Millions of Docker repos found pushing malware, phishing sites

#security #bleeping computer #bleepingcomputer #computers #technology #news #education #updates #tech
generated by pod_feeder_v2

Brian Ó Donnell / pod_feeder_v2 · GitLab

Publishes RSS/Atom feeds to Diaspora*

^GitLab

Hackers claim to have infiltrated #Belarus’ main #security service

Source: https://apnews.com/article/belarus-cyberattack-kgb-dissent-efc7e6acd9dfe8a118e1d2f526c4d6fa

A Belarusian #hacker activist group claims to have infiltrated the network of the country’s main #KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name.

#hack #news #politics #cyberwar

Hackers claim to have infiltrated Belarus' main security service

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main security agency and obtained access to personal files of over 8,600 staffers of the KGB, the security service that still goes under its Soviet name.

^{YURAS KARMANAU (AP News)}

#Safari on #iOS features device #tracking

source: https://mastodon.social/@mysk/112340023465073147

#Apple recently introduced a new URI scheme so that #iOS users in the #EU can install marketplace apps from the browser. #Safari handles the scheme insecurely leaving users exposed to tracking.

#surveillance #politics #europe #software #security #privacy #news #problem #fail #smartphone #warning

#Emergency slide falls off #Delta #plane after takeoff - yes it's a #Boeing

source: https://www.reuters.com/business/aerospace-defense/emergency-slide-falls-off-delta-plane-after-takeoff-2024-04-26/

Delta said that crew on the flight, which had 183 people on board, declared an emergency and returned to John F. Kennedy International #Airport, that it "supporting retrieval efforts."

#fail #security #news #problem #flight

Google is out of their mind. There are so many other options for a "more secure" browser. Especially one that doesn't have Google tied to it.

https://infosec.exchange/@happygeek/112337847581863603

#Privacy #Security #InfoSec

#introduction Ah crap, here we go.
Call me Vred, I'm a nearly-deaf, autistic human being with ADHD who's obsessed with nerdy stuff, including #linux#it#trainbubble#privacy and #security and much, much more.
Strangely obsessed with #base64 and the #ssh protocol.

If there's some extrovert on this platform, feel free to get in touch! =)

#Windows #vulnerability reported by the #NSA exploited to install Russian #malware

Source: https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.

#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker

Windows vulnerability reported by the NSA exploited to install Russian malware

Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.

^{Ars Technica}

A Stateless Workstation

In this article, I explain the rational and experiment about my project of a stateless workstation

https://dataswamp.org/~solene/2024-04-20-workstation-going-stateless.html

gemini://perso.pw/blog/articles/workstation-going-stateless.gmi
#security #linux #openbsd #unix

@solene

Solene'% : A Stateless Workstation

^{Solene's Percent %}

This is such a brilliantly simple flaw, I can't believe I didn't think of it.

Maybe because it is brilliant. And simple.

https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/

#security #malware

Researchers claim Windows Defender can be fooled into deleting databases

Two rounds of reports and patches may not have completely closed this hole

^{Laura Dobberstein (The Register)}

#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM

In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?

source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs

Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code

^{Aaron Thacker (LRQA Nettitude Labs)}

Friends don't let friends use Discord.

Message History of 600 Million Discord Users Can be Accessed For $5

#privacy #security

https://80.lv/articles/message-history-of-600-million-discord-users-can-be-accessed-for-usd5/

Message History of 600 Million Discord Users Can be Accessed For $5

A new report sheds light on a scraping service that lets anyone view your message history across different Discord servers.

^{Theodore McKenzie (80lv)}

Advanced #Phishing Kit Adds #LastPass Branding for Use in Phishing Campaigns

Threat actors using phishing kits are pretending to be LastPass in phone calls and emails to steal user credentials.

Actual phishing site: “help-lastpass[.]com”

Shortened URL Embedded in Email: shorturl[.]at/glvT0

Phishing Email Subject Line: We’re here for you

Spoofed Sender: Shows as LastPass Support <support@lastpass>

#security #cybersecurity #passwords

https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns - The LastPass Blog

^{blog.lastpass.com}

#Microsoft is a national #security threat, says ex-#WhiteHouse cyber policy director

Source: https://www.theregister.com/2024/04/21/microsoft_national_security_risk/

Microsoft has a shocking level of #control over IT within the US federal #government

#technology #CyberSecurity #economy #politics #software #problem #usa #news

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer

^{Brandon Vigliarolo (The Register)}

@anonymiss

to me, #biometric unlocking, is unsafe, you see a lot of unauthorised unlocking from restrained, sleeping, dead, or drunken people from either face or fingerprint to unlock a device.

it was established a few years ago that law enforcement in the usa do not need a warrant for biometric unlocking, but need warrant if a password is enabled, to unlock a device.

#phone #thumbprint #court #usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance

🗝️Encoding vs Encryption vs Hashing

🔖#infosec #cybersecurity #hacking #pentesting #security

Cops can force suspect to unlock #phone with #thumbprint, US #court rules

Source: https://arstechnica.com/tech-policy/2024/04/cops-can-force-suspect-to-unlock-phone-with-thumbprint-us-court-rules/

#usa #justice #privacy #security #smartphone #mobile #technology #news #police #surveillance

Cops can force suspect to unlock phone with thumbprint, US court rules

Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."

^{Ars Technica}

Hallo @BSI wieso ist denn das #BSI im Vergleich zu den Behörden in den USA so zaghaft, wenn es um das Thema #Microsoft geht?

Meine Frage bezieht sich auf folgenden lesenswerten Artikel:
https://www.heise.de/meinung/Kommentar-Microsofts-Sicherheitspraxis-wird-zur-Gefahr-und-das-BSI-schweigt-9686629.html

#security #itsec #bsi

Kommentar: Die gefährliche Beißhemmung des BSI gegenüber Microsoft

Nach den Vorfällen bei Microsoft greifen die US-Behörden durch. Das passive BSI sollte sich ein Beispiel an den US-Kollegen nehmen, meint Jürgen Schmidt.

^Security

The #press is barred from covering aspects of the trial related to the #jury, for understandable #security reasons. At the same time, the judge is taking another 5 days to hold a hearing on whether #Trump has violated the #GagOrder that was placed on him w/ repeated social media posts about a key #witness & #jurors.

This is 1 of many ways in which despite Trump's complaints that he is being treated unfairly, the judge is bending over backwards to be fair to him in this #trial.

#criminal #law

Ukrainian journalists say state #security spied on them

Source: https://www.politico.eu/article/ukrainian-investigative-journalists-uncover-state-security-service-spying-on-them-sbu-bihus-info/

#sbu #spy #news #media #press #freedom #journalism #justice #politics #hunanrights

Ukrainian journalists say state security spied on them

SBU used some 30 officers to wiretap media outlet.

^{Veronika Melkozerova (POLITICO)}

If you use Discord, you might wanna know this.

A service called Spy Pet is scraping Discord servers, archiving and tracking users' messages and activity, and then selling access to that data.

Spy Pet scrapes more than 10,000 Discord servers, and besides selling access to anyone with cryptocurrency, it offers the data for training AI models or to assist law enforcement agencies, according to its website.

Spy Pet claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

(The article is paywalled probably, etc but it's here) https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages

#Discord #security #SpyPet #privacy #scams #scammers #crypto #cryptocurrency #AI

We had the same problem in Canada.

Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
🇺🇸
The FTC accused it of sloppy data handling and sharing patient data with third parties like TikTok without consent

#News #Healthcare #Security #Privacy

https://www.theverge.com/2024/4/16/24131881/ftc-fine-cerebral-telehealth

Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations

Cerebral will owe $7 million after the FTC accused it of careless data practices and sharing private patient info with third parties like TikTok for advertising purposes.

^{Wes Davis (The Verge)}

A hacking #skimmer inside an #ATM machine

https://youtube.com/shorts/29Uc_7bGcRE

#hack #security #money #technology

A hacking skimmer inside an ATM machine #shorts

That's how you hackers crack your cards. Using this skimmer device. Watch the short to know more.#skimmer #hacking #sumsub #shorts Sumsub — empowering compli...

^YouTube

ALL CLEAR for Fedora Rawhide and Fedora 40 Beta builds regarding the xz exploit. 👍

Things had stabilized soon after the initial security advisory, but we're now confirming that you can use Rawhide and Fedora 40 Beta safely as long as you have the latest updates or reinstall (which is not a bad idea to be safe).

Fedora 38 and 39 were never affected.

Learn more: https://fedoramagazine.org/cve-2024-3094-all-clear/

#Fedora #Security #Privacy #InfoSec #Linux #OpenSource

CVE-2024-3094: All Clear - Fedora Magazine

The XZ backdoor was foiled by Andres Freund.

^{Matthew Miller (Fedora Project)}

So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.

How can you push a tool that siphons data to a third party onto a security-critical system?

What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?

#infosec #security #openai #microsoft #windowsserver #copilot

Let's use @protonprivacy and @Tutanota products.
Encryption is the single best hope against surveillance.

https://www.wired.com/story/house-section-702-vote/

#security #cybersecurity #infosec #nationalsecurity #nsa #fbi #section702 #privacy #government #surveillance #e2ee #tech #proton #protonmail #tuta #tutanota #bigtech #degoogle

House Votes to Extend—and Expand—a Major US Spy Program

The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

^{Dell Cameron (WIRED)}

###
#Microsoft employees exposed internal passwords in #security lapse

source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/

Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.

#fail #password #leak #problem #news

#Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/

Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”

#internet #fail #security #phishing #cybersecurity #twitter #news

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft…

^{krebsonsecurity.com}

(Nitter addon enabled: Twitter links via https://nitter.privacytools.io)