#hack

anonymiss@despora.de

#node.js used by #Adobe, #Logitech, #Nvidia and others can be used to #exploite #Windows đŸ˜±

Source: https://nitter.eu/Laughing_Mantis/status/1512081814994575377

So what can you do with these and how can they be abused:

You can modify the JSON and JS files mentioned in order to:
- arbitrary download binaries
- ignore download checksums
- execute commands as SYSTEM
- C2 on the behalf of applications
- perform file I/O as SYSTEM
etc.

...

A good generic tool should scan the local appdata and program file folders for instances of NODE.JS or JSON files (Maybe not Microsoft Store instances) and then have templates for trojanizing each vendor's custom #NodeJS and #JSON.

#Microsoft #warning #danger #0day #software #news #Trojan #problem #hack #hacker #driver #install #fail #security

anonymiss@despora.de

How #Tinder became a #weapon in the #Russia -#Ukraine #war đŸ‡·đŸ‡ș đŸ‡ș🇩

Source: https://www.huckmag.com/perspectives/how-tinder-became-a-weapon-in-the-russia-ukraine-war/

Since Tinder shows how far away you are from a match, Sara realised that by creating two fake Tinder accounts and setting the locations to two different areas near the border, she could triangulate the exact locations of her matches. She has so far tipped off the Ukrainian authorities with the details of more than seventy Tinder accounts via an email and Telegram account set up by the Ukrainians to gather information. She has not been told by the Ukrainian authorities how or if the information she’s passed on has been used.

#internet #app #news #military #spy #soldiers #location #smartphone #hack #security

anonymiss@despora.de

#Apple and #Meta Gave User Data to Hackers Who Used Forged Legal Requests

source: https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests

The systems for requesting data from companies is a patchwork of different email addresses and company portals. Fulfilling the legal requests can be complicated because there are tens of thousands of different law enforcement agencies, from small police departments to federal agencies, around the world. Different jurisdictions have varying laws concerning the request and release of user data.

...

“Dark web underground shops contain compromised email accounts of law enforcement agencies, which could be sold with the attached cookies and metadata for anywhere from $10 to $50,” said Gene Yoo, chief executive officer of the cybersecurity firm Resecurity, Inc.

Our #security is therefore the #responsibility of #authorities who cannot even secure their own access to the #Internet for #law #enforcement. Brave new world.

#police #fail #privacy #crime #cybercrime #hack #hacker #identification #access #problem #news #justice #politics

anonymiss@despora.de

#Israel blocked #Ukraine from buying #Pegasus #spyware, fearing #Russia’s anger

source: https://www.theguardian.com/world/2022/mar/23/israel-ukraine-pegasus-spyware-russia

The Ukrainian president, Volodymyr #Zelenskiy, has been critical of Israel’s stance since Russia launched its full and bloody #invasion of Ukraine on 24 February, saying in a recent address before members of Israel’s Knesset that Israel would have to “give answers” on why it had not given #weapons to Ukraine or applied #sanctions on Russians.

#Cyberwar #news #trojan #smartphone #mobile #spy #hack #security #politics

anonymiss@despora.de

A Mysterious #Satellite #Hack Has Victims Far Beyond #Ukraine

source: https://www.wired.com/story/viasat-internet-hack-ukraine-russia/

“We have the option that the intended goal of the attackers was to actually break the terminals in order to disable the communications,” Santamarta says. “Or maybe they were expecting to deploy a specific payload to maybe eavesdrop on communications and something went wrong and the terminals were bricked. At this point, we don't know what really happened.”

In February there was the #breakdown and now a month later they still don't know exactly what happened. This company must really employ exceptional #security talent.

#hack #network #problem #communication #software #news #technology #attack #cyberwar

katzenjens@pod.dapor.net

Durch OTA-Update die Firmware zerschossen...

Jo, eine SicherheitslĂŒcke an solcher Stelle kann maximalen Schaden verursachen. Und da immer mehr Hardware so mit Updates versorgt wird, z.B. fast alles IoT Equipment, Router, TV-Boxen usw. sind noch einige Überraschungen zu erwarten.
https://www.golem.de/news/eutelsat-bigblu-zehntausende-ka-sat-nutzer-brauchen-neue-modems-2203-164091.html
#kasat #ukraine #satellit #internet #hack

anonymiss@despora.de

Leaked #Ransomware Docs Show #Conti Helping #Putin From the Shadows

source: https://www.wired.com/story/conti-ransomware-russia/

Days later, Conti’s leaders talked about Cozy Bear’s work and referenced its ransomware attacks. Stern, the CEO-like figure of Conti, and Professor, another senior gang member, talked about setting up a specific office for “government topics.” The details were first reported by WIRED in February but are also included in the wider Conti #leaks. In the same conversation, Stern said they had someone “externally” who paid the group (although it is not stated what for) and discussed taking over targets from the source. “They want a lot about #Covid at the moment,” Professor said to Stern. “The cozy bears are already working their way down the list.”

#Russia #cybercrime #news #government #FSB #CozyBear #hack #leak #crime #internet #money #business

amitabha@pod.orkz.net

Signal Confirms Hack Claims Are Part Of Misinformation Campaign

Encrypted messaging app Signal has not been hacked, the app maker has confirmed. As Signal use in Eastern Europe increases, rumors had started to circulate that the encrypted messaging app had been hacked.

But as misinformation around the Russia-Ukraine conflict escalates, Signal says the hack rumors are part of a “coordinated misinformation campaign.”

Forbes article

#signal #hack #misinformation #Ukraine #Russia

anonymiss@despora.de

Did the #Cyberwar started with #StuxNet?

Will World War III begin in #cyberspace?

source: https://www.computerworld.com/article/3647879/will-world-war-iii-begin-in-cyberspace.html

People die because of cyber wars, even if no bullets are ever fired. Instead, they die in #emergency rooms that no longer have power, from broken medical #communication networks, and from riots. All of this has happened before. It will happen again. And now, with #Russia poised to invade #Ukraine and Russian cyberattacks already in motion, we can only hope and pray that what promises to be the first major European war since World War II doesn't spark the next #WorldWar.

...

More recently, "58% of all cyberattacks from nation-states have come from Russia," said Tom Burt, #Microsoft corporate vice president. For example, the US and #UK blame the Russian Foreign #Intelligence Service (SVR) for the huge #SolarWinds software supply chain #attack. As Burt pointed out, #Kremlin - backed hackers are becoming "increasingly effective." That's no surprise. After all, Russian agents have been at it for years.

Those who invest nothing in #IT #security will be hacked. If the company is lucky, it is only an #encryption #Trojan and can buy its way out. In worse cases, the company is simply paralyzed and the business secrets are sold in #China. Depending on who is on the bullet list at the moment, it is Russia, China, #Iran or #NorthKorea. Such attacks can be easily disguised, and it is usually not even possible to assign them. Microsoft should rather invest more in its software instead of smart slogans, because macros are still the main gateway for encryption Trojans.

#technology #terror #problem #news #opinion #hack #hacker #computer #software

salinger3@diaspora-fr.org