Telegram Insider Server Access Offered To Dark Web Customers
For the non-negotiable price of 20,000 USD, the merchant claims to have unhindered access to Telegram servers βthrough their employeesβ; in other words, thanks to at least one insider contact.
The trade offer was discovered on a darknet marketplace for sellers worldwide. However, as with many traders on the Dark Web, it is difficult to verify claims made by individuals concerning their illegal products and services.
https://www.safetydetectives.com/news/telegram-servers-report/
#telegram
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
For the non-negotiable price of 20,000 USD, the merchant claims to have unhindered access to Telegram servers βthrough their employeesβ; in other words, thanks to at least one insider contact.
The trade offer was discovered on a darknet marketplace for sellers worldwide. However, as with many traders on the Dark Web, it is difficult to verify claims made by individuals concerning their illegal products and services.
https://www.safetydetectives.com/news/telegram-servers-report/
#telegram
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π4π2π±2
Threema-PST22.pdf
413.8 KB
Breaking Threema - Three Lessons From Threema: Analysis of a Secure Messenger
We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models.
https://breakingthe3ma.app/
https://breakingthe3ma.app/files/Threema-PST22.pdf
#threema #messenger #audit #analysis #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models.
https://breakingthe3ma.app/
https://breakingthe3ma.app/files/Threema-PST22.pdf
#threema #messenger #audit #analysis #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π6π1
On PBKDF2 iterations - Some cryptography knowledge and opinion related but not limited to the LastPass data breach incident in 2022
There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key. Other people have already dissected this particular breach, but I want to more generally talk about PBKDF2 iterations and security models. (Iβm not going to talk about Argon2 or Bcrypt or any other algorithms).
There are two related reasons for using a password-based key derivation function like PBKDF2. One is to protect password hashes used for login on a website. The other is to derive a cryptographic key from a password to use for encryption. LastPass were actually doing both of these things, but I want to talk about the latter case in this post: using a password as a secret to encrypt data that you want to remain private.
https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/
#pbkdf2 #kdf #password #cryptography
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key. Other people have already dissected this particular breach, but I want to more generally talk about PBKDF2 iterations and security models. (Iβm not going to talk about Argon2 or Bcrypt or any other algorithms).
There are two related reasons for using a password-based key derivation function like PBKDF2. One is to protect password hashes used for login on a website. The other is to derive a cryptographic key from a password to use for encryption. LastPass were actually doing both of these things, but I want to talk about the latter case in this post: using a password as a secret to encrypt data that you want to remain private.
https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/
#pbkdf2 #kdf #password #cryptography
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Neil Madden
On PBKDF2 iterations
There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key.β¦
π3
Abusing Signal Desktop Client for fun and for Espionage (CVE-2023-24068 && CVE-2023-24069)
A flaw in how files are stored in Signal Desktop before 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop before 6.2.0 exists, allowing an an attacker to modify conversation attachments within the same directory. Client mechanisms fail to validate modifications of existing cached files, resulting in the ability to implement malicious code or overwrite pre-existing files and masquerade as pre-existing files. Local access is needed.
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
#signal #messenger #poc #cve
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A flaw in how files are stored in Signal Desktop before 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop before 6.2.0 exists, allowing an an attacker to modify conversation attachments within the same directory. Client mechanisms fail to validate modifications of existing cached files, resulting in the ability to implement malicious code or overwrite pre-existing files and masquerade as pre-existing files. Local access is needed.
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
#signal #messenger #poc #cve
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Johnjhacking
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
A flaw in how files are stored in Signal Desktop β€ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop β€ 6.2.0 exists, allowing an an attacker to modify conversation attachmentsβ¦
π9π₯2
Little-Known Surveillance Program Captures Money Transfers Between U.S. and More Than 20 Countries
Law-enforcement agencies across the U.S. have direct access to over 150 million transactions housed at an Arizona nonprofit
WASHINGTONβHundreds of federal, state and local U.S. law-enforcement agencies have access without court oversight to a database of more than 150 million money transfers between people in the U.S. and in more than 20 countries, according to internal program documents and an investigation by Sen. Ron Wyden.
The database, housed at a little-known nonprofit called the Transaction Record Analysis Center, or TRAC, was set up by the Arizona state attorney generalβs office in 2014 as part of a settlement reached with Western Union to combat cross-border trafficking of drugs and people from Mexico. It has since expanded to allow officials of more than 600 law-enforcement entitiesβfrom federal agencies such as the Federal Bureau of Investigation, the Drug Enforcement Administration, and Immigration and Customs Enforcement to small-town police departments in nearly every stateβto monitor the flow of funds through money services between the U.S. and countries around the world.
https://www.wsj.com/articles/little-known-surveillance-program-captures-money-transfers-between-u-s-and-more-than-20-countries-11674019904
#surveillance #usa
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Law-enforcement agencies across the U.S. have direct access to over 150 million transactions housed at an Arizona nonprofit
WASHINGTONβHundreds of federal, state and local U.S. law-enforcement agencies have access without court oversight to a database of more than 150 million money transfers between people in the U.S. and in more than 20 countries, according to internal program documents and an investigation by Sen. Ron Wyden.
The database, housed at a little-known nonprofit called the Transaction Record Analysis Center, or TRAC, was set up by the Arizona state attorney generalβs office in 2014 as part of a settlement reached with Western Union to combat cross-border trafficking of drugs and people from Mexico. It has since expanded to allow officials of more than 600 law-enforcement entitiesβfrom federal agencies such as the Federal Bureau of Investigation, the Drug Enforcement Administration, and Immigration and Customs Enforcement to small-town police departments in nearly every stateβto monitor the flow of funds through money services between the U.S. and countries around the world.
https://www.wsj.com/articles/little-known-surveillance-program-captures-money-transfers-between-u-s-and-more-than-20-countries-11674019904
#surveillance #usa
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The Wall Street Journal
WSJ News Exclusive | Little-Known Surveillance Program Captures Money Transfers Between U.S. and More Than 20 Countries
Law-enforcement agencies across the U.S. have direct access to over 150 million transactions housed at an Arizona-based nonprofit.
π2β€1
No more free access to the Twitter API
Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1.
A paid basic tier will be available instead.
Over the years, hundreds of millions of people have sent over a trillion Tweets, with billions more every week.
Twitter data are among the worldβs most powerful data sets. Weβre committed to enabling fast & comprehensive access so you can continue to build with us.
Weβll be back with more details on what you can expect next week.
https://nitter.pussthecat.org/TwitterDev/status/1621026986784337922
Via Twitter
#twitter #api
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1.
A paid basic tier will be available instead.
Over the years, hundreds of millions of people have sent over a trillion Tweets, with billions more every week.
Twitter data are among the worldβs most powerful data sets. Weβre committed to enabling fast & comprehensive access so you can continue to build with us.
Weβll be back with more details on what you can expect next week.
https://nitter.pussthecat.org/TwitterDev/status/1621026986784337922
Via Twitter
#twitter #api
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Nitter
Twitter Dev (@TwitterDev)
Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1. A paid basic tier will be available instead π§΅
π±10π9π2β€1π₯1
BIG DATA IS DEAD
For more than a decade now, the fact that people have a hard time gaining actionable insights from their data has been blamed on its size. βYour data is too big for your puny systems,β was the diagnosis, and the cure was to buy some new fancy technology that can handle massive scale. Of course, after the Big Data task force purchased all new tooling and migrated from Legacy systems, people found that they still were having trouble making sense of their data. They also may have noticed, if they were really paying attention, that data size wasnβt really the problem at all.
The world in 2023 looks different from when the Big Data alarm bells started going off. The data cataclysm that had been predicted hasnβt come to pass. Data sizes may have gotten marginally larger, but hardware has gotten bigger at an even faster rate. Vendors are still pushing their ability to scale, but practitioners are starting to wonder how any of that relates to their real world problems.
https://motherduck.com/blog/big-data-is-dead/
#bigdata
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
For more than a decade now, the fact that people have a hard time gaining actionable insights from their data has been blamed on its size. βYour data is too big for your puny systems,β was the diagnosis, and the cure was to buy some new fancy technology that can handle massive scale. Of course, after the Big Data task force purchased all new tooling and migrated from Legacy systems, people found that they still were having trouble making sense of their data. They also may have noticed, if they were really paying attention, that data size wasnβt really the problem at all.
The world in 2023 looks different from when the Big Data alarm bells started going off. The data cataclysm that had been predicted hasnβt come to pass. Data sizes may have gotten marginally larger, but hardware has gotten bigger at an even faster rate. Vendors are still pushing their ability to scale, but practitioners are starting to wonder how any of that relates to their real world problems.
https://motherduck.com/blog/big-data-is-dead/
#bigdata
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
MotherDuck
Big Data is Dead
Big data is dead. Long live easy data.
π7β€2
Twitter already had a $400m paid API business with $360m(ish) in profits. This API provided real value to large enterprises. They fired the entire team so that business will go to $0 soon. Now they are going to charge a few dollars to developers who have no money. Sound trade.
https://nitter.pussthecat.org/chrismoodycom/status/1623123171842097153
via Twitter
ππΌ Read as well: No more free access to the Twitter API
https://t.iss.one/BlackBox_Archiv/3060
#twitter #appi
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
https://nitter.pussthecat.org/chrismoodycom/status/1623123171842097153
via Twitter
ππΌ Read as well: No more free access to the Twitter API
https://t.iss.one/BlackBox_Archiv/3060
#twitter #appi
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Nitter
Chris Moody (@chrismoodycom)
Twitter already had a $400m paid API business with $360m(ish) in profits. This API provided real value to large enterprises. They fired the entire team so that business will go to $0 soon. Now they are going to charge a few dollars to developers who haveβ¦
π3π₯3
Reddit had a security incident
We had a security incident. Hereβs what we know.
TL:DR Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.
What Happened?
On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.
After successfully obtaining a single employeeβs credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).
Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Redditβs information has been published or distributed online.
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
#reddit #hacked
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
We had a security incident. Hereβs what we know.
TL:DR Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.
What Happened?
On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.
After successfully obtaining a single employeeβs credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).
Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Redditβs information has been published or distributed online.
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
#reddit #hacked
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Reddit
From the reddit community on Reddit
Explore this post and more from the reddit community
π5π±2π₯1
Kim_2023_Data_Brokers_and_the_Sale_of_Americans_Mental_Health_Data.pdf
397.5 KB
Data Brokers and the Sale of Americansβ Mental Health Data
Joanne Kim asked 34 data brokers in the US to buy personal data on people with mental health issues, talked to them via phone and video, approved by DukeCyberPolicy IRB.
10 of them would sell with minimal vetting. Excellent & disturbing study:
https://techpolicy.sanford.duke.edu/wp-content/uploads/sites/4/2023/02/Kim-2023-Data-Brokers-and-the-Sale-of-Americans-Mental-Health-Data.pdf
#databroker #pdf #study
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Joanne Kim asked 34 data brokers in the US to buy personal data on people with mental health issues, talked to them via phone and video, approved by DukeCyberPolicy IRB.
10 of them would sell with minimal vetting. Excellent & disturbing study:
https://techpolicy.sanford.duke.edu/wp-content/uploads/sites/4/2023/02/Kim-2023-Data-Brokers-and-the-Sale-of-Americans-Mental-Health-Data.pdf
#databroker #pdf #study
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π2
Hacks, Bots and Blackmail: How Secret Cyber Mercenaries Disrupt Elections
Undercover reporters recorded a group of covert cyber influence specialists as they pitched their services, which involve using disinformation campaigns, false intelligence, hacks and blackmail to promote their clientsβ interests. The group, which calls itself Team Jorge, claims to have worked on dozens of presidential elections around the world and charges multimillion dollar fees.
https://www.occrp.org/en/storykillers/hacks-bots-and-blackmail-how-secret-cyber-mercenaries-disrupt-elections
#hacks #bots #blackmail #occrp
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Undercover reporters recorded a group of covert cyber influence specialists as they pitched their services, which involve using disinformation campaigns, false intelligence, hacks and blackmail to promote their clientsβ interests. The group, which calls itself Team Jorge, claims to have worked on dozens of presidential elections around the world and charges multimillion dollar fees.
https://www.occrp.org/en/storykillers/hacks-bots-and-blackmail-how-secret-cyber-mercenaries-disrupt-elections
#hacks #bots #blackmail #occrp
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
OCCRP
Hacks, Bots and Blackmail: How Secret Cyber Mercenaries Disrupt Elections
Undercover reporters recorded a group of covert cyber influence specialists as they pitched their services, which involve using disinformation campaigns, false intelligence, hacks and blackmail to promote their clientsβ interests. The group, which calls itselfβ¦
π2
An update on two-factor authentication using SMS on Twitter
Either pay Β£11 or go without two-factor SMS authentication
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
#twitter #2fa
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Either pay Β£11 or go without two-factor SMS authentication
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
#twitter #2fa
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π4β€2
Twitter about to give hackers a huge gift
by *REMOVING text message authentication* for non paying accounts.
Yes, there are better forms of #2FA.
But this is blackmail.
Expect waves of takeovers as hackers run through password dumps.
https://twitter.com/jsrailton/status/1626791204238008320
#twitter
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
by *REMOVING text message authentication* for non paying accounts.
Yes, there are better forms of #2FA.
But this is blackmail.
Expect waves of takeovers as hackers run through password dumps.
https://twitter.com/jsrailton/status/1626791204238008320
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π₯8
Indian Ticketing Platform RailYatri Hacked β 31 Million Impacted
The RailYatri hack took place in December 2022, but the stolen data has only been leaked earlier today on a prominent hacker forum.
Among personal information, the RailYatri hack has also exposed the location details of millions of travellers across India.
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travellers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online.
The compromised data includes email addresses, full names, genders, phone numbers, and locations, which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
Hackread.com can confirm that the database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.
https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/
#railyatri #india
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The RailYatri hack took place in December 2022, but the stolen data has only been leaked earlier today on a prominent hacker forum.
Among personal information, the RailYatri hack has also exposed the location details of millions of travellers across India.
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travellers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online.
The compromised data includes email addresses, full names, genders, phone numbers, and locations, which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
Hackread.com can confirm that the database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.
https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/
#railyatri #india
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Hackread
Indian Ticketing Platform RailYatri Hacked β 31 Million Impacted
The RailYatri hack took place in December 2022, but the stolen data has only been leaked earlier today on a prominent hacker forum.
π2
Reversing a βGame Cheatβ ;)
One day I was chilling on Telegram, when someone who shared a group with me decided to mass spread some leaked game cheats & other tools! Lets take a look and see if they are what they say they areβ¦
https://0xwyvn.github.io/reversinggamecheat.html
#reversinggamecheat
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
One day I was chilling on Telegram, when someone who shared a group with me decided to mass spread some leaked game cheats & other tools! Lets take a look and see if they are what they say they areβ¦
https://0xwyvn.github.io/reversinggamecheat.html
#reversinggamecheat
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
wyvnzwriteupz
First writeup: Reversing a βGame Cheatβ ;)
a place for me to post shit
π6π₯6
CryptoTester
A utility for playing with cryptography, geared towards ransomware analysis.
https://github.com/Demonslay335/CryptoTester
#CryptoTester
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A utility for playing with cryptography, geared towards ransomware analysis.
https://github.com/Demonslay335/CryptoTester
#CryptoTester
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
GitHub
GitHub - Demonslay335/CryptoTester: A utility for playing with cryptography, geared towards ransomware analysis.
A utility for playing with cryptography, geared towards ransomware analysis. - Demonslay335/CryptoTester
π1
The EU's new Cyber Resilience Act is about to tell us how to code (and fine us hugely if we don't)
The EUβs new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online β the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
tl;dr
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.
https://berthub.eu/articles/posts/eu-cra-secure-coding-solution/
#eu #cyberresillence
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
The EUβs new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online β the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
tl;dr
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.
https://berthub.eu/articles/posts/eu-cra-secure-coding-solution/
#eu #cyberresillence
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Bert Hubert's writings
The EU's new Cyber Resilience Act is about to tell us how to code - Bert Hubert's writings
First a round of thanks for the many people in industry and government who provided valuable links, background and insights! I could not have done this without your help! If you spot any mistakes, or have suggestions, please do contact me on [email protected]β¦
π1
πDarknet Diaries Ep. 65: PSYOP
Here's How the U.S. Military Hacks People's Brains
https://www.youtube.com/watch?v=zLWuuV0lBhU
#podcast #truecrime #darknetdiaries
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Here's How the U.S. Military Hacks People's Brains
https://www.youtube.com/watch?v=zLWuuV0lBhU
#podcast #truecrime #darknetdiaries
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
YouTube
Here's How the U.S. Military Hacks People's BrainsπDarknet Diaries Ep. 65: PSYOP
PSYOPs, or "Psychological Operations" are happening all around us, 24/7. Sometimes they're used in warfare against foreign enemies, and sometimes we know them by different names: Marketing, PR, spin, and propaganda. This is the story about information beingβ¦
π4π₯1
Mullvad becomes highest level of Tor Member (Shallot)
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.
We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.
https://mullvad.net/de/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/
#mullvad #vpn #toor
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.
We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.
https://mullvad.net/de/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/
#mullvad #vpn #toor
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Mullvad VPN
Mullvad becomes highest level of Tor Member (Shallot) | Mullvad VPN
Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.
π8β€4
OIG-23-17-Feb23.pdf
17.8 MB
Secret Service and ICE conducted illegal surveillance through fake cell towers
A newly-released report by the Department of Homeland Securityβs Office of the Inspector General (OIG) revealed that federal agencies, including Homeland Security Investigations (HSI) and Immigration and Customs Enforcement (ICE), used cell-site simulators (CSS) to illegally conduct surveillance.
CSS, aka Stingrays, are devices that mimic cell phone towers, duping mobile devices within a certain radius to connect to them instead of cell towers. Once connected to the CSS, law enforcement can conduct a search of the devices, in violation of basic constitutional freedoms.
https://reclaimthenet.org/secret-service-and-ice-conducted-illegal-surveillance-through-fake-cell-towers
PDF: https://docs.reclaimthenet.org/OIG-23-17-Feb23.pdf
#css #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
A newly-released report by the Department of Homeland Securityβs Office of the Inspector General (OIG) revealed that federal agencies, including Homeland Security Investigations (HSI) and Immigration and Customs Enforcement (ICE), used cell-site simulators (CSS) to illegally conduct surveillance.
CSS, aka Stingrays, are devices that mimic cell phone towers, duping mobile devices within a certain radius to connect to them instead of cell towers. Once connected to the CSS, law enforcement can conduct a search of the devices, in violation of basic constitutional freedoms.
https://reclaimthenet.org/secret-service-and-ice-conducted-illegal-surveillance-through-fake-cell-towers
PDF: https://docs.reclaimthenet.org/OIG-23-17-Feb23.pdf
#css #surveillance #pdf
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π₯4π2
Zippyshare - Inofrmation about the closure of the project
Hey Folks,
Weβve decided that weβre shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes.
There are several reasons for the closure:
β Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore.
https://blog.zippyshare.com/
#zippyshare
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
Hey Folks,
Weβve decided that weβre shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes.
There are several reasons for the closure:
β Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore.
https://blog.zippyshare.com/
#zippyshare
π‘@cRyPtHoN_INFOSEC_IT
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π±14π3