About 50,000 user credentials of Indonesia's largest cryptocurrency exchange "INDODAX" were leaked to the dark web by stealer malware. Of these, 82.7% are the credentials of Indonesian users.

https://nitter.pussthecat.org/darktracer_int/status/1569969935593664512

via Twitter

#leak #indonesia #indodax
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Estado Mayor Conjunto de las Fuerza Armadas de Chile

Nearly 400,000 emails hacked by Guacamaya from the Estado Mayor Conjunto de las Fuerza Armadas de Chile (Joint Chiefs of Staff of the Chilean Armed Forces), who advise the Ministro de Defensa de Chile (Minister of Defense). They're responsible for seeing that the Directorates and Departments are properly handled for personnel, intelligence, operations and logistics.

The emails cache spans over five years, offering the most detailed looks at the leadership, operations and interests of the Chilean military.

This is the first release in a new series from Guacamaya - Fuerzas Represivas. Later Fuerzas Represivas releases will include police and military data from Mexico, Peru, Salvador, Chile, Colombia

https://enlacehacktivista.org/comunicado_guacamaya4.txt

https://ddosecrets.com/wiki/Estado_Mayor_Conjunto_de_las_Fuerza_Armadas_de_Chile

#guacamaya
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Publication review report 74 regarding automated OSINT by the AIVD and MIVD

The CTIVD investigated the use of automated Open Source Intelligence (OSINT) by the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The report was published in Dutch on 8 February 2022. A summary of the report was already published in English.

Today, the CTIVD releases the full report in English.

#osint #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

America’s Open Wound - The CIA is not your friend

“Better that right counsels be known to enemies than that the evil secrets of tyrants should be concealed from the citizens. They who can treat secretly of the affairs of a nation have it absolutely under their authority; and as they plot against the enemy in time of war, so do they against the citizens in time of peace.”

― Baruch Spinoza

It hasn’t been a month since President Biden mounted the steps of Philadelphia’s Independence Hall, declaring it his duty to ensure each of us understands the central faction of his political opposition are extremists that “threaten the very foundations of our Republic.” Flanked by the uniformed icons of his military and standing atop a Leni Riefenstahl stage, the leader clenched his fists to illustrate seizing the future from the forces of “fear, division, and darkness.” The words falling from the teleprompter ran rich with the language of violence, a “dagger at the throat” emerging from the “shadow of lies.”

“What’s happening in our country,” the President said, “is not normal.”

Is he wrong to think that? The question the speech intended to raise—the one lost in the unintentionally villainous pageantry—is whether and how we are to continue as a democracy and a nation of laws. For all the Twitter arguments over Biden’s propositions, there has been little consideration of his premises.

Democracy and the rule of law have been so frequently invoked as a part of the American political brand that we simply take it for granted that we enjoy both.

Are we right to think that?

https://edwardsnowden.substack.com/p/americas-open-wound

#snowden
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Greetings Citizens of the Iran

This is a message from #Anonymous to all #Iran.

We are here and we are with you!

#OpIran Engaged. Expect Us!

💡 Read as well
https://justpaste.it/2klw1

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Iranian people if your government blocks your internet network please follow the information !

👇🏽 Anti Censorship Package Anonymous 👇🏽
https://pastebin.com/BqWTQffT

💡Read as well ‼️

https://www.vultr.com/docs/connecting-to-a-proxy-from-os-x-windows-or-linux/

https://smartproxy.com/configuration/how-to-setup-proxy-for-iphone

https://smartproxy.com/configuration/how-to-setup-proxy-for-iphone

#OpIran #anonymous #AntiCensorship
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

There are many ways people have a voice - no one is superior !. Voices are equal - we stand with the oppressed people of #OpIran 🇮🇷! Freedoms will prevail - we call on ALL our worldwide #hacktivist #anonymous colleagues to join #OpIran ‼️

#netpolitics
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

‘They Are Watching’

A cache of nearly 160,000 files from Russia’s powerful internet regulator provides a rare glimpse inside Vladimir V. Putin’s digital crackdown.

Four days into the war in Ukraine, Russia’s expansive surveillance and censorship apparatus was already hard at work.

Roughly 800 miles east of Moscow, authorities in the Republic of Bashkortostan, one of Russia’s 85 regions, were busy tabulating the mood of comments in social media messages. They marked down YouTube posts that they said criticized the Russian government. They noted the reaction to a local protest.

Then they compiled their findings. One report about the “destabilization of Russian society” pointed to an editorial from a news site deemed “oppositional” to the government that said President Vladimir V. Putin was pursuing his own self-interest by invading Ukraine. A dossier elsewhere on file detailed who owned the site and where they lived.

Another Feb. 28 dispatch, titled “Presence of Protest Moods,” warned that some had expressed support for demonstrators and “spoke about the need to stop the war.”

The report was among nearly 160,000 records from the Bashkortostan office of Russia’s powerful internet regulator, Roskomnadzor.

Together the documents detail the inner workings of a critical facet of Mr. Putin’s surveillance and censorship system, which his government uses to find and track opponents, squash dissent and suppress independent information even in the country’s furthest reaches.

The leak of the agency’s documents “is just like a small keyhole look into the actual scale of the censorship and internet surveillance in Russia,” said Leonid Volkov, who is named in the records and is the chief of staff for the jailed opposition leader Aleksei A. Navalny.

https://www.nytimes.com/interactive/2022/09/22/technology/russia-putin-surveillance-spying.html

#surveillance #russia
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The source code to the Intel Alder Lake has been leaked online

* Alder Lake CPU was released November 4, 2021
* Source code is 2.8GB (compressed)
* Leak (allegedly) from 4chan
* We have not reviewed the entirety of the code base, it is massive

https://nitter.pussthecat.org/vxunderground/status/1578575040647266304

via Twitter

💡 Read as well:
The BIOS Code from project C970

#leak #alderlake #intel
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Android leaks connectivity check traffic

An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent.

An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called MUL22-03.

We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.

We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way to stop Android from leaking this traffic, we have reported it on the Android issue tracker.

Even if you are fine with some traffic going outside the VPN tunnel, we think the name of the setting (“Block connections without VPN”) and Android’s documentation around it is misleading. The impression a user gets is that no traffic will leave the phone except through the VPN. Due to this, we have reported another issue, where we suggest improving the Android documentation.

https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/

#android #leak #vpn
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

European cable cut may impact transoceanic routes

What has happened?

We are aware of a major cable cut in the South of France that has impacted major subsea cables with connectivity to Asia, Europe, US and potentially other parts of the world. As a result of the cable cut, customers may see packet loss and or latency for websites and applications which traverse these impacted paths.

What is Zscaler doing?

Zscaler has made routing adjustments where possible to route around the problem but in certain cases we see the reverse path from the Application/Content providers which is under the control of the Application/Content Providers still traverses the impacted paths.

What can you do?

Zscaler is working with the content providers to have them influence their portion of the path. If you experience slowness with specific applications, especially applications hosted overseas, please contact the application provider and refer them to this trust post.

At this time, based on the information we have, the local authorities are investigating and repair crews are on scene but can not access the site until police complete their evidence collection.

There is currently no estimated time to repair available

We will provide an update as additional information becomes available.

Zscaler Incident# INC-000000047

Update - Wed, 19 Oct 2022 23:01:23 UTC

The following links have been identified as being cut. We have received an update that one of the links has been fixed, currently we are not able to confirm which link.

Marseille-Lyon : Team on site repair on hold due to Police intervention for investigation.

Marseille-Milano : Cable Cut Confirmed by Fiber Testing – searching of cut point in progress.

Marseille-Barcelona : Cable Cut Confirmed by Fiber Testing – searching of cut point in progress.

Update - Thu, 20 Oct 2022 01:03:15 UTC

The Zscaler Operations team have confirmed that one of the links has been fixed and we have observed a drop in packet loss and latency for some destinations. We will continue to monitor and update on any changes to the situation.

https://trust.zscaler.com/zscloud.net/posts/12256

#cablecut
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Qatar 'requires' World Cup visitors to install state-sponsored 'spyware' on their phones

Security experts believe Qatar's required mobile app will be like giving the World Cup country's authorities the key to your house.

If you were hoping to attend the World Cup in Qatar next month, you might be rethinking your plans once you find out what the country will require of you. To enter the country, travelers must download two apps. Both function similarly to spyware and grant Qatar authorities permissions that security experts find questionable.

https://www.nrk.no/sport/everyone-going-to-the-world-cup-must-have-this-app---experts-are-now-sounding-the-alarm-1.16139267

#quatar #worldcup
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Check out CISAgov’s RedEye

RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool, released in October 2022 on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment. The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.

💡RedEye can assist an operator to efficiently:

- Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text.

- Display and evaluate complex assessment data to enable effective decision making.

- Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.

https://github.com/cisagov/RedEye/

#RedEye
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Meredith Whittaker: the Signal messenger is not for profit (Interview)

Meredith Whittaker is looking for new strategies as the new CEO. She doesn't want to earn a cent by selling user data to any companies.

Signal basically doesn’t want to sell any data to cover the gigantic operating costs, the new CEO Meredith Whittaker tells us. During our conversation with Tarnkappe.info, we asked how this is supposed to work. The question of the revenue model is particularly interesting. Why? Because Whittaker worked for the data octopus Google, before she changed jobs.

https://tarnkappe.info/artikel/interviews/meredith-whittaker-the-signal-messenger-is-not-for-profit-258190.html

#signal #interview
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Stealing passwords from infosec Mastodon - without bypassing CSP

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

Everybody on our Twitter feed seemed to be jumping ship to the infosec.exchange Mastodon server, so I decided to see what the fuss was all about. After figuring out why exactly you had to have loads of @ symbols in your username, I began to have a look at how secure it was. If you've followed me on Twitter you'll know I like to post vectors and test the limits of the app I'm using, and today was no exception.

https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

#mastodon #vulnerability #poc
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Do you need to create a local user account on a Windows 11 test VM?

Try using "[email protected]" with password "nope", let it fail, and then the installer will let you create a local user account.

https://nitter.pussthecat.org/awakecoding/status/1597663967375396865

via Twitter

#windows #vm
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Telegram Insider Server Access Offered To Dark Web Customers

For the non-negotiable price of 20,000 USD, the merchant claims to have unhindered access to Telegram servers “through their employees”; in other words, thanks to at least one insider contact.

The trade offer was discovered on a darknet marketplace for sellers worldwide. However, as with many traders on the Dark Web, it is difficult to verify claims made by individuals concerning their illegal products and services.

https://www.safetydetectives.com/news/telegram-servers-report/

#telegram
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Breaking Threema - Three Lessons From Threema: Analysis of a Secure Messenger

We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models.

https://breakingthe3ma.app/

https://breakingthe3ma.app/files/Threema-PST22.pdf

#threema #messenger #audit #analysis #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

On PBKDF2 iterations - Some cryptography knowledge and opinion related but not limited to the LastPass data breach incident in 2022

There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key. Other people have already dissected this particular breach, but I want to more generally talk about PBKDF2 iterations and security models. (I’m not going to talk about Argon2 or Bcrypt or any other algorithms).

There are two related reasons for using a password-based key derivation function like PBKDF2. One is to protect password hashes used for login on a website. The other is to derive a cryptographic key from a password to use for encryption. LastPass were actually doing both of these things, but I want to talk about the latter case in this post: using a password as a secret to encrypt data that you want to remain private.

https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/

#pbkdf2 #kdf #password #cryptography
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv