Techno-Tyranny: How The US National Security State Is Using Coronavirus To Fulfill An Orwellian Vision
Last year, a government commission called for the US to adopt an AI-driven mass surveillance system far beyond that used in any other country in order to ensure American hegemony in artificial intelligence. Now, many of the “obstacles” they had cited as preventing its implementation are rapidly being removed under the guise of combating the coronavirus crisis.
Last year, a U.S. government body dedicated to examining how artificial intelligence can “address the national security and defense needs of the United States” discussed in detail the “structural” changes that the American economy and society must undergo in order to ensure a technological advantage over China, according to a recent document acquired through a FOIA request. This document suggests that the U.S. follow China’s lead and even surpass them in many aspects related to AI-driven technologies, particularly their use of mass surveillance. This perspective clearly clashes with the public rhetoric of prominent U.S. government officials and politicians on China, who have labeled the Chinese government’s technology investments and export of its surveillance systems and other technologies as a major “threat” to Americans’ “way of life.”
In addition, many of the steps for the implementation of such a program in the U.S., as laid out in this newly available document, are currently being promoted and implemented as part of the government’s response to the current coronavirus (Covid-19) crisis. This likely due to the fact that many members of this same body have considerable overlap with the taskforces and advisors currently guiding the government’s plans to “re-open the economy” and efforts to use technology to respond to the current crisis.
👉🏼 Read more:
https://www.thelastamericanvagabond.com/top-news/techno-tyranny-how-us-national-security-state-using-coronavirus-fulfill-orwellian-vision/
#USA #National #Security #State #coronavirus #orwell #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Last year, a government commission called for the US to adopt an AI-driven mass surveillance system far beyond that used in any other country in order to ensure American hegemony in artificial intelligence. Now, many of the “obstacles” they had cited as preventing its implementation are rapidly being removed under the guise of combating the coronavirus crisis.
Last year, a U.S. government body dedicated to examining how artificial intelligence can “address the national security and defense needs of the United States” discussed in detail the “structural” changes that the American economy and society must undergo in order to ensure a technological advantage over China, according to a recent document acquired through a FOIA request. This document suggests that the U.S. follow China’s lead and even surpass them in many aspects related to AI-driven technologies, particularly their use of mass surveillance. This perspective clearly clashes with the public rhetoric of prominent U.S. government officials and politicians on China, who have labeled the Chinese government’s technology investments and export of its surveillance systems and other technologies as a major “threat” to Americans’ “way of life.”
In addition, many of the steps for the implementation of such a program in the U.S., as laid out in this newly available document, are currently being promoted and implemented as part of the government’s response to the current coronavirus (Covid-19) crisis. This likely due to the fact that many members of this same body have considerable overlap with the taskforces and advisors currently guiding the government’s plans to “re-open the economy” and efforts to use technology to respond to the current crisis.
👉🏼 Read more:
https://www.thelastamericanvagabond.com/top-news/techno-tyranny-how-us-national-security-state-using-coronavirus-fulfill-orwellian-vision/
#USA #National #Security #State #coronavirus #orwell #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
The Cameras in Your Car May Be Harvesting Data as You Drive
Safety system sensors in modern cars are collecting data about the road on behalf of the company that makes them
If you drive a newer car, it’s likely to have at least one built-in camera or sensor that powers important safety systems such as automatic emergency braking (AEB) and blind spot warning (BSW), or that makes driving easier with assistance features such as adaptive cruise control and lane centering. Most of the software and algorithms that control those systems were developed by Mobileye.
https://www.consumerreports.org/automotive-technology/the-cameras-in-your-car-may-be-harvesting-data-as-you-drive/
#data #harvesting #cars #cameras #algorithms #surveillance #thinkabout #Mobileye
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Safety system sensors in modern cars are collecting data about the road on behalf of the company that makes them
If you drive a newer car, it’s likely to have at least one built-in camera or sensor that powers important safety systems such as automatic emergency braking (AEB) and blind spot warning (BSW), or that makes driving easier with assistance features such as adaptive cruise control and lane centering. Most of the software and algorithms that control those systems were developed by Mobileye.
https://www.consumerreports.org/automotive-technology/the-cameras-in-your-car-may-be-harvesting-data-as-you-drive/
#data #harvesting #cars #cameras #algorithms #surveillance #thinkabout #Mobileye
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
What does Big Brother see, while he is watching? - Uncovering images from the secret Stasi archives
In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB.
https://media.ccc.de/v/32c3-7209-what_does_big_brother_see_while_he_is_watching
#CCC #32c3 #stasi #BigBrother #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB.
https://media.ccc.de/v/32c3-7209-what_does_big_brother_see_while_he_is_watching
#CCC #32c3 #stasi #BigBrother #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Exploiting (Almost) Every Antivirus Software
Summary
Antivirus software is supposed to protect you from malicious threats, but what if that protection could be silently disabled before a threat can even be neutralized? What if that protection could be manipulated to perform certain file operations that would allow the operating system to be compromised or simply rendered unusable by an attacker?
RACK911 Labs has come up with a unique but simple method of using directory junctions (Windows) and symlinks (macOS & Linux) to turn almost every antivirus software into self-destructive tools.
Method of Exploitation
Most antivirus software works in a similar fashion: When an unknown file is saved to the hard drive, the antivirus software will usually perform a “real time scan” either instantly or within a couple of minutes. If the unknown file is determined to be a suspected threat, the file will then be automatically quarantined and moved to a secure location pending further user instructions or it will simply be deleted.
Given the nature of how antivirus software has to operate, almost all of them run in a privileged state meaning the highest level of authority within the operating system. Therein lies a fundamental flaw as the file operations are (almost) always performed at the highest level which opens the door to a wide range of security vulnerabilities and various race conditions.
What most antivirus software fail to take into consideration is the small window of time between the initial file scan that detects the malicious file and the cleanup operation that takes place immediately after. A malicious local user or malware author is often able to perform a race condition via a directory junction (Windows) or a symlink (Linux & macOS) that leverages the privileged file operations to disable the antivirus software or interfere with the operating system to render it useless, etc.
👉🏼 Read more:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#exploiting #antivirus #RACK911
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Summary
Antivirus software is supposed to protect you from malicious threats, but what if that protection could be silently disabled before a threat can even be neutralized? What if that protection could be manipulated to perform certain file operations that would allow the operating system to be compromised or simply rendered unusable by an attacker?
RACK911 Labs has come up with a unique but simple method of using directory junctions (Windows) and symlinks (macOS & Linux) to turn almost every antivirus software into self-destructive tools.
Method of Exploitation
Most antivirus software works in a similar fashion: When an unknown file is saved to the hard drive, the antivirus software will usually perform a “real time scan” either instantly or within a couple of minutes. If the unknown file is determined to be a suspected threat, the file will then be automatically quarantined and moved to a secure location pending further user instructions or it will simply be deleted.
Given the nature of how antivirus software has to operate, almost all of them run in a privileged state meaning the highest level of authority within the operating system. Therein lies a fundamental flaw as the file operations are (almost) always performed at the highest level which opens the door to a wide range of security vulnerabilities and various race conditions.
What most antivirus software fail to take into consideration is the small window of time between the initial file scan that detects the malicious file and the cleanup operation that takes place immediately after. A malicious local user or malware author is often able to perform a race condition via a directory junction (Windows) or a symlink (Linux & macOS) that leverages the privileged file operations to disable the antivirus software or interfere with the operating system to render it useless, etc.
👉🏼 Read more:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#exploiting #antivirus #RACK911
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Wormable BUG!
Just by sending an innocent-looking image, #remote #attackers could've taken over an organization's entire roster of #Microsoft Teams' #accounts. (Patch Released)
👉🏼 Read more:
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
#wormable #bug #attackers #hack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Just by sending an innocent-looking image, #remote #attackers could've taken over an organization's entire roster of #Microsoft Teams' #accounts. (Patch Released)
👉🏼 Read more:
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
#wormable #bug #attackers #hack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Hacking health
About hacking wheelchairs, building custom bicycles, adapters to use e-scooters as outboard motors: Empowering people with disablitities or healthcare needs through Open Hardware. Presentation on experiences and lessons learned in collecting and co-creating open personalized DIY healthcare solutions for replicability and adaptability in Makerspace worldwide.
https://vid.lelux.fi/videos/watch/5c2b56de-5e0c-4e9a-a299-52b2547c27cb
#CCC #36C3 #hacking #health #wheelchairs #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
About hacking wheelchairs, building custom bicycles, adapters to use e-scooters as outboard motors: Empowering people with disablitities or healthcare needs through Open Hardware. Presentation on experiences and lessons learned in collecting and co-creating open personalized DIY healthcare solutions for replicability and adaptability in Makerspace worldwide.
https://vid.lelux.fi/videos/watch/5c2b56de-5e0c-4e9a-a299-52b2547c27cb
#CCC #36C3 #hacking #health #wheelchairs #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Chinese internet users who uploaded coronavirus memories to GitHub have been arrested
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
PhantomLance spying campaign breaches Google Play security
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
👉🏼 Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
👉🏼 Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Leaked pics from Amazon Ring show potential new surveillance features
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
👉🏼 Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
👉🏼 Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Two Usenet providers blame data breaches on partner company
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
👉🏼 Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
👉🏼 Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Would You Have Fallen for This Phone Scam?
You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bank’s real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader — we’ll call him “Jim” since he didn’t want his real name used for this story — whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bank’s own automated phone system just by spoofing her phone number.
👉🏼 Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bank’s real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader — we’ll call him “Jim” since he didn’t want his real name used for this story — whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bank’s own automated phone system just by spoofing her phone number.
👉🏼 Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Passwords are the easiest things to steal.
Passwords are the easiest things to steal
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.
https://thecyberwire.com/podcasts/hacking-humans/96/notes
#cyberwire #hackinghumans #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.
https://thecyberwire.com/podcasts/hacking-humans/96/notes
#cyberwire #hackinghumans #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
🚨 Malware warning 🚨
Currently, malware is again actively distributed in telegram groups.
It is an .exe file whose name usually reflects the topic of the respective group.
The .exe file always has 2.6 MB.
❗️ Always check executable files before opening them
❗️ Pay attention to the file size and strange names
‼️If you see such an .exe file with exactly 2.6 MB in one of your groups, please inform an admin and warn the other users ‼️
https://www.virustotal.com/gui/file/279abdad31bf6eaf6fa9b182dad32806060c06d4107c9a96d0738c26427eeb9b/detection
#alert #malware #telegram
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Currently, malware is again actively distributed in telegram groups.
It is an .exe file whose name usually reflects the topic of the respective group.
The .exe file always has 2.6 MB.
❗️ Always check executable files before opening them
❗️ Pay attention to the file size and strange names
‼️If you see such an .exe file with exactly 2.6 MB in one of your groups, please inform an admin and warn the other users ‼️
https://www.virustotal.com/gui/file/279abdad31bf6eaf6fa9b182dad32806060c06d4107c9a96d0738c26427eeb9b/detection
#alert #malware #telegram
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Ministers plan to give more UK public bodies power to access phone data
Expansion of ‘snooper’s charter’ would allow more authorities to access web browsing histories
Ministers want to expand the scope of UK surveillance laws to give more public authorities – including a pensions watchdog and the Environment Agency – the power to access vast databases of personal phone and computer data.
Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act – frequently dubbed the snooper’s charter – as they are “increasingly unable to rely on local police forces to investigate crimes on their behalf”, according to documents published by the government.
The US whistleblower Edward Snowden once described the act as the “most extreme surveillance in the history of western democracy”.
The Civil Nuclear Constabulary, the armed police force in charge of protecting civil nuclear sites; the Environment Agency; the Insolvency Service; the UK National Authority for Counter Eavesdropping (UKNACE), an anti-espionage service and the Pensions Regulator are poised to benefit from strengthened powers.
The authorities join an established list that includes police forces, government departments and public agencies including the Health and Safety Executive.
A Home Office spokesperson said: “To protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
“These powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases.”
👉🏼 Read more:
https://www.theguardian.com/world/2020/apr/22/ministers-plan-to-give-more-uk-public-bodies-power-to-hack-phones
#UK #surveillance #smartphone #data
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Expansion of ‘snooper’s charter’ would allow more authorities to access web browsing histories
Ministers want to expand the scope of UK surveillance laws to give more public authorities – including a pensions watchdog and the Environment Agency – the power to access vast databases of personal phone and computer data.
Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act – frequently dubbed the snooper’s charter – as they are “increasingly unable to rely on local police forces to investigate crimes on their behalf”, according to documents published by the government.
The US whistleblower Edward Snowden once described the act as the “most extreme surveillance in the history of western democracy”.
The Civil Nuclear Constabulary, the armed police force in charge of protecting civil nuclear sites; the Environment Agency; the Insolvency Service; the UK National Authority for Counter Eavesdropping (UKNACE), an anti-espionage service and the Pensions Regulator are poised to benefit from strengthened powers.
The authorities join an established list that includes police forces, government departments and public agencies including the Health and Safety Executive.
A Home Office spokesperson said: “To protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
“These powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases.”
👉🏼 Read more:
https://www.theguardian.com/world/2020/apr/22/ministers-plan-to-give-more-uk-public-bodies-power-to-hack-phones
#UK #surveillance #smartphone #data
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Xiaomi phone logging browser use
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Forwarded from NoGoolag
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use
#xiaomi #miui #spyware #virus
#xiaomi #miui #spyware #virus
Forbes
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
👉🏼 Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
👉🏼 Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Ubuntu has full access to your Google Account
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
👉🏼 Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
👉🏼 Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Telegram Piracy Channels Face Blocking After Italian Prosecutor Issues Emergency Order
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
“The estimate of the losses suffered by publishing companies is alarming,” FIEG President Andrea Riffeser Monti complained earlier this month.
“In a highly conservative hypothesis, we estimate €670 thousand per day, approximately €250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.”
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take “exemplary and urgent measures” against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishers’ Association (ENPA).
👉🏼 Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
“The estimate of the losses suffered by publishing companies is alarming,” FIEG President Andrea Riffeser Monti complained earlier this month.
“In a highly conservative hypothesis, we estimate €670 thousand per day, approximately €250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.”
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take “exemplary and urgent measures” against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishers’ Association (ENPA).
👉🏼 Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Secret Service: Norway plans surveillance of Internet traffic
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
👉🏼 Read more 🇩🇪:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
👉🏼 Read more 🇩🇪:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Keep your email safe from hackers and trackers
Make an email alias with 1 click, and keep your address to yourself.
💡 How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
💡 How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
💡 Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Make an email alias with 1 click, and keep your address to yourself.
💡 How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
💡 How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
💡 Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN