Security
- Cryptography DEEPEST LOREgithub.com rubberhose/MYTHOLOGY at master · sporkexec/rubberhose
(AKA Marutukku) Backup of Assange's deniable cryptosystem. - sporkexec/rubberhose
Long live Julian Assange.
- Microsoft starts developing tools to prevent another global IT outage
Microsoft is creating new capabilities that will let security vendors operate outside of the root of Windows operating systems.
- 1.3 million Android-based TV boxes backdoored; researchers still don’t know howarstechnica.com 1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet.
Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.
- DroidFS v2.2.0
cross-posted from: https://lemmy.ml/post/18512730 >DroidFS is an Android application providing rootless support for gocryptfs and CryFS encrypted file systems. It features an encrypted camera, biometric unlocking, integrated secure file viewers and allows decrypted files to be exposed to other applications. It is 100% FLOSS and developed voluntarily. > > This new version... > - aims to improve the user interface > - implements a foreground service to keep volumes open in the background > - allows tweaking the file export method used for sharing content with other apps > - adds new Turkish, Simplified Chinese and Hebrew translations > - and of course, fixes a few bugs > > Official APKs are available for download now. It should land on F-Droid very soon, with a new per-ABI APKs split which will reduce quite a bit the download as well as the installed app size. > > Feel free to give some feedback, open bug reports, ask for help, contribute, or just discuss about the project!
- Secure Boot is completely broken on 200+ models from 5 big device makersarstechnica.com Secure Boot is completely broken on 200+ models from 5 big device makers
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
- Doing language agnostic automated unit test generation with LLMs and contextually aware mutation testing to remove code vulnerabilitiesgithub.com GitHub - codeintegrity-ai/mutahunter: Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing
Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing - codeintegrity-ai/mutahunter
Hey Community, I figured that I could strengthen existing automated unit test generation quality by integrating mutation testing results as a metric to determine the quality of my unit tests. Figured everyone should be unit testing their code now especially after the recent Crowdstrike fiasco.
Check it out here https://github.com/codeintegrity-ai/mutahunter
Please star if you like it :)
- Microsoft IT outage latest: Airports, businesses and banks including Sky News experiencing issues worldwidenews.sky.com Microsoft IT outage latest: Airports, businesses and banks including Sky News experiencing issues worldwide
Planes have been grounded as several airports are hit by a global IT outage, with Windows PCs shutting down and broadcasters and businesses also taken offline.
Caused by security firm CrowdStrike that issued an update.
- Presenting our DIY Dead Man Switch @ DEF CON 32www.buskill.in BusKill goes to DEF CON 32 - BusKill
Join BusKill at DEF CON 32 for our presentation titled "Open Hardware Design for BusKill Cord" in the Demo Lab
We're happy to announce that BusKill is presenting at DEF CON 32.
What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall
| [!BusKill goes to DEF CON 32 (Engage)](https://www.buskill.in/defcon32/) | |:--:| | BusKill is presenting at DEF CON 32 |
What is BusKill?
BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.
| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |
If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
What is DEF CON?
DEF CON is a yearly hacker conference in Las Vegas, USA.
| [!DEF CON Documentary](https://www.buskill.in/defcon32/) | |:--:| | Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg |
What is BusKill presenting at DEF CON?
I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.
What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall
Who: Melanie Allen (goldfishlaser) More info
Talk Description
BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:
- a usb-a extension cord,
- a usb hard drive capable of being attached to a carabiner,
- a carabiner,
- the plastic pieces in this file,
- a usb female port,
- a usb male,
- 4 magnets,
- 4 pogo pins,
- 4 pogo receptors,
- wire,
- 8 screws,
- and BusKill software.
| [!Image of the Golden BusKill decoupler with the case off](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print |
Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.
Meet Me @ DEF CON
If you'd like to find me and chat, I'm also planning to attend:
- ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236),
- Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222),
- Goth Night (Friday: 21:00 – 02:00 \| 322-324),
- QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2),
- EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and
- Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327)
I hope to print many fun trinkets for my new friends, including some BusKill keychains.
| [!Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag |
By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.
- CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
Regression in signal handler.
> This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.
- Cloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their productblog.cloudflare.com Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites
> Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io service or authorized their use of Cloudflare’s name on their website. We have asked them to remove the false statement, and they have, so far, ignored our requests. This is yet another warning sign that they cannot be trusted.
- Kaspersky products are now banned in the USwww.xda-developers.com Kaspersky products are now banned in the US
The restriction of sales will begin next month
If it ain't 'murican we ban 'em!
Guess all foreign cars should be next, what with all the telemetry and all...
- Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security
> A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.
- how much would/should/could it cost to get my app security assessed?
im working on a decentralized chat app. i open sourced it to get feedback on the implementation.
for a project like this, its important for it to be open source in order to gain user confidence in the security. but i find that the project is too complicated for pro-bono security assessment work (which is understandable).
fiverr probably isnt the best place to find reputable support, but i wanted to see the prices. it seems to range from 50 to 5k+
i wont be getting the support any time soon, but id like guage an estimate. i havent done something like this before so any/all advice is appriciated.
i created a threat-model which may help: https://positive-intentions.com/docs/research/threat-model/
to explain my app in more detail: https://medium.com/@positive.intentions.com/introducing-decentralized-chat-377c4aa37978
github repo: https://github.com/positive-intentions/chat
- Cyber Security: A Pre-War Reality Check - Bert Hubert's writingsberthub.eu Cyber Security: A Pre-War Reality Check - Bert Hubert's writings
This is a lightly edited transcript of my presentation today at the ACCSS/NCSC/Surf seminar ‘Cyber Security and Society’. I want to thank the organizers for inviting me to their conference & giving me a great opportunity to talk about something I worry about a lot. Here are the original slides with ...
- U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security
> KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims. Reached at the same ToX instant messenger identity that the ransomware group leader has promoted on Russian cybercrime forums, LockBitSupp claimed the authorities named the wrong guy.
> LockBitSupp, who now has a $10 million bounty for his arrest from the U.S. Department of State, has been known to be flexible with the truth.
- The Best Secure Email Providers in 2024blog.thenewoil.org The Best Secure Email Providers in 2024
Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with ...
- The Hidden Benefits of Digital Minimalismblog.thenewoil.org The Hidden Benefits of Digital Minimalism
A few years ago, minimalism was all the rage. Marie Kondo was on every TV, The Minimalists were in everyone's podcast feed, and I found m...
- Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) - watchTowr Labslabs.watchtowr.com Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device. We’ve seen all the commentary around the certification proces...
- Chromium developing device bound session tokens to combat session token theft techniquesblog.chromium.org Fighting cookie theft using device bound sessions
Cookies – small files created by sites you visit – are fundamental to the modern web. They make your online experience easier by saving bro...
- IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377) - watchTowr Labslabs.watchtowr.com IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377)
Welcome to April 2024. A depressing year so far - we've seen critical vulnerabilities across a wide range of enterprise software stacks. In addition, we've seen surreptitious and patient threat actors light our industry on fire with slowly introduced backdoors in the XZ library. Today, in this it...
- Several vulnerabilities in LG WebOS. Chained, lead to RCE.www.bitdefender.com Vulnerabilities Identified in LG WebOS
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities.
- CVE 10.0 vulnerability in PAN-OSsecurity.paloaltonetworks.com CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated atta...
- BatBadBut: You can't securely execute commands on Windowsflatt.tech BatBadBut: You can't securely execute commands on Windows
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors...
- Microsoft Cybersecurity Disaster Triggers Customer Doubt, Competitor Opportunityaccelerationeconomy.com Microsoft Cybersecurity Disaster Triggers Customer Doubt, Competitor Opportunity
A federal watchdog group's dareport exposes major flaws in Microsoft's cloud cybersecurity, demanding urgent action from CEO Satya Nadella to address widespread shortcomings and restore customer trust amidst escalating cyber threats.
- Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Clickgithub.com GitHub - osintmatter/shortemall: Shortemall is a Python-based tool that automates the process of scanning hidden content of Short URLs.
Shortemall is a Python-based tool that automates the process of scanning hidden content of Short URLs. - GitHub - osintmatter/shortemall: Shortemall is a Python-based tool that automates the proce...
- Security Vulnerability of HTML Emails - Schneier on Security
> When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.
- Galactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platformwww.anvilsecure.com Galactical Bug Hunting: How we discovered new issues in CD Projekt Red's Gaming Platform - Anvil Secure
As a researcher I often run into situations in which I need to make a compiled binary do things that it wouldn’t normally do or change the way it works in some way. Of course, if one…
- Fidelity and passwords via T9
Anyone here use fidelity (https://www.fidelity.com/)? I had to call to get something done with my account and thought it was weird that they have you (more/less) T9 dial your password into the system, though its not real T9 in that (for example) one press of 2 would mean either a,A,b,B,c,C,2. They say for special characters just give a * sign.
Any thoughts on if that is safe on their part? It seems weird to me since they either need the password in plaintext on their end or I guess the hash of the T9 version of the password which would be less secure anyways because of: all one case and only one type of 'special character'.
And yes: before you ask this was 100% the actual fidelity phone number: +1 800-343-3548
In their defense they did ask for other verification information once I got a person, but still felt really weird.
Any thoughts on the security of this mechanism?
- Kobold letters – Why HTML emails are a risk to your organizationlutrasecurity.com Kobold letters – Lutra Security
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious sec...
- What we know about the xz Utils backdoor that almost infected the worldarstechnica.com What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes awaytherecord.media Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
Ross Anderson, a professor of security engineering at the University of Cambridge who is widely recognized for his contributions to computing, passed away at home on Thursday according to friends and colleagues who have been in touch with his family and the University.
- Mitigating attacks based on knowing the length of a Windows Hello PIN - The Old New Thingdevblogs.microsoft.com Mitigating attacks based on knowing the length of a Windows Hello PIN - The Old New Thing
Balancing convenience against security, and how you can tune the knobs toward more security.
Describes considerations of convenience and security of auto-confirmation while entering a numeric PIN - which leads to information disclosure considerations.
> An attacker can use this behavior to discover the length of the PIN: Try to sign in once with some initial guess like “all ones” and see how many ones can be entered before the system starts validating the PIN. > > Is this a problem?
- Ongoing Malware Laced Developer Job Interviewsblog.phylum.io Smuggling Malware in Test Code
Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempt...
- Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs - XXEblog.securelayer7.net Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs
Overview Recently, five CVEs have been discovered in Ivanti Connect Secure, a software product designed to offer secure remote access to corporate resources and applications. This product is currently trusted by numerous service providers and government entities. These vulnerabilities encompass aut...