![Community banner](https://midwest.social/pictrs/image/914ad12e-7717-4d9f-8996-37a6816f38ec.jpeg)
![cybersecurity](https://sh.itjust.works/pictrs/image/c38fd5ff-821e-45c9-b2ee-957d0321d2e2.webp?format=webp&thumbnail=48)
Cybersecurity
- PKfail Secure Boot bypass lets attackers install UEFI malwarewww.bleepingcomputer.com PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.
- Belarus-linked hackers target Ukrainian orgs with PicassoLoader malwaretherecord.media Belarus-linked hackers target Ukrainian orgs with PicassoLoader malware
Researchers suspect the likely targets of the attacks were local government offices, as well as representatives of the U.S. Agency for International Development.
- Is This The Most Secure Messaging App?
https://github.com/positive-intentions/chat
probably not... but id like to share some details about how my app works so you can tell me what im missing. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify... but i want to understand why?
im not a cyber security expert. im sure there are many gaps in my knowlege of this domain.
using javascript, i created a chat app. it is using peerjs-server to create an encrypted webrtc connection. this is then used to exchange additional encryption keys from cryptography functions built into browsers to add a redundent layer of encryption. the key exchange is done like diffie-helman (which can be considered secure when exchanged over public channels)
-
i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have opened sourced my cryptography module. its basically a thin wrapper around vanilla crypto functions of a browser. a prev post on the matter.
-
another concern for my kind of app (PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for selfhosting. selhosting this app has some unique features. unlike many other selfhosted projects, this app can be hosted on github-pages and instructions are provided. im also working on introducing a way that users can selfhost federated modules. a prev post on the matter.
-
to prevent things like browser extensions, the app uses strict CSP headers to prevent unauthorised code from running. selfhosting users should take note of this when setting up their own instance.
i think if stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the frontend and the peerjs-server to be hosted independently, im on track for creating a chat system with the "fewest moving parts". im hoping this will lead to true p2p and i hope i can use this as a step towards true privacy and security.
i created a threat-model for the app in hopes that i could get a pro-bono security assessment, but understandable the project is too complicated for pro-bono work.
i created a decentralized todo list demo using the p2p framework used in the chat app. this is to demonstrate the bare-minimum functionality of decentralised messaging and state management.
while there are several similar apps out there like mine. i think mine is distinctly a different approach so its hard to find best practices for the functionalities i want to achieve. in particular security practices to use when using p2p technology.
-
- North Korean hacker used hospital ransomware attacks to fund espionagecyberscoop.com North Korean hacker used hospital ransomware attacks to fund espionage
U.S. prosecutors say Rim Jong Hyok used ransom payments from American health care providers to steal military secrets.
- French police push PlugX malware self-destruct payload to clean PCswww.bleepingcomputer.com French police push PlugX malware self-destruct payload to clean PCs
The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.
- Critical ServiceNow RCE flaws actively exploited to steal credentialswww.bleepingcomputer.com Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks.
- Major Russian banks hit with DDoS attacks as Ukraine claims responsibilitytherecord.media Major Russian banks hit with DDoS attacks as Ukraine claims responsibility
Several large Russian banks confirmed on Wednesday that they suffered distributed denial-of-service (DDoS) attacks that temporarily disrupted their mobile apps and websites, according to local media reports.
- Project 2025 could escalate US cybersecurity risks, endanger more Americanswww.csoonline.com Project 2025 could escalate US cybersecurity risks, endanger more Americans
The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger.
> The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger.
- Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.trufflesecurity.com Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
tl;dr - If a project has been forked or is a fork, you can bruteforce short commit id to see commits from other projects. It doesn't matter if those projects were deleted or made private.
- Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bankwww.darkreading.com Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank
DDoS attack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.
> DDoS attack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.
- Google Chrome now warns about risky password-protected archiveswww.bleepingcomputer.com Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files.
- CrowdStrike Explains Friday Incident Crashing Millions of Windows Devicesthehackernews.com CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
CrowdStrike's faulty update caused a widespread Windows device crash, impacting millions. The company is improving its error handling and testing proc
- US CISA Urges BIND 9 Users to Address New DNS Exploitswww.bankinfosecurity.in US CISA Urges BIND 9 Users to Address New DNS Exploits
The Internet Systems Consortium and the U.S. Cybersecurity and Infrastructure Security Agency are urging administrators to apply updates to the widely used solution
- Windows July security updates send PCs into BitLocker recoverywww.bleepingcomputer.com Windows July security updates send PCs into BitLocker recovery
Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates.
- Cyber firm KnowBe4 hired a fake IT worker from North Koreacyberscoop.com Cyber firm KnowBe4 hired a fake IT worker from North Korea
The security awareness training company said in a blog post that the software engineer used stolen U.S. credentials and an AI-enhanced photo.
- Google's reCAPTCHAv2 is just labor exploitation, boffins saywww.theregister.com Google's reCAPTCHAv2 is just labor exploitation, boffins say
Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them
- Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platformthehackernews.com Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
Tenable discloses a vulnerability in Google Cloud Functions, allowing unauthorized access to sensitive data and services
- Docker fixes critical 5-year old authentication bypass flawwww.bleepingcomputer.com Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
> Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
- APT45: North Korea’s Digital Military Machinecloud.google.com APT45: North Korea’s Digital Military Machine | Google Cloud Blog
APT45 is a long-running, moderately sophisticated North Korean cyber operator operating since as early as 2009.
- A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHubwww.wired.com A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.
> Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.
- Attackers Can Bypass 'Windows Hello' Strong Authenticationwww.darkreading.com Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication
Accenture researcher undercut WHfB's default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework.
- A Tumblr User Talks Crowdstrike
>idk if people on tumblr know about this but a cybersecurity software called crowdstrike just did what is probably the single biggest fuck up in any sector in the past 10 years. it's monumentally bad. literally the most horror-inducing nightmare scenario for a tech company. > >some info, crowdstrike is essentially an antivirus software for enterprises. which means normal laypeople cant really get it, they're for businesses and organisations and important stuff. > >so, on a friday evening (it of course wasnt friday everywhere but it was friday evening in oceania which is where it first started causing damage due to europe and na being asleep), crowdstrike pushed out an update to their windows users that caused a bug. > >before i get into what the bug is, know that friday evening is the worst possible time to do this because people are going home. the weekend is starting. offices dont have people in them. this is just one of many perfectly placed failures in the rube goldburg machine of crowdstrike. there's a reason friday is called 'dont push to live friday' or more to the point 'dont fuck it up friday' > >so, at 3pm at friday, an update comes rolling into crowdstrike users which is automatically implemented. this update immediately causes the computer to blue screen of death. very very bad. but it's not simply a 'you need to restart' crash, because the computer then gets stuck into a boot loop. > >this is the worst possible thing because, in a boot loop state, a computer is never really able to get to a point where it can do anything. like download a fix. so there is nothing crowdstrike can do to remedy this death update anymore. it is now left to the end users. > >it was pretty quickly identified what the problem was. you had to boot it in safe mode, and a very small file needed to be deleted. or you could just rename crowdstrike to something else so windows never attempts to use it. > >it's a fairly easy fix in the grand scheme of things, but the issue is that it is effecting enterprises. which can have a looooot of computers. in many different locations. so an IT person would need to manually fix hundreds of computers, sometimes in whole other cities and perhaps even other countries if theyre big enough. > >another fuck up crowdstrike did was they did not stagger the update, so they could catch any mistakes before they wrecked havoc. (and also how how HOW do you not catch this before deploying it. this isn't a code oopsie this is a complete failure of quality ensurance that probably permeates the whole company to not realise their update was an instant kill). they rolled it out to everyone of their clients in the world at the same time. > >and this seems pretty hilarious on the surface. i was havin a good chuckle as eftpos went down in the store i was working at, chaos was definitely ensuring lmao. im in aus, and banking was literally down nationwide. > >but then you start hearing about the entire country's planes being grounded because the airport's computers are bricked. and hospitals having no computers anymore. emergency call centres crashing. and you realised that, wow. crowdstrike just killed people probably. this is literally the worst thing possible for a company like this to do. > >crowdstrike was kinda on the come up too, they were starting to become a big name in the tech world as a new face. but that has definitely vanished now. to fuck up at this many places, is almost extremely impressive. its hard to even think of a comparable fuckup. > >a friday evening simultaneous rollout boot loop is a phrase that haunts IT people in their darkest hours. it's the monster that drags people down into the swamp. it's the big bag in the horror movie. it's the end of the road. and for crowdstrike, that reaper of souls just knocked on their doorstep.
- Unique malware identified in Panchan botnet with advanced persistence techniquesindustrialcyber.co Unique malware identified in Panchan botnet with advanced persistence techniques
Nozomi Networks Labs researchers uncover Unique Malware in Panchan Botnet with Advanced Persistence Techniques.
- BreachForums v1 hacking forum data leak exposes members’ infowww.bleepingcomputer.com BreachForums v1 hacking forum data leak exposes members’ info
The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users.
- Microsoft releases Windows repair tool to remove CrowdStrike driverwww.bleepingcomputer.com Microsoft releases Windows repair tool to remove CrowdStrike driver
Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday.
- FrostyGoop malware attack cut off heat in Ukraine during winterwww.bleepingcomputer.com FrostyGoop malware attack cut off heat in Ukraine during winter
Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures.
- ViperSoftX Malware Poses As eBooks On Torrentssecurityboulevard.com ViperSoftX Malware Poses As eBooks On Torrents
Recent media reports have shed light on the ViperSoftX malware which is being disguised as eBooks and distributed over torrents. As of now, the malware is capable of executing malicious functions and can evade detection mechanisms as well. In this article, we’ll dive deep into the ViperSoftX malware...
- Fake Hot Fix for CrowdStrike ''crowdstrike-hotfix.zip'' Spreads Remcos RAThackread.com Fake Hot Fix for CrowdStrike ''crowdstrike-hotfix.zip'' Spreads Remcos RAT
Follow us on Twitter @Hackread - Facebook @ /Hackread
- Mexico's Largest ERP Provider ClickBalance Exposes 769 Million Recordshackread.com Mexico's Largest ERP Provider ClickBalance Exposes 769 Million Records
Follow us on Twitter @Hackread - Facebook @ /Hackread
- Chinese Daggerfly uses a new version of Macma macOS backdoorsecurityaffairs.com Chinese Daggerfly uses a new version of Macma macOS backdoor
China-linked APT Daggerfly (aka Evasive Panda, Bronze Highland) has been spotted using a new version of the macOS backdoor Macma.
- Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driverwww.helpnetsecurity.com Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver - Help Net Security
HotPage browser injector malware, masquerading as DwAdsafe ad blocker, can replace the content of the current page, redirect the user.
- Telegram Android Vulnerability "EvilVideo" Sends Malware as Videoshackread.com Telegram Android Vulnerability "EvilVideo" Sends Malware as Videos
Follow us on Twitter @Hackread - Facebook @ /Hackread
- PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishingthehackernews.com PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
Latin American hackers exploit cloud services for phishing and malware distribution. Google warns of serverless computing abuse and takes action again
- The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratelmedium.com The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel…
Author:K&XWS@Knownsec 404 Team Chinese version: https://paper.seebug.org/3199/
- New Linux Variant of Play Ransomware Targeting VMware ESXi Systemsthehackernews.com New Linux Variant of Play Ransomware Targeting VMware ESXi Systems
Play ransomware's new Linux variant targets VMWare ESXi, expanding its reach. US leads in victims, with manufacturing and services most affected.
- [AL-091] Ongoing Phishing Campaign Targeting CrowdStrike Userswww.csa.gov.sg [AL-091] Ongoing Phishing Campaign Targeting CrowdStrike Users
Cyber Security Agency of Singapore.