kalilinux | Юмор и развлечения

Telegram-канал kalilinux - Kali Linux

18089

unofficial

Подписаться на канал

Kali Linux

All donations to the Tor Project matched 1:1, now through Dec 31

Each year during this season, the Tor Project holds a fundraiser during which we ask for your support. We do this because the Tor Project is a nonprofit organization, powered by donations from our community.

Donations make it possible for the Tor Project to build tools powered by people-not profit.
Over the next few months, well be sharing stories from some of the millions of people you’re helping when you support Tor, details about what’s coming next to our suite of privacy and censorship circumvention tools, and ways you can help make privacy online easy and accessible.

Now is a great time to give and spread the word about the Tor Project because through the end of the year, all donations will be matched. That means when you donate $25, you’re making a $50 impact. Plus, we’ve introduced a brand-new item to our list of gifts you can receive in return for making a donation.
https://torproject.org/donate/donate-tel-yec2024

Читать полностью…

Kali Linux

Gen Threat Labs has recently discovered a sophisticated rootkit targeting Arch Linux (6.10.2-arch1-1 x86_64)

More details in the pictures and here is the source

@Kalilinux

Читать полностью…

Kali Linux

Yet another supply chain attack, yet another Chinese App on Google play.
We're talking about the new version of the Necro malware loader for Android which has the same payload configurations and payloads as the previous version and is installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

Wuta Camera, a selfie retouching app developed by Shanghai Benqumark Network Technology and the Max Browser, which marketed itself as a privacy-focused browser for Android are the two Apps involved.

the two apps were infected by an advertising SDK named 'Coral SDK,' which employed obfuscation to hide its malicious activities and also image steganography to download the second-stage payload, shellPlugin, disguised as harmless PNG images.

While the trojan was removed in version 6.3.7.138, any payloads that might have been installed via the older versions might still lurk on Android devices.

source-01
source-02
More detailed source-03

@kalilinux

Читать полностью…

Kali Linux

North Korean hackers target Python developers with malware disguised as coding tests — hack has been underway for a year and is likely to be continued.

@Kalilinux
Source-01
Sourse-02

Читать полностью…

Kali Linux

Today the United States Department of Justice announced the conviction of Remy St. Felix. St. Felix is accused of being the mastermind behind a string of violent home invasions targeting individuals possessing large quantities of cryptocurrency.

Prosecutors state St. Felix targeted crypto holders in North Carolina, Florida, Texas, and New York.

Due to the violence of the actions — including assaulting victims, zip-tying them, holding them at a gunpoint, and threatening to murder their family, St. Felix is facing charges for; conspiracy, kidnapping, Hobbs Act robbery, wirefraud, and brandishing a firearm in furtherance of a crime of violence. He is facing a maximum sentence of life in prison.

@Kalilinux

Source

Читать полностью…

Kali Linux

@kalilinux

Читать полностью…

Kali Linux

A new version of the Open Source AI Definition has been released with one new feature and a cleaner text, based on comments received from public discussions and recommendations.

You can also join the community and participate in this historic moment by providing precise feedback on the text of the latest draft.

@kalilinux
https://opensource.org/blog/community-input-drives-the-new-draft-of-the-open-source-ai-definition

Читать полностью…

Kali Linux

Let's have a glance on the fragility of the open-source software supply chain.
Experts believe "The community model of just trusting [the code] because it’s open source was never a great model" and it needs to be changed.

When trust meets transparency in open-source, security risks aren’t far behind.

@kalilinux
https://cyberscoop.com/open-source-security-trust-xz-utils/

Читать полностью…

Kali Linux

Joseph Cox asked Signal's president whether the FBI has approached any of Signal's engineers to put certain code into Signal (the CEO of Telegram recently said FBI did approach Telegram engineers to try to do this).
@kalilinux

Читать полностью…

Kali Linux

404media is reporting that #Reddit is blocking ALL search engine crawls EXCEPT #Google – which is currently paying $60,000,000/year for the right to scrape Reddit for #AI training data.

More information:
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/

@kalilinux
Source

Читать полностью…

Kali Linux

A CrowdStrike update is breaking computers running Windows, causing them to crash and display the blue screen of death. Across industries, companies around the world haven’t been able to reboot, according to reports. Firms affected by the outage include Sky News, which has been unable to broadcast.

Microsoft said it is taking “mitigation actions” after service issues it said started at about 6 p.m. Eastern Time. The company says it is investigating issues with cloud services in the U.S. and “an issue impacting several of its apps and services,” Sky News reported.

“We are aware of a scenario in which customers experience issues with their machines causing a bug check (blue screen) due to a recent CrowdStrike update,” a Microsoft spokesperson said. “We recommend customers to follow guidance provided by CrowdStrike.”

There is a workaround, they added:

1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching "C-00000291*.sys"
4. Boot normally.


@kalilinux
https://www.forbes.com/sites/kateoflahertyuk/2024/07/19/crowdstrike-windows-outage-what-happened-and-what-to-do-next/

Читать полностью…

Kali Linux

When visiting a *.google.com domain, the Google site can use the API to query the real-time CPU, GPU, and memory usage of your browser, as well as info about the processor you're using, so that whatever service is being provided – such as video-conferencing with Google Meet – could, for instance, be optimized and tweaked so that it doesn't overly tax your computer. The functionality is implemented as an API provided by an extension baked into Chromium – the browser brains primarily developed by Google and used in Chrome, Edge, Opera, Brave, and others.

https://www.theregister.com/2024/07/12/chromium_api_system_information/

@kalilinux

Читать полностью…

Kali Linux

Among the privacy-conscious, Proton is a very well-known name, thanks to their wide range of products and services that make it a major player in the space.

Just recently, Proton Pass launched Secure Links for safe, convenient password sharing.

Only the recipient can see the contents of these secure links, with the sender having a great deal of control over the link. Using the Proton Pass app (Web and Mobile), they can set an expiry period (1 hour-30 days), limit how many times it can be viewed, and, of course, revoke access to it.

And for a limited time, they are helping more people take advantage of secure sharing and other advanced features by offering a year of Pass Plus for only $12. You not only get Secure Links but also unlimited vaults and hide-my-email aliases, Dark Web Monitoring, the Proton Sentinel security program, integrated 2FA authenticator, and more. This offer ends July 21.

Check this link for more details on the new feature and the discount.

@kalilinux

Читать полностью…

Kali Linux

Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies.

The executives did not consider the incident a threat to national security because they believed the hacker was a private individual with no known ties to a foreign government. The company did not inform the F.B.I. or anyone else in law enforcement!

Fears that a hack of an American technology company might have links to China are not unreasonable. Last month, Brad Smith, Microsoft’s president, testified on Capitol Hill about how Chinese hackers used the tech giant’s systems to launch a wide-ranging attack on federal government networks.

Read more...
@Kalilinux

Читать полностью…

Kali Linux

A critical GitLab vulnerability could allow an attacker to run a pipeline as another user

This week, GitLab released new versions of its Community (open source) and Enterprise Editions.

The updates include fixes for 14 different security issues, including cross site request forgery (CSRF), cross site scripting (XSS), denial of service (DoS), and more. One of the issues is deemed of low severity according to the Common Vulnerability Scoring System (CVSS), nine are of medium severity, and three are high — but there's also one critical bug with a CVSS score of 9.6 out of 10.

The CVE-2024-5655, affects GitLab versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, according to the company.
It enables an attacker to trigger a pipeline as another user, but only under circumstances which GitLab did not elaborate on (nor did it provide any other information about the vulnerability).
source
@Kalilinux

Читать полностью…

Kali Linux

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

HIBP operator Troy Hunt confirmed to Bleeping Computer that nine days ago, he received a file containing “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses, and confirmed it was valid by matching data with a user’s account.

But 54 percent of the accounts were already in its database from previous breaches.

Not so long after the breach, the Internet Archive suffered a DDoS attack, which has now been claimed by the BlackMeta hacktivist group, who says they will be conducting additional attacks.

read more ...

@Kalilinux

Читать полностью…

Kali Linux

Caroline Ellison to 2 years for covering up Sam Bankman-Fried’s FTX fraud

Caroline Ellison "deeply regrets" FTX lies, must now forfeit $11 billion.

Source

@Kalilinux

Читать полностью…

Kali Linux

UltraAV force-installed on Kaspersky users' PCs
#Kaspersky antivirus has reportedly begun silently installing a new #antivirus product called "Ultra AV" on United States-based users machines!

According to many online customer reports, including BleepingComputer's forums, UltraAV's software was installed on their computers without any prior notification, with many concerned that their devices had been infected with #malware.

"I woke up and saw this new antivirus system on my desktop and I tried opening kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which uninstalled kaspersky somehow," one user said.

@kalilinux
source

Читать полностью…

Kali Linux

https://www.youtube.com/watch?v=MKTN2OiR2R8

@Kalilinux

Читать полностью…

Kali Linux

#Zyxel is warning of nearly a dozen #vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which can be targeted as an initial point of entry into large #networks

@kalilinux
source

Читать полностью…

Kali Linux

Telegram founder Pavel Durov arrested in Paris: 'Taken into custody by French secret services'

@kalilinux
source-fr
source-en

Читать полностью…

Kali Linux

Is "open source" AI, really open? What is an #open_source Ai? Is it possible to have one? How?

The license for Meta’s LLaMa 2 restricts usage by any organization with 700 or more million monthly active users. Other licenses explicitly prohibit using #AI for illegal activities, which can vary widely country by country. Are those models open source?


@kalilinux
https://leaddev.com/tech/be-careful-open-source-ai

Читать полностью…

Kali Linux

https://shiftmag.dev/unhappy-developers-stack-overflow-survey-3896/?utm_source=changelog-news

@kalilinux

Spoiler Alert:
Working with imperfect systems demoralizes programmers, making it difficult to do quality work.

Читать полностью…

Kali Linux

@kalilinux

Читать полностью…

Kali Linux

ESET researchers discovered a #zero_day Telegram for Android exploit that allows sending #malicious files disguised as videos.
@kalilinux

We were able to locate an example of the exploit, allowing us to analyze it further, and report it to Telegram on June 26th, 2024. On July 11th, they released an update that fixes the vulnerability in Telegram versions 10.14.5 and above.

The #exploit only works on #Android #Telegram versions 10.14.4 and older.

Source

Читать полностью…

Kali Linux

🚨🚨AT&T allegedly Paid a Hacker $370,000 to Delete Stolen Phone Records. "A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain." 🙂
@kalilinux
https://www.wired.com/story/atandt-paid-hacker-300000-to-delete-stolen-call-records/

Читать полностью…

Kali Linux

Massive AT&T data breach exposes call logs of 109 million customers.

AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs) made from May 1 to October 31, 2022 and on January 2, 2023.

The stolen data includes:

. Telephone numbers of AT&T wireline customers and customers of other carriers.
. Telephone numbers with which AT&T or MVNO wireless numbers interacted.
. Count of interactions (e.g., the number of calls or texts).
. Aggregate call duration for a day or month.
. For a subset of records, one or more cell site identification numbers.

source
@kalilinux

Читать полностью…

Kali Linux

@kalilinux

No; It's not sponsored and we were not paid to advertise it.

Читать полностью…

Kali Linux

A rather interesting Bitcoin transaction was published and confirmed somewhere around two days ago.
it sends BTC to a non-standard bitcoin address that only contains 2 bytes ("bc1pfeessrawgf") where the standard is for addresses to be 20 bytes long.

that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address.

the transaction seems to attempt use every form of valid bitcoin input and output type: p2pk (the oldest output type, where you send money directly to someone's public key), legacy (the format widely used from 2010 to 2017 -- also tied for oldest, since Satoshi included this format as a non-default option in bitcoin v0), "bare multisig" where the output is a list of two or more public keys, P2SH multisig where the output is a "hash" of two or more public keys, "nested segwit," "native segwit v0," segwit v1 (i.e. taproot), plus two unusual lightning-related utxos: an in-flight HTLC and a force closure tx.

the input amounts contain several interesting numbers:
. 6102 is the executive order by which Roosevelt implemented a partial ban on self-custodied gold in the USA
. 1913 is the year he did that
. 1971 is the year the USA abandoned the gold standard
. 2140 is the year bitcoin's block subsidy stops
and so many more interesting references.

And its OP_RETURN is "Not your inputs, not your outputs"!

You can check this transaction here and read about it here in the stacker.news

@Kalilinux

Читать полностью…

Kali Linux

The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group

source 01
source 02
@Kalilinux

Читать полностью…
Подписаться на канал