#hack

anonymiss@despora.de

#XZ #Backdoor: Times, damned times, and scams

However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.

source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

#security #software #time #news #hack #linux #timezone

simona@pod.geraspora.de

Ein kurzer erschreckender Auszug über unsere Zukunft aus dem Roman "Genesis 7.0"

„Der Schlüssel der Hacks in Autos liegt im sogenannten CAN-Bus-System, das das elektronische Herz der Connected Cars darstellt. #CAN heißt Controller Area Network und meint ein örtlich begrenztes Steuergeräte-Netzwerk. Die CAN-Bus-Schnittstelle regelt die gesamte Datenübertragung und #Elektronik in komplex ausgerüsteten Kraftfahrzeugen. Einfach ausgedrückt können sich die angeschlossenen vernetzten Steuergeräte des Autos über die Leitungen unterhalten und Informationen austauschen. Und das passiert heute in modernen Autos schon oft kabellos per #Bluetooth oder #WLAN, da die Kabelbäume zu dick und der Kabelwald nicht mehr zu
durchschauen und zu warten wäre. Und das ist genau unsere hervorragende Chance, in das CAN-Bus-System des jeweiligen Autos
einzudringen – per #Mobilfunk, #Internet und #GPS. Haben wir uns dann erst einmal in diese Steuerungseinheit eingeloggt, können wir fast alles im jeweiligen Auto beeinflussen, von den Lichtern angefangen über das Navi bis hin zu den Bremsen. Nur ferngesteuert fahren können wir noch nicht“, lachte Mister Yang, den diese unvorstellbaren Möglichkeiten selbst immer wieder begeisterten und schwärmen ließen.
„Faszinierend wirklich, ich bin sehr beeindruckt, Mister Yang“, sagte Professor Linda Henderson, die mit ihren mittlerweile doch schon 69 Jahren das älteste Mitglied des Gremiums war. Trotz ihrer unglaublichen Berufserfahrung in den Führungsriegen von #Microsoft, #Amazon und #Facebook war die Professorin für #Informationstechnologie begeistert von den technischen Eingriffen ihres Kollegen in Autos auf der ganzen Welt, egal wie weit diese entfernt waren. „Die Welt ist mittlerweile ja wirklich nur noch ein Dorf durch das
Internet, 5G und natürlich auch aufgrund von fast 10.000 Satelliten, die sogar das Nummernschild eines Autos aus dem All erkennen können. Schon jetzt sieht man nachts viel mehr Satellitenpunkte am Himmel als Flugzeuge, und bis 2050 sollen es sogar schon 30.000 #Satelliten sein, auch dank Meister Elon #Musk“, dachte Professor Henderson fasziniert bei sich und verließ den Raum des Hacker-Teams.


zum #Roman: https://tempsend.com/yycjn


#sicherheit #Technologie #hack #hacker #Verkehr #Auto #Software #Hardware #Kontrolle #Zukunft

anonymiss@despora.de

#Microsoft #Security Breaches Rile U.S. #Government Customers

source: https://www.theinformation.com/articles/microsoft-security-breaches-rile-u-s-government-customers

Microsoft became the world’s biggest seller of cybersecurity software by bundling it with Office and Teams apps. But after a series of hacks exploited that software in the past year, several of Microsoft’s biggest customers are considering whether their reliance on Microsoft’s #software bundle puts their security at risk.

The clearest sign that Microsoft may face real consequences for its security lapses can be seen in #Washington. After the company disclosed last summer that Chinese hackers had broken into customers’ systems, including the U.S. State Department’s, the agency began to move its stored data into servers of other cloud providers such as #Amazon Web Services and #Google #Cloud, according to a technical adviser to the agency and an executive at one of the rival companies. And the agency has been discussing possible bigger cloud deals with those rivals, these people said.


#news #security #hack #hacker #exploit #cybersecurity #usa

anonymiss@despora.de

Git-Rotate: Leveraging #GitHub Actions to Bypass #Microsoft Entra Smart lockout

Source: https://research.aurainfosec.io/pentest/git-rotate/

Despite advancements in #cybersecurity, #password #spraying attacks remain a prevalent and effective technique for attackers attempting to gain unauthorised access to #cloud - based infrastructure and web applications by targeting their login portals. Password spraying involves attempting a small number of common passwords against a large number of usernames. This makes it difficult for #security systems to detect and mitigate as they often avoid common protections such as #account lockout policies by avoiding rapid or repeated login attempts for a single account. Attackers can easily obtain lists of commonly used passwords or use automated tools to generate potential passwords, increasing the likelihood of success.

#news #hack #hacker #login #attack #problem

anonymiss@despora.de

Hackers exploited #Windows 0-day for 6 months after #Microsoft knew of it

Source: https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/

Even after Microsoft patched the #vulnerability last month, the company made no mention that the North Korean threat group #Lazarus had been using the vulnerability since at least August to install a stealthy #rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for #malware that had already gained administrative system rights to interact with the Windows #kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.

#software #news #security #cybercrime #bug #exploit #0day #fail #economy #problem #politics #hack #Hackers #trust #risk

anonymiss@despora.de
anonymiss@despora.de

#Anycubic users say their #3D printers were hacked to warn of a #security flaw

source: https://techcrunch.com/2024/02/28/anycubic-users-3d-printers-hacked-warning/?guccounter=1

Ouyang said in an email to TechCrunch: “We are investigating very carefully. There will be an official announcement very soon,” but did not comment further.

“Disconnect your printer from the internet until anycubic patches this issue,” the text file reads.

#news #3dprinter #hack #hacker #warning #software #problem #technology #vulnerability

simona@pod.geraspora.de

Der Film Hacked zeigt was passieren kann wenn unsere Wohnungen über #IoT gesteuert werden 😱

Eine zentrale Frage bleibt allerdings unbeantwortet: Wie kann man so dämlich sein ins Badezimmer eine #Webcam einzubauen? Mir fällt kein Szenario ein wo dies sinnvoll sein könnte.

Hier zum Film: https://www.youtube.com/watch?v=WTn5ow9l5UM

Dass der Hacker alles unverschlüsselt offline auf USB-Sticks speichert und nicht verschlüsselt in der Cloud scheint auch eher, einem uninformiertem Drehbuchauthor ensprungen zu sein.

#film #hack #hacker #Erpressung #sicherheit #CyberSecurity #cybercrime #entertainment

anonymiss@despora.de

#Canada wants to ban the #FlipperZero

source: https://www.canada.ca/en/public-safety-canada/news/2024/02/government-of-canada-hosts-national-summit-on-combatting-auto-theft.html

Pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with #law enforcement agencies.

#SecurityTheater: The old game of stupid politics. They ban the tools instead of providing real security. Then a few teenagers get caught who want to learn to hack with the tool and the criminals laugh because they use other tools.

#snakeoil #security #car #crime #politics #hack #hacker #tool #fail #problem #government #news

librejoker@nerdica.net

Breaking Bitlocker - Bypassing the Windows Disk Encryption in 43 Seconds

In this #video we will use a #hardware attack with a #RaspberryPi Pico to bypass TPM-based #Bitlocker #encryption as used on most #Microsoft #Windows devices.

Watch on YouTube: https://www.youtube.com/watch?v=wTl4vEednkQ

Alternative with more privacy watch here (select an instance and press "Go"): https://redirect.invidious.io/watch?v=wTl4vEednkQ

#Security #TPM #hack #hacker #maker #software #knowledge