https://www.bitchute.com/video/V7IQ59ccTbBX

Story 1: What Is Cloud Seeding and Did It Play Any Role In the Dubai Floods?

Image: Build a giant city in the desert. Invest in cloud seeding to make it rain. Forget to install storm drain or rainwater collection. Forget to install storm drain or rainwater collection.
Did UAE’s Cloud-Seeding Operation Flood Dubai?
Operation Popeye
Image: Weather modification – need proof?
Interview 1514 – Jo Nova on the Australian Bushfires
No, AXIOS, the Dubai “Rain Bomb” Has No Ties to Climate Change
Dubai Floods Explained: Is Cloud Seeding to Blame for Submerging Desert City?

Story 2: Dutch Retailer Albert Heijn Sets Up Food Transition Advisory Council

Why We Should All Be Eating Insects
Swapping Red Meat for Herring, Sardines and Anchovies Could Save 750,000 Lives, Study Suggests
This Week in the New Normal #88
Eat Ze Bugs or You’re Racist! #PropagandaWatch
Corbett Report Search: The Future of Food
Scamdemic Bird Flu: Vaccines for 33 Billion Chickens? Digital Food Rationing? The End of Animal Agriculture?

Story 3: UPDATE #1 – Massive Climbdown From WHO as Latest Draft of IHR Amendments Drops Almost All Offending Aspects

PDF: Proposed Bureau’s text for 8th Working Group on Amendments to the International Health Regulations – April 22-26, 2024
NWNW Flashback: In Japan, Tens of Thousands Protest WHO’s ‘Supranational Grab Over Global Health’
UPDATE #2 – Anti-ULEZ Campaigners Hang Bat Boxes on Cameras to Stop Engineers Fixing Them
NWNW Flashback: New World Next Year 2024
UPDATE #3 – Controversial CRISPR Scientist Back at Work After Jail Time for Creating Genetically Modified Babies
NWNW Flashback: Scientist Announces Gene-Edited Babies, Goes Missing
UPDATE #4 – BRICS Eye Stablecoins, CBDC Bridge To Advance Financial Integration
NWNW Flashback: 22 New Countries to Join BRICS Alliance at August Summit? (NWNW 526)
UPDATE #5 – Mystery Deepens: Ukrainian Officer Linked to Nord Stream Sabotage Vanishes
Insurers Suggest ‘Government’ Possibly Have Ruined Nord Stream
NWNW Flashback: False Flag Planted in Nordstream Pipeline
UPDATE #6 – Google Appears to Have Partnered With the Company Behind Sports Illustrated’s Fake, AI-Generated Writers
NWNW Flashback: Sports Illustrated Published Articles By Fake, AI-Generated Writers (NWNW 536)
Door to Freedom Team Shines a Light on How Little Has Really Changed In the New Version Of the April 2024 Amended IHR
WHO: What You Need To Know
NWNW Flashback: China Trying To Gain Space Through Force, US Admiral Says
US To Convert Pacific Oil Rigs Into Military Bases as Part of Anti-China Buildup
The ‘New World Next Week’ Store

I always say, "You can always out spend your income or out eat your metabolism." #running #humor
#1 W: "Did you eat this entire carton of ice cream?" M: "If the furnance is hot enough, it'll burn anything."<br>Cell #2 W: "Baby. You are not a furnace!" M: "It's a metaphor"<br>Cell #3 W: "You haven't run a step since your marathon. That was five weeks ago, ron. Five weeks!"<br>Cell #4 W: "Also, where's that strudel I just baked?" G: "Furnace! Furnace! Furnace!"">

#1 Matérialisme historique et dialectique - Cours de formation du PCRF https://www.youtube.com/watch?v=lz0s39eNT5M #1

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.

The attack, designed to mimic the Outlook login panel, successfully tricking users into revealing their login credentials.

Security researcher @doc_guard first reported the attack on Twitter, who shared details of the sophisticated phishing scheme.

🚨 Outlook Login Panel Themed Phishing HTML Evaded All the AV Solutions 🚨

📌 VT Detection: 0 / 58

📁 Filename: Staff memo from HR department.htm

🔐 MD5: e1f5cdbac6db809cb06fe0279f2c7594

🕵️‍♂️ IOCs:

– https[:]//districtjanitorialrepair.com/dev/dropbox.php

-…

[

pic.twitter.com/ynPdtGiuiE

](https://t.co/ynPdtGiuiE)

— DOCGuard – Detect Maldocs in Seconds! (@doc_guard)

[

April 16, 2024

](https://twitter.com/doc_guard/status/1780232141332176984?ref_src=twsrc%5Etfw)

According to the report, the phishing page is designed to look exactly like the Outlook login panel, complete with Microsoft branding and a familiar user interface.

`Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here`.

Technical Details of the Attack

The phishing page is hosted on a domain designed to closely resemble a legitimate Microsoft URL, making it difficult for users to detect the malicious intent.

The page is also equipped with advanced obfuscation techniques, which help it evade detection by antivirus software.

“This phishing attack is particularly concerning because it can bypass all antivirus detections,” said cybersecurity expert Jane Doe.

“The attackers have put a lot of effort into making the page look and feel authentic, which is making it extremely difficult for users to identify as a scam.”

Protecting Yourself from Phishing Attacks

You must be vigilant when accessing online services to protect yourself from this and other phishing attacks.

Always double-check the URL of the page you’re accessing, and be wary of any requests for login credentials, even if they appear to be from a trusted source.

Additionally, using reputable antivirus software and keeping it up-to-date is recommended to help detect and prevent such attacks.

Users should also be cautious of unsolicited emails or messages that appear to be from trusted organizations and should never click on links or attachments from unknown sources.

“Phishing attacks are becoming increasingly sophisticated, and users must remain vigilant and take steps to protect themselves,” said Doe.

“By being aware of the latest threats and taking proactive measures, we can help to reduce the impact of these attacks and keep our personal information safe.”

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy [TrustNet](https://trustnetinc.com/get-a-quote/#form?utm_source=cybersecuritynews&utm_medium=article&utm_campaign=itrustgwannouncement) to Your Radar ASAP

The post Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

#1 Matérialisme historique et dialectique - Cours de formation du PCRF https://www.youtube.com/watch?v=lz0s39eNT5M #1

Verkehrsexpertin: Schlüssiges Gesamtkonzept statt Fahrverbote

Klimaschutzziele - Verkehrsexpertin fordert Gesamtkonzept statt Fahrverbote

Fahrverbote reichen nicht aus, um die Emissionen im Verkehrssektor zu senken, sagte Wiebke Zimmer vom Thinktank Agora Verkehrswende.#Emissionsziel #CO-2Emissionshandel #1 #5GradZiel #KLIMASCHUTZ
Verkehrsexpertin: Schlüssiges Gesamtkonzept statt Fahrverbote

Obwohl rechtlich nicht bindend haben #Telekom, #Vodafone, #1&1 und #Telefónica die Schattenbibliothek #Sci-Hub gesperrt.

Siehe: https://www.golem.de/news/sci-hub-netzsperre-gegen-schattenbibliothek-ohne-amtliche-anordnung-2404-184105.html

Meist mit öffentlichen Mitteln geförderte #Forschung denen die sich die teure Fachliteratur nicht leisten können nicht zugänglich machen wegen der Chancenungleicheit - na super ☹️

#bananenrepublik #justiz #internet #web #problem #wissenschaft #bildung #urheberrecht

Real-World Law Enforcement Hack of Hackers End-to-Encrypted Chat Messanger

Law enforcement authorities successfully penetrated EncroChat, an encrypted chat program that is frequently used by criminals, in a ground-breaking operation that has shocked the world of organized crime.

This operation led to the arrest of hundreds of individuals involved in illegal activities across Europe and the seizure of substantial amounts of drugs, weapons, and cash.

The breach of EncroChat, once considered impenetrable, marks a significant victory in the ongoing battle against organized crime and raises important questions about privacy, security, and the limits of encryption technology.

"A Real-World Law-Enforcement Breach of End-to-End Encrypted Messaging: The Case of Encrochat" is a talk presented by Sunoo Park at RWC 2024.

[

https://t.co/bVjSja26zg

](https://t.co/bVjSja26zg)

Slides here:

[

https://t.co/mcZHP10q8v

](https://t.co/mcZHP10q8v)

— Aristotle Tzafalias (@Aristot73)

[

April 9, 2024

](https://twitter.com/Aristot73/status/1777764484960182656?ref_src=twsrc%5Etfw)

This article discusses the successful efforts of the authorities to penetrate and gain control over the entire EncroChat instant messenger, which is commonly utilized by cybercriminals for communication.

The EncroChat Network

EncroChat offered encrypted phones at a high price, promising anonymity and security through end-to-end encrypted messaging (E2EE), with features designed to remove identifying information.

These devices, which cost around £900 each, with a subscription fee of £1,350 for six months, were tailored for privacy, with GPS, microphone, camera, and USB port all physically disconnected.

EncroChat’s services included encrypted messaging, ZRTP-based VOIP calls, and encrypted note-taking, operating on a dual-boot system with both EncroChat and Android OS.

The Breach

The operation to penetrate EncroChat began in December 2018 when a French court-authorized law enforcement to copy EncroChat’s virtual machines from a server in Roubaix, France. This led to legal maneuvers allowing authorities to install “computer data capture devices” on the server and intercept communications.

According to the presentation submitted at The Crypto Conference 2024, By March 2020, law enforcement had injected malware into EncroChat’s update servers, enabling them to collect both historical and live data from the devices.

This malware transmitted all stored data on the devices to the authorities and forwarded chat messages to French police servers in real-time without altering the encryption, thus maintaining the appearance of secure communication.

The breach resulted in more than 6,500 arrests and the seizure of over 900 million euros in assets. EncroChat, realizing the extent of the compromise, issued a warning and shut down its service in June 2020.

The operation revealed the scale of EncroChat’s use among criminals for coordinating illegal activities, including drug trafficking, violent attacks, and large-scale transports of illegal goods.

**Are you from the SOC and DFIR Teams? – Analyse linux Malware Incidents & get live Access with ANY.RUN -> [Start Now for Free](https://any.run/?utm_source=csnandgbhackers&utm_medium=article&utm_campaign=5majorphishing&utm_content=register&utm_term=090424).**

Legal and Ethical Implications

The EncroChat breach has sparked a debate on the ethical and legal implications of law enforcement’s use of hacking and malware to combat crime.

While the operation has been hailed as a significant success in disrupting organized crime, it also raises concerns about privacy, the security of communication technologies, and the potential for abuse of such surveillance capabilities.

The operation’s reliance on malware and the covert interception of communications without users’ knowledge challenge traditional notions of privacy and legal process.

The successful breach of EncroChat represents a turning point in law enforcement’s approach to tackling encrypted networks used by criminals.

It underscores the vulnerabilities inherent in even the most secure communication systems and highlights the ongoing tension between privacy rights and the needs of law enforcement.

As technology continues to evolve, the balance between these competing interests will remain a contentious and critical issue for society.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a [Free 30-Second Assessment](https://expertinsights.typeform.com/email-security?utm_source=category&utm_medium=quotes&typeform-source=trustifi).

The post Real-World Law Enforcement Hack of Hackers End-to-Encrypted Chat Messanger appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

HTTP/2 Vulnerability Let Hackers Launch DOS Attacks on Web Servers

Researchers identified a significant vulnerability within the HTTP/2 protocol, potentially allowing hackers to launch Denial of Service (DOS) attacks on web servers.

The vulnerability tracked as CVE-2024-28182 has raised concerns among internet security experts and prompted responses from various technology vendors.

The CERT Coordination Center (CERT/CC) disclosed the vulnerability in a vulnerability note VU#421644.

It has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2024-28182. This security flaw is particularly worrisome because it affects the HTTP/2 protocol, which is widely used for secure communications on the Internet.

Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Try Free Demo

Impact on Vendors and Products

This vulnerability has impacted several technology vendors. Arista Networks, a prominent player in the networking space, has confirmed that some of its products are susceptible to the identified threat.

The company has provided a detailed advisory on the affected products and their impact on its official website.

Fastly, a global cloud platform has also acknowledged the impact of vulnerability on its services.

The company’s statement, dated April 5, 2024, indicates that CVE-2023-45288 is among the affected vulnerabilities. However, Fastly has not yet received a statement from the vendor regarding several other CVEs.

The Go Programming Language is another affected entity, with its net/http and golang.org/x/net/http2 packages being vulnerable due to a lack of a limit on the number of headers for a request.

SUSE, a significant software company known for its Linux distributions, has also reported that its distributions contain affected packages.

The company has committed to shipping updated Go compilers and rebuilt Go packages once available.

The CVE-2024-28182 vulnerability allows attackers to exploit the HTTP/2 protocol by overwhelming a web server with a flood of data, leading to a DOS attack.

This attack can render the server unresponsive to legitimate traffic, effectively taking it offline and disrupting services.

`Free Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here`.

Responses and Mitigations

Since the vulnerability was discovered, affected vendors have been working on patches and updates to mitigate the risk.

Arista Networks has already provided information on the affected products and their steps to address the issue. Similarly, SUSE has announced plans to release updated compilers and packages to protect against the vulnerability.

The Importance of Timely Updates

The identification of CVE-2024-28182 underscores the importance of timely security updates and the need to monitor cybersecurity threats continuously.

Organizations using affected products are advised to follow the vendor’s guidance and apply necessary patches or updates as soon as possible to protect against potential attacks.

The discovery of the CVE-2024-28182 vulnerability in the HTTP/2 protocol reminds us of the ever-present risks in the digital landscape.

As cyber threats evolve, the collaboration between vendors, security researchers, and the broader cybersecurity community becomes increasingly crucial in identifying and mitigating such vulnerabilities.

Users and administrators are urged to stay vigilant and ensure their systems are up-to-date with the latest security measures.

**Secure your emails in a heartbeat! To find your ideal email security vendor, Take a [Free 30-Second Assessment.](https://expertinsights.typeform.com/email-security?utm_source=category&utm_medium=quotes&typeform-source=trustifi)**

The post HTTP/2 Vulnerability Let Hackers Launch DOS Attacks on Web Servers appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

#1 Matérialisme historique et dialectique - Cours de formation du PCRF https://www.youtube.com/watch?v=lz0s39eNT5M #1

Hosting Providers VMware ESXi Servers Hit by New SEXi Ransomware

A new ransomware variant is targeting VMware ESXi servers, a popular virtualization platform used by hosting providers worldwide.

Dubbed “SEXi” by its creators, this ransomware has already made significant waves, with Powerhost’s CEO revealing a staggering ransom demand of approximately 140 million dollars.

The attack on VMware ESXi servers marks a concerning trend for businesses relying on virtualized environments.

While the exact intrusion method remains a mystery, experts tirelessly work to uncover the initial access vector.

This lack of clarity underscores the sophisticated nature of the SEXi ransomware and the challenges faced in protecting complex network infrastructures.

Researcher German Fernandez recently tweeted about a new ransomware variant called SEXi that has targeted hosting providers’ VMware ESXi servers.

https://twitter.com/1ZRR4H/status/1775371621605298386

The Ransom Note: “SEXi.txt”

Upon successful infiltration, SEXi ransomware leaves a calling card in the form of a ransom note named “SEXi.txt,” it audaciously renames the extensions of the affected files to “.SEXi” as well.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

This bold cyber vandalism is a play on the ransomware’s name and a clear indication of the attackers’ confidence in their encryption methods.

The cybersecurity community is abuzz with discussions about SEXi, with many considering it a new or emerging ransomware variant.

The novelty of SEXi poses additional risks as security teams scramble to understand its behavior and develop countermeasures.

Using a unique file extension for encrypted files is a hallmark of this new threat, signaling a potentially sophisticated and customized attack tool.

The Cost of Cybersecurity Breaches

The CEO of Powerhost has publicly stated that the ransom demanded by the attackers is a monumental sum, highlighting the severe financial implications of such cybersecurity breaches.

This incident serves as a stark reminder of the potential costs associated with ransomware attacks, not only in terms of the ransom itself but also the operational disruptions and reputational damage that can ensue.

The SEXi ransomware attack on VMware ESXi servers is a sobering reminder of the evolving threats in the digital age.

As cybercriminals continue to refine their tactics, the importance of proactive and comprehensive cybersecurity measures has never been more apparent.

Businesses must remain vigilant, informed, and prepared to defend against these insidious attacks that can have far-reaching consequences.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Hosting Providers VMware ESXi Servers Hit by New SEXi Ransomware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Researchers Observed Visual Studio Code Extensions Stealing Users’ Sensitive Data

ReversingLabs has uncovered a series of Visual Studio Code (VS Code) extensions designed to transfer sensitive information from unsuspecting users.

This discovery highlights the growing trend of supply chain attacks increasingly targeting open-source repositories and platforms.

The threat landscape has seen a dramatic 1300% increase in supply chain attacks, with malicious actors exploiting public repositories to introduce compromised packages into the development cycle.

ReversingLabs has been at the forefront of monitoring these repositories, such as npm and PyPI, and has recently expanded its vigilance to include the VS Code Marketplace.

Malicious Extensions on VS Code Marketplace

The VS Code Marketplace, a hub for developers to share and install extensions, has historically been less affected by malicious activities.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

However, ReversingLabs’ recent investigation has revealed multiple extensions linked to a single author, VSAnalysistest, that were engineered to steal data.

These extensions, including clipboard-helper-vscode, code-ai-assistant; codegpt-helper, and mycodegpt-assistant, were promptly removed from the marketplace following their detection.

Malicious Extension Code Snippet

Disguised Threats and Data Exfiltration

The extensions were deceptively simple, with some masquerading as tools to enhance clipboard functionality or improve coding efficiency.

However, they harbored malicious intent, such as exfiltrating clipboard data or phishing for GitHub credentials via Discord webhooks.

Threat hunting policy

Limited Impact but a Warning Sign

Although the impact of these extensions was limited due to their short lifespan and low download numbers, their presence serves as a cautionary tale for developers and security professionals.

It underscores the need for vigilance against software supply chain attacks, even on less popular platforms like the VS Code Marketplace.

Developers are encouraged to conduct thorough security assessments of public libraries and extensions before incorporating them into their projects.

Tools like ReversingLabs Spectra Assure are available to assist developers in ensuring their code remains secure and free from malicious content.

Activation Events in Malicious Extension

The discovery of these malicious VS Code extensions is a stark reminder that the threat of supply chain attacks is ever-present.

As attackers devise new methods to infiltrate software ecosystems, the community must remain proactive in safeguarding against these insidious threats.

IOCs

unique_identifier

version

VSAnalysistest.clipboard-helper-vs code

VSAnalysistest.clipboard-helper-vscode

0.0.1

edf04024c6e0a8927f04a26edcde4374b365e16d

VSAnalysistest.code-ai-assistant

0.0.2

14f4a6f3e872c3367e6ddec16a2b183176a091c8

VSAnalysistest.code-ai-assistant

0.0.1

c26fd1f6c993c6340712de86ec2b11f2f5e0535a

VSAnalysistest.codegpt-helper

0.0.1

3aac5b632e1ab6802f58237aeaaf5d0a6d491a44

VSAnalysistest.codegpt-helper

0.0.2

c02663d6c042f191c4d60789b068916469afbf3c

VSAnalysistest.mycodegpt-assistant

0.0.1

c8e2bbd712de025620720d0febab02cfbb97f4bf

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Researchers Observed Visual Studio Code Extensions Stealing Users’ Sensitive Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Gesture Jacking – New Attack That Deceives Website Visitors

The Web Platform is incredibly powerful, but regrettably, malicious websites will do all in their capacity to misuse it.

To prevent such exploitation, blocking actions that weren’t accompanied by a “User Gesture” is one of the weakest (but easiest to implement) defenses.

Gestures are a weak primitive because, although it is easy to determine whether a user has clicked or pressed a key, they do not suit the design objective of clearly conveying a user request well.

A more certain method of deceiving users is gesture-jacking, which eliminates the need for accurate window position, precise click timing, and the random nature of the user’s display settings.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

Rather, the attacker lures the user into holding a key, causes a victim webpage to appear, and then transfers the key down to the victim’s website.

Overview Of Gesture Jacking Attack

Security researcher Paulos Yibelo describes in detail a form of attack in which a user is tricked into holding down a key (such as Enter), and that action is interpreted as accepting a popup window and activating a button on the website of the intended victim.

The victim’s security could be severely compromised if the button on that page executes a risky activity (such as “Grant access,” “Transfer money,” etc.).

Eric Lawrence, an expert browser developer and general program manager for Microsoft Defender, investigated the attack and referenced Yibelo’s post.

The author refers to the attack as a cross-window forgery; however, Eric Lawrence refers to it as a gesture-jacking attack because it most closely resembles the ClickJacking attack vector that gained attention in 2008.

"Gesture Jacking" — the attacker entices you to hold Enter and then causes some UI to appear where the Enter key activates an unsafe action.

Several of these have been fixed over the years; e.g.

[

https://t.co/inByosxzq4

](https://t.co/inByosxzq4)

— 🎻 Eric Lawrence (@ericlaw)

[

March 26, 2024

](https://twitter.com/ericlaw/status/1772667986664477167?ref_src=twsrc%5Etfw)

“Some folks expected that this attack shouldn’t be possible– “browsers have popup-blockers after all!” Unfortunately for their hopes and dreams, the popup blocker isn’t magical”, Eric Lawrence wrote in his blog.

“Holding the Enter key is a user-gesture, so the attacker’s page is allowed to spawn a popup window to a victim site”.

According to him, the foundation of this attack is dependent on a feature of the web-based platform. In particular, when you visit a URL that has a fragment in it:

The browser will automatically concentrate on the first element—if any—whose id matches the value of the fragment by scrolling to it.

Keyboard input will, therefore, be directed towards that element.

According to Yibelo, a website can prevent unintentional button clicks by either randomly assigning the id value on every page load or by removing the id attribute from critical buttons.

Alternatively, to remove an unexpected URL fragment, the page may “redirect” upon loading.

An additional option is provided for Chromium-based browsers: a document can specify that it does not wish to use the default button-focusing behavior.

A website can disable all forms of automatic scrolling (and focussing) from the fragment by adding the force-load-at-top document policy (added as an opt-out for the clean Scroll-to-Text-Fragment functionality).

The researcher noted that attackers have long exploited gesture-jacking to manipulate browser user interfaces, and hence, browser teams have had to release numerous upgrades to stop this abuse.

It is recommended to use frame-ancestors CSP to prevent framing, auto-focus/make default the safe option and disable sensitive UI elements.

***`Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide`***

The post Gesture Jacking – New Attack That Deceives Website Visitors appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents

A group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.

The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.

Breach Announcement on BreachForums

The announcement was made on a forum known as BreachForums, where a user with the handle “IntelBroker” posted a message to the community.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The post, dated April 2, 2024, claims that the data was obtained by infiltrating Acuity Inc, a company alleged to work closely with the US government and its allies.

According to a recent tweet by HackManac, the alleged security breach at Acuity Inc has resulted in the exposure of highly sensitive intelligence documents belonging to the Five Eyes Intelligence Group (FVEY).

[

#DataBreach

](https://twitter.com/hashtag/DataBreach?src=hash&ref_src=twsrc%5Etfw)

Alert ⚠️

🇺🇸

[

#USA

](https://twitter.com/hashtag/USA?src=hash&ref_src=twsrc%5Etfw)

: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.

The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,…

[

pic.twitter.com/qGV8IUmkT7

](https://t.co/qGV8IUmkT7)

— HackManac (@H4ckManac)

[

April 3, 2024

](https://twitter.com/H4ckManac/status/1775402497768628236?ref_src=twsrc%5Etfw)

The hackers assert that the breach resulted in acquiring full names, emails, office numbers, personal cell numbers, and government, military, and Pentagon email addresses.

⚠️

[

#BREAKING

](https://twitter.com/hashtag/BREAKING?src=hash&ref_src=twsrc%5Etfw)

⚠️Allegedly, notorious threat actor IntelBroker, has released National Security Documents and data. Per IntelBroker below..

[

#Clearnet

](https://twitter.com/hashtag/Clearnet?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWebInformer

](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)

[

#Cyberattack

](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)

[

#Cybercrime

](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

#CTI

](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)

[

#NSA

](https://twitter.com/hashtag/NSA?src=hash&ref_src=twsrc%5Etfw)

Documents belonging to the Five Eyes Intelligence..

Compromised Data:…

[

pic.twitter.com/I5n41utQN9

](https://t.co/I5n41utQN9)

— Dark Web Informer (@DarkWebInformer)

[

April 2, 2024

](https://twitter.com/DarkWebInformer/status/1775295354910466200?ref_src=twsrc%5Etfw)

The compromised data also includes classified information and communications between the Five Eyes countries and their allies.

Implications of the Leak

If confirmed, the leak could have significant implications for national security and the operational integrity of the intelligence-sharing network.

The Five Eyes alliance is known for its collaborative intelligence gathering and analysis efforts, playing a pivotal role in global security operations.

At the time of reporting, there has been no official statement from any of the Five Eyes member countries or Acuity Inc. regarding the authenticity of the leaked documents or the extent of the breach.

The silence from official channels has led to speculation and concern among cybersecurity experts and government officials alike.

Cybersecurity agencies are likely to conduct thorough investigations to ascertain the validity of the claims made by the hackers.

The incident underscores the persistent threat cybercriminals pose to national and international security.

`Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide`

The post Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest

The Leading Company for Securing Access Between Workloads Recognized for the Aembit Workload IAM Platform

Aembit, the Workload Identity and Access Management (IAM) Company, has been named one of the Top 10 Finalists for the RSA Conference™ 2024 Innovation Sandbox contest for its platform that manages and secures access between critical software resources, like applications and services.

Aembit will present its technology to a panel of renowned industry judges and a live in-person audience on May 6 at RSA Conference 2024 at the Moscone Center in San Francisco.

Since 2005, the RSAC Innovation Sandbox contest has served as a platform for the most promising young cybersecurity companies to showcase their groundbreaking technologies and compete for the title of “Most Innovative Startup.”

The competition is widely recognized as a catapult for success as the Top 10 Finalists have collectively celebrated more than 80 acquisitions and received $13.5 billion in investments over the last 18 years. Aembit will have three minutes to pitch the panel of judges before a question-and-answer round.

“The submissions for this year’s RSA Conference Innovation Sandbox contest were both dynamic and inspiring. Along with the rest of our entrepreneurial audience, I am excited to see these ideas come to life on stage,” said Linda Gray Martin, senior vice president of RSA Conference. “The evolution of global cyber threats is constant and there’s no better place to look for solutions and to help solve these challenges than in our own community.”

With the rapid expansion of automated software, cloud services, and APIs, enterprises are being met with an exploding number of workloads across their IT environments. Reflect on the now-outdated practice of jotting down user credentials on sticky notes. Similarly, the current method of securing interactions between workloads typically involves the use of static, long-lived credentials, which are prone to theft and often embedded directly within code.

This approach not only introduces security vulnerabilities but also complicates management and impedes prompt response during security incidents and compliance audits. Aembit shifts the model so enterprises can focus on managing access, instead of managing secrets.

“Aembit automates and secures the entire workload-to-workload access workflow, from discovery, to enforcement, to audit – at scale,” said David Goldschlag, co-founder and CEO of Aembit.

“Instead of building another dashboard showing you problems due to secrets and keys, we proactively fix the root cause of these challenges by systematically improving the way workloads are authorized access to your most sensitive resources, without code changes.

You can think of us as Okta (or Azure AD), but between workloads instead of between users and services. The RSA Conference presents the ideal platform for us to demonstrate the significance and impact of our solution to the global security community.”

The RSAC Innovation Sandbox contest kicks off at 10:50 a.m. PT on May 6, and winners will be announced at approximately 1:30 p.m. the same day. The panel of renowned expert judges includes Asheem Chandna, partner at Greylock; Dorit Dor, chief technology officer at Check Point Software Technologies; Niloofar Howe, senior operating partner at Energy Impact Partners; Paul Kocher, independent researcher; and Nasrin Rezai, SVP & CISO at Verizon. Hugh Thompson, RSAC executive chairman and program committee chair of RSA Conference, will return to host the contest.

For more information regarding RSA Conference 2024, taking place at the Moscone Center in San Francisco from May 6 to 9, users can visit https://www.rsaconference.com/usa.

To learn more about the Aembit Workload IAM Platform.

About Aembit

Aembit is the Workload Identity and Access Management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access. For more information, visit www.aembit.io and follow us on LinkedIn.

About RSA Conference

RSA Conference™ is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content, and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams.

Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective “we” to stand against cyberthreats around the world. RSAC is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential, and thought-provoking thinkers and leaders in cybersecurity today. For the most up-to-date news about the cybersecurity industry visit www.rsaconference.com. Where the world talks security.

Contact

CMO

Apurva Dave

Aembit

apurva@aembit.io

The post Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

New XZ Utils Backdoor Free Scanner to Detect Malicious Executables

A critical vulnerability has been discovered in XZ Utils, a widely used data compression tool across Unix-like operating systems, including Linux.

This vulnerability, identified as CVE-2024-3094, involves a backdoor that could potentially allow unauthorized remote access, posing a significant threat to software supply chain security.

Zero detection from VirusTotal

The Discovery of CVE-2024-3094

The initial alarm was raised by Andres Freund, who noticed unusual activity in the XZ Utils project. Versions 5.6.0 and 5.6.1 of XZ Utils were found to be compromised.

Shortly after Freund’s warning, the United States government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Open Source Security Foundation (OpenSSF) issued alerts about the critical nature of this backdoor, emphasizing the urgency of addressing this vulnerability due to its potential impact on OpenSSH security.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The revelation of this backdoor is particularly alarming because it represents a nightmare scenario for software supply chain security.

XZ Utils is integral to embedded systems and firmware development across various ecosystems, with the Linux ecosystem being a primary target due to its role in powering modern cloud infrastructure.

The Response and Mitigation Efforts

In response to the discovery of CVE-2024-3094, the community acted swiftly.

Many Linux distributions impacted by the vulnerability have rolled back to a known safe version of XZ Utils, demonstrating the effectiveness of industry-wide, community-driven coordination.

However, the challenge remains in quickly detecting and deactivating deployed backdoored versions in the field.

Traditional detection tools, which often rely on simple version checks, hash-based detection, or YARA rules, have proven inadequate.

These methods can lead to alert fatigue and false positives, overwhelming security teams.

Recognizing the limitations of existing detection methods, the Binary Research Team embarked on a mission to develop a more practical approach to identify the backdoored binaries.

exported by the payload object file

Their investigation revealed the complexity of the XZ Utils backdoor, believed to be part of a sophisticated, state-sponsored operation with multi-year planning.

An essential technique employed by the backdoor involves the GNU Indirect Function (ifunc) attribute, which allows for runtime resolution of indirect function calls.

The backdoor intercepts execution and modifies ifunc calls to insert malicious code.

Binary Intelligence technology in action.

This static analysis method can generically detect tampering of control flow graph transitions, significantly reducing the false positive rate.

The discovery of the XZ Utils backdoor underscores the critical importance of software supply chain security.

Through the collaborative efforts of the security community and the innovative solutions provided by teams like Binary, the industry is better equipped to defend against these sophisticated threats.

As the landscape of cyber threats continues to evolve, such proactive measures and tools will be indispensable in safeguarding our digital infrastructure.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post New XZ Utils Backdoor Free Scanner to Detect Malicious Executables appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Microsoft’s Exchange Server Hack: Key Rotation Flaw Triggers Breach

Storm-0558, a cyberespionage group affiliated with the People’s Republic of China, has reportedly compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals between May and June 2023.

This was done by using authentication tokens of accounts that were signed by a Key held by Microsoft in 2016.

This key was used for secure authentication into remote systems. However, this key was possessed by the threat actor, which provided several permissions to access any information or systems within that key’s domain.

**Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - [Download Free Guide](https://www.perimeter81.com/whitepapers/ciso-avoid-breach?utm_source=gbhackers&utm_medium=affiliate&utm_campaign=top_articles_gbchakers_cisos_wp&a_aid=2428)**

Additionally, a single key can have enormous power, which, combined with a flaw in Microsoft’s authentication system, resulted in the threat actor gaining full access to any Exchange online account anywhere in the world.

Moreover, Microsoft is still investigating how Storm-0558 got its hands on this key.

The accounts compromised using this attack included

• Senior United States government representatives working on national security matters

• Email accounts of Commerce Secretary Gina Raimondo,

• United States Ambassador to the People’s Republic of China R. Nicholas Burns and

• Congressman Don Bacon.

Microsoft’s Exchange Server Hack

According to the CSRB reports, during the time the threat actor had access to these sensitive email accounts, they downloaded over 60,000 emails from the State Department.

Attack vector of Storm-0558 (Source: CISA)

Moreover, the first victim of this intrusion was the State Department, which was on June 15, 2023, when the SOC team detected anomalies in access to their mail systems.

Following this, the next day, there were several security alerts for which they contacted Microsoft.

10-Day Investigations From Microsoft

Microsoft initiated an investigation for the next 10 days and confirmed that the threat actor Storm-0558 had gotten their hands on certain emails through their Outlook Web Access (OWA).

Further, Microsoft also identified 21 different organizations and 500+ users that were impacted by the attack. The impact was further noted by the U.S. government agencies.

In addition to this, Microsoft also found that the threat actor used the OWA for accessing emails directly using tokens which authenticated Storm-0558 as a valid user.

This also specified that these kinds of tokens must be associated with Microsoft’s identity systems only, but unfortunately, they were not.

Furthermore, the tokens used by the threat actor had digital signatures with a Microsoft Services Account (MSA) cryptographic key that dated back to 2016.

This key was originally intended to be retired by March 2021, providing more insights on the attack.

The Revealing Point

Microsoft initially concluded that the threat actor had forged tokens for accessing these Microsoft Exchange online accounts from affected individuals.

However, after developing some hypotheses they found a flaw in the token validation login used by Microsoft Exchange which could allow any consumer key to access enterprise Exchange accounts if the accounts did not have a code to reject consumer key.

However, it was still not evident enough to prove that the threat actor had obtained and used the 2016 MSA key to compromise the accounts.

By that time, Microsoft recalled an attack performed by the same threat actor in 2021 in which they accessed several documents that were stored in SharePoint as they were looking for information on Azure service management and Identity-related management.

The final stages of investigations revealed some major things: Microsoft had been using manual key rotation mechanisms on enterprise systems and had completely stopped the rotation mechanism after they faced a major outage on one of these activities in 2021.

This allowed the threat actor to use these consumer keys to forge authentication tokens to access consumer email systems.

However, another previously unknown flaw was combined with this issue, potentially compromising sensitive email accounts and organizations.

The post Microsoft’s Exchange Server Hack: Key Rotation Flaw Triggers Breach appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

#Amiga #Music: TwentyTwentyFour #Compilation #1 - #off1k

G'day peeps, been a little while since the last proper compilation and so begins 2024 of Amiga goodness. This compilation consists of #tunes released at #Gerp24 and #Revision24 #Demo #Parties from the last 2 months or so.
Some killer #tracks among this lot so hope you all enjoy :)

Recorded from a Real Amiga 1200 (2MB Chip, 32MB Fast, 030@40Mhz, 16GB CFHD)

TRACKLIST
01 - [00:00] LMan - Ode To Amiga
02 - [02:43] Interphace - Peace Droid
03 - [05:56] Jogeir Liljedahl - Roguecraft
04 - [10:02] SoDa7 - Coffee at Morning
05 - [13:10] JosSs^Mygg^Bonefish - Dan Dan Dada
06 - [17:18] Kefka - The Återsmällare
07 - [19:37] Facet - NewSong
08 - [21:11] Laamaa - Saint Lager
09 - [23:34] AceMan - Yoru no Koe
10 - [27:26] Triace - Groove Operator
11 - [30:49] H0ffman^Daytripper - Surveillance
12 - [34:19] Virtua Point Zero - Can Your AI Do This
13 - [37:52] Tecon - Spiceballs
14 - [41:18] Ma2e^No-XS^Dya - Brink It Back To Me
15 - [44:48] Teo - The Flow
16 - [48:04] Subi - Space Is The Place

The Amiga is a series of #computers released by C=ommodore from 1985 to 1993, all Amigas used the same sound chip, an 8bit, 4channel, upto 28khz PCM called "Paula".

HARDWARE USED:
#Amiga1200, #Behringer DJX750 Mixer, Behringer HD400 Hum Eliminator, Sony 14" PVM, Various RCA and TRS cables, Hydra Mini Scart Switch, Various Scart and BNC cables.
A Phone to record the footage (wish it had 50fps).
**Stereo joining is done with hardware (RCA & TRS cables, Mixer)
Approximate 15% Stereo Separation.

SOFTWARE USED:
#Protracker 2.3F (Amiga)
#Audacity 3.1.3 - audio recording, minor cable noise reduction, volume leveling, some fade outs.
#Camtasia 2021 - video editing, song info.
#Handbrake 1.5.1 - video compression.

https://www.youtube.com/watch?v=RCbYLjWDBf0
#music #musique

Jackson County Missouri Ransomware Attack Impacts IT Systems

Jackson County, Missouri, has become the latest victim of a ransomware attack, which has caused substantial disruptions within its Information Technology (IT) systems.

This attack has highlighted the vulnerabilities in digital infrastructures and the cascading effects such disruptions can have on public services and operations.

The first signs of the cyberattack emerged as operational inconsistencies across Jackson County’s digital infrastructure.

Specific systems were found to be inoperative, while others continued to function normally.

The affected systems are critical to the county’s daily operations, including tax payments and online services for property searches, marriage licenses, and inmate searches.

Consequently, the Assessment, Collection, and Recorder of Deeds offices at all counties have been forced to close until further notice, significantly impacting residents and county operations.

Services Unaffected

It is noteworthy that the Kansas City Board of Elections and Jackson County Board of Elections have not been impacted by this system outage.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

This detail is crucial, especially during electoral activities, ensuring the democratic process remains uninterrupted.

Response and Actions Taken

Upon detecting the disruptions, Jackson County promptly notified law enforcement and engaged IT security contractors to assist in the investigation and remediation efforts.

The county has emphasized that the integrity of its digital network and the confidentiality of resident data remain top priorities.

To date, no evidence suggests that any data has been compromised.

The investigation is in its early stages, with cybersecurity partners working closely with the county to diagnose the issue.

While ransomware is considered a potential cause, comprehensive analyses are underway to confirm the exact nature of the disruption.

Immediate measures have been taken to secure the systems against further compromise.

The county’s IT teams are working tirelessly to restore total operational capacity to the impacted services.

Community Impact and Ongoing Efforts

The closure of critical county offices has undeniably affected residents, who rely on these services for various legal and administrative needs.

Jackson County has acknowledged the inconvenience caused by these closures and expressed appreciation for the community’s patience and understanding.

As the situation unfolds, Jackson County is committed to providing timely updates and ensuring transparency with its residents.

The focus remains on swiftly resolving the issue and implementing measures to prevent future attacks.

This incident is a stark reminder of the ever-present threat of cyberattacks and the importance of robust cybersecurity measures.

As Jackson County navigates this challenging time, the lessons learned will undoubtedly strengthen its defenses and preparedness for similar incidents in the future.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Jackson County Missouri Ransomware Attack Impacts IT Systems appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

RSS-Bridge

See https://curl.haxx.se/libcurl/c/libcurl-errors.html for description of the curl error code.

Details

Type: HttpException
Code: 0
Message: cURL error Could not resolve host: api.arte.tv: 6 (https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://api.arte.tv/api/opa/v3/videos?limit=15&language=de
File: lib/http.php
Line: 154

Trace

#0 index.php(72): RssBridge->main()
#1 lib/RssBridge.php(103): DisplayAction->execute()
#2 actions/DisplayAction.php(68): DisplayAction->createResponse()
#3 actions/DisplayAction.php(117): Arte7Bridge->collectData()
#4 bridges/Arte7Bridge.php(128): getContents()
#5 lib/contents.php(83): CurlHttpClient->request()
#6 lib/http.php(154)

Context

Query: action=display&bridge=Arte7&context=Category&lang=de&cat=&sort_by=&sort_direction=DESC&format=Mrss
Version: 2024-02-02
OS: Linux
PHP: 7.4.33

Go back[https://rss.nixnet.services/url]
[url=https://github.com/RSS-Bridge/rss-bridge/issues?q=is%3Aissue+is%3Aopen+Arte+%2B7]Find similar bugsCreate GitHub Issue
No maintainer