PhantomLance spying campaign breaches Google Play security
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
ππΌ Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
ππΌ Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Leaked pics from Amazon Ring show potential new surveillance features
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
ππΌ Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
ππΌ Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Two Usenet providers blame data breaches on partner company
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
ππΌ Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
ππΌ Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Would You Have Fallen for This Phone Scam?
You may have heard that todayβs phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didnβt know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account β data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bankβs real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader β weβll call him βJimβ since he didnβt want his real name used for this story β whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bankβs own automated phone system just by spoofing her phone number.
ππΌ Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
You may have heard that todayβs phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didnβt know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account β data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bankβs real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader β weβll call him βJimβ since he didnβt want his real name used for this story β whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bankβs own automated phone system just by spoofing her phone number.
ππΌ Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Passwords are the easiest things to steal.
Passwords are the easiest things to steal
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.
https://thecyberwire.com/podcasts/hacking-humans/96/notes
#cyberwire #hackinghumans #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.
https://thecyberwire.com/podcasts/hacking-humans/96/notes
#cyberwire #hackinghumans #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
π¨ Malware warning π¨
Currently, malware is again actively distributed in telegram groups.
It is an .exe file whose name usually reflects the topic of the respective group.
The .exe file always has 2.6 MB.
βοΈ Always check executable files before opening them
βοΈ Pay attention to the file size and strange names
βΌοΈIf you see such an .exe file with exactly 2.6 MB in one of your groups, please inform an admin and warn the other users βΌοΈ
https://www.virustotal.com/gui/file/279abdad31bf6eaf6fa9b182dad32806060c06d4107c9a96d0738c26427eeb9b/detection
#alert #malware #telegram
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Currently, malware is again actively distributed in telegram groups.
It is an .exe file whose name usually reflects the topic of the respective group.
The .exe file always has 2.6 MB.
βοΈ Always check executable files before opening them
βοΈ Pay attention to the file size and strange names
βΌοΈIf you see such an .exe file with exactly 2.6 MB in one of your groups, please inform an admin and warn the other users βΌοΈ
https://www.virustotal.com/gui/file/279abdad31bf6eaf6fa9b182dad32806060c06d4107c9a96d0738c26427eeb9b/detection
#alert #malware #telegram
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Ministers plan to give more UK public bodies power to access phone data
Expansion of βsnooperβs charterβ would allow more authorities to access web browsing histories
Ministers want to expand the scope of UK surveillance laws to give more public authorities β including a pensions watchdog and the Environment Agency β the power to access vast databases of personal phone and computer data.
Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act β frequently dubbed the snooperβs charter β as they are βincreasingly unable to rely on local police forces to investigate crimes on their behalfβ, according to documents published by the government.
The US whistleblower Edward Snowden once described the act as the βmost extreme surveillance in the history of western democracyβ.
The Civil Nuclear Constabulary, the armed police force in charge of protecting civil nuclear sites; the Environment Agency; the Insolvency Service; the UK National Authority for Counter Eavesdropping (UKNACE), an anti-espionage service and the Pensions Regulator are poised to benefit from strengthened powers.
The authorities join an established list that includes police forces, government departments and public agencies including the Health and Safety Executive.
A Home Office spokesperson said: βTo protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
βThese powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases.β
ππΌ Read more:
https://www.theguardian.com/world/2020/apr/22/ministers-plan-to-give-more-uk-public-bodies-power-to-hack-phones
#UK #surveillance #smartphone #data
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Expansion of βsnooperβs charterβ would allow more authorities to access web browsing histories
Ministers want to expand the scope of UK surveillance laws to give more public authorities β including a pensions watchdog and the Environment Agency β the power to access vast databases of personal phone and computer data.
Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act β frequently dubbed the snooperβs charter β as they are βincreasingly unable to rely on local police forces to investigate crimes on their behalfβ, according to documents published by the government.
The US whistleblower Edward Snowden once described the act as the βmost extreme surveillance in the history of western democracyβ.
The Civil Nuclear Constabulary, the armed police force in charge of protecting civil nuclear sites; the Environment Agency; the Insolvency Service; the UK National Authority for Counter Eavesdropping (UKNACE), an anti-espionage service and the Pensions Regulator are poised to benefit from strengthened powers.
The authorities join an established list that includes police forces, government departments and public agencies including the Health and Safety Executive.
A Home Office spokesperson said: βTo protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
βThese powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases.β
ππΌ Read more:
https://www.theguardian.com/world/2020/apr/22/ministers-plan-to-give-more-uk-public-bodies-power-to-hack-phones
#UK #surveillance #smartphone #data
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Xiaomi phone logging browser use
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Forwarded from NoGoolag
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use
#xiaomi #miui #spyware #virus
#xiaomi #miui #spyware #virus
Forbes
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of Peopleβs βPrivateβ Web And Phone Use
Xiaomi is collecting usersβ browser habits and phone usage, raising red flags for privacy researchers.
Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from userβs phone habits to queries in the Xiaomiβs default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
ππΌ Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from userβs phone habits to queries in the Xiaomiβs default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
ππΌ Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Ubuntu has full access to your Google Account
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
ππΌ Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
ππΌ Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegram Piracy Channels Face Blocking After Italian Prosecutor Issues Emergency Order
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
βThe estimate of the losses suffered by publishing companies is alarming,β FIEG President Andrea Riffeser Monti complained earlier this month.
βIn a highly conservative hypothesis, we estimate β¬670 thousand per day, approximately β¬250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.β
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take βexemplary and urgent measuresβ against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishersβ Association (ENPA).
ππΌ Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
βThe estimate of the losses suffered by publishing companies is alarming,β FIEG President Andrea Riffeser Monti complained earlier this month.
βIn a highly conservative hypothesis, we estimate β¬670 thousand per day, approximately β¬250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.β
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take βexemplary and urgent measuresβ against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishersβ Association (ENPA).
ππΌ Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Secret Service: Norway plans surveillance of Internet traffic
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
ππΌ Read more π©πͺ:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
ππΌ Read more π©πͺ:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Keep your email safe from hackers and trackers
Make an email alias with 1 click, and keep your address to yourself.
π‘ How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
π‘ How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
π‘ Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Make an email alias with 1 click, and keep your address to yourself.
π‘ How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
π‘ How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
π‘ Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Me on COVID-19 Contact Tracing Apps
"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."
I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).
False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.
Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.
The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.
It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.
ππΌ Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
#coronavirus #apps #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."
I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).
False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.
Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.
The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.
It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.
ππΌ Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
#coronavirus #apps #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Monitoring COVID-19 from hospital to home: First wearable device continuously tracks key symptoms
Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity
EVANSTON, Ill. β The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand β and treat β the extremely contagious and deadly disease.
Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.
Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.
Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.
ππΌ Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms
#coronavirus #wearable #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity
EVANSTON, Ill. β The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand β and treat β the extremely contagious and deadly disease.
Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.
Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.
Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.
ππΌ Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms
#coronavirus #wearable #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
rpt-security-effectiveness-report-2020.pdf
2.5 MB
Companies overestimate their security
There are two types of companies: Those who know they've been hacked and those who don't. The actual security situation is even worse than is generally known and many attacks go undetected.
π‘ Mandiant Security Effectiveness Report 2020 - Deep Dive into Cyber Reality
PDF:
https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
#FireEye #cyber #security #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
There are two types of companies: Those who know they've been hacked and those who don't. The actual security situation is even worse than is generally known and many attacks go undetected.
π‘ Mandiant Security Effectiveness Report 2020 - Deep Dive into Cyber Reality
PDF:
https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
#FireEye #cyber #security #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Coronavirus and cyberattacks: 2020 campaigns already being hacked, experts warn
President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.
Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.
βThis is an ongoing battle that will be going on right up until Election Day,β cybersecurity expert Michael Kaiser told Fox News.
Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.
Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDCβs assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.
ππΌ Read more:
https://www.foxnews.com/politics/coronavirus-cyberattacks-2020-campaigns-already-being-hacked
#coronavirus #cyberattacks #election #campaigns #USA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.
Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.
βThis is an ongoing battle that will be going on right up until Election Day,β cybersecurity expert Michael Kaiser told Fox News.
Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.
Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDCβs assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.
ππΌ Read more:
https://www.foxnews.com/politics/coronavirus-cyberattacks-2020-campaigns-already-being-hacked
#coronavirus #cyberattacks #election #campaigns #USA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegramβs TON OS to Go Open Source on GitHub Tomorrow
Telegramβs blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The projectβs core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
ππΌ Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegramβs blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The projectβs core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
ππΌ Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The Great Hack
The #Cambridge #Analytica #scandal is examined through the roles of several affected persons.
#docu #video #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The #Cambridge #Analytica #scandal is examined through the roles of several affected persons.
#docu #video #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Riot Web 1.6, RiotX Android 0.19 & Riot iOS 0.11 β E2E Encryption by Default & Cross-signing is here!!
Hi folks,
We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riotβs user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!
ππΌ Web:
https://riot.im/app
ππΌ Desktop:
https://riot.im/download/desktop/
ππΌ iOS:
https://apps.apple.com/us/app/riot-im/id1083446067
ππΌ RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx
π‘ More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/
#riot #matrix #messenger #e2e #encryption #android #iOS
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Hi folks,
We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riotβs user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!
ππΌ Web:
https://riot.im/app
ππΌ Desktop:
https://riot.im/download/desktop/
ππΌ iOS:
https://apps.apple.com/us/app/riot-im/id1083446067
ππΌ RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx
π‘ More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/
#riot #matrix #messenger #e2e #encryption #android #iOS
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN