Check out what online companies know about you

https://clario.co/blog/which-company-uses-most-data/

#bigdata #DeleteFacebook #DeleteMeta
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Executive Summary

Instead of creating phishing pages from scratch, more and more cybercriminals are now abusing legitimate software-as-a-service (SaaS) platforms, including various website builders or form builders, to host their phishing pages. Since these URLs are hosted on legitimate domains, they can be especially difficult for many phishing detection engines to detect. Furthermore, these platforms typically require little to no coding experience, significantly lowering the barrier to entry for creating and launching phishing attacks.

From the beginning of 2020 to June 2022, Palo Alto Networks analyzed the URLs detected by our Advanced URL Filtering service, and discovered that the number of phishing URLs hosted on legitimate SaaS platforms has continued to increase at an alarming rate. In fact, from June 2021-June 2022, the rate of newly detected phishing URLs hosted on legitimate SaaS platforms has increased over 1100%.

The Palo Alto Networks Advanced URL Filtering uses deep learning to analyze the content of each webpage at the URL level instead of the domain level. Customers with an Advanced URL Filtering subscription therefore receive protections from these platform-abuse phishing attacks.

Table of Contents

- Introduction to Platform-Abuse Phishing Attacks
- Methodology
- Results: Platform-Abuse Phishing Is on the Rise
- Platform-Abuse Phishing Case Studies
- Conclusion
- Acknowledgements

https://unit42.paloaltonetworks.com/platform-abuse-phishing/

#phishing
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

In wake of EPIC data breach - Samsung forcing users to accept T&Cs or risk their data

Users attempting to take sensible precautions after a recent spate of data breaches at Korean techmonger, Samsung, are being forced to accept updated terms and conditions in order to do so.

Samsung has fallen prey to two data breaches in 2022 to date. The first orchestrated by the notorious Lapsus$ group, saw 190GB of data exfiltrated from the company, and included algorithms for all biometric unlocking operations, source code for the bootloader for newer Samsung products, and all the source code behind the process of authorizing and authenticating Samsung accounts.

The second affected users directly and saw Samsung wait a month before notifying customers that a huge trove of personally identifying information was now in the hands of criminals.

While the understated press release from Samsung reassured customers that there was no need for panic, prudent users - perhaps alarmed at Samsung’s lack of alarm - immediately logged into their Samsung account to change their password.

Many users create a Samsung account when they buy their phones and then immediately forget about it. Some read the terms and conditions, and some don’t. You should always read the terms and conditions.

And if you created your account before September 2021, Samsung is under no obligation to notify you when those terms change - unless you attempt to log into your online account, that is.

Samsung’s terms and conditions were last updated on 30 September 2021, in a change that went largely unnoticed by everyone.

While it’s technically possible to request a password reset without logging in and accepting the updated terms and conditions, you do need to accept them in order to access other security features of your Samsung account.

https://thecrow.uk/in-wake-of-epic-data-breach-samsung-forcing-users-to-accept-new-terms-or-risk-their-data/

#samsung #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Kiwi Farms all but finished after bill comes due for years of trolling and harassment

There’s an old saying, “You play with the bull, you get the horns.” One of the most noxious corners of the tubes learned that the hard way this weekend. Kiwi Farms, a message board notorious for vicious and criminal harassment of vulnerable people—especially trans people—was essentially driven out of existence over the weekend. In the wake of heightened scrutiny over Kiwi Farms’ tactics, multiple companies cut ties with the site, rendering it all but inaccessible.

The beginning of the end came when Cloudflare, which protected Kiwi Farms from DDoS attacks, dropped Kiwi Farms (diaried here) after increasingly threatening posts led Cloudflare to reverse its initial decision to continue working with the site. In the last 24 hours, multiple companies, including its replacement DDoS protector, cut ties with the site as well. It as been offline since late Sunday night/early Monday morning, and the site’s founder and administrator suggests it may be awhile before it comes back—if it does come back.

https://www.dailykos.com/stories/2022/9/5/2120881/-Kiwi-Farms-all-but-finished-after-bill-comes-due-for-years-of-trolling-and-harassment

#kiwifarms
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

CSharp PoC for transacted hollowing

https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c

#CSharp #poc #hollowing
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots

https://www.securitee.org/files/ctpot_usec2022.pdf

#pdf #bots
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We won. Kiwi Farms is dead

https://nitter.pussthecat.org/keffals/status/1566921249036681217

via Twitter

#DropKiwifarms
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Inside the Windows Cache Manager

The cache is an integral part of the operating system and its hybrid kernel. Roughly speaking, it's just a virtual memory region in the kernel address space, on which the Cache Manager maps file data to provide quick access to them in the future. This access is frequently used by the File System Driver (FSD) or the Windows Memory Manager (VMM). Instead of reading file data from disk every time a user or system needs to access to it, the OS kernel calls the Cache Manager in an attempt to get this data from memory. In turn, the Cache Manager is a set of function in the kernel executable file ntoskrnl.exe, which starts with a prefix Cc. These functions are private, so to get to their names, you need to configure the symbol server settings in WinDbg or IDA.

Learning the Windows Cache Manager is quite a difficult task for beginners. This Windows kernel subsystem is closely related to the VMM, so if you don't have enough knowledge in it, try to understand the basic concepts without going into complicated technical aspects. In addition, you should have some knowledge in the field of file system drivers (FSD), because they are the most frequent clients of the Cache Manager. It's worth to note that the cache concept exists only at the level of file system, lower drivers on the device stack like the volume manager, partition manager, disk driver, and disk port driver don't use it.

https://www.linkedin.com/pulse/inside-windows-cache-manager-artem-baranov

#windows #cachemanager
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Encrypted app Signal just hired one of Big Tech’s sharpest critics

Meredith Whittaker, the former Google manager, is Signal’s first president. She is out to convince users to pay for the free app.

Signal has hired Meredith Whittaker, a former Google manager who has been outspoken about the harms of Big Tech, as its first president, adding to the roster of tech critics leading the encrypted messaging app.

In the crowded market for messaging apps, Signal stands apart. It’s committed to encryption in an industry built on collecting personal data. It’s run by a nonprofit but competes against WhatsApp and iMessage, backed by some of the richest companies in the world, Facebook parent Meta and Apple.

As president, Whittaker will help guide strategy, communications and policy. In an interview, she said she plans to focus on sustaining Signal, which hopes to support itself with small donations from millions of users. Signal announced her new role Monday at an event in Berlin.

...(...)
"An alternative to data collection only exists if the community of people who rely on it “kick in a little bit." (Meredith Whittaker)

https://www.washingtonpost.com/technology/2022/09/06/signal-meredith-whittaker/

#signal #messenger
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

New EU law amplifies risks of state over-reach and mass surveillance

The EDRi network published its position paper on the proposed Regulation on automated data exchange for police cooperation (“Prüm II”). The European Commission’s Prüm II proposal fails to put in place vital safeguards designed to protect all of us from state overreach and authoritarian mass surveillance practices. In the worst case scenario, we may no longer be able to walk freely on our streets as the new law would treat large parts of the population as a criminal before proven otherwise.

https://edri.org/our-work/new-eu-law-amplifies-risks-of-state-over-reach-and-mass-surveillance/

#surveillance #edri
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Trans activist celebrates rare victory against online trolls after Kiwi Farms deplatforming

Belfast, Northern Ireland (CNN Business) Clara Sorrenti, a trans activist who was forced to flee her home in Canada after users of a hate-filled website targeted her, has succeeded in her campaign to get the site taken offline, for now.

https://edition.cnn.com/2022/09/06/tech/kiwi-farms-clara-sorrenti-keffals/index.html

💡 Read as well:
- We won. Kiwi Farms is dead
- Kiwi Farms all but finished after bill comes due for years of trolling and harassment

#DropKiwifarms #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

InterContinental Hotels Group PLC - Unauthorised access to technology systems

InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorised activity. IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.

IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly.

A further update will be provided as and when appropriate.

https://www.londonstockexchange.com/news-article/IHG/unauthorised-access-to-technology-systems/15617013

#ihg #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About Detection Engineering

In recent months I’ve noticed several attempts to define the term detection engineering and thought I should share my thoughts on this topic in a short blog post.

This blog post tries to cover all possible purposes of detection engineering to develop a broad definition of the term, excluding only a few borderline areas.

https://cyb3rops.medium.com/about-detection-engineering-44d39e0755f0

#detection #engineering
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Don't miss out on the first-ever #ColourOfSurveillanceEurope Conference

#edri #dff #bitsoffreedom and #CntrleAltDlt are organising the conference in Amsterdam on 15-16 Sept.

👀 You can follow our Day 1 discussion LIVE here: 👀
https://edri.org/take-action/events/call-for-proposals-colour-of-surveillance-europe-conference-15-16-september-2022/

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Twitter whistleblower reveals employees concerned China agent could collect user data

Sept 13 (Reuters) - The FBI informed Twitter Inc (TWTR.N) of at least one Chinese agent working at the company, U.S. Senator Chuck Grassley said during a Senate hearing on Tuesday where a whistleblower testified, raising new concerns about foreign meddling at the influential social media platform.

Peiter "Mudge" Zatko, a famed hacker who served as Twitter's head of security until his firing in January, said some Twitter employees were concerned the Chinese government would be able to collect data on the company's users.

Twitter has come under fire previously for lax security, most notably in 2020 when teenage hackers seized control of dozens of high-profile accounts, including the verified profile of former U.S. President Barack Obama.

On Tuesday, Zatko's testimony before the Senate Judiciary Committee revealed Twitter's security issues could be far more serious, alleging for the first time that the company was informed of agents of the Chinese government working at the social media firm.

https://www.reuters.com/legal/twitter-whistleblower-detail-dire-security-threats-ahead-musk-deal-vote-2022-09-13/

#twitter
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About 50,000 user credentials of Indonesia's largest cryptocurrency exchange "INDODAX" were leaked to the dark web by stealer malware. Of these, 82.7% are the credentials of Indonesian users.

https://nitter.pussthecat.org/darktracer_int/status/1569969935593664512

via Twitter

#leak #indonesia #indodax
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Estado Mayor Conjunto de las Fuerza Armadas de Chile

Nearly 400,000 emails hacked by Guacamaya from the Estado Mayor Conjunto de las Fuerza Armadas de Chile (Joint Chiefs of Staff of the Chilean Armed Forces), who advise the Ministro de Defensa de Chile (Minister of Defense). They're responsible for seeing that the Directorates and Departments are properly handled for personnel, intelligence, operations and logistics.

The emails cache spans over five years, offering the most detailed looks at the leadership, operations and interests of the Chilean military.

This is the first release in a new series from Guacamaya - Fuerzas Represivas. Later Fuerzas Represivas releases will include police and military data from Mexico, Peru, Salvador, Chile, Colombia

https://enlacehacktivista.org/comunicado_guacamaya4.txt

https://ddosecrets.com/wiki/Estado_Mayor_Conjunto_de_las_Fuerza_Armadas_de_Chile

#guacamaya
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Publication review report 74 regarding automated OSINT by the AIVD and MIVD

The CTIVD investigated the use of automated Open Source Intelligence (OSINT) by the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The report was published in Dutch on 8 February 2022. A summary of the report was already published in English.

Today, the CTIVD releases the full report in English.

#osint #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

America’s Open Wound - The CIA is not your friend

“Better that right counsels be known to enemies than that the evil secrets of tyrants should be concealed from the citizens. They who can treat secretly of the affairs of a nation have it absolutely under their authority; and as they plot against the enemy in time of war, so do they against the citizens in time of peace.”

― Baruch Spinoza

It hasn’t been a month since President Biden mounted the steps of Philadelphia’s Independence Hall, declaring it his duty to ensure each of us understands the central faction of his political opposition are extremists that “threaten the very foundations of our Republic.” Flanked by the uniformed icons of his military and standing atop a Leni Riefenstahl stage, the leader clenched his fists to illustrate seizing the future from the forces of “fear, division, and darkness.” The words falling from the teleprompter ran rich with the language of violence, a “dagger at the throat” emerging from the “shadow of lies.”

“What’s happening in our country,” the President said, “is not normal.”

Is he wrong to think that? The question the speech intended to raise—the one lost in the unintentionally villainous pageantry—is whether and how we are to continue as a democracy and a nation of laws. For all the Twitter arguments over Biden’s propositions, there has been little consideration of his premises.

Democracy and the rule of law have been so frequently invoked as a part of the American political brand that we simply take it for granted that we enjoy both.

Are we right to think that?

https://edwardsnowden.substack.com/p/americas-open-wound

#snowden
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Greetings Citizens of the Iran

This is a message from #Anonymous to all #Iran.

We are here and we are with you!

#OpIran Engaged. Expect Us!

💡 Read as well
https://justpaste.it/2klw1

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv