Heaven for domestic abuse: a new spywaretool just up for grabs. It's like having Pegasus at home. What could possibly go wrong? Microsoft knows most families share their accounts or at least can easily log into eachothers accounts. They just choose to ignore it.
@AAKL @thehackernews Well, here we go again.
Once more: Bifrose is NOT, repeat NOT, a #Linux #malware in the sense that it exploits a vulnerability in Linux. Bifrose is distributed various ways but it must be installed manually! The source says "Once installed on a victim's computer, Bifrost allows ..."
But HOW is it installed in the first place? That needs an "evil maid" and/or severe administration shortcomings. A Linux that is run according best practice is immune against Bifrose & Co.
Kaspersky: Cyberkriminelle experimentieren mit KI
Nicht nur Softwareentwickler und KI-Enthusiasten diskutieren aktiv über die Nutzung generativer Sprachmodelle – auch Kriminelle tun dies.
I put together a short #YouTube video on the #history of #Christmas related or themed computer viruses, #malware and #hacker #phishing campaigns over the years.
If you enjoy it, please share it and happy holidays.
#hacking #histodons
https://youtu.be/4ZPjZFgsCp0
#TGIQF: Das Quiz rund um Viren, Malware und co.
Seit mehr als 40 Jahren begleitet Computernutzer die Gefahr von Malware und Computerviren. Kennen Sie sich damit aus? Dann testen Sie ihr Wissen!
Latest issue of my curated #cybersecurity and #infosec list of resources for week #36/2023 is out! It includes the following and much more:
➝ 
#Microsoft finally explains cause of #Azure breach: An engineer’s account was hacked
➝ 
See Tickets says #hackers accessed customers’ payment data — again
➝ 
Chipmaker NXP Semiconductors confirms #databreach involving customers’ information
➝ 
#UK election body failed cybersecurity test before hack
➝ 
#Freecycle confirms massive data breach impacting 7 million users
➝ 
University of #Sydney data breach impacts recent applicants
➝ 
Wealthy Russian With #Kremlin Ties Gets 9 Years in #Prison for Hacking and Insider Trading Scheme
➝ 
US Aeronautical Organization Hacked via #Zoho, #Fortinet Vulnerabilities
➝ 
Alert: #Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
➝ 
#Ukraine's CERT Thwarts #APT28's Cyberattack on Critical Energy #Infrastructure
➝ 
#Crypto #casino Stake.com loses $41 million to hot wallet hackers
➝ US, UK take action against members of the Russian-linked #Trickbot hacker syndicate
➝ 
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
➝ UK lawmakers back down on encryption-busting ‘spy clause’
➝ 
Hundreds of thousands trafficked to work as online scammers in SE #Asia, says UN report
➝ 
#CISA Hires @dotmudge to Work on Security-by-Design Principles
➝ 
Children's snack recalled after its website caught serving porn
➝ 
Insurer fined $3M for exposing data of 650k clients for two years
➝ Elon Musk's erosion of safety standards at X is helping #Putin spread Russian propaganda, study finds
➝ 
North Korea-backed hackers target security researchers with 0-day
➝ Researchers identify high-grade phishing kits attacking nearly 60,000 #Microsoft365 accounts
➝ 
#India warns of #malware attacks targeting its #Android users
➝ 
Chinese-Speaking Cybercriminals Launch Large-Scale #iMessage Smishing Campaign in U.S.
➝ 
Fake #YouPorn extortion #scam threatens to leak your sex tape
➝ 
#Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
➝ 
#Google is enabling #Chrome real-time phishing protection for everyone
➝ 
Hacking device #FlipperZero can spam nearby #iPhones with #Bluetooth pop-ups
➝ 
#Apple patches “clickless” 0-day image processing #vulnerability in #iOS, #macOS
➝ #AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure
This week's recommended reading is: "Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter" by Don Murdoch GSE, MSISE, MBA
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end 
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-362023
Another #memoryforensics training finished
Thank you for having me @BlueTeamCon 
And thank you to the students for showing up and asking engaging questions! That totally makes teaching so much more fun!
eicker.news #technews »Potentially millions of #Android #TVs and #phones come with #malware #preinstalled: The bane of #lowcostAndroid devices is showing no signs of going away.« https://arstechnica.com/information-technology/2023/05/potentially-millions-of-android-tvs-and-phones-come-with-malware-preinstalled/
Here is a challenge.... See image.
Abstracted:
The #MainstreamNews media is flipping on #BigTech with this one strange trick:
1 - Prove your #apps aren't #malware!
#RemoveTheMalwareCampaign #infosec
This is the easiest #NonTechnicalNewscaster #LocalNews #Reporter question you can ask.
® Act Local. Ask Global Questions
Answers will be compiled #globally.
Perfectly securing all devices is an impossible task. Reducing the recovery cost and data loss from #Wiper (and traditional #Ransomware) is easy:
#Backup, backup, backup!
(Still secure as many or your devices as well as you can, there are other threats like #Doxing, #Extortionware or other #malware, as well as #Phishing or old school #hacking)
https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/
Here’s my #introduction: I’m Dan (he/they), and I’m a hacker and activist from Baltimore in the US. For the last six years I’ve led the IT & Cybersecurity team at the incredible National Network of Abortion Funds, while also spearheading projects at openjusticebaltimore.org where I build open source data tools to increase transparency in the criminal justice system. I also run a couple SecureDrop instances for news organizations providing a platform for whistleblowers and leakers.
In addition to that I’m an avid infosec nerd with a passion for pentesting and building malware and offensive tooling for red teams. These days I mostly program in Go and Python. I recently got my OSCP and have been enjoying the Pro Labs at Hack The Box.
In my previous jobs I worked as a pentester and exploit developer, and before that I was a firmware developer for the commotionwireless.net mesh networking project.
I’m on Mastodon to keep up with #infosec news and meet like-minded hackers. Hit me up if you want to do some cool shit together or maybe a CTF.
(p.s. If you’re hiring for a red team, get in touch)
Reposting from Twitter this as it gives context for the sorts of things I work on:
I wrote a blog summarizing the results of our PIPEDREAM (7th #ICS #malware) analysis so far. It’s basically a condensed version of my #DEFCON30 talk in August. Links to that talk and our original release/whitepaper are included. Enjoy!
https://www.dragos.com/blog/analyzing-pipedream-results-from-runtime-testing/
What eventually came of this? Sony BMG offered clean CDs for impacted users and paid them up to $150 for damages (2007). Sony was told: stop installing spyware. Hiding software, killing processes, and secretly harvesting info for ads = bad. (3/x)
#sony #rootkit #malware #spyware
https://www.ftc.gov/news-events/news/press-releases/2007/01/sony-bmg-settles-ftc-charges
done differently 