Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider
โCyberbunkerโ refers to a criminal group that operated a โbulletproofโ hosting facility out of an actual military bunker. โBullet Proofโ hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as โZYZtmโ and โCalibourโ, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cybebunker and arrested several suspects. At the time, Brian Krebs had a great writeup of the history of Cyberbunker.
According to the press release by State Central Cybercrime Office of the Attorney General over 2 petabytes of data were seized including servers, mobile phones, hard drives, laptops, external storage and documents. One of the sites, C3B3ROB, seized by the state criminal police listed over 6000 darknet sites linked to fraudulent bitcoin lotteries, darknet marketplaces for narcotics (with millions of Euros in net transactions for Marijuana, Hashish, MDMA, Ecstasy), weapons, counterfeit money, stolen credit cards, murder orders, and child sexual abuse images [2].
Several individuals involved with Cyberbunker are currently undergoing a criminal trial in Germany. To pay for legal expenses, the principles behind Cyberbunker sold the Cyberbunker IP address space to the Dutch company Legaco. Legaco agreed to route the Cyberbunker IP address space to one of our honeypots for two weeks, to allow us to collect some data about any remaining criminal activity trying to reach resources hosted by Cyberbunker.
The IP address space included 185.103.72.0/22, 185.35.136.0/22, and 91.209.12.0/24, which comes down to about 2300 IP addresses. We collected full packets going to the IP address space and set up listeners (mostly web servers) on various ports.
๐ก Links:
https://krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/
https://gstko.justiz.rlp.de/de/startseite/detail/news/News/detail/landeszentralstelle-cybercrime-der-generalstaatsanwaltschaft-koblenz-erhebt-anklage-gegen-acht-tatve/
https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
๐๐ผ Read more:
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
#cyberbunker #analysis
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
โCyberbunkerโ refers to a criminal group that operated a โbulletproofโ hosting facility out of an actual military bunker. โBullet Proofโ hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as โZYZtmโ and โCalibourโ, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cybebunker and arrested several suspects. At the time, Brian Krebs had a great writeup of the history of Cyberbunker.
According to the press release by State Central Cybercrime Office of the Attorney General over 2 petabytes of data were seized including servers, mobile phones, hard drives, laptops, external storage and documents. One of the sites, C3B3ROB, seized by the state criminal police listed over 6000 darknet sites linked to fraudulent bitcoin lotteries, darknet marketplaces for narcotics (with millions of Euros in net transactions for Marijuana, Hashish, MDMA, Ecstasy), weapons, counterfeit money, stolen credit cards, murder orders, and child sexual abuse images [2].
Several individuals involved with Cyberbunker are currently undergoing a criminal trial in Germany. To pay for legal expenses, the principles behind Cyberbunker sold the Cyberbunker IP address space to the Dutch company Legaco. Legaco agreed to route the Cyberbunker IP address space to one of our honeypots for two weeks, to allow us to collect some data about any remaining criminal activity trying to reach resources hosted by Cyberbunker.
The IP address space included 185.103.72.0/22, 185.35.136.0/22, and 91.209.12.0/24, which comes down to about 2300 IP addresses. We collected full packets going to the IP address space and set up listeners (mostly web servers) on various ports.
๐ก Links:
https://krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/
https://gstko.justiz.rlp.de/de/startseite/detail/news/News/detail/landeszentralstelle-cybercrime-der-generalstaatsanwaltschaft-koblenz-erhebt-anklage-gegen-acht-tatve/
https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
๐๐ผ Read more:
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
#cyberbunker #analysis
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Krebs on Security
German Cops Raid โCyberbunker 2.0,โ Arrest 7 in Child Porn, Dark Web Market Sting
German authorities said Friday they'd arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buriedโฆ
Facebook boycott: View the list of companies pulling ads
A growing list of companies say they'll join an advertiser boycott on Facebook in protest of what they say are the site's failures to stop the spread of hate.
In a statement to CNN on Friday, Carolyn Everson, vice president of Facebook's global business group, responded by saying, "We deeply respect any brand's decision and remain focused on the important work of removing hate speech and providing critical voting information. Our conversations with marketers and civil rights organizations are about how, together, we can be a force for good."
๐๐ผ Here's what we know about the companies that have joined the boycott:
https://edition.cnn.com/2020/06/28/business/facebook-ad-boycott-list/index.html
#DeleteFacebook #StopHateForProfit
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
A growing list of companies say they'll join an advertiser boycott on Facebook in protest of what they say are the site's failures to stop the spread of hate.
In a statement to CNN on Friday, Carolyn Everson, vice president of Facebook's global business group, responded by saying, "We deeply respect any brand's decision and remain focused on the important work of removing hate speech and providing critical voting information. Our conversations with marketers and civil rights organizations are about how, together, we can be a force for good."
๐๐ผ Here's what we know about the companies that have joined the boycott:
https://edition.cnn.com/2020/06/28/business/facebook-ad-boycott-list/index.html
#DeleteFacebook #StopHateForProfit
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Govt bans 59 Chinese apps including TikTok as border tensions simmer in Ladakh
As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.
The government of India has decided to ban 59 apps of Chinese origin as border tensions simmer in Ladakh after a violent, fatal face-off between the Indian and Chinese armies. The list of apps banned by the government includes TikTok, which is extremely popular.
The government announced the ban on the 59 Chinese apps (full list below) Monday night. The government said these apps were engaged in activities that were prejudicial to the sovereignty, integrity and defence of India.
A government press release announcing the ban stated: "The Ministry of Information Technology, invoking itโs power under section 69A of the Information Technology Act read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 and in view of the emergent nature of threats has decided to block 59 apps since in view of information available they are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order".
The press release further said that the Ministry of Information Technology has received "many representations raising concerns from citizens regarding security of data and risk to privacy relating to operation of certain apps".
๐๐ผ Read more:
https://www.indiatoday.in/india/story/centre-announces-ban-chinese-apps-privacy-issues-1695265-2020-06-29
#china #india #apps #privacy #TikTok #DeleteTikTok
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.
The government of India has decided to ban 59 apps of Chinese origin as border tensions simmer in Ladakh after a violent, fatal face-off between the Indian and Chinese armies. The list of apps banned by the government includes TikTok, which is extremely popular.
The government announced the ban on the 59 Chinese apps (full list below) Monday night. The government said these apps were engaged in activities that were prejudicial to the sovereignty, integrity and defence of India.
A government press release announcing the ban stated: "The Ministry of Information Technology, invoking itโs power under section 69A of the Information Technology Act read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 and in view of the emergent nature of threats has decided to block 59 apps since in view of information available they are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order".
The press release further said that the Ministry of Information Technology has received "many representations raising concerns from citizens regarding security of data and risk to privacy relating to operation of certain apps".
๐๐ผ Read more:
https://www.indiatoday.in/india/story/centre-announces-ban-chinese-apps-privacy-issues-1695265-2020-06-29
#china #india #apps #privacy #TikTok #DeleteTikTok
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
India Today
TikTok, Shareit, UC Browser among 59 Chinese apps banned by India as border tensions simmer in Ladakh
As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.
โผ๏ธ Boycott Facebook โผ๏ธ
#DeleteFacebook #StopHateForProfit #mydata #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
#DeleteFacebook #StopHateForProfit #mydata #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
NordVPN makes data transfer to law enforcement agencies official
In a revised data protection statement, the VPN provider NordVPN admits that the processed customer data will be passed on to the authorities as of July 1, if the available data allows them to identify a criminal.
โผ๏ธ Privacy Policy - NordVPN
https://my.nordaccount.com/legal/privacy-policy/
#NordVPN #privacy #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
In a revised data protection statement, the VPN provider NordVPN admits that the processed customer data will be passed on to the authorities as of July 1, if the available data allows them to identify a criminal.
โผ๏ธ Privacy Policy - NordVPN
https://my.nordaccount.com/legal/privacy-policy/
#NordVPN #privacy #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Nordaccount
Nord Account
Encryption-powered security at your fingertips.
Maximator: European signals intelligence cooperation, from a Dutch perspective
This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark Sweden, Germany, the Netherlands, and France. The cooperation involves both signals analysis and crypto analysis. The Maximator alliance has remained secret for almost fifty years, in contrast to its Anglo-Saxon Five-Eyes counterpart. The existence of this European sigint alliance gives a novel perspective on western sigint collaborations in the late twentieth century.
The article explains and illustrates, with relatively much attention for the cryptographic details, how the five Maximator participants strengthened their effectiveness via the information about rigged cryptographic devices that its German partner provided, via the joint U.S.-German ownership and control of the Swiss producer Crypto AG of cryptographic devices.
1. Introduction
The post-Second World War signals intelligence (SIGINT) cooperation between five Anglo-Saxon countries โ Australia, Canada, the United Kingdom, New Zealand, and the United States โ is well-documented.1 This alliance is often called Five Eyes and is based on the 1946 UKUSA Agreement. What is not publicly known so far is that there is a second, parallel, western signals intelligence alliance, namely in north-western Europe, also with five members. It has existed since 1976 and is called Maximator. It comprises Denmark, France, Germany, Sweden, and the Netherlands and is still active today.
The Maximator alliance deepens our understanding of the recently-revealed operation Thesaurus/Rubicon: the joint CIA-BND ownership and control of the Swiss manufacturer of cryptographic equipment Crypto AG, from 1970 to 1993.2 Crucial information about the inner workings (and weaknesses) of cryptographic devices sold by Crypto AG (and by other companies) were distributed within the Maximator network. This allowed the participants to decrypt intercepted messages from the more than one hundred countries that had bought compromised devices from the 1970s onwards.
๐๐ผ Read more:
https://www.tandfonline.com/doi/full/10.1080/02684527.2020.1743538
#Maximator #SIGINT #eu #cia #bnd #FiveEyes
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark Sweden, Germany, the Netherlands, and France. The cooperation involves both signals analysis and crypto analysis. The Maximator alliance has remained secret for almost fifty years, in contrast to its Anglo-Saxon Five-Eyes counterpart. The existence of this European sigint alliance gives a novel perspective on western sigint collaborations in the late twentieth century.
The article explains and illustrates, with relatively much attention for the cryptographic details, how the five Maximator participants strengthened their effectiveness via the information about rigged cryptographic devices that its German partner provided, via the joint U.S.-German ownership and control of the Swiss producer Crypto AG of cryptographic devices.
1. Introduction
The post-Second World War signals intelligence (SIGINT) cooperation between five Anglo-Saxon countries โ Australia, Canada, the United Kingdom, New Zealand, and the United States โ is well-documented.1 This alliance is often called Five Eyes and is based on the 1946 UKUSA Agreement. What is not publicly known so far is that there is a second, parallel, western signals intelligence alliance, namely in north-western Europe, also with five members. It has existed since 1976 and is called Maximator. It comprises Denmark, France, Germany, Sweden, and the Netherlands and is still active today.
The Maximator alliance deepens our understanding of the recently-revealed operation Thesaurus/Rubicon: the joint CIA-BND ownership and control of the Swiss manufacturer of cryptographic equipment Crypto AG, from 1970 to 1993.2 Crucial information about the inner workings (and weaknesses) of cryptographic devices sold by Crypto AG (and by other companies) were distributed within the Maximator network. This allowed the participants to decrypt intercepted messages from the more than one hundred countries that had bought compromised devices from the 1970s onwards.
๐๐ผ Read more:
https://www.tandfonline.com/doi/full/10.1080/02684527.2020.1743538
#Maximator #SIGINT #eu #cia #bnd #FiveEyes
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Taylor & Francis
Maximator: European signals intelligence cooperation, from a Dutch perspective
This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The ...
ISP Ordered to Hand Over Piratesโ Details After Cracked Software โPhoned Homeโ
Alleged pirates who installed cracked copies of expensive Siemens CAD tools on their computers are facing potentially huge settlement demands after the software "phoned home" informing the company of the illicit use. The Australian Federal Court has ordered ISP Telstra to hand over the personal details of the suspected infringers.
Reports of movie companies tracking down alleged pirates in order to extract cash settlements are commonplace today.
After IP addresses are monitored in BitTorrent swarms, companies regularly obtain court orders requiring ISPs to hand over the personal details of alleged infringers, to whom they send correspondence threatening a lawsuit, unless they pay up of course.
On first view, a case in Australia seems to follow a similar pattern but the details reveal a more interesting set of circumstances.
In an application filed at the Federal Court in Australia, Siemens Industry Software Inc asked the Court to compel local ISP Telstra to reveal the identities and personal details of โ20 potential infringing usersโ who used โcrackedโ versions of its software.
However, instead of tracking these alleged pirates in BitTorrent swarms, Siemens obtained evidence of their infringement directly from their computers.
๐๐ผ Read more:
https://torrentfreak.com/isp-ordered-to-hand-over-pirates-details-after-cracked-software-phoned-home-200629/
#isp #australia #pirates #software #cracked
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Alleged pirates who installed cracked copies of expensive Siemens CAD tools on their computers are facing potentially huge settlement demands after the software "phoned home" informing the company of the illicit use. The Australian Federal Court has ordered ISP Telstra to hand over the personal details of the suspected infringers.
Reports of movie companies tracking down alleged pirates in order to extract cash settlements are commonplace today.
After IP addresses are monitored in BitTorrent swarms, companies regularly obtain court orders requiring ISPs to hand over the personal details of alleged infringers, to whom they send correspondence threatening a lawsuit, unless they pay up of course.
On first view, a case in Australia seems to follow a similar pattern but the details reveal a more interesting set of circumstances.
In an application filed at the Federal Court in Australia, Siemens Industry Software Inc asked the Court to compel local ISP Telstra to reveal the identities and personal details of โ20 potential infringing usersโ who used โcrackedโ versions of its software.
However, instead of tracking these alleged pirates in BitTorrent swarms, Siemens obtained evidence of their infringement directly from their computers.
๐๐ผ Read more:
https://torrentfreak.com/isp-ordered-to-hand-over-pirates-details-after-cracked-software-phoned-home-200629/
#isp #australia #pirates #software #cracked
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Torrentfreak
ISP Ordered to Hand Over Pirates' Details After Cracked Software 'Phoned Home' * TorrentFreak
Siemens has obtained a court order to identify alleged software pirates. The tools had an embedded "phone home" feature that blew the whistle
A hacker gang is wiping Lenovo NAS devices and asking for ransoms
Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old Lenovo EMC NAS devices.
A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.
Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.
Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.
Many of the NAS devices we found this way contained a ransom note named "RECOVER YOUR FILES !!!!.txt."
All ransom notes were signed with the 'Cl0ud SecuritY' monicker and used the same "[email protected]" email address as the point of contact.
๐๐ผ Read more:
https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/
#Cl0udSecuritY #hacker #lenovo #Iomega #nas #ransomware
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old Lenovo EMC NAS devices.
A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.
Attacks have been happening for at least a month, according to entries on BitcoinAbuse, a web portal where users can report Bitcoin addresses abused in ransomware, extortions, cybercrime, and other online scams.
Attacks appear to have targeted only LenovoEMC/Iomega NAS devices that are exposing their management interface on the internet without a password.
Many of the NAS devices we found this way contained a ransom note named "RECOVER YOUR FILES !!!!.txt."
All ransom notes were signed with the 'Cl0ud SecuritY' monicker and used the same "[email protected]" email address as the point of contact.
๐๐ผ Read more:
https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/
#Cl0udSecuritY #hacker #lenovo #Iomega #nas #ransomware
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
ZDNet
A hacker gang is wiping Lenovo NAS devices and asking for ransoms
Ransom notes signed by 'Cl0ud SecuritY' hacker group are being found on old LenovoEMC NAS devices.
Donโt Use WhatsApp - I gathered 17 reasons why not to use WhatsApp (which you can send to friends & colleagues when they ask why you don't use WhatsApp)
๐ก Reasons Why You Should Not Use WhatsApp:
โ๏ธ The founder of WhatsApp โ Brian Acton โ tweeted on March 21st 2018: โIt is time. #deletefacebookโ
โ๏ธ WhatsApp is forced to disclosed encrypted messages to authorities
โ๏ธ Brian Acton admits: โI sold my usersโ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.โ
โ๏ธ Jan Koum left Facebook over data privacy issues.
โ๏ธ WhatsApp had a security issue with the way it handles video which allowed hackers to take control of your phone
โ๏ธ WhatsApp commits major security errors on a regular basis, which are suitable for surveillance
โ๏ธ Jeff Bezos, the richest man in the world, has been hacked due to WhatsAppโs security flaws
โ๏ธ Facebook is collaborating with the NSA and FBI
โ๏ธ WhatsApp was used to target 100 journalists and dissidents
โ๏ธ United Nations officials are banned from using WhatsApp
โ๏ธ WhatsApp disclosed 12 security flaws in 2019, including 7 classified as โcriticalโ
โ๏ธ EU Commission orders staff to switch from WhatsApp to Signal
โ๏ธ Facebookโs executives proposed to weakening its encryption to enable easier access for businesses
โ๏ธ Facebook is โthe biggest surveillance-based enterprise in historyโ
โ๏ธ WhatsApp ranked worst for userโs data privacy in internet snooping report
โ๏ธ WhatsApp messages are stored unencrypted on iCloud or Google Drive
โ๏ธ Telegram is banned in countries like Russia and Iran while WhatsApp is freely available
๐๐ผ Read the entire version and find all sources ๐๐ผ
๐๐ผ Reasons Why You Should Not Use WhatsApp:
https://www.reddit.com/r/privacy/comments/gdhrw9/i_gathered_17_reasons_why_not_to_use_whatsapp/
#wa #DeleteWhatsApp #fb #DeleteFacebook #DontUseWhatsApp
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
๐ก Reasons Why You Should Not Use WhatsApp:
โ๏ธ The founder of WhatsApp โ Brian Acton โ tweeted on March 21st 2018: โIt is time. #deletefacebookโ
โ๏ธ WhatsApp is forced to disclosed encrypted messages to authorities
โ๏ธ Brian Acton admits: โI sold my usersโ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.โ
โ๏ธ Jan Koum left Facebook over data privacy issues.
โ๏ธ WhatsApp had a security issue with the way it handles video which allowed hackers to take control of your phone
โ๏ธ WhatsApp commits major security errors on a regular basis, which are suitable for surveillance
โ๏ธ Jeff Bezos, the richest man in the world, has been hacked due to WhatsAppโs security flaws
โ๏ธ Facebook is collaborating with the NSA and FBI
โ๏ธ WhatsApp was used to target 100 journalists and dissidents
โ๏ธ United Nations officials are banned from using WhatsApp
โ๏ธ WhatsApp disclosed 12 security flaws in 2019, including 7 classified as โcriticalโ
โ๏ธ EU Commission orders staff to switch from WhatsApp to Signal
โ๏ธ Facebookโs executives proposed to weakening its encryption to enable easier access for businesses
โ๏ธ Facebook is โthe biggest surveillance-based enterprise in historyโ
โ๏ธ WhatsApp ranked worst for userโs data privacy in internet snooping report
โ๏ธ WhatsApp messages are stored unencrypted on iCloud or Google Drive
โ๏ธ Telegram is banned in countries like Russia and Iran while WhatsApp is freely available
๐๐ผ Read the entire version and find all sources ๐๐ผ
๐๐ผ Reasons Why You Should Not Use WhatsApp:
https://www.reddit.com/r/privacy/comments/gdhrw9/i_gathered_17_reasons_why_not_to_use_whatsapp/
#wa #DeleteWhatsApp #fb #DeleteFacebook #DontUseWhatsApp
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
es220202444136.pdf
331.3 KB
Farewell news from Hong Kong - The new Hong Kong Security Law
Beijing's national security law is already having an impact, pushing activists to take self-protection measures such as resignations, dissolutions of organizations and deletion of social media accounts. The law package could finally destroy the city's democratic hopes.
The new security law (๐๐ผPDF) has 66 articles and provides for sentences ranging from ten years to life imprisonment for the new offences of secession, subversion, terrorism and participation in outside interference.
๐๐ผ PDF ๐ฌ๐ง:
https://www.gld.gov.hk/egazette/pdf/20202444e/es220202444136.pdf
Read more ๐ฉ๐ช:
https://netzpolitik.org/2020/repression-gegen-demokratiebewegung-abschiedsnachrichten-aus-hongkong/
#FreeHongKong #democratic #netpolitics #thinkabout #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Beijing's national security law is already having an impact, pushing activists to take self-protection measures such as resignations, dissolutions of organizations and deletion of social media accounts. The law package could finally destroy the city's democratic hopes.
The new security law (๐๐ผPDF) has 66 articles and provides for sentences ranging from ten years to life imprisonment for the new offences of secession, subversion, terrorism and participation in outside interference.
๐๐ผ PDF ๐ฌ๐ง:
https://www.gld.gov.hk/egazette/pdf/20202444e/es220202444136.pdf
Read more ๐ฉ๐ช:
https://netzpolitik.org/2020/repression-gegen-demokratiebewegung-abschiedsnachrichten-aus-hongkong/
#FreeHongKong #democratic #netpolitics #thinkabout #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
They steal your Facebook
New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins. This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps:
https://www.evina.com/they-steal-your-facebook/
#cybersecurity #malware #google #playstore #apps #fb #DeleteFacebook
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins. This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps:
https://www.evina.com/they-steal-your-facebook/
#cybersecurity #malware #google #playstore #apps #fb #DeleteFacebook
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
COVID-19 โBreach Bubbleโ Waiting to Pop?
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change โ and likely for the worse.
The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data.
๐๐ผ Read more:
https://krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/
#cybercrime #covid #breach #payment #card #data
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change โ and likely for the worse.
The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data.
๐๐ผ Read more:
https://krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/
#cybercrime #covid #breach #payment #card #data
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Krebsonsecurity
COVID-19 โBreach Bubbleโ Waiting to Pop?
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buyโฆ
lookout-uyghur-malware-tr-us.pdf
8.1 MB
Espionage software: China is said to have surveilled mobile phones of Uighurs for years
IT security researchers have found numerous apps that spy on China's Uighur Muslim minority - even abroad.
The Uyghur Muslim minority in China lives in a surveillance state: As reported by the SZ, among others, Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, and Uyghurs are sent to re-education camps. Only a few days ago the news agency AP reported that China is also trying to keep the Muslim population under control with drastic birth control.
๐๐ผ PDF:
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
#china #Xinjiang #uyghurs #surveillance #smartphones #apps #malware #pdf #study #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
IT security researchers have found numerous apps that spy on China's Uighur Muslim minority - even abroad.
The Uyghur Muslim minority in China lives in a surveillance state: As reported by the SZ, among others, Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, and Uyghurs are sent to re-education camps. Only a few days ago the news agency AP reported that China is also trying to keep the Muslim population under control with drastic birth control.
๐๐ผ PDF:
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
#china #Xinjiang #uyghurs #surveillance #smartphones #apps #malware #pdf #study #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Media is too big
VIEW IN TELEGRAM
/e/ Phone Review: Out-of-the-Box Privacy?
The /e/ foundation aims to offer out-of-the-box security and privacy competing directly against Google's Android and Apple's iOS. Does it compete? Is it secure? Is it private? Is their ecosystem good? Find out in this video review!
๐ https://invidio.us/watch?v=CgkuNbtoQc8
#e #review #privacy #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
The /e/ foundation aims to offer out-of-the-box security and privacy competing directly against Google's Android and Apple's iOS. Does it compete? Is it secure? Is it private? Is their ecosystem good? Find out in this video review!
๐ https://invidio.us/watch?v=CgkuNbtoQc8
#e #review #privacy #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
5 Serious Flaws in the New Brazilian โFake Newsโ Bill that Will Undermine Human Rights
On Tuesday night (6/30), the Brazilian Senate approved the โPLS 2630/2020โ, the so-called โFake Newsโ bill. A final amendment cut back on article 7 โAccount Registrationโ so that mandatory identification no longer applies to all users and is, in principle, optional in general. Under the revised text, companies "may" demand identification from users where there are complaints of non-compliance with the "fake news" law, or when there is reason to suspect they are bots, are behaving inauthentically, or assuming someone else's identity. The companies are also expected to create some means of detecting fraud in account creation. These new provisions seem to match most companies' existing practices but may be expanded to also include those new obligations established in the "fake news" bill.
๐๐ผ PDF:
https://legis.senado.leg.br/sdleg-getter/documento?dm=8127649
๐๐ผ Read more:
https://www.eff.org/deeplinks/2020/06/5-serious-flaws-new-brazilian-fake-news-bill-will-undermine-human-rights
#brazil #FakeNews #HumanRights #netpolitics
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
On Tuesday night (6/30), the Brazilian Senate approved the โPLS 2630/2020โ, the so-called โFake Newsโ bill. A final amendment cut back on article 7 โAccount Registrationโ so that mandatory identification no longer applies to all users and is, in principle, optional in general. Under the revised text, companies "may" demand identification from users where there are complaints of non-compliance with the "fake news" law, or when there is reason to suspect they are bots, are behaving inauthentically, or assuming someone else's identity. The companies are also expected to create some means of detecting fraud in account creation. These new provisions seem to match most companies' existing practices but may be expanded to also include those new obligations established in the "fake news" bill.
๐๐ผ PDF:
https://legis.senado.leg.br/sdleg-getter/documento?dm=8127649
๐๐ผ Read more:
https://www.eff.org/deeplinks/2020/06/5-serious-flaws-new-brazilian-fake-news-bill-will-undermine-human-rights
#brazil #FakeNews #HumanRights #netpolitics
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
When Google listens to you breathe
The world's largest data company could soon gain access to millions of fitness trackers by purchasing Fitbit. The NGO Privacy International explains why it wants to prevent this.
How much does Google know about us? In other words: Is there anything that Google doesn't know about us? Through our searches on Google and YouTube, the company knows our interests. It potentially knows what we think. And through applications like Google Maps, it may even know where we are at all times.
On 15 June, the Google Group informed the European Commission of its plan to acquire Fitbit, a manufacturer of smart watches and fitness trackers. The Commission now has until 20 July to examine the transaction.
Google buys health data treasure
The planned acquisition of Fitbit could give Google access to health data of millions of people. The processing of sensitive data is strictly regulated by EU law - actually. The takeover could violate the rights of billions of people, although many of them have never heard of Fitbit.
Fitbit's products range from simple pedometers to devices that record calorie consumption, breathing and heart rate. Fitness data provides detailed analysis of, for example, sleep patterns, and the devices also allow users to know if they are menstruating or have had unprotected sex. A large part of Fitbit's value lies in this health data.
In the past, Fitbit has constantly expanded its database through new acquisitions. The company has also recently entered into lucrative partnerships with health insurance companies.
๐ก Read more ๐ฌ๐ง ๐ฉ๐ช:
https://www.privacyinternational.org/news-analysis/3962/pass-notes-proposed-google-fitbit-merger
https://netzpolitik.org/2020/fitbit-uebernahme-wenn-dir-google-beim-atmen-zuhoert/
๐๐ผ BLOCK THE GOOGLE/FITBIT MERGER!
https://action.privacyinternational.org/civicrm/petition/sign?sid=7&reset=1
#google #DeleteGoogle #Fitbit #healthdata #Datenschutz #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
The world's largest data company could soon gain access to millions of fitness trackers by purchasing Fitbit. The NGO Privacy International explains why it wants to prevent this.
How much does Google know about us? In other words: Is there anything that Google doesn't know about us? Through our searches on Google and YouTube, the company knows our interests. It potentially knows what we think. And through applications like Google Maps, it may even know where we are at all times.
On 15 June, the Google Group informed the European Commission of its plan to acquire Fitbit, a manufacturer of smart watches and fitness trackers. The Commission now has until 20 July to examine the transaction.
Google buys health data treasure
The planned acquisition of Fitbit could give Google access to health data of millions of people. The processing of sensitive data is strictly regulated by EU law - actually. The takeover could violate the rights of billions of people, although many of them have never heard of Fitbit.
Fitbit's products range from simple pedometers to devices that record calorie consumption, breathing and heart rate. Fitness data provides detailed analysis of, for example, sleep patterns, and the devices also allow users to know if they are menstruating or have had unprotected sex. A large part of Fitbit's value lies in this health data.
In the past, Fitbit has constantly expanded its database through new acquisitions. The company has also recently entered into lucrative partnerships with health insurance companies.
๐ก Read more ๐ฌ๐ง ๐ฉ๐ช:
https://www.privacyinternational.org/news-analysis/3962/pass-notes-proposed-google-fitbit-merger
https://netzpolitik.org/2020/fitbit-uebernahme-wenn-dir-google-beim-atmen-zuhoert/
๐๐ผ BLOCK THE GOOGLE/FITBIT MERGER!
https://action.privacyinternational.org/civicrm/petition/sign?sid=7&reset=1
#google #DeleteGoogle #Fitbit #healthdata #Datenschutz #ourdata #thinkabout
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Privacy International
Pass Notes on the proposed Google / Fitbit merger
Name: Google/Fitbit mergerAge: Gestating
PWDB - New generation of Password Mass-Analysis
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
๐๐ผ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
๐๐ผ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
๐๐ผ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
๐๐ผ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
GitHub
GitHub - ignis-sec/Pwdb-Public: A collection of all the data i could extract from 1 billion leaked credentials from internet.
A collection of all the data i could extract from 1 billion leaked credentials from internet. - ignis-sec/Pwdb-Public
ustpc-facial-recognition-tech-statement.pdf
261.8 KB
ACM calls for governments and businesses to stop using facial recognition
An Association for Computing Machinery (ACM) tech policy group today urged lawmakers to immediately suspend use of facial recognition by businesses and governments, citing documented ethnic, racial, and gender bias. In a letter (๐๐ผ PDF) released today by the U.S. Technology Policy Committee (USTPC), the group acknowledges the tech is expected to improve in the future but is not yet โsufficiently matureโ and is therefore a threat to peopleโs human and legal rights.
๐ก PDF:
https://www.acm.org/binaries/content/assets/public-policy/ustpc-facial-recognition-tech-statement.pdf
๐๐ผ Read more:
https://venturebeat.com/2020/06/30/acm-calls-for-governments-and-businesses-to-stop-using-facial-recognition/
#acm #StopFacialrecognition #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
An Association for Computing Machinery (ACM) tech policy group today urged lawmakers to immediately suspend use of facial recognition by businesses and governments, citing documented ethnic, racial, and gender bias. In a letter (๐๐ผ PDF) released today by the U.S. Technology Policy Committee (USTPC), the group acknowledges the tech is expected to improve in the future but is not yet โsufficiently matureโ and is therefore a threat to peopleโs human and legal rights.
๐ก PDF:
https://www.acm.org/binaries/content/assets/public-policy/ustpc-facial-recognition-tech-statement.pdf
๐๐ผ Read more:
https://venturebeat.com/2020/06/30/acm-calls-for-governments-and-businesses-to-stop-using-facial-recognition/
#acm #StopFacialrecognition #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Anonymous Hackers Target TikTok: โDelete This Chinese Spyware Nowโ
โDelete TikTok now,โ the account tweeted today, July 1, โif you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.โ
https://twitter.com/YourAnonCentral/status/1278204068175818752?s=20
https://www.forbes.com/sites/zakdoffman/2020/07/01/anonymous-targets-tiktok-delete-this-chinese-spyware-now/
#anonymous #hacked #TikTok #DeleteTikTok
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
โDelete TikTok now,โ the account tweeted today, July 1, โif you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.โ
https://twitter.com/YourAnonCentral/status/1278204068175818752?s=20
https://www.forbes.com/sites/zakdoffman/2020/07/01/anonymous-targets-tiktok-delete-this-chinese-spyware-now/
#anonymous #hacked #TikTok #DeleteTikTok
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Facebook once again accidentally reveals user data
5000 developers were able to access user data from Facebook via some apps, which they were not supposed to get. The leak is fixed.
About 5000 developers had access to user data from Facebook, which they should not have been able to see. Actually, the social network has a ban on information from app users that have been inactive for more than 90 days. Actually, that didn't work.
These are apps that users have logged into with their Facebook account. App developers then get access to information such as birthday, email addresses, friend lists and location. After the Cambridge Analytica scandal, in which millions of data were tapped and used for political purposes, Facebook had restricted this access.
Now it has been noticed, says a Facebook blog post, that this 90-day limit did not always last. Nevertheless, some developers continued to gain insights. "This can happen when someone has used a fitness app to invite friends to a workout about it. We didn't notice that some of the friends were inactive for months," explains Facebook. The company doesn't say how many users are affected by this. The data leak has already been plugged. They still want to investigate the incident, but so far there are no indications of misuse of the information by third parties. "We have no indication that any information was shared that users didn't approve."
๐ https://about.fb.com/news/2020/07/improving-data-limits-simplifying-terms/
Read more ๐ฉ๐ช ๐ฌ๐ง:
https://www.cnet.com/news/facebook-shared-user-data-with-developers-after-access-should-have-expired/
https://www.heise.de/news/Facebook-gibt-einmal-mehr-aus-Versehen-Nutzerdaten-preis-4801943.html
#DeleteFacebook
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
5000 developers were able to access user data from Facebook via some apps, which they were not supposed to get. The leak is fixed.
About 5000 developers had access to user data from Facebook, which they should not have been able to see. Actually, the social network has a ban on information from app users that have been inactive for more than 90 days. Actually, that didn't work.
These are apps that users have logged into with their Facebook account. App developers then get access to information such as birthday, email addresses, friend lists and location. After the Cambridge Analytica scandal, in which millions of data were tapped and used for political purposes, Facebook had restricted this access.
Now it has been noticed, says a Facebook blog post, that this 90-day limit did not always last. Nevertheless, some developers continued to gain insights. "This can happen when someone has used a fitness app to invite friends to a workout about it. We didn't notice that some of the friends were inactive for months," explains Facebook. The company doesn't say how many users are affected by this. The data leak has already been plugged. They still want to investigate the incident, but so far there are no indications of misuse of the information by third parties. "We have no indication that any information was shared that users didn't approve."
๐ https://about.fb.com/news/2020/07/improving-data-limits-simplifying-terms/
Read more ๐ฉ๐ช ๐ฌ๐ง:
https://www.cnet.com/news/facebook-shared-user-data-with-developers-after-access-should-have-expired/
https://www.heise.de/news/Facebook-gibt-einmal-mehr-aus-Versehen-Nutzerdaten-preis-4801943.html
#DeleteFacebook
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
Meta
Improving Data Limits for Infrequently Used Apps, Simplifying Platform Terms and Developer Policies | Meta
Our review of apps on our platform is ongoing, and we will continue to make improvements.
Mark Zuckerberg is trying to sue families in Hawaii, to force my people to sell him our land. He even filed lawsuits against owners who are dead. Leave Hawaiian land in Hawaiian HANDS. Stop the white man from colonizing our island.
๐ https://twitter.com/fuckpiIIar/status/1278433319991074816
#DeleteFacebook #thinkabout #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox
๐ https://twitter.com/fuckpiIIar/status/1278433319991074816
#DeleteFacebook #thinkabout #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@NoGoolag
๐ก@BlackBox