#cybersecurity
#Sweden has noticed that #cash is indispensable in the face of increasing #cyberwarfare.
#future #technology #money #economy #cybewar #cybercrime #cybersecurity #war #security #backup #system #news #bankster
"Installation Guide for DarkGPT Project".
"DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. This guide will help you set up and run the project on your local environment."
Eeep.
#Windows #vulnerability reported by the #NSA exploited to install Russian #malware
When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
#Microsoft is a national #security threat, says ex-#WhiteHouse cyber policy director
Source: https://www.theregister.com/2024/04/21/microsoft_national_security_risk/
Microsoft has a shocking level of #control over IT within the US federal #government
#technology #CyberSecurity #economy #politics #software #problem #usa #news
#LLM Agents can Autonomously #Exploit One-day Vulnerabilities
Source: https://arxiv.org/abs/2404.08144
To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).
#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity
The XZ attack has taken the world of cybersecurity by storm. This video provides a concise overview. (If you prefer text, there is a link to a text-based FAQ below.)
It begins with a clever "social engineering" attack, where two people play "good cop bad cop" to guilt-trip the maintainer of XZ. First I should probably mention that XZ Utils is a compression system used by Linux, in lots of places including package managers, build (code compilation) systems, and ssh, the "secure shell" system that enables people to log in to remote servers and run commands. (I myself use ssh dozens of times every day -- if you don't work with servers you wouldn't know, but this is how servers are managed all over the internet.) Getting back to the "social engineering" attack, the attackers successfully demoralized the project maintainer, who was an open source developer working in his spare time and not paid. He eventually gave up and made the "good cop" co-maintainer of the project.
The attack itself is pretty interesting, too. The attacker did not touch ssh, or at least not the code for ssh itself. He changed test code. And not in an obvious way -- he changed a "binary blob" that is opaque to people examining changes to the code to decide whether to accept the changes on their systems or not. The binary blog would get decompressed at build time, and it turned out inside it was a bash script (bash is another one of those Linux shells), and the bash script would get executed. The bash script would modify the ssh system in such a way that a certain public key would be replaced by a different one. The purpose of the original public key was to make sure only trusted people with the corresponding private key could update a running ssh system. With the attacker's key in place, the attacker can now change running ssh systems. Not only that, but because an ssh installation on a server runs with root privileges, because it has to because it has to be able to authenticate any user and then launch a command-line shell for that user with that user's privileges, the attacker becomes able to log in as root on any Linux server infected with the attack -- which could have eventually become more or less all of them had the attack not been discovered.
To me, this attack is interesting on so many levels:
1) It comes through the "supply chain" -- attacking open source at the point where contributors (often unpaid) submit their contributions.
2) It involves a "social engineering" attack on the supply chain, something it had never occurred to me was even possible before.
3) There was a long delay between the social engineering attack and the technical attack -- about 2 years. The attackers spent 2 years building trust to exploit later.
4) It attacks one piece of software (ssh) by attacking a completely different and apparently unrelated piece of software (XZ Utils).
5) It attacks the software not by attacking the code to the software directly, but to its test code.
6) It carries out the attack by running malicious code at build time instead of runtime. (The build of XZ Utils is part of the build of ssh.)
7) It attacks a cryptosystem by replacing a legitimate key with the attacker's key and getting the attacker's key "officially" distributed.
8) Had it been successful, the implications would have been huge -- it would have given the attacker access to practically every Linux server everywhere. (Well, every Linux server, pretty much, uses ssh but the attack initially targeted RedHat & Debian, so maybe it wouldn't have spread to everywhere.)
9) The attack was discovered accidentally, because it modified its target's performance, not any other aspect of its behavior.
I hadn't mentioned that last one yet, but yeah, the attack was discovered by a person who was doing performance benchmarks on a completely unrelated project (to do with the Postgres database), which just happened to include automated ssh logins as part of the testing system, and the ssh logins suddenly slowed down for no apparent reason. In trying to figure out what had gone wrong, he discovered the attack.
This has huge implications for the future for open source software and trust in all the projects and maintainers and regular software updates that are done on a daily basis all over the world. Some are predicting wholesale abandonment of the package distribution systems used currently throughout the Linux world. At the very least, everyone contributing to projects that become standard parts of Linux distributions is going to come under much greater scrutiny.
And in case you're wondering, no, nobody knows who the attackers were, at least as far as I know. And no, no one knows how many other attacks might exist "out there" in the Linux software supply chain.
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.
#Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
source: https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”
#internet #fail #security #phishing #cybersecurity #twitter #news
Die BACKDOOR in XZ Utils: Der SCHLIMMSTE ANGRIFF dieses Jahr
https://youtu.be/cmeDwZgw_6Y?si=uHRgAVXaBo3ci2MP
#cybersecurity #opensource #linux
When #security matters: working with #Qubes OS at the #Guardian
Configuring a Qubes workstation was a new challenge for the team as we abandoned years of experience writing Infrastructure as Code for the cloud and started learning how to write #Salt #configuration. Salt (also know as SaltStack) is a management engine available by default in Qubes.
#cybersecurity #news #journalism #linux #technology #software #securedrop
Exclusive: #YossiSariel unmasked as head of #Unit8200 and architect of #AI #strategy after book written under pen name reveals his #Google account
The embarrassing #security lapse is linked to a book he published on #Amazon, which left a digital trail to a private Google account created in his name, along with his unique ID and links to the #account’s maps and calendar profiles.
#Israel #internet #Anonymity #privacy #spy #military #CyberSecurity #news #online #leak #identity
#PriateBin #communication #turorial #password #security
♲ Digital Angel - 2024-04-04 23:03:12 GMT
How to communicate securely over an insecure network with #PriateBin.https://0.0g.gg/?d08350fc097ceab0#9acFE89JXzDDKP9podRjnFEQCbchtJYA2dnvnjugJKaj
#communication #internet #privacy #security #cybersecurity #surveillance #spy #passwort #howto #instructions #tutorial #help
#hack #security #news #problem
♲ Digital Angel - 2024-04-04 23:15:13 GMT
#IBIS hotel check-in terminal keypad-code leakagesource: https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/
However, when entering a '------' as booking ID, the check-in terminal lists other people's bookings and keypad codes.
What #encryption do you use for your everyday #communication?
I'm not talking about your nerd friends, who can be counted on one hand and who know a thing or two about the subject. I'm talking about your normal friends, business partners and colleagues with whom you communicate both professionally and privately.
I was recently called by my support via Microsoft Teams because I had to enter some passwords. The support team proudly said that they were contacting me via Teams because it was more secure than the normal phone. He was then very surprised when I told him that Teams is unencrypted and can be intercepted much more easily.
#messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
Review of the Summer 2023 #Microsoft #Exchange Online #Intrusion
the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed;