinas-biggest-ever-data-breach/

#ChinaDan
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Decompiling Python Compiled Malware

Threat Researcher Charles Lomboni (@charleslomboni) shows a step by step guide on how to identify and decompile a malware written and compiled with Py2Exe, a Python Windows executable generator.
Charles also shows how to create a Yara rule to match the binary and how to ensure the binary is being caught by the Yara rule.

https://www.youtube.com/watch?v=2ahorISQcjo

#video #python #malware
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Meta Hit With Massive Piracy Lawsuit Over Epidemic Sound Royalty-Free Music

Meta has been hit with a copyright infringement lawsuit demanding at least $142 million in damages. Epidemic Sound, a company that provides royalty-free music to YouTubers and other creators, claims that Meta hosts 94% of Epidemic's music in its own library, none of it licensed. According to Epidemic, this has resulted in billions of illegal views across Facebook and Instagram.

https://torrentfreak.com/meta-hit-with-massive-piracy-lawsuit-over-epidemic-sound-royalty-free-music-220721/

#meta #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Malware Theory - DLLs

In this video tutorial I will be teaching you about what a DLL is at a very high level. These concepts will be useful when reverse engineering or performing malware analaysis on DLL files.

https://www.youtube.com/watch?v=0OTYxOJAor4

#video #malware #dll
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Remember the PanamaPapers?

For six years the source #JohnDoe stayed silent. Now them is speaking up - in an exclusive interview

👀 Stay tuned… Friday, 11am CEST 👀

https://nitter.pussthecat.org/b_obermayer/status/1550133941386022912

via Twitter

#panamapapers
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

DuckDuckGo Tracker Blocklists

Web tracker blocklists used by DuckDuckGo apps and extensions. Blocklists are based on Tracker Radar data and updated monthly.

https://github.com/duckduckgo/tracker-blocklists

#ddg #tracker #blocklist
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Malware Theory - Bit Masking

In this video I will show you what bit masking is, and why it is important for malware analysis and reverse engineering.

https://www.youtube.com/watch?v=n4xs-X102ak

👀 watch as well - Malware Theory - DLLs 👀
https://t.iss.one/BlackBox_Archiv/2993

#malware #bitmasking #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

India Seeks to Oust China Firms From Sub-$150 Phone Market

Xiaomi, Realme and Transsion will be among those affected

India seeks to restrict Chinese smartphone makers from selling devices cheaper than 12,000 rupees ($150) to kickstart its faltering domestic industry, dealing a blow to brands including Xiaomi Corp.

The move is aimed at pushing Chinese giants out of the lower segment of the world’s second-biggest mobile market, according to people familiar with the matter. It coincides with mounting concern about high-volume brands like Realme and Transsion undercutting local manufacturers, they said, asking not to be identified discussing a sensitive matter.

https://telegra.ph/India-Seeks-to-Oust-China-Firms-From-Sub-150-Phone-Market-08-09-2

via Bloomberg

#india #smartphones
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Rufus: Microsoft is blocking Windows ISO downloads (Fixed)

It appears that Microsoft has started to block Windows ISO downloads that originate from Rufus. Rufus is a popular open source tool to create bootable media.

Options to download Windows ISO images was introduced in Rufus 3.5, which the developer released in 2019. The ability to download Windows 8, Windows 10 and Windows 11 ISO images was a welcome feature addition, as it made the process of creating Windows boot media more comfortable.

The developer has added more features to Rufus in the meantime that improved the program for some Windows administrators and users significantly. Options to bypass Windows 11 system requirements during Inplace upgrades and to create local accounts instead of Microsoft accounts, and to deny privacy questions outright, were added in 2022.

Downloads are powered by the Fido script in Rufus, and this worked fine ever since the functionality was introduced. The script pulled download information from Microsoft servers and downloads were provided by Microsoft.

Now, Rufus users are receiving error messages on attempts to download Windows 8, 10 or 11 using Rufus.

https://www.ghacks.net/2022/08/13/rufus-microsoft-is-blocking-windows-iso-downloads/

#rufus #microsoft
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The FTC takes aim at commercial surveillance

The biggest fallacy in the online privacy wars is that there is a difference between "state surveillance" and "commercial surveillance." Bizarrely, it's a fallacy that is widely held by both government snoops and Big Tech snoops.

Many's the time I've spoken to a DC audience about privacy, only to have an audience member say, "I'm OK with Uncle Sam spying on me – after all, I've already given up every sensitive scrap of information about my personal life to the Office of Personnel Management when I applied for security clearance. But I don't want my money going to Google – those bastards would sell their mothers out for a nickle."

https://pluralistic.net/2022/08/12/regulatory-uncapture/#conscious-uncoupling

#surveillance
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ransomware Summit 2022

Talks from the SANS Ransomware Summit 2022 security conference, which took place in July, are now available on YouTube

https://www.youtube.com/playlist?list=PLtgaAEEmVe6AGQj2LhA4UnN0XolmeYw9_

#ransomware #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

More Evil Markets

Take a sneak peek into the world of criminal markets, how they look on the inside, and how traders advertise and sell unauthorized access to organizations.

From ransomware operators like #LockBit and #BlackBasta to #APTs striking for or against Russian or Chinese interests, threat actors of various stripes all need one thing to get their operations off the ground: initial access to an organization’s network.

Such access can be bought on a variety of trading forums from cyber criminals who specialize in running low-risk phishing campaigns and credential theft operations, or in scanning enterprise networks for known remote code execution (RCE) #software #vulnerabilities.

Because of the ease with which initial access can now be obtained thanks to poor patch management and lax controls over identity and user credentials, there exists a market where supply is outstripping demand, and vendors involved in selling initial access are lowering their prices in a race to the bottom, making it easier than ever before for threat actors to compromise organizations of all sizes and kinds.

In this post, we reveal what these marketplaces look like from the inside, exposing the ways these traders advertise and sell unauthorized access to organizations.

https://www.sentinelone.com/blog/more-evil-markets-how-its-never-been-easier-to-buy-initial-access-to-compromised-networks/

#criminal #markets
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv