Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms
A group of hackers claims to have breached three Chinese companies that specialize in social media surveillance.
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. After leaking some of the documents, the group was banned by Twitter under its hacked files policy, however, Motherboard has been unable to confirm the authenticity of the documents.
The group goes by the name CCP Unmasked, in reference to the Chinese Communist Party ruling the country. The group reached out to journalists on Thursday, pitching "a large dump of files" that they said exposes social media monitoring and disinformation campaigns conducted by three private companies at the behest of the Chinese government. They claim to have stolen internal documents from Knowlesys, a company based in Hong Kong and GuangDong, Yunrun Big Data Service, a company based in Guangzhou, and OneSight, based in Beijing.
https://www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms
#Asia #China #internet #monitoring #firms #hackers #hacking
A group of hackers claims to have breached three Chinese companies that specialize in social media surveillance.
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. After leaking some of the documents, the group was banned by Twitter under its hacked files policy, however, Motherboard has been unable to confirm the authenticity of the documents.
The group goes by the name CCP Unmasked, in reference to the Chinese Communist Party ruling the country. The group reached out to journalists on Thursday, pitching "a large dump of files" that they said exposes social media monitoring and disinformation campaigns conducted by three private companies at the behest of the Chinese government. They claim to have stolen internal documents from Knowlesys, a company based in Hong Kong and GuangDong, Yunrun Big Data Service, a company based in Guangzhou, and OneSight, based in Beijing.
https://www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms
#Asia #China #internet #monitoring #firms #hackers #hacking
Vice
Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms
A group of hackers claims to have breached three Chinese companies that specialize in social media surveillance.
Millions of WordPress sites are being probed & attacked with recent plugin bug
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.
The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.
https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
#Wordpress #plugin #vulnerability #hacking
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.
The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.
https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
#Wordpress #plugin #vulnerability #hacking
Forwarded from BlackBox (Security) Archiv
Revealed: Israeli Firm Provided Phone-hacking Services to Saudi Arabia
A representative of Cellebrite, which states that it has complied with the rules, flew to Riyadh from London last November, and at the request of the Saudi prosecutor’s office hacked into a Samsung cellphone
In November of last year, a representative of the Israeli firm Cellebrite landed at King Khaled International Airport in the Saudi capital, Riyadh. The man, a foreign national whose identity is known to TheMarker, Haaretz’s sister publication, arrived on a commercial flight from London to hack into a phone in the possession of the Saudi Justice Ministry. The details of the visit were agreed upon before the hacker landed.
The staff at Cellebrite demanded of the Saudis that their employee be met at the Riyadh airport by a government representative. They insisted that he pass through passport control without his passport being stamped and without an inspection of the electronic equipment that he would have with him, which they demanded would not leave his possession and only which he would use.
From there, it was agreed in advance that the hacker would be immediately taken to an isolated hotel room, where the Saudis committed not to install cameras – and where the job of hacking and copying information from a mobile cellphone was carried out. When the work was completed, Cellebrite’s representative returned to the airport and flew back to London.
Cellebrite is not the only Israeli company to provide hacking or other cybersecurity services to the Saudi kingdom, but it is apparently the only one that does so without any oversight from the Israeli Defense Ministry.
👀 👉🏼 https://www.haaretz.com/israel-news/tech-news/.premium-revealed-israeli-firm-provided-phone-hacking-services-to-saudi-arabia-1.9161374
👀 👉🏼 https://twitter.com/haaretzcom/status/1306233686761889798
#israel #hacking #samsung #cellebrite #saudiarabia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
A representative of Cellebrite, which states that it has complied with the rules, flew to Riyadh from London last November, and at the request of the Saudi prosecutor’s office hacked into a Samsung cellphone
In November of last year, a representative of the Israeli firm Cellebrite landed at King Khaled International Airport in the Saudi capital, Riyadh. The man, a foreign national whose identity is known to TheMarker, Haaretz’s sister publication, arrived on a commercial flight from London to hack into a phone in the possession of the Saudi Justice Ministry. The details of the visit were agreed upon before the hacker landed.
The staff at Cellebrite demanded of the Saudis that their employee be met at the Riyadh airport by a government representative. They insisted that he pass through passport control without his passport being stamped and without an inspection of the electronic equipment that he would have with him, which they demanded would not leave his possession and only which he would use.
From there, it was agreed in advance that the hacker would be immediately taken to an isolated hotel room, where the Saudis committed not to install cameras – and where the job of hacking and copying information from a mobile cellphone was carried out. When the work was completed, Cellebrite’s representative returned to the airport and flew back to London.
Cellebrite is not the only Israeli company to provide hacking or other cybersecurity services to the Saudi kingdom, but it is apparently the only one that does so without any oversight from the Israeli Defense Ministry.
👀 👉🏼 https://www.haaretz.com/israel-news/tech-news/.premium-revealed-israeli-firm-provided-phone-hacking-services-to-saudi-arabia-1.9161374
👀 👉🏼 https://twitter.com/haaretzcom/status/1306233686761889798
#israel #hacking #samsung #cellebrite #saudiarabia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Haaretz.com
Revealed: Israeli firm provided phone-hacking services to Saudi Arabia
***
Forwarded from BlackBox (Security) Archiv
UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group
Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms
A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.
U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”
“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”
“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”
Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.
👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group
#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms
A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.
U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”
“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”
“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”
Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.
👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group
#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
www.justice.gov
UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group
A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.
Forwarded from BlackBox (Security) Archiv
A new license to hack
The German Federal Intelligence Service (BND) is to be allowed to hack mobile phone and Internet providers quite legally in the future. This is the result of the new BND draft law, which we are publishing. The Federal Constitutional Court had classified the old law as unconstitutional and overturned it.
The German Federal Intelligence Service is looking for hackers (m/f/d) via job advertisement and overwrites an employee story with a license to hack. Business trips abroad belong to the intelligence hackers like "unique" attack tools with which they are supposed to penetrate computer networks and collect data. The focus of the BND is on networks outside Germany. For a long time, the secret service agents considered non-European countries in particular to be "outlawed".
In May, the Federal Constitutional Court set the BND the highest judicial limits. The judges from Karlsruhe made it clear: Even abroad, the German state is bound by basic rights; human dignity and the secrecy of telecommunications apply not only to Germans. The highest court declared the only four-year-old BND law of the Grand Coalition unconstitutional.
The legislator must therefore amend the BND law by the end of 2021. The Federal Chancellery has prepared a draft bill and sent it to the other ministries on Friday. We publish the draft law in full text.
As the employer of the secret service, the Federal Chancellery tries with the new law to comply with the court's requirements on the one hand and to restrict the BND as little as possible on the other hand. This can be seen among other things in the offensive hacking powers.
👀 👉🏼 Translated from German with DeepL:
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/
👀 👉🏼 🇩🇪 Draft law amending the law on the Federal Intelligence Service to implement the provisions of the Federal Constitutional Court's ruling of 19 May 2020 (1 BvR 2835/17)
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/#2020-09-25_Bundeskanzleramt_Referentenentwurf_BND-Gesetz
#bnd #germany #secretservice #law #hacking #netpolitics #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
The German Federal Intelligence Service (BND) is to be allowed to hack mobile phone and Internet providers quite legally in the future. This is the result of the new BND draft law, which we are publishing. The Federal Constitutional Court had classified the old law as unconstitutional and overturned it.
The German Federal Intelligence Service is looking for hackers (m/f/d) via job advertisement and overwrites an employee story with a license to hack. Business trips abroad belong to the intelligence hackers like "unique" attack tools with which they are supposed to penetrate computer networks and collect data. The focus of the BND is on networks outside Germany. For a long time, the secret service agents considered non-European countries in particular to be "outlawed".
In May, the Federal Constitutional Court set the BND the highest judicial limits. The judges from Karlsruhe made it clear: Even abroad, the German state is bound by basic rights; human dignity and the secrecy of telecommunications apply not only to Germans. The highest court declared the only four-year-old BND law of the Grand Coalition unconstitutional.
The legislator must therefore amend the BND law by the end of 2021. The Federal Chancellery has prepared a draft bill and sent it to the other ministries on Friday. We publish the draft law in full text.
As the employer of the secret service, the Federal Chancellery tries with the new law to comply with the court's requirements on the one hand and to restrict the BND as little as possible on the other hand. This can be seen among other things in the offensive hacking powers.
👀 👉🏼 Translated from German with DeepL:
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/
👀 👉🏼 🇩🇪 Draft law amending the law on the Federal Intelligence Service to implement the provisions of the Federal Constitutional Court's ruling of 19 May 2020 (1 BvR 2835/17)
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/#2020-09-25_Bundeskanzleramt_Referentenentwurf_BND-Gesetz
#bnd #germany #secretservice #law #hacking #netpolitics #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
netzpolitik.org
BND-Gesetz: Eine neue Lizenz zum Hacken – netzpolitik.org
Der Bundesnachrichtendienst soll künftig ganz legal Mobilfunk- und Internetanbieter hacken dürfen. Das geht aus dem Entwurf zum neuen BND-Gesetz hervor, den wir veröffentlichen. Das Bundesverfassungsgericht hatte das alte Gesetz als verfassungswidrig eingestuft…
Forwarded from BlackBox (Security) Archiv
Anonymous hacks 83 websites belonging to Azerbaijani government in support of Armenia
Anonymous Greece hacked 83 Azerbaijani government websites in solidarity with Armenia.
The hacktivist group Anonymous hacked 83 state websites of Azerbaijan government, including 73 sites in just an hour, in support of Armenia. The hacktivists not only hacked the websites, but also downloaded information, the group shared from their official page on Twitter.
👀 👉🏼 https://news.xiaomi-miui.gr/anonymous-greece-attacking-sites-from-azermpaitzan-51055-2/
👀 👉🏼 https://www.nuceciwan54.com/en/2020/10/03/anonymous-hacks-83-websites-belonging-to-azerbaijani-government-in-support-of-armenia/
#anonymous #hacktivist #hacking #greece #azerbaijan #armenia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Anonymous Greece hacked 83 Azerbaijani government websites in solidarity with Armenia.
The hacktivist group Anonymous hacked 83 state websites of Azerbaijan government, including 73 sites in just an hour, in support of Armenia. The hacktivists not only hacked the websites, but also downloaded information, the group shared from their official page on Twitter.
👀 👉🏼 https://news.xiaomi-miui.gr/anonymous-greece-attacking-sites-from-azermpaitzan-51055-2/
👀 👉🏼 https://www.nuceciwan54.com/en/2020/10/03/anonymous-hacks-83-websites-belonging-to-azerbaijani-government-in-support-of-armenia/
#anonymous #hacktivist #hacking #greece #azerbaijan #armenia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
News by Xiaomi Miui Hellas
Anonymous Greece : Πραγματοποίησαν επίθεση σε 159 κυβερνητικά sites του Αζερμπαϊτζάν!
Επίθεση σε 159 κυβερνητικά sites του Αζερμπαϊτζάν πραγματοποίησαν οι “Anonymous Greece“, εκφράζοντας τη συμπαράστασή τους στην Αρμενία.
Forwarded from BlackBox (Security) Archiv
We Hacked Apple for 3 Months: Here’s What We Found
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.
As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).
👀 👉🏼 https://samcurry.net/hacking-apple/
#apple #hacking #hacked #bugbounty
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.
As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).
👀 👉🏼 https://samcurry.net/hacking-apple/
#apple #hacking #hacked #bugbounty
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
samcurry.net
We Hacked Apple for 3 Months: Here’s What We Found
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
Forwarded from BlackBox (Security) Archiv
German government decides on intelligence surveillance like in Snowden times
The German Federal Intelligence Service is to hack into mobile phone and Internet providers and monitor the communications of all customers. The German government has passed a bill to this effect. A new body, not the Federal Data Protection Commissioner, is to be responsible for oversight.
The German government today decided to again massively expand the powers of the Federal Intelligence Service. The cabinet approved the bill to amend the BND law, which will then go to the Bundestag.
The grand coalition had passed the current BND law in 2017 in response to the revelations by Edward Snowden and the intelligence investigation committee. At the time, our conclusion was, "Everything the BND does will simply be legalized. And even expanded." In May, the Federal Constitutional Court ruled the law unconstitutional and overturned it. Now the federal government is making a new attempt, which is likely to end up in court again.
We published the first draft in September and the second draft in November. Experts criticized the drafts: think tanks, journalists, press freedom NGOs, Internet associations and the Federal Data Protection Commissioner. Despite the opportunity to comment, the government did not change much.
Hacking, mass surveillance, metadata
Because the current BND law is based on unconstitutional basic assumptions, the Chancellor's Office has almost completely rewritten the law. We had already reported on many of the details. In the future, the foreign intelligence service will be allowed to legally hack not only individuals and devices, but also servers and service providers, including entire mobile and Internet providers.
https://netzpolitik.org/2020/bnd-gesetz-bundesregierung-beschliesst-geheimdienst-ueberwachung-wie-zu-snowden-zeiten/
#mass #surveillance #germany #secretservice #goverment #privacy #hacking #metadata #mobilfunk #isp #thinkabout #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
The German Federal Intelligence Service is to hack into mobile phone and Internet providers and monitor the communications of all customers. The German government has passed a bill to this effect. A new body, not the Federal Data Protection Commissioner, is to be responsible for oversight.
The German government today decided to again massively expand the powers of the Federal Intelligence Service. The cabinet approved the bill to amend the BND law, which will then go to the Bundestag.
The grand coalition had passed the current BND law in 2017 in response to the revelations by Edward Snowden and the intelligence investigation committee. At the time, our conclusion was, "Everything the BND does will simply be legalized. And even expanded." In May, the Federal Constitutional Court ruled the law unconstitutional and overturned it. Now the federal government is making a new attempt, which is likely to end up in court again.
We published the first draft in September and the second draft in November. Experts criticized the drafts: think tanks, journalists, press freedom NGOs, Internet associations and the Federal Data Protection Commissioner. Despite the opportunity to comment, the government did not change much.
Hacking, mass surveillance, metadata
Because the current BND law is based on unconstitutional basic assumptions, the Chancellor's Office has almost completely rewritten the law. We had already reported on many of the details. In the future, the foreign intelligence service will be allowed to legally hack not only individuals and devices, but also servers and service providers, including entire mobile and Internet providers.
https://netzpolitik.org/2020/bnd-gesetz-bundesregierung-beschliesst-geheimdienst-ueberwachung-wie-zu-snowden-zeiten/
#mass #surveillance #germany #secretservice #goverment #privacy #hacking #metadata #mobilfunk #isp #thinkabout #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
netzpolitik.org
BND-Gesetz: Bundesregierung beschließt Geheimdienst-Überwachung wie zu Snowden-Zeiten – netzpolitik.org
Der Bundesnachrichtendienst soll Mobilfunk- und Internetanbieter hacken und die Kommunikation aller Kunden überwachen. Die Bundesregierung hat einen entsprechenden Gesetzentwurf beschlossen. Der Geheimdienst wächst weiter und bekommt nächstes Jahr erstmals…
Forwarded from BlackBox (Security) Archiv
Web Security and Web Hacking for Beginners
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
Vice
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
0xor0ne@infosec.exchange - Very cool research on Laser-Based Audio Injection on Voice-Controllable Systems
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Testing a new encrypted messaging app's extraordinary claims – https://crnkovic.dev/testing-converso/
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
Awesome Cellular Hacking – Curated List - Woot3k /Github
#Cellular #Hacking
Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.#Cellular #Hacking
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica –
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
PhoneSploit Pro
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
Ransomware Hackers Steal Millions From Vegas Casinos | Mental Outlaw
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
Media is too big
VIEW IN TELEGRAM
How Sim Swap Hackers Steal Millions | Mental Outlaw
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
Media is too big
VIEW IN TELEGRAM
Iridium Satellite Decoding Part 2: The Tutorial That Goes Over Your Head, Literally!
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand