BlackBox (Security) Archiv
15 Dec 2023 16:23
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”
https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/
👉🏼 https://webcache.googleusercontent.com/search?q=cache:G8IWWik_R1YJ:https://www.cmglocalsolutions.com/blog/active-listening-an-overview&hl
👉🏼 https://webcache.googleusercontent.com/search?q=cache:ZA57uuvQNT8J:https://www.cmglocalsolutions.com/blog/how-voice-data-works-and-how-you-can-use-it-in-your-business&hl
#advertising #targeted #privacy
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
21 Oct 2023 16:55
💡 So, ad blockers violate YouTube ToS? Good, because user agent spoofers don't.
Change your user agent to Windows Phone to disable ads. 💡
https://files.enderman.ch/scripts/yt-antiadblocker.mp4
#antiadblocker #youtube #adblocker
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
16 Oct 2023 14:10
Counter-OSINT & privacy guide: how to protect your personal data
https://github.com/soxoj/counter-osint-guide-en
#osint #guide
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
10 Oct 2023 07:47
Reflections of the Israel-Palestine Conflict on the Cyber World
In the midst of the ongoing Israel-Palestine conflict, a notable upsurge of hacktivist collectives has emerged, announcing an unceasing barrage of digital assaults directed at a wide range of targets from both sides of the conflict.
This situation unfolds as a response to the ongoing Israel-Palestine conflict, which involves Palestinian militant groups led by Hamas initiating a large-scale offensive originating from the Gaza Strip and targeting Israel.
Although the cyber world sometimes seems like a stand-alone entity, it must be a reflection of the physical world, so just like the hacktivism resurgence that came with the Ukraine-Russia war, this sad conflict situation for humanity will also show an increasing business of war in the cyber world.
https://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/
Read as well:
https://www.dnaindia.com/india/report-israel-palestine-conflict-how-indian-hackers-sunk-their-cyber-fangs-into-hamas-palestinian-national-bank-3063682
#cyberwar
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
28 Sep 2023 13:27
Beware of investment spam messages in the name of BlackBox (Security) Archiv!
For some time now, someone has been posing as BlackBox (Security) Archiv to distribute Bitcoin spam.
Please don't fall for it! BlackBox would never write to its readers in private chats. If you receive such a message, please report the user to Telegram and then delete the chat.
Stay safe, watch your back and don't get tricked! :)
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
27 Sep 2023 05:48
Using silent SMS to localize LTE users
Proof of concept implementation
In this blog post, I’ll dive into an intriguing technique – using silent SMS messages to track LTE users’ locations. We’ll see how an attacker could send silent SMS messages with a defined pattern and analyze LTE traffic to verify the victim location.
https://mandomat.github.io/2023-09-21-localization-with-silent-SMS/
#silentsms #proofofconcept #lte #sms
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
14 Sep 2023 10:13
Hacking Meduza: Pegasus spyware used to target Putin’s critic
An investigation by Access Now and the Citizen Lab at the Munk School of Global Affairs at the University of Toronto (the Citizen Lab) has revealed that the iPhone of journalist Galina Timchenko, head of Meduza, a leading Russian independent media outlet based in Latvia, has been infected with Israeli firm NSO Group’s Pegasus spyware. The spyware attack took place two weeks after the Russian government declared Meduza an “undesirable organization” for its critical coverage of Vladimir Putin’s regime and the war in Ukraine. At the same time, some European political leaders were publicly arguing for surveillance of all Russians in exile. This is the first documented case of a Pegasus infection of a Russian journalist.
https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/
#pegasus #spyware
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
01 Sep 2023 18:58
CRYPTOGRAPHY BUG BOUNTY
TYPE #1 Reward: $300K - $1M
TYPE #2 Reward: $12,000
We've extensively researched cryptography and developed a simple standalone linux app that doesn't require network access, you can also monitor network to ensure security. App is automated and controllable through bash. bugs type #2 is only have one purpose but finding a type #1 bugs, which serves a dual purpose: advancing the development of the new generation of blockchain and type #1 data refers to cryptocurrencies that have remained transaction-free since 2009, guaranteeing their lack of ownership... If you discover type #1 bug, you could be rewarded generously and your life could greatly improve. we firmly believe that more hands and our collective knowledge hold immense power.
System requirements: README
Special Bonus: If someone discovers bug type #2 for the second time, they shall be rewarded twofold.
Contract me: @
Reports: 0 Last paid: $0
Last updated: 1 SEP 2023
Читать полностью…
BlackBox (Security) Archiv
25 Aug 2023 11:27
Big Ass Data Broker Opt-Out List
This list was started on September 29, 2017 and was most recently updated in May 2023 to add information on sites that require you to click links sent via email or to receive an automated call and enter a four-digit number on your phone in order to complete an opt-out request.
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
#bigdata
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
09 Aug 2023 13:43
<Lolek> Hosted, a notorious bulletproof hosting provider who was a competitor to the infamous CyberBunker, has been seized by the United States Federal Bureau-Investigation, IRS Criminal Investigation unit, and Poland's Central Bureau of Combating Cybercrime (CBZC)
https://nitter.net/vxunderground/status/1688965817654775820#m
Via Twitter
#lolek #bulletproof #hosting #seized
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
27 Jul 2023 17:24
Hackers are infecting Call of Duty players with a self-spreading malware
Hackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware.
On June 26, a user on a Steam forum alerted other players of Call of Duty: Modern Warfare 2 that hackers “attack using hacked lobbies,” and suggested running an antivirus. The malware mentioned in the thread appears to be on the malware online repository VirusTotal.
Another player claimed to have analyzed the malware and wrote in the same forum thread that the malware appears to be a worm, based on a series of text strings inside the malware. A game industry insider, who asked to remain anonymous because they were not allowed to speak to the press, confirmed that the malware contains those strings, indicating a worm.
https://techcrunch.com/2023/07/27/hackers-are-infecting-call-of-duty-players-with-a-self-spreading-malware
#malware #alert
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
19 Jul 2023 05:42
The Death of Infosec Twitter
“Infosec twitter” has been used to describe the vibrant, active and often enthusiastic community of security practitioners working in and around the industry. It’s been a source of insight, inspiration and entertainment for many and for years. Therefore, it is with a bit of sadness that I must announce that the death of infosec twitter is upon us.
https://www.cyentia.com/the-death-of-infosec-twitter/
#infosec
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
06 Jul 2023 04:24
The National Assembly in France adopted article 3 of the Justice bill which authorizes the authorities to remotely activate the cameras and microphones of telephones or other connected devices without the knowledge of the persons concerned.
https://twitter.com/WallStreetSilv/status/1676724700074897409
https://newsinfrance.com/justice-law-the-activation-of-remote-telephones-approved-by-the-national-assembly/
#surveillance #france
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
25 Jun 2023 20:16
The Russian government is trying to block the Tor network, but users can circumvent this block by using a Tor Bridge or Tor Snowflake.
👉🏼 Download Tor Browser: @
💡 You can help Tor Russian users to circumvent censorship by:
- Running a snowflake proxy: https://snowflake.torproject.org
- Running an obsf4 bridge:
https://community.torproject.org/relay/setup/bridge/
https://forum.torproject.org/t/tor-blocked-in-russia-how-to-circumvent-censorship/982
#tor #russia
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
18 Jun 2023 17:27
Pegasus Spyware: so dangerous that it should be banned? OTW explains...
Pegasus is used around the world to hack people's phones. It's extremely dangerous and can be used to control a phone remotely without the user knowing that is running.
https://www.youtube.com/watch?v=Fsh5JcK5F4k
00:00 - Intro
00:22 - Brilliant Add
01:59 - OTW Books
03:54 - Pegasus overview ....
‼️ just start the video from 03:54 to skip that sponsoring crap ‼️
#pegasus #spyware #video
🎥@
🎥@
🎥@
🎥@
🎥@
Читать полностью…
BlackBox (Security) Archiv
12 Nov 2023 11:03
A step-by-step Android penetration testing guide for beginners
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.
As I’m presently engaged in Android penetration testing, I’d like to relay my experiences with you, as they may prove beneficial in addressing some of the inquiries, I had difficulty resolving answers too, without more introductions let’s get started.
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
#android #pentest
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
17 Oct 2023 14:03
Persistent cross-site scripting vulnerabilities in Liferay Portal
In 2023 we found multiple vulnerabilities in Liferay Portal, a digital experience platform for enterprise websites. It is a free and open-source software project. A few thousand installations on the Internet not suppressing the Liferay-Portal HTTP response header can be found via special purpose search engines.
The Liferay Portal in the Community Version is the foundation for the web interface of Liechtenstein's electronic health portal. That's the reason we got involved with the portal software – not as a customer pentest project, but out of interest. We wrote a blog post about the Liechtenstein's electronic health portal (blog post is in German). We reported our findings regarding the Liferay Portal to Liferay in order to get them addressed. Now we are releasing technical details about the vulnerabilities.
Another vulnerability we mentioned in the health portal is a Denial of Service attack, where a nested Graph QL query is not restricted by the portal and which consumes available resources leading to a Denial of Service. This vulnerability is known to Liferay.
Just so there are no misunderstandings: We did not try to use these vulnerabilities against Liechtenstein's electronic health portal.
https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/
#vulnerabilities #liferay
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
14 Oct 2023 07:17
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.
Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox.
Analysis of this in-the-wild exploit chain reveals the first known case of attackers exploiting the Safari IPC layer to "hop" from WebContent to the GPU process, adding an extra link to the exploit chain (CVE-2023-32409)
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
#ios #exploit
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
09 Oct 2023 17:24
Thou Shalt Not Reject: Analyzing Accept-Or-Pay Cookie Banners on the Web
Privacy regulations have led to many websites showing cookie
banners to their users. Usually, cookie banners present the user
with the option to “accept” or “reject” cookies. Recently, a new form
of paywall-like cookie banner has taken hold on the Web, giving
users the option to either accept cookies (and consequently user
tracking) or buy a paid subscription for a tracking-free website
experience.
In this paper, we perform the first completely automated analysis
of cookiewalls, i.e., cookie banners acting as a paywall.
https://www.devashishgosain.com/assets/files/paper-cameraready.pdf
#pdf #cookies #banner
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
27 Sep 2023 13:50
Your child’s privacy is worth more than likes
Sharenting and its implications for children's privacy
Some parents love to share pictures and videos of their children online. Pictures of the newborn baby or that first smile; a video with the first steps, the first visit to the swimming pool, parties, trips, family moments; then perhaps posts with funny stories, intriguing questions, and even sensitive conversations, such as a teenager revealing to the parent that they are non-binary. This behavior even has a name: sharenting, or documenting your child’s life online. And it has serious implications for children's privacy.
https://www.theprivacywhisperer.com/p/your-childs-privacy-is-worth-more
#privacy #children #sharenting
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
16 Sep 2023 15:13
GameLauncher: A WIP replacement for samsungs gamelauncher which respects your privacy
GameLauncher is an app to see all your games in one place but without tracking.
GameLauncher is an open-source replacement for proprietary game-launchers from samsung and other manufacturers. It works without a network connection and collects absolutely no data about you. Simply launch the app and all your apps will be there. Still WIP!
https://github.com/0xFOSSMan/GameLauncher
#foss #opensource #gamelauncher
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
06 Sep 2023 12:47
It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
Ah, the wind in your hair, the open road ahead, and not a care in the world… except all the trackers, cameras, microphones, and sensors capturing your every move. Ugh. Modern cars are a privacy nightmare.
Car makers have been bragging about their cars being “computers on wheels" for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants' privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.
https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
#privacy #security
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
30 Aug 2023 11:34
Google now moderates your synched bookmarks
silvermoon82/110969122337810598" rel="nofollow">https://strangeobject.space/@/110969122337810598
#deletegoogle
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
15 Aug 2023 19:00
Ransomware Diaries: Volume 3 – LockBit’s Secrets
In this volume of the Ransomware Diaries, I will share interesting, previously unknown details of the LockBit ransomware operation that LockBit has tried very hard to cover up. Until now, you have been lied to about LockBit’s true capability. Today, I will show you the actual current state of its criminal program and demonstrate with evidence-backed analysis that LockBit has several critical operational problems, which have gone unnoticed.
This time, besides using fake personas, I have spoken directly with the gang and many of its affiliate partners. I also reached out to victims. I learned what happens behind the scenes during the ransom negotiations and the relationships LockBit has with its affiliate partners and competing rival gangs. LockBit has secrets it does not want either party to know. Now, I look forward to sharing them with you!
Before I begin, I need to share a significant event that took place as I finalized this report. In August 2023, LockBit’s leadership vanished and was unreachable to fellow gang members, including its affiliate partners, for the first two weeks of August. During that time, several of LockBit’s close associates shared concerns that the gang’s leadership was on the run or dead. Then, on August 13, LockBit reappeared on private channels as if it never happened. Still, during the time LockBit was gone, LockBits data leak site and infrastructure were up, but no one was actively managing it.
👉🏼 Volume 3: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
👉🏼 Volume 2: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/#Part_II_The_Victims%E2%80%99_Story
👉🏼 Volume 1: https://analyst1.com/ransomware-diaries-volume-1/
#ransomware #lockbit
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
03 Aug 2023 18:09
CannaPower - Pirate Site Not Impressed by Global DNS Blocking Order
Sony Music's legal efforts have produced a major breakthrough. As the result of a German blocking order, DNS provider Quad9 now blocks global access to music piracy site CannaPower. The operator of the site doesn't appear to be impressed so far, noting that it doesn't really hurt traffic. "They will never get us down," the operator says, adding that moving to the Tor network remains an option as well.
https://torrentfreak.com/pirate-site-not-impressed-by-global-dns-blocking-order-230803/
#cannapower
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
24 Jul 2023 15:14
Debunking Runa Sandvik — CatalanGate Spyware
In April 2022, the world was informed about 65 suspected instances of espionage in Catalonia. The revelation came through a report and data jointly released by The Citizen Lab, a public policy institution at The University of Toronto, and Amnesty Tech, a cybersecurity division of Amnesty International. Following their investigation, these special interest groups leveled direct accusations against the Spanish government, alleging the utilization of surveillance technology developed by Israeli cyber intelligence firms NSO Group and Candiru, LTD to target Catalan civil society.
https://jonathandata1.medium.com/debunking-runa-sandvik-pegasus-spyware-catalangate-40a3cd2ebc53
#nso #pegasus #spyware #catalangate
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
06 Jul 2023 11:33
Surveillance advertising in Europe: The adtech industry tracks most of what you do on the Internet. This file shows just how much
The advertising industry has more than 650,000 labels to target people. Reading through them reveals how even the most sensitive aspects of our life are monitored. EU-based data brokers play a vital role in this system.
Everything we do on the Internet is being recorded and analyzed in order to achieve one goal: to show us targeted advertising. This is a reality to which many people have become accustomed in exchange for free services. However, very few people understand exactly where our data ends up when we visit websites, use apps or make digital payments. Targeted advertising moves in mysterious ways. That’s another fact we’ve become accustomed to.
👉🏼 Download: https://web.archive.org/web/20230525225541mp_/https://xandr-be-prod.zoominsoftware.io/bundle/monetize_monetize-standard/page/attachments/data-marketplace-buyer-overview/data_marketplace_public_segments_pricing_05212021.xlsx
https://netzpolitik.org/2023/surveillance-advertising-in-europe-the-adtech-industry-tracks-most-of-what-you-do-on-the-internet-this-file-shows-just-how-much/
#surveillance #advertising #eu
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
04 Jul 2023 03:52
Cracking Down on Dissent, Russia Seeds a Surveillance Supply Chain
Russia is incubating a cottage industry of new digital surveillance tools to suppress domestic opposition to the war in Ukraine. The tech may also be sold overseas.
As the war in Ukraine unfolded last year, Russia’s best digital spies turned to new tools to fight an enemy on another front: those inside its own borders who opposed the war.
To aid an internal crackdown, Russian authorities had amassed an arsenal of technologies to track the online lives of citizens. After it invaded Ukraine, its demand grew for more surveillance tools. That helped stoke a cottage industry of tech contractors, which built products that have become a powerful — and novel — means of digital surveillance.
The technologies have given the police and Russia’s Federal Security Service, better known as the F.S.B., access to a buffet of snooping capabilities focused on the day-to-day use of phones and websites. The tools offer ways to track certain kinds of activity on encrypted apps like WhatsApp and Signal, monitor the locations of phones, identify anonymous social media users and break into people’s accounts, according to documents from Russian surveillance providers obtained by The New York Times, as well as security experts, digital activists and a person involved with the country’s digital surveillance operations.
https://www.nytimes.com/2023/07/03/technology/russia-ukraine-surveillance-tech.html
#surveillance
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
25 Jun 2023 06:04
Sharing Your Credit Card With a Shady Pirate IPTV Service Isn’t a Brilliant Idea
Pirate IPTV services have transformed into a billion-dollar industry in recent years. It is a highly profitable business that, at the upper echelon, appears to be well organized. However, research from the Digital Citizens Alliance shows that handing over credit card details to unknown parties also has its drawbacks, including 'surprise' charges.
https://torrentfreak.com/sharing-your-credit-card-with-a-shady-pirate-iptv-service-isnt-a-brilliant-idea-230624/
#iptv
📡@
📡@
📡@
📡@
📡@
Читать полностью…
BlackBox (Security) Archiv
16 Jun 2023 06:58
Mozilla puts advertising into Firefox AGAIN
They have added a new option to Firefox privacy settings, enabled by default of course, to allow "suggestions from sponsors" to "occasional"ly appear in the navigation bar dropdown, as if they were bookmarks. I noticed this by seeing a link to Office Depot in the pulldown, wondering what Office Depot page I had bookmarked or in my history, and discovering that it was an in-browser "sponsored suggestion". It appears to work by sending all your navigation bar typeahead to Mozilla so it can match you with a sponsor (oops about that privacy, lol). I'm not sure how recent this "feature" is, but I think it is recent, and I only noticed it today (I'm on LTS Firefox but installed an update a few days ago). Maybe the less stable releases have had it for longer.
Turning the sponsored suggestions off is not that difficult (see the url above for instructions), but Mozilla's unceasing obsession with inveigling advertising into the browser is... disturbing. Another day in the enshittification of the web.
👀 See: How to customize Firefox Suggest settings, https://support.mozilla.org/en-US/kb/firefox-suggest
https://news.ycombinator.com/item?id=36351322
#firefox
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4463