Lingolol

Erik van StratenRisico Cloudflare (+Trump)🌦️ Achter Cloudflare Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent <a href="https://pvv.nl" rel="nofollow noopener" translate="no" target="_blank">https://pvv.nl</a> (let op, daar staat https:// vóór, Mastodon verstopt dat) in uw browser: browser <-1-> Cloudflare <-2-> <a href="https://pvv.nl" rel="nofollow noopener" translate="no" target="_blank">https://pvv.nl</a>⛓️‍💥 Géén E2EE Bij zeer veel websites (<a href="https://pvv.nl" rel="nofollow noopener" translate="no" target="_blank">https://pvv.nl</a> is een voorbeeld) is er sprake van twee *verschillende* verbindingen, dus beslist geen E2EE = End-to-End-Encryption (voor zover dat überhaupt nog wat zegt als de "echte" een cloud-server van Google, Microsoft of Amazon is).🕋 CDN's Cloudflare, een CDN (Content Delivery Network), heeft een wereldomspannend netwerk met "tunnel"-servers in computercentra van de meeste internetproviders. Waarschijnlijk ook bij u "om de hoek".🔥 DDoS-aanvallen Dat is werkt uitstekend tegen DDoS (Distributed Denial of Service) aanvallen. Ook zorgen CDN's voor veel snellere communicatie (mede doordat plaatjes e.d. op een web van servers "gecached" worden) - ook als de "echte" server aan de andere kant van de wereld staan.🚨 Nadelen Maar dit is NIET zonder prijs! Cloudflare kan namelijk *meekijken* in zeer veel "versleuteld" netwerkverkeer (en dat zelfs, desgewenst, wijzigen).🚦 Nee, niet *u* Ook kunnen Cloudflare-klanten allerlei regels instellen waar bezoekers aan moeten voldoen, en hen als "ongewenst" bezoek blokkeren (ook *criminele* klanten maken veelvuldig gebruik van deze mogelijkheid, o.a. om te voorkómen dat de makers van virusscanners nepwebsites op kwaadaardige inhoud kunnen checken). Aanvulling 14:39: { zo kan ik, met Firefox Focus onder Android, <a href="https://cidi.nl" rel="nofollow noopener" translate="no" target="_blank">https://cidi.nl</a> *niet* openen, ik zie dan een pagina waarin o.a. staat "Even geduld, de website van Centrum Informatie en Documentatie Israël (CIDI) is aan het verifiëren of de verbinding veilig is. Please unblock challenges.cloudflare.com to proceed." }😎 Men In Black Omdat Cloudflare een (tevens) in de VS gevestigd bedrijf is, moeten zij voldoen aan de Amerikaanse FISA section 702 wetgeving. Dat betekent dat hen opgedragen kan worden om internetverkeer te monitoren, en zij daar een zwijgplicht over hebben. Terwijl Amerikanen al minder privacy-rechten hebben dan Europeanen, hebben *niet*-Amerikanen *nul* privacyrechten volgens genoemde FISA wet.🔓 Knip Dat https-verbindingen via Cloudflare niet E2EE zijn, blijkt uit onderstaand plaatje (dat vast méér mensen wel eens gezien hebben).📜 Certificaten en foutmeldingen Dat plaatje kan, zonder certificaatfoutmeldingen, ALLEEN bestaan als Cloudflare een geldig authenticerend website-certificaat (een soort paspoort) heeft voor, in dit geval, <a href="https://bleepingcomputer.com" rel="nofollow noopener" translate="no" target="_blank">https://bleepingcomputer.com</a> - en dat hébben ze. Voor MILJOENEN websites.🛃 MitM Cloudflare (maar ook anderen, zoals Fastly) zijn een MitM (Man in the Middle).🤔 De tweede verbinding? Uw browser heeft, grotendeels transparant, een E2EE-verbinding met een Cloudflare server. U heeft géén idee wat voor soort verbinding Cloudflare met de werkelijke website heeft (is dat überhaupt https, en een veilige variant daarvan? Wat doet Cloudflare als het certificaat van de website verlopen is? Etc).👽 AitM En zodra een MitM kwaadaardig wordt, noemen we het een AitM (A van Attacker of Adversary).🗽 Trump Als Trump Cloudflare opdraagt om geen diensten meer aan NL of EU te leveren, werkt hier HELEMAAL NIETS MEER en dondert onze economie als een kaartenhuis in elkaar.🃏 DV-certs Dat Cloudflare een website-certificaat voor bijvoorbeeld <a href="https://vvd.nl" rel="nofollow noopener" translate="no" target="_blank">https://vvd.nl</a> of <a href="https://cidi.nl" rel="nofollow noopener" translate="no" target="_blank">https://cidi.nl</a> heeft verkregen, zou vreemd moeten zijn. Dit is echter een peuleschil "dankzij" DV (Domain Validated) certificaten (het lievelingetje van Google) die het internet steeds onveiliger maken en waar ook onze overheid "voor gevallen is" (zie <a href="https://infosec.exchange/@ErikvanStraten/114032329847123742" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/114032329847123742</a>).😱 Nepwebsites Maar dit is nog niet alles: steeds meer criminele nepwebsites *verstoppen* zich achter Cloudflare, waar zijzelf (crimineel) geld aan verdient. Zie bijvoorbeeld <a href="https://security.nl/posting/876655" rel="nofollow noopener" translate="no" target="_blank">https://security.nl/posting/876655</a> (of kijk eens in het "RELATIONS" tabblad van <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/188.114.96.0/relations</a> en druk enkele keren op •••).<a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener" target="_blank">#Risico</a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener" target="_blank">#Economie</a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fastly</a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener" target="_blank">#CDN</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener" target="_blank">#FISASection702</a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#FISA</a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreeLetterAgencies</a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trump</a> <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sbowden</a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener" target="_blank">#VVD</a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener" target="_blank">#PVV</a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CIDI</a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener" target="_blank">#VT</a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener" target="_blank">#DVCerts</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener" target="_blank">#OV</a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener" target="_blank">#EV</a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#QWAC</a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#NepWebsites</a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeWebsites</a>

Erik van StratenGoogle is kwaadaardigExtreem zelfs, zij hosten -zonder blikken of blozen- zelfs phishingwebsites met de volgende URL's (ik heb ".com" vervangen door "·com", met "hoge" punt, en de '/' door '⧸', om onbedoeld openen te voorkómen): https:⧸⧸helpdesk-google·com https:⧸⧸cancel-google·com https:⧸⧸adsupport-google·comVeel meer info in <a href="https://www.security.nl/posting/872651/https%3A__cancel-google%C2%B7com" rel="nofollow noopener" translate="no" target="_blank">https://www.security.nl/posting/872651/https%3A__cancel-google%C2%B7com</a>.Edit 15:14: ik zie dat de redactie van security.nl mijn artikel heeft verwijderd (tot zover vrijheid van meningsuiting). Ik had het artikel gearchiveerd: <a href="https://archive.is/3UwWn" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/3UwWn</a>.<a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleIsEvil</a> <a href="https://infosec.exchange/tags/Cybercriminaliteit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercriminaliteit</a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> <a href="https://infosec.exchange/tags/GoogleCloudHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleCloudHosting</a> <a href="https://infosec.exchange/tags/CloudHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudHosting</a> <a href="https://infosec.exchange/tags/Hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hosting</a> <a href="https://infosec.exchange/tags/CloudProviders" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudProviders</a> <a href="https://infosec.exchange/tags/BigTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTech</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DomainValidated" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainValidated</a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#Certificates</a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener" target="_blank">#VT</a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/FakeWebSites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeWebSites</a> <a href="https://infosec.exchange/tags/FakeSites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeSites</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a>

Erik van Straten<a href="https://infosec.exchange/@ryanrowcliffe" class="u-url mention" rel="nofollow noopener" target="_blank">@ryanrowcliffe</a> : passkeys are easily lost (I can lookup screenshots) and they don't help for fake sites that you do not have an account for.Sites as can be seen in <a href="https://www.virustotal.com/gui/ip-address/43.135.155.204/relations" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/43.135.155.204/relations</a> (said IP is detected by 18/94 virusscanners, according to VT).Or a site that spoofs one that you do have an account for, such as your bank, and asks you to enter confidential/PII data without having to log in. The scammers subsequently call you, saying they're employees from your bank, and lie to you that criminals may have access to your bank account. You best act quickly by transferring your money to some other "safe vault" bank accout number. They'll offer to help you, provided that you install a RAT such as AnyDesk.We're not fixing an extremely criminalized internet by using passkeys.<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> <a href="https://infosec.exchange/tags/FakeSites" class="mention hashtag" rel="nofollow noopener" target="_blank">#FakeSites</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spoofing</a>

✍️ Eljo #MorpurgoMediaLinux in opmars en kan zich eindelijk meten met Windows en Apple. Eerste virus gevonden gericht op Linux UEFI boot.<a href="https://datanews.knack.be/nieuws/security/onderzoekers-vinden-eerste-uefi-bootkit-voor-linux/" rel="nofollow noopener" translate="no" target="_blank">https://datanews.knack.be/nieuws/security/onderzoekers-vinden-eerste-uefi-bootkit-voor-linux/</a><a href="https://mastodon.nl/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bootkitty</a> <a href="https://mastodon.nl/tags/virus" class="mention hashtag" rel="nofollow noopener" target="_blank">#virus</a> <a href="https://mastodon.nl/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mastodon.nl/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.nl/tags/bootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#bootkit</a> <a href="https://mastodon.nl/tags/uefi" class="mention hashtag" rel="nofollow noopener" target="_blank">#uefi</a> <a href="https://mastodon.nl/tags/eset" class="mention hashtag" rel="nofollow noopener" target="_blank">#eset</a> <a href="https://mastodon.nl/tags/virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#virustotal</a> <a href="https://mastodon.nl/tags/masterbootrecord" class="mention hashtag" rel="nofollow noopener" target="_blank">#masterbootrecord</a> <a href="https://mastodon.nl/tags/morpurgoMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#morpurgoMedia</a>

Erik van StratenWeird and Weirder: Israel & InfoSec* ISRAEL * From <a href="https://highergroundtimes.com/higher-ground/2024/jul/7/why-americas-christians-support-israel/" rel="nofollow noopener" translate="no" target="_blank">https://highergroundtimes.com/higher-ground/2024/jul/7/why-americas-christians-support-israel/</a> (warning, OMG-talk on a privacy-invasive website):<<< Why America’s Christians support Israel By Robert Knight Sunday, July 7, 2024 [...] If the countries around it were pictured as the body and head of a gigantic man, Israel would constitute a fingernail.Yet much of the world is insisting that it is diminutive Israel that has to give up “land for peace.” [...] The pro-Palestinian side argues facetiously that while Arabs have occupied what is now Israel for 3,000 years, Jews are interlopers who were not really in the picture until recently. [...] The Bible clearly says that God set aside Israel for the Jewish people. Genesis 15:18, which Moses wrote about 3,500 years ago, states, “On that day the LORD made a covenant with Abram [Abraham] and said, “To your descendants I give this land, from the Wadi of Egypt to the great river, the Euphrates.”Time and again, God allowed Israel’s enemies to smite them for adopting the barbaric practices of their pagan neighbors, such as child sacrifice, sexual immorality and idol worship. When they repented as a nation, God restored them.An otherwise inexplicable miracle occurred in 1948 when Israel was reestablished after nearly 2,000 years. To many, it is proof that Jerusalem is at the center of God’s unfolding plan for humanity. Since its reestablishment 76 years ago, Israel has had a special relationship with the United States. [...] >>>* INFOSEC * One can read the same BS here: <a href="https://hdfy8d1.cpi1.eu.org/higher-ground/2024/jul/7/why-americas-christians-support-israel/" rel="nofollow noopener" translate="no" target="_blank">https://hdfy8d1.cpi1.eu.org/higher-ground/2024/jul/7/why-americas-christians-support-israel/</a>However, if I tap "Home" in that page, or manually open <a href="https://hdfy8d1.cpi1.eu.org/" rel="nofollow noopener" translate="no" target="_blank">https://hdfy8d1.cpi1.eu.org/</a>, then CloudFlare reports that I've been blocked:<<< Sorry, you have been blockedYou are unable to access washingtontimes.comWhy have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. >>>Why would CloudFlare report that "washingtontimes.com" is blocking me, while it is actually "hdfy8d1.cpi1.eu.org" that is (partially?) proxying "highergroundtimes.com" (albeit related to washingtontimes)?Why does CloudFlare proxy so many malicious/phishing or otherwise shitsites? Is it really only money that counts?Here's an example, look at the domain names in <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/gui/ip-address/188.114.96.0/relations</a> (note the "Communicating Files (1 M)" - mostly malware, then tap the ••• right above "Communicating Files" a couple of times to see more insane domain names).Finally: note that, apart from the zillions of TLD's that confuse browsing people , now also "double-TLD's" (such as *.de.com and *.com.de) seem to gain popularity - by both legit and malicious users.<a href="https://infosec.exchange/tags/Gaza" class="mention hashtag" rel="nofollow noopener" target="_blank">#Gaza</a> <a href="https://infosec.exchange/tags/GazaGenocide" class="mention hashtag" rel="nofollow noopener" target="_blank">#GazaGenocide</a> <a href="https://infosec.exchange/tags/Westbank" class="mention hashtag" rel="nofollow noopener" target="_blank">#Westbank</a> <a href="https://infosec.exchange/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Israel</a> <a href="https://infosec.exchange/tags/Bible" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bible</a> <a href="https://infosec.exchange/tags/Christians" class="mention hashtag" rel="nofollow noopener" target="_blank">#Christians</a> <a href="https://infosec.exchange/tags/Arabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#Arabs</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#DomainNames</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Proxying" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxying</a> <a href="https://infosec.exchange/tags/HidingCybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#HidingCybercriminals</a> <a href="https://infosec.exchange/tags/FacilitatingCyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#FacilitatingCyberCrime</a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener" target="_blank">#VT</a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a>

Crazypedia⍼ :verified_pride:Started a <a href="https://hackers.town/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> Graph for the <a href="https://hackers.town/tags/Awakari" class="mention hashtag" rel="nofollow noopener" target="_blank">#Awakari</a> AI Scraper. Working on finding the IPs they're using so we cna block those completely and reduce the time spent on the whack an asshole game <a href="https://hackers.town/tags/fediblock" class="mention hashtag" rel="nofollow noopener" target="_blank">#fediblock</a> <a href="https://www.virustotal.com/graph/embed/g2a99ca46891a43288de5707f5425934e1c7b90aa9e72466b9fa471d231c7d636" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/g2a99ca46891a43288de5707f5425934e1c7b90aa9e72466b9fa471d231c7d636</a>

@infosec_jcp 🐈🃏 done differentlyYeaaahhh, about that <a href="https://infosec.exchange/tags/TextNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#TextNow</a> free calls and sms's on <a href="https://infosec.exchange/tags/ApkMirror" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApkMirror</a> site* 🚩🚨* First scan (!) Ever<a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> 🔍🚩🚨🚩🚨🚩🚨🚩🚨 <a href="https://www.virustotal.com/graph/embed/g19714e1fe09a40a490a37b65807eed6b84062f17f089410a8e06a622359aec04" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/g19714e1fe09a40a490a37b65807eed6b84062f17f089410a8e06a622359aec04</a>🚩🚨 <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/TextNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#TextNow</a> <a href="https://infosec.exchange/tags/ApkMirror" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApkMirror</a> 🚩🚨

@infosec_jcp 🐈🃏 done differently<a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> 3 of 3 🥳🎉🎊 <a href="https://www.virustotal.com/graph/embed/gb15a1d08beb44e2f8d9cf79fe78754a3c08b5fea50e5479ab0b9dd91a81f56da" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/gb15a1d08beb44e2f8d9cf79fe78754a3c08b5fea50e5479ab0b9dd91a81f56da</a>

@infosec_jcp 🐈🃏 done differently<a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> 2 of 3 ☣️🔍🥳 <a href="https://www.virustotal.com/graph/embed/gb15a1d08beb44e2f8d9cf79fe78754a3c08b5fea50e5479ab0b9dd91a81f56da" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/gb15a1d08beb44e2f8d9cf79fe78754a3c08b5fea50e5479ab0b9dd91a81f56da</a>

@infosec_jcp 🐈🃏 done differently<a href="https://infosec.exchange/tags/virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#virustotal</a> - <a href="https://infosec.exchange/tags/fastly" class="mention hashtag" rel="nofollow noopener" target="_blank">#fastly</a> ( repeat offender ) <a href="https://www.virustotal.com/graph/embed/g5bf729f25f154ae7b229589245feba68fd8de1ec58a24ca6ae301c6f1d68a02d" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/g5bf729f25f154ae7b229589245feba68fd8de1ec58a24ca6ae301c6f1d68a02d</a>

@infosec_jcp 🐈🃏 done differentlyToday I had FOUR new <a href="https://infosec.exchange/tags/GammaGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#GammaGroup</a> <a href="https://infosec.exchange/tags/FinFisher" class="mention hashtag" rel="nofollow noopener" target="_blank">#FinFisher</a> <a href="https://infosec.exchange/tags/FinSpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#FinSpy</a> <a href="https://infosec.exchange/tags/Finsky" class="mention hashtag" rel="nofollow noopener" target="_blank">#Finsky</a> attack nodes do a nice <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DDoS</a> on me to memory leak attack my client(s) that I use to post here... Super pumped about three <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> nodes ( several repeat offenders, mind) and a <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fastly</a> (also repeat offenders) DNS Node.Got my sys nice and super slow until.... my OS & memory on the ... Let's call it a 💻👨‍💻💻 __unleashed my free System resources__ ... just BOUNCED BACK! 🥳🎉🎊🎉🎊🥳🎉🎊😏<a href="https://infosec.exchange/tags/virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#virustotal</a> - <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> 1 of 3 <a href="https://www.virustotal.com/graph/embed/gc720367fbc7c4f7fa779a04f167398ca34f471c1729d4dc78037bafa7d64f708" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/gc720367fbc7c4f7fa779a04f167398ca34f471c1729d4dc78037bafa7d64f708</a>

@infosec_jcp 🐈🃏 done differentlyNew <a href="https://infosec.exchange/tags/StateSponsoredMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#StateSponsoredMalware</a> <a href="https://infosec.exchange/tags/ForcedMDM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForcedMDM</a> client app <a href="https://infosec.exchange/tags/SprintMCMapk" class="mention hashtag" rel="nofollow noopener" target="_blank">#SprintMCMapk</a> module update on <a href="https://infosec.exchange/tags/GammaGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#GammaGroup</a> <a href="https://infosec.exchange/tags/FinFisher" class="mention hashtag" rel="nofollow noopener" target="_blank">#FinFisher</a> <a href="https://infosec.exchange/tags/FinSpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#FinSpy</a> <a href="https://infosec.exchange/tags/MobileClientManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileClientManager</a> The <a href="https://infosec.exchange/tags/ForcedMDM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForcedMDM</a> <a href="https://infosec.exchange/tags/GooglePlayStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePlayStore</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> on 01-16-2024Notice how the <a href="https://infosec.exchange/tags/PNGs" class="mention hashtag" rel="nofollow noopener" target="_blank">#PNGs</a> actually are compressed arrays leading to <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> using a long running <a href="https://infosec.exchange/tags/PNGListArray" class="mention hashtag" rel="nofollow noopener" target="_blank">#PNGListArray</a> in a Portable Network Graphics file format that the client is able to unpack and call to launch <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> attaccc'd as a client from a <a href="https://infosec.exchange/tags/GammaGroupProxyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#GammaGroupProxyServer</a> administrator<a href="https://infosec.exchange/tags/CALEA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CALEA</a> software Reveals on <a href="https://infosec.exchange/tags/Android12" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android12</a> examplesSee screenshots <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/RTNDA" class="mention hashtag" rel="nofollow noopener" target="_blank">#RTNDA</a> <a href="https://infosec.exchange/tags/SSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSM</a>™ <a href="https://infosec.exchange/tags/StateSponsoredMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#StateSponsoredMalware</a>™ <a href="https://infosec.exchange/tags/GreyMarketInvestigations" class="mention hashtag" rel="nofollow noopener" target="_blank">#GreyMarketInvestigations</a> <a href="https://infosec.exchange/tags/CALEA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CALEA</a> <a href="https://infosec.exchange/tags/ForcedMDM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForcedMDM</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/CivilRightsAbuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#CivilRightsAbuse</a> logged from <a href="https://infosec.exchange/tags/GooglePlayStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePlayStore</a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a><a href="https://www.virustotal.com/graph/embed/gfc12bdb135534ae5bd0fc322e7679090d7b08158b4b84f26a4abfa175df9a5a7" rel="nofollow noopener" translate="no" target="_blank">https://www.virustotal.com/graph/embed/gfc12bdb135534ae5bd0fc322e7679090d7b08158b4b84f26a4abfa175df9a5a7</a>

@infosec_jcp 🐈🃏 done differentlyUpdated 🔎☣️🎁☠️🔍: 📰🗞️🛰️📡📺 #infosec #SSM™ #StateSponsoredMalware™ #investigations #RTDNA

@infosec_jcp 🐈🃏 done differentlyGammaGroup.com #FinFisher #FinSpy #Finsky App : #CarrierHub #SMF-2021.2.apk#Android12

FrehiYesterday the news broke that a trojanized version of <a href="https://fosstodon.org/tags/freedownloadmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#freedownloadmanager</a> was being distributed. <a href="https://securelist.com/backdoored-free-download-manager-linux-malware/110465/" rel="nofollow noopener" target="_blank">https://securelist.com/backdoored-free-download-manager-linux-malware/110465/</a>1 day later: - no single anti virus vendor (besides <a href="https://fosstodon.org/tags/Kasperksy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kasperksy</a>) added detection <a href="https://www.virustotal.com/gui/file/b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d/detection" rel="nofollow noopener" target="_blank">https://www.virustotal.com/gui/file/b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d/detection</a> - Both 1.1.1.2 and 9.9.9.9 malware filtering DNS servers still resolve the domain - Only a handful of security vendors flag the domain as malicious <a href="https://www.virustotal.com/gui/domain/deb.fdmpkg.org/detection" rel="nofollow noopener" target="_blank">https://www.virustotal.com/gui/domain/deb.fdmpkg.org/detection</a>Even though this is not widespread, this is disappointing.<a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://fosstodon.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://fosstodon.org/tags/virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#virustotal</a>

Xavier «X» Santolaria :verified_paw: :donor:📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> list of resources for week #29/2023 is out! It includes the following and much more:➝ 🇷🇺 ⚖️ <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> Seeks 18 Years in Jail for Founder of <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> Firm ➝ 🇷🇺 🇪🇺 Pro-Russian hacktivists increase focus on Western targets. The latest is <a href="https://infosec.exchange/tags/OnlyFans" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnlyFans</a> ➝ 🧨 🤖 <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DDoS</a> Botnets Hijacking <a href="https://infosec.exchange/tags/Zyxel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zyxel</a> Devices to Launch Devastating Attacks ➝ 🪱 New <a href="https://infosec.exchange/tags/P2PInfect" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2PInfect</a> Worm Targeting Redis Servers on <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> and <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> Systems ➝ 🚫 🛜 <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> restricting internet access to some employees to reduce <a href="https://infosec.exchange/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberattack</a> risk ➝ 🇬🇧 🍏 <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a> slams UK surveillance-bill proposals ➝ 🎭 💸 Cybersecurity firm <a href="https://infosec.exchange/tags/Sophos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sophos</a> impersonated by new <a href="https://infosec.exchange/tags/SophosEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#SophosEncrypt</a> ransomware ➝ 🇺🇦 🤖 <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukraine</a> takes down massive bot farm, seizes 150,000 SIM cards ➝ 🔐 🛜 <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISA</a> and <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSA</a> Issue New Guidance to Strengthen <a href="https://infosec.exchange/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#5G</a> Network Slicing Against Threats ➝ 🇨🇳 🦠 Chinese <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT41</a> Hackers Target Mobile Devices with New WyrmSpy and DragonEgg <a href="https://infosec.exchange/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spyware</a> ➝ 🇺🇸 🪦 Famed Hacker Kevin Mitnick Dead at 59 ➝ 🇺🇸 🕵🏻‍♂️ U.S. Government Blacklists <a href="https://infosec.exchange/tags/Cytrox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cytrox</a> and <a href="https://infosec.exchange/tags/Intellexa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Intellexa</a> Spyware Vendors for Cyber Espionage ➝ ☁️ 🔓 <a href="https://infosec.exchange/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Citrix</a> alerts users to critical vulnerability in Citrix ADC and Gateway ➝ 🔓 📂 <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> Data Leak Exposes Some Registered Customers' Details ➝ 🦠 🐈‍⬛ FIN8 Group Using Modified Sardonic <a href="https://infosec.exchange/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> for <a href="https://infosec.exchange/tags/BlackCat" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackCat</a> Ransomware Attacks ➝ 👤 🔓 <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> Security alert: social engineering campaign targets technology industry employees ➝ 🇺🇸 🇨🇳 Analysis of <a href="https://infosec.exchange/tags/Storm0558" class="mention hashtag" rel="nofollow noopener" target="_blank">#Storm0558</a> techniques for unauthorized email access ➝ 🇨🇳 ☁️ <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens ➝ 🇺🇸 📱 White House, <a href="https://infosec.exchange/tags/FCC" class="mention hashtag" rel="nofollow noopener" target="_blank">#FCC</a> advance efforts to add security labels to connected devices ➝ 🇪🇸 🇺🇦 Police arrests Ukrainian <a href="https://infosec.exchange/tags/scareware" class="mention hashtag" rel="nofollow noopener" target="_blank">#scareware</a> developer after 10-year hunt ➝ 🇳🇴 💵 <a href="https://infosec.exchange/tags/Norway" class="mention hashtag" rel="nofollow noopener" target="_blank">#Norway</a> Threatens $100,000 Daily Fine on <a href="https://infosec.exchange/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meta</a> Over Data ➝ 🅰️ 🔓 Two New Adobe <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> Vulnerabilities Exploited in Attacks ➝ 🎣 🌍 <a href="https://infosec.exchange/tags/JumpCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#JumpCloud</a> Says Sophisticated Nation-State Hackers Targeted Specific Customers ➝ 🦠 📊 <a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#MOVEit</a> Hack: Number of Impacted Organizations Exceeds 340 📚 This week's recommended reading is: "Leadership Is Changing the Game - The Transition from Technical Expert to Leader" by Brian DonovanSubscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecMASHUP</a> newsletter to have it piping hot in your inbox every week-end ⬇️<a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-week-292023" rel="nofollow noopener" translate="no" target="_blank">https://infosec-mashup.santolaria.net/p/infosec-mashup-week-292023</a>

Eva WolfangelAber wie gesagt: Sensible Inhalte haben auf Virustotal natürlich nichts zu suchen. Darauf zu hoffen, dass sie schon niemand findet, ist leichtsinnig. Und es wurden ja schon Dinge dort gefunden… <a href="https://chaos.social/tags/virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#virustotal</a> <a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Malwar3Ninja | Threatview.io[Threatview.io] ⚡Our team conducted a hunt on the available domain telemetry data in our proactive hunter dataset for the known ssl certificate used by <a href="https://infosec.exchange/tags/icedid" class="mention hashtag" rel="nofollow noopener" target="_blank">#icedid</a>. The IOC's contain indicators from period 01 January 2022 and fresh IOC's will be published on daily baisis in out IP/ domain blocklist feed on Threatview.io. Check out our latest <a href="https://infosec.exchange/tags/Virustotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Virustotal</a> collection with IP's and Domains related to <a href="https://infosec.exchange/tags/Icedid" class="mention hashtag" rel="nofollow noopener" target="_blank">#Icedid</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a>. <a href="https://www.virustotal.com/gui/collection/48eb7f1b21f63c722ee5c76569ae317ceaf80731c700b489b6bff7c0cf0074e9" rel="nofollow noopener" target="_blank">https://www.virustotal.com/gui/collection/48eb7f1b21f63c722ee5c76569ae317ceaf80731c700b489b6bff7c0cf0074e9</a>More details on ICEDID: <a href="https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid" rel="nofollow noopener" target="_blank">https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid</a><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTI</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/threathunt" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunt</a>

Recent searches

Search options

Administered by:

Server stats:

#virustotal