Nach meiner Einschätzung sind nicht nur große Teile der Microsoft-O365-Service kompromittiert, sondern auch alle Windows-Rechner, die damit verbunden waren. Ein Super-Gau epischen Ausmaßes - scheint vielen aktuell nicht klar zu sein. 🤷♂️ 👇
WTF? Is #Tenacity on the #Flatpak store #MALWARE? Apparently it was running in the bg AS IF it was an invincible #Gnome extension so SystemMonitor/htop would NOT see it as a process. But #MissionCenter (also from flatpak store) saw it as it is: an app running on startup! Killing it killed Gnome session! It was also spiking wifi, and was leaking the Gnome gjs service from 4MB RAM to 120MB. Uninstalling fixed the prob
At least 18 different malicious extensions (as of 30 MAY and this post) identified by @WPalant
Remember extensions have privileged access to the browser (and data in the browser). Choose your extensions wisely... they could be #spyware or #malware in disguise.
So I’m testing my assumptions, but does anyone pirate games or software in general anymore? I mean I know they are out there the fitgirl repacks etc etc , but do people still trust the pirates stuff to not come with new and novel malware?
Predictably, #microsoft started injecting ads into #openai#gpt4 powered #bingchat conversations…and just as predictably, there is now a huge #malvertising problem in Bing Chat.
It’s actually worse than #malware poisoned advertisements showing up in search engine results for a couple of reasons.
Sophos X-Ops is raising the alarm to the #hotel industry, warning that threat actors appear to be using requests or complaints as a lure to convince front-desk workers to infect their own computers with password stealing #malware. 1/
Sophos X-Ops is currently tracking a campaign by threat actors targeting unpatched #Citrix#NetScaler systems exposed to the internet. Our data indicates strong similarity between #attacks using CVE-2023-3519 delivering #malware and #webshells and previous attacks using a number of the same #TTPs.
Bezüglich des Artikels zu Antiviren-Apps unter Android hat mich die Stiftung Warentest kontaktiert: "[...]
vielen Dank für Ihre Mail und Ihre Auseinandersetzung mit unserem Test. Wir nehmen Ihre Hinweise ernst und werden uns mit dem von uns beauftragten Prüfinstitut in Verbindung setzen und die von Ihnen erwähnten Punkte besprechen. Anschließend werden wir uns zeitnah bei Ihnen melden." 👇
I've cracked billions of #passwords from tens of thousands of #data#breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.
Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!
Enable MFA for important online accounts, including cloud-based password managers!
Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.
Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.
Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!
Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.
#Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!
Tipp Nr.22: Virenschutzprogramme. Hier scheiden sich die Geister. Wer Windows nutzt, kann den »Microsoft Defender« verwenden. Unter Linux, macOS und auch auf den mobilen Systemen Android und iOS ist ein Virenschutz nicht notwendig. Vorausgesetzt, das System/die Anwendungen sind aktuell, ist die Awareness wichtiger. Antivirenprogramme vermitteln ein trügerisches Gefühl von Sicherheit und verleiten Anwender zu unüberlegten Handlungen.
Just downloading some updates and checking #SHA hashes, like you do. Insofar as people actually bother, I wonder how many people just look at the first few digits and the last few digits and call it a day. Which raises a question: has anyone ever explored the idea of hash "partial" collisions in a crypto context? I.e. if the first and last 8 hex digits are the same, but the middle could differ. Might be a useful thing for some attackers trying to deposit nasty things in public repositories. #Malware#HashCollisions#Cryptography#Software#InfoSec#SupplyChain
Tipp Nr.8: Sei vorsichtig beim Öffnen von E-Mail-Anhängen oder dem Klicken auf Links, insbesondere von unbekannten Absendern. Diese können Phishing-Versuche oder schädliche Dateien enthalten. Phishing lässt sich bspw. über Rechtschreibfehler und/oder Prüfung der finalen URLs (Mouse-over-Effekt) erkennen. Wissenswert: Eure Bank wird euch nicht per E-Mail oder SMS zur Aktualisierung eurer Daten/Passwörtern/Installation von Apps auffordern.
Not so sure if I can trust those Mini PCs from Chinese manufacturers because of this. There is instances of preinstalled malware that steals passwords, credit card information, and more :bunhdthink:
Sure, the manufacturer eventually admits it, but their reputation is already ruined.
Granted, if you do a clean install of Windows or install Linux, it will be okay, but most users will use it as is.
Premiering now! Had a great conversation with Shannon Morse about my issues reviewing some mini PCs that came pre-loaded with malware. https://www.youtube.com/watch?v=oH2R3o-EbTA
She offers some GREAT tips and tricks for folks interested in keeping their home networks secure and their data safe!
Anyone who downloaded the GOG Baldur's Gate 3 release from 1337x, scan with Malwarebytes asap!
Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)...