#Apple knew #AirDrop users could be identified and tracked as early as 2019, researchers say
#ITSecurity researchers warned Apple as early as 2019 about #vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, in a case that experts say has sweeping implications for global privacy.
how much is the phish? The phone-system but also the E-Mail system, are amongst the oldest, digital systems still in use today (the first E-Mail was send 1971). Unfortunately both systems - back then - were not designed with security in mind.[...]
#linux #gnu #gnulinux #opensource #administration #sysops #cyber #itsec #cybersec #itsecurity #dkb #bank #banking #phishing #phish #yandex #sdk #privacy
Originally posted at: https://dwaves.de/2022/05/10/cyber-it-security-news-dkb-phishing-fake-mails-and-sms-software-minimalism-is-data-protection-is-privacy-is-key-36-of-android-apps-build-with-yandex-sdk/
cyber it-security news - DKB phishing fake mails AND sms
how much is the phish? The phone-system but also the E-Mail system, are amongst the oldest, digital systems still in use today (the first E-Mail was send 1971). Unfortunately both systems - back then - were not designed with security in mind.[...]
#linux #gnu #gnulinux #opensource #administration #sysops #cyber #itsec #cybersec #itsecurity #dkb #bank #banking #phishing #phish
Originally posted at: https://dwaves.de/2022/05/10/cyber-it-security-news-dkb-phishing-fake-mails-and-sms/
“The Duri malware, for example, uses the Javascript blob technique.
The attacks are triggered by visiting a website with the malicious code.”
(this could be a well known, sincere, but hacked website)
“By downloading, the malware can install itself on the target device.”
“HTML smuggling is also made possible by the HTML5 “Download” attribute for anchor tags.”
“When a user clicks the HTML link, a download of the file is triggered.”
“The attack therefore uses conventional HTML5 and JavaScript functions.”
“The attack occurs especially in email campaigns.”
“That is, users with Exchange Online mailboxes are also affected.”
“Spear phishing campaign can ransomware”
“This technique was noticed in a spear phishing campaign in May 2021.
“As part of these attacks, the banking Trojan Mekotio as well as AsyncRAT/NJRAT and Trickbot were infiltrated – this also means remote code execution and complete takeover of computers is possible.”
“Ransomware also enters networks in this way.”
“The Microsoft 365 Defender Threat Intelligence Team shows what such an attack looks like in a Twitter post.
“ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign”
src: translated from https://www.security-insider.de/html-smuggling-greift-netzwerke-von-innen-an-a-1109311/
https://dwaves.de/2018/09/10/javascript-is-evil-a-major-security-problem/
https://dwaves.de/2021/02/26/the-evilness-of-javascript-dont-be-evil-twitter-strikes-again/
https://dwaves.de/2019/12/17/mail-thunderbird-disable-javascript/
#linux #gnu #gnulinux #opensource #administration #sysops #itsec #itsecurity #js #html5 #html #javascript #cyber #cybersecurity #cybersec
Originally posted at: https://dwaves.de/2022/04/13/from-html5-javascript-blob-technique-to-ransomeware-js-is-evil-when-it-is-allowed-to-do-more-than-gui-animations/
Hallo zusammen, ich bin #NeuHier. Ich interessiere mich für #computer, #fotografie, #gaming, #itsecurity, #linux, #pentesting, #zocken sowie für viele andere Themen.
Mein Hobby habe ich zum Beruf gemacht. Beruflich bin ich System Engineer und bin in beiden Welten, Windows und Linux zu Hause. Beiheimatet bin ich in Wien (Österreich).
When my friends ask me how I got into their router to set them a cool new WiFi id and secure password... (so fast and from my phone.)
How can this even still be a thing in 2019?!
You can’t even call that hacking!! It’s plain laziness and/or stupidity from the manufacturer side.
(Don't worry, I ask them beforehand.)
