Data Brokers and the Sale of Americans’ Mental Health Data

Joanne Kim asked 34 data brokers in the US to buy personal data on people with mental health issues, talked to them via phone and video, approved by DukeCyberPolicy IRB.

10 of them would sell with minimal vetting. Excellent & disturbing study:
https://techpolicy.sanford.duke.edu/wp-content/uploads/sites/4/2023/02/Kim-2023-Data-Brokers-and-the-Sale-of-Americans-Mental-Health-Data.pdf

#databroker #pdf #study
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hacks, Bots and Blackmail: How Secret Cyber Mercenaries Disrupt Elections

Undercover reporters recorded a group of covert cyber influence specialists as they pitched their services, which involve using disinformation campaigns, false intelligence, hacks and blackmail to promote their clients’ interests. The group, which calls itself Team Jorge, claims to have worked on dozens of presidential elections around the world and charges multimillion dollar fees.

https://www.occrp.org/en/storykillers/hacks-bots-and-blackmail-how-secret-cyber-mercenaries-disrupt-elections

#hacks #bots #blackmail #occrp
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

An update on two-factor authentication using SMS on Twitter

Either pay £11 or go without two-factor SMS authentication

https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

#twitter #2fa
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Twitter about to give hackers a huge gift

by *REMOVING text message authentication* for non paying accounts.

Yes, there are better forms of #2FA.

But this is blackmail.

Expect waves of takeovers as hackers run through password dumps.

https://twitter.com/jsrailton/status/1626791204238008320

#twitter
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted

The RailYatri hack took place in December 2022, but the stolen data has only been leaked earlier today on a prominent hacker forum.

Among personal information, the RailYatri hack has also exposed the location details of millions of travellers across India.

RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travellers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online.

The compromised data includes email addresses, full names, genders, phone numbers, and locations, which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.

Hackread.com can confirm that the database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.

https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/

#railyatri #india
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Reversing a “Game Cheat” ;)

One day I was chilling on Telegram, when someone who shared a group with me decided to mass spread some leaked game cheats & other tools! Lets take a look and see if they are what they say they are…

https://0xwyvn.github.io/reversinggamecheat.html

#reversinggamecheat
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

CryptoTester

A utility for playing with cryptography, geared towards ransomware analysis.

https://github.com/Demonslay335/CryptoTester

#CryptoTester
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The EU's new Cyber Resilience Act is about to tell us how to code (and fine us hugely if we don't)

The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.

tl;dr
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.

https://berthub.eu/articles/posts/eu-cra-secure-coding-solution/

#eu #cyberresillence
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

🎙Darknet Diaries Ep. 65: PSYOP

Here's How the U.S. Military Hacks People's Brains

https://www.youtube.com/watch?v=zLWuuV0lBhU

#podcast #truecrime #darknetdiaries
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mullvad becomes highest level of Tor Member (Shallot)

Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.

Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.

We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.

https://mullvad.net/de/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/

#mullvad #vpn #toor
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Secret Service and ICE conducted illegal surveillance through fake cell towers

A newly-released report by the Department of Homeland Security’s Office of the Inspector General (OIG) revealed that federal agencies, including Homeland Security Investigations (HSI) and Immigration and Customs Enforcement (ICE), used cell-site simulators (CSS) to illegally conduct surveillance.

CSS, aka Stingrays, are devices that mimic cell phone towers, duping mobile devices within a certain radius to connect to them instead of cell towers. Once connected to the CSS, law enforcement can conduct a search of the devices, in violation of basic constitutional freedoms.

https://reclaimthenet.org/secret-service-and-ice-conducted-illegal-surveillance-through-fake-cell-towers

PDF: https://docs.reclaimthenet.org/OIG-23-17-Feb23.pdf

#css #surveillance #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Zippyshare - Inofrmation about the closure of the project

Hey Folks,

We’ve decided that we’re shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes.

There are several reasons for the closure:

– Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore.

https://blog.zippyshare.com/

#zippyshare
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

I Think I Found a Privacy Exploit in ChatGPT

tl;dr: I found that if you pass empty prompts to ChatGPT it spits back results anyway At first I thought they might be hallucinations but now I believe I'm also getting back other people's responses

https://tane.dev/2023/04/i-think-i-found-a-privacy-exploit-in-chatgpt/

#chatgpt #exploit #privacy
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Indian government gives itself the power to “fact-check” and delete social media posts

Journalists, opposition parties, and advocacy groups are worried what this “absolute power” means for press freedom in India

The Indian government on April 6 announced a state-run fact-checking unit that will have sweeping powers to label any piece of information related to the government as “fake, false or misleading” and have it removed from social media. The country has tweaked its tech rules that now require platforms such as Facebook, Twitter, and Instagram to take down content flagged by the fact-checking body. Internet service providers are also expected to block URLs to such content. Failure to comply could result in the platforms losing safe harbor protection that safeguards them from legal action against any content posted by their users, said India’s minister of information technology, Rajeev Chandrasekhar.

“The amended rules now also make it obligatory on the intermediaries to not to publish, share or host fake, false or misleading information in respect of any business of the Central Government. [This] fake, false or misleading information will [be] identified by the notified Fact Check Unit of the Central Government,” the government said in a press release.

https://restofworld.org/2023/indian-government-fact-check-delete-social-media/

https://www.pib.gov.in/PressReleasePage.aspx?PRID=1914358

#india
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms

The international mobile system is exposed and a loophole allows hackers, cybercriminals and states to geolocate targets and even hijack email and web accounts. Israelis can be found among the victims - and the attackers

https://www.haaretz.com/israel-news/security-aviation/2023-05-10/ty-article-magazine/.premium/global-surveillance-the-secretive-swiss-dealer-enabling-israeli-spy-firms/00000188-0005-dc7e-a3fe-22cdf2900000

#surveillance
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Google Unlocked

Google Unlocked is an open source browser extension, which unlocks hidden google search results.

The extension scans hidden search results that were censored by Google due to complaints. Use it wisely.

https://github.com/Ibit-to/google-unlocked

#google #search #osint
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How to be Invisible Online (and the hard truth about it)

Don't be fooled ... Occupy The Web (OTW) tells us the hard truth about being anonymous online. The brutal truth: Will using your neigbors wifi keep you anonymous? Can you hide from the NSA? Can you hide from Google and other companies? Will Tor help you? Will Proxy Chains help? Which phone do you need to use - Android or iPhone or something else? Which operating system - Windows, macOS or Linux? What is the truth? What do you need to use?

https://www.youtube.com/watch?v=LEbAxsYRMcQ

#video #otw #invisible #online
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

HyperDeceit

This repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.

https://reversing.info/posts/hyperdeceit/

https://github.com/Xyrem/HyperDeceit

#hyperdeceit
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Another research paper on anti-cheat measures for all the game hackers out there!

https://repositorio-aberto.up.pt/bitstream/10216/142935/2/572983.pdf

#anticheat #research #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13

https://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf

#MobileSecurity #AndroidSecurity #root #pixel #poc #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Compromised from Within: The Unauthorized Restoration of TorGuard’s Telegram Channel

This is the comprehensive, substantiated account of how TorGuard’s deleted Telegram Channel was improperly resurrected and handed over to a known fraudster, by a paid insider at Telegram. We bring forth irrefutable evidence, shedding light on this disturbing violation, which calls into question the integrity of Telegram’s internal security mechanisms.

https://medium.com/@TorGuard/compromised-from-within-the-unauthorized-restoration-of-torguards-telegram-channel-dce4c5836

#telegram #torguard
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv