Skip Navigation
Is there such a thing as a privacy driven credit card?
  • Google Wallet, formally Google Pay, formally GPay, formally Android Pay, formally Google Wallet, formally Android Wallet, does the same thing.

    Switching phones and returning something was such a pain since it generated an entirely new number.

  • Security News @infosec.pub IllNess @infosec.pub
    Transport for London staff faces systems disruptions after cyberattack

    >Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

    0
    Security News @infosec.pub IllNess @infosec.pub
    North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
    thehackernews.com North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

    North Korean hackers target developers via LinkedIn job scams, spreading malware to infiltrate Web3 and crypto firms.

    North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

    >"After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said.

    >The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons.

    0
    These repairable phones still aren't built to last
  • I am definitely not trying to defend the manufacturers here, only point out that there are solutions for those like myself who want to continue using their wired headphones with newer phones.

    Understood.

    I agree with you with the SD card too. That one probably annoys me more. It made everything so much more difficult. Transferring files, backups, swapping out music, seeing pictures from a camera or drone... Made the device less like a computer in everyway.

  • These repairable phones still aren't built to last
  • Yes that is true but speaking on clinging on to an older phone, a headphone jack had a superior physical hold. My phone got saved a few times because my phone was connected to my wired headphones.

    These dongles that came with phones were also usually very thin. It also sticks out and made of plastic. It just adds another weak point. They somehow added a weak point to a great piece of technology... On top of that phones no longer comes with the dongles.

    Also dongles aren't sexy. It looks like a hack to make something work. Phone companies made headphones unsexy while making wireless earbuds really sexy.

    Some people said that a headphone jack made dustproofing and waterproofing more difficult. Maybe but it had be done before. They also said it brings down the price of the phone to get rid of them. Weird considering the Google A series and Samsung mid range phones had it but their flagship phones didn't.

    You made a lot of great points. Thank you for those.

    I actually have bluetooth earbuds either came bundled, or I was gifted them. They have come a long way. Easier to connect. Better latency and better sound quality compared to the older version of bluetooth.

    I like them, I am not a complete hater but I really am annoyed that this stuff will just turn to ewaste while my headphones have lasted me decades.

    I'm just an old head yelling at the clouds.

  • These repairable phones still aren't built to last
  • This is the main reason they got rid of the headphone jack. Some headphones lasted forever.

    Now you have Bluetooth earbuds with tiny batteries that goes in a case with another small battery. Batteries that small will last 5 years tops. On top of that sound quality hasn't improved and latency got worse.

  • Car rental giant Avis discloses data breach impacting customers

    >American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information.

    1
    Idiots Who Tried TikTok’s Viral ‘Free Money Glitch’ at ATMs Are Getting Reported for Fraud
  • I see.

    To combat this my bank doesn't allow me to withdraw above what is in my bank account, no matter how big the check is. Like I can see the check money in there but it usually has a note that only a certain amount is usable until the check clears.

  • Waymo Robotaxis Are Giving 100,000 Rides a Week. It'll Soon Be More.
  • If it was a simple flag, you would be correct a computer will react faster than any human but when you factor in everything else like constantly analysis of surroundings, decision making, and accounting for physical limitations, then yes. It's the reason why Waymo cars move so slowly.

    If a person was standing at a sidewalk, hidden behind an object, far away from a pedestrian way or traffic signal and jumps 2 feet in front of a car going 25 mph, the average driver with their full faculties would do better than Waymo.

  • Waymo Robotaxis Are Giving 100,000 Rides a Week. It'll Soon Be More.
  • The reports of the safety of AVs is overstated when you consider that they are limited within a city limit, they rarely go on the highway, they follow speed limits in cities which is lower than highways, people are more aware of AVs, and during their trial runs they had an actual human in the car to correct them.

    On average, AVs are safer especially when you consider some bad drivers do not get better, people drink, people get sleepy, people distract themselves. and young drivers lack experience. But the average driver with it with their full faculties would do better in tests based solely on reactions.

    if you look at the accident reports and took out drivers who were on a substance, are younger than 25 or older than 70, was distracted with something like their phones or others in the car, were not following laws, and those who were emotional then the stats would be pretty close.

    Overall I do believe AVs are better for world because peak performance of an average driver is rare.

  • Waymo Robotaxis Are Giving 100,000 Rides a Week. It'll Soon Be More.
  • Human vision also have the brain that does a lot of automation like figuring out distance and looking out for danger with real time reaction speed. Night vision is usually better for most people too. The brain also combines that with sound so it can detect things out of vision. Eyes already have a range of view but the human head can also move around accurately. On top of all this focus is what the human brain is best at. While cameras can see 360°, years of data built in the subconscious taught a human driver what to look out for.

  • Security News @infosec.pub IllNess @infosec.pub
    Malvertising Campaign Phishes Lowe's Employees
    www.darkreading.com Malvertising Campaign Phishes Lowe's Employees

    Retail employees are being duped into divulging their credentials by typosquatting malvertisements.

    Malvertising Campaign Phishes Lowe's Employees
    0
    Security News @infosec.pub IllNess @infosec.pub
    Apache fixes critical OFBiz remote code execution vulnerability

    Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.

    0
    VMWare releases Fusion vulnerability with 8.8 rating
  • The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.

    The vulnerability allows a user with standard privileges to execute code within the Fusion application.

  • Security News @infosec.pub IllNess @infosec.pub
    VMWare releases Fusion vulnerability with 8.8 rating
    cyberscoop.com VMWare releases Fusion vulnerability with 8.8 rating

    The company issued a patch for the high-severity bug that allows arbitrary code execution.

    VMWare releases Fusion vulnerability with 8.8 rating
    1
    Security News @infosec.pub IllNess @infosec.pub
    Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack
    thehackernews.com Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

    Hackers are spoofing GlobalProtect VPN software using SEO poisoning to deliver WikiLoader malware in a new cyberattack.

    Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

    >The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden said.

    Definitions:

    Malvertising - Internet advertising whose real intention is to deliver malware to the PC when the ad is clicked.

    -wordnik

    0
    Security News @infosec.pub IllNess @infosec.pub
    FTC: Over $110 million lost to Bitcoin ATM scams in 2023

    >The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

    >Bitcoin ATMs are typically located in convenience stores, gas stations, and other busy areas, but instead of dispensing cash like the traditional ATMs they resemble, they allow you to buy and sell cryptocurrency.

    7
    Security News @infosec.pub IllNess @infosec.pub
    New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
    thehackernews.com New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

    Eight vulnerabilities in Microsoft macOS apps allow attackers to bypass permissions, gaining unauthorized access to sensitive data.

    New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
    1
    Security News @infosec.pub IllNess @infosec.pub
    New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
    thehackernews.com New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

    Cicada3301 ransomware targets SMBs, shares code with BlackCat, exploits vulnerabilities in Windows, Linux, and ESXi systems.

    New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

    > Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service (RaaS) platform via an advertisement on the RAMP underground forum.

    2
    Security News @infosec.pub IllNess @infosec.pub
    D-Link says it is not fixing four RCE flaws in DIR-846W routers

    >Though D-Link acknowledged the security problems and their severity, it noted that they fall under its standard end-of-life/end-of-support policies, meaning there will be no security updates to address them.

    0
    Security News @infosec.pub IllNess @infosec.pub
    Docker-OSX image used for security research hit by Apple DMCA takedown

    >The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.

    1
    Security News @infosec.pub IllNess @infosec.pub
    Researchers find SQL injection to bypass airport TSA security checks

    >Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.

    Definitions:

    SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

    -Wikipedia

    8
    Security News @infosec.pub IllNess @infosec.pub
    North Korean hackers exploit Chrome zero-day to deploy rootkit

    >North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit.

    >Citrine Sleet targets financial institutions, focusing on cryptocurrency organizations and associated individuals, and has been previously linked to Bureau 121 of North Korea's Reconnaissance General Bureau.

    2
    Security News @infosec.pub IllNess @infosec.pub
    Commercial Spyware Vendors Have a Copycat in Top Russian APT
    www.darkreading.com Commercial Spyware Vendors Have a Copycat in Top Russian APT

    Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.

    Commercial Spyware Vendors Have a Copycat in Top Russian APT

    >In the watering-hole attacks, threat actors infected two websites, cabinet.gov[.]mn and mfa.gov[.]mn, which belong to Mongolia's Cabinet and Ministry of Foreign Affairs. They then injected code to exploit known flaws in iOS and Chrome on Android, with the ultimate goal of hijacking website visitors' devices.

    Definitions:

    Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.

    -Wikipedia

    Whereas zero-days are a class of vulnerability that is unknown to a software developer or hardware manufacturer, an N-day is a flaw that is already publicly known but may or may not have a security patch available.

    -Dark Reading

    0
    FBI: RansomHub ransomware breached 210 victims since February

    cross-posted from: https://infosec.pub/post/16863645

    > This relatively new ransomware-as-a-service (RaaS) operation extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail. The ransomware group focuses on data-theft-based extortion rather than encrypting victims' files, although they were also identified as potential buyers of Knight ransomware source code. > > Since the start of the year, RansomHub has claimed responsibility for breaching American not-for-profit credit union Patelco, the Rite Aid drugstore chain, the Christie's auction house, and U.S. telecom provider Frontier Communications. Frontier Communications later warned over 750,000 customers their personal information was exposed in a data breach.

    0
    Security News @infosec.pub IllNess @infosec.pub
    FBI: RansomHub ransomware breached 210 victims since February

    This relatively new ransomware-as-a-service (RaaS) operation extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail. The ransomware group focuses on data-theft-based extortion rather than encrypting victims' files, although they were also identified as potential buyers of Knight ransomware source code.

    Since the start of the year, RansomHub has claimed responsibility for breaching American not-for-profit credit union Patelco, the Rite Aid drugstore chain, the Christie's auction house, and U.S. telecom provider Frontier Communications. Frontier Communications later warned over 750,000 customers their personal information was exposed in a data breach.

    0
    Security News @infosec.pub IllNess @infosec.pub
    CISA Launches New Portal to Improve Cyber Reporting

    Today, the Cybersecurity and Infrastructure Security Agency (CISA) announces its cyber incident reporting form moved to the new CISA Services Portal as part of its ongoing effort to improve cyber incident reporting.

    CISA Services Portal

    0
    Security News @infosec.pub IllNess @infosec.pub
    New Tickler malware used to backdoor US govt, defense orgs
    1
    WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
    thehackernews.com WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

    Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.

    WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
    3
    InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)IL
    IllNess @infosec.pub
    Posts 112
    Comments 376