Skip to main content

Search

Items tagged with: infosec


Today I learned about "side channel attacks", in which identity of a user can be inferred by whether or not they have permission to view an embedded object on a page.

#infosec #tech #news

https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/


DEF CON Community,

Are you in a band that has some sweet jams you’ve recorded? Have you been making some dope original beats or trippy EDM on your laptop and want to share it with the community? Well, now’s your chance! It’s time to send in your submissions to be included on the DEF CON 31 Soundtrack!

Deadline to submit is 30 JUN 2023 – 23:59 US Pacific.

Hit this link to start the submission process: https://ostapp.defconmusic.org

Please email soundtrack@defconmusic.org with any questions.

#defcon #defcon31 #hackers #producers #synths #modularsynths #dj #musicians #bands @defcon@dcparrot #artists #noise #sound #defconmusic #dc31 #infosec #lasvegas #edm @djdead


Hardening the #FreeBSD shared memory (SHM) subsystem in #HardenedBSD, part one: prevent abuse of shm_open(2)/memfd_create(2) for capsicum-enabled processes.

A post-exploitation technique becoming more commonplace is to abuse memfd_create(2) to create memory-backed file descriptors. These file descriptors can be used with fdlopen(3) to load and execute a shared object file using anonymous memory mappings, making forensics more difficult.

Documentation: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/wikis/home#shared-memory-shm-hardening

Commit: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/e5b7f5f0a98b90264c7ae3d62b01ee4625de9beb

Proof-of-Concept test case, abuse of memfd_create(2) to fdlopen(3) a shared object: https://git.hardenedbsd.org/shawn.webb/random-code/-/blob/main/memdlopen/memdlopen.c

#infosec #malware


INTERNET ENGINEERING TASK-FORCE: Reflections 10 Years Since Snowden Revelations

#News #privacy #Snowden #surveillance #spying #HumanRights #IETF #engineering #internet #security #infosec #cybersecurity #tech

https://www.ietf.org/archive/id/draft-farrell-tenyearsafter-00.html


🕵️‍♂️ Beware: #Android Spyware '#Predator' Records Your Calls, Steals Messages, and More!

https://thehackernews.com/2023/05/predator-android-spyware-researchers.html

#infosec #cybersecurity #hacking


New revelations about the Bad Magic hacker group uncover a longer history than expected. #Kaspersky's latest report connects them to CloudWizard, a modular framework with alarming capabilities.

https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html

#cybersecurity #hacking #malware #InfoSec


@bsidesseattle was fantastic! Go subscribe to LaurieWired on YouTube. She gave an amazing talk on reverse engineering android banking malware. https://youtube.com/@lauriewired
Shout out to @SEALocksport for hosting the lockpicking village I had a great time catching up with you guys and helping with teardown. #infosec


Interesting video:

https://www.youtube.com/watch?v=ixhW4X-_qQo

#hacking #redteam #infosec #infosecurity


This is my wallet sized covert entry EDC. All the bypass tools at the bottom fit in the back of the larger lock pick case. The smaller set in the top left is hidden in a second spot inside my wallet. I've been expanding capabilities over time as I've been learning about this profession and plan a few more additions from this point. Thanks for open sourcing your knowledge @deviantollam! #InfoSec #PhySec #RedTeam #CovertEntry


U.S. DOJ charges a Russian hacker for launching massive #ransomware attacks against thousands of victims worldwide and offers a reward of up to $10 million for information leading to his arrest.

https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html

#cybersecurity #cyberattack #infosec



(Nitter addon enabled: Twitter links via https://nitter.net)


yeah the decision to make .zip a tld was clearly full of analysis and foresight. can't wait until .exe is available. I mean heck, IANA could go to town here.. why not .jpg? .txt? .urfkd? #dns #tld #infosec


#YouTube blocking my #adblocker? Maybe reduce the frequency of #advertising interruptions and I’ll consider turning mine off. https://apple.news/AUR1RileFSuyKNE6wLNuKyw

Anyone notice this is happening at the same time #Google is working on the final stages of removing support for #Chrome #browser extensions that dynamically examine and modify web requests, e.g., strong #adblockers like #uBlockOrigin, in favor of their more restrictive #ManifestV3 spec? https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening

#privacy #security #infosec


Twitter Stops Reporting Gov Requests As Data Reveals New Ownership Obeys Gov Demands Much More Than Old Twitter

(as someone w/had couple #RestrictAct posts #shadowbanned, no surprise here)

#Twitter #News #ElonMusk #censorship #freespeech #freeExpression #HumanRights #transparency #infosec #socialMedia

https://www.techdirt.com/2023/05/01/twitter-abruptly-stops-reporting-on-govt-requests-as-data-reveals-elon-obeys-govt-demands-way-more-often-than-old-twitter/


I'm excited to announce that I have successfully put together a #Signet #hardware #password manager, without any jumpers or hackery.

This means I will be making more of these so people who want to up their #security game will be able to just buy them.

I'll be honest: this one cost me over $300 in parts and many hours of labor. My goal is to get them down to about $45 each. That should allow me to break even (assuming I can produce them faster and my time is worth minimum wage). #infosec #foss

A small USB device with Signet v1.3 printed on the purple printed circuit board.


Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security


New study shows how scary fast today's AI is at cracking passwords

51% of common passwords can be cracked in less than a minute, 65% in less than an hour, 71% in less than a day, and 81% in less than a month.

Additionally, the group provided its findings in a table. As you can see in the image below, almost every password with six or fewer characters was instantly cracked.

#password #passwords #artificialintelligence #ai #security #cybersecurity #infosec #hacking

https://www.androidauthority.com/ai-password-cracking-3310709/


Learn to Hack Web Apps - Live | #APIs #BOPLA #CTF https://cyberfeed.io/article/78e8b3c8f1c274e0b4ce01500b10df5f #cybersec #security #infosec #cybersecurity


Cybersecurity Labs (FOR FREE) - Linux Backdoor Analysis https://cyberfeed.io/article/81d7b9fb39268fe5fe9238d9013fd131 #cybersec #security #infosec #cybersecurity


Happier days: Fran Finnegan, with the canary-yellow Corvette his wife gave him for his 70th birthday, just before his SEC Info website was trashed by ransomware hackers.


Update your mastodon instance.
Fast.

You're vulnerable if you're under 4.1.2, 4.0.4, and 3.5.8.AND if you're using LDAP

#infosec #mastodon #vulnerability

https://www.databreaches.net/mastodon-vulnerability-exposes-sensitive-information-data-leak-alert/



The website of Reykjavík #Hackerspace, Hakkavélin, just got flagged by #Google Safe Browsing as "deceptive", and anyone who visits this site gets a huge, red, scary warning. Check it out:
https://hakkavelin.is/

Thing is, I happen to manage this site. It's literally a single static HTML file.

This is what we get for allowing shitty journalists to farm clicks by abusing the words "hacker" and "hack" to mean "cybercriminal" and "attack".

#FuckGoogle #Hackers #InfoSec
Full-page red scary warning about hakkavelin.is, in Icelandic.



(Nitter addon enabled: Twitter links via https://nitter.net)


Hey there -- we're Let's Encrypt, the free and open certificate authority serving over 300 million websites worldwide. We're new to Mastodon and are excited to get to know the infosec community in this new space!

https://letsencrypt.org/

#opensource #TLS #PKI #infosec


Great #video deep dive on how blue boxes worked. This is the meaning behind the number @2600

It's time for the young'uns to learn & get more educated about #HackerHistory ^_^

https://vid.puffyan.us/watch?v=8PmkUPBhL4U

#Phreaking #Hacking #Phreaker #Hacker #Twenty600 #HackingIsNotACrime #HackingIsNotInfoSec #InfoSec #HackTheSystem #HackThePlanet


Ethical #Hacking Distro BlackArch Linux Gets New ISO Release with More Than 2800 Tools, #Linux Kernel 6.2, and Updated Installer https://9to5linux.com/ethical-hacking-distro-blackarch-linux-gets-new-iso-release-with-over-2800-tools

#pentesting #ArchLinux #OpenSource #infosec #infosecurity
BlackArch Linux


New cheatsheets pushed🕵️‍♂️​

https://github.com/r1cksec/cheatsheets/commit/6761e46f87897ff89734ab23ef22b7c749013faa

Including :blobcatnerd:​ :

https://facecheck.id
This service uses facial recognition to find social media profiles.

https://attl4s.github.io/assets/pdf/Understanding_a_Payloads_Life.pdf
In these slides, different payloads are analyzed. The main focus lies on meterpreter.

https://github.com/MattKeeley/Spoofy
This tool checks if a domain can be spoofed based on SPF and DMARC records.

#infosec #cybersecurity #redteam #hacking


Google's Project Zero (day) found 18 baseband vulns implicating Exynos modems used in many phones such that an attacker solely needs the victim’s phone number to compromise the handset without awareness of its owner. Phones affected include Vivo, Pixel and multiple Galaxy models. A couple of devices and vehicles using the T5123 chipset are under the heatlamp too. Short term fix is to disable WiFi calling. Patch forthcoming.

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html?m=1
#infosec

Este sitio web utiliza cookies. Si continúa navegando por este sitio web, usted acepta el uso de las cookies.