Report: Indian e-Payments App Exposes Millions of Users in Massive Data Breach

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.

The website was being used in a campaign to sign large numbers of users and business merchants to the app from communities across India. All related data from this campaign was being stored on a misconfigured Amazon Web Services S3 bucket and was publicly accessible.

The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals.

👀 Data Breach Summary 👀

Company/Website: http://cscbhim.in/
Located: India
Industry: Mobile banking; e-payments; personal finance
Size of data in gigabytes: 409 GB
Suspected no. of records: ~7.26 million
No. of people exposed: Millions
Geographical scope: Nationwide across India
Types of data exposed: PII data
Potential impact: Identity theft, fraud, theft, viral attacks
Data storage format: AWS S3 bucket

👉🏼 Read more:
https://www.vpnmentor.com/blog/report-csc-bhim-leak/

#BHIM #india #data #brach #leak #epayment #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

‘Anonymous’ online activists see huge, unexplained surge in support amid Black Lives Matter protests

'There is something interesting going on'

"Ok. We don't know why we got 3.5 million new followers, putting us at 5 million - but if you're new to our feed, and you're not a bot we can be pretty gruff. We don't mince words, we tell it like it is and when we want lulz, it upsets many people.

"Welcome aboard."

https://www.independent.co.uk/life-style/gadgets-and-tech/news/anonymous-activists-online-george-floyd-protests-black-lives-matter-a9544261.html

#anonymous #BlackLivesMatter
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies

Malicious hackers with black hoodies in the monitor light. Pizza boxes in the corner, Nerf guns for relaxation. This romanticised, nerdy cliché view of cyber criminals has little to do with reality, scientists write in a paper. Most jobs in the criminal scene are no more exciting than the average office job. Including annoying support and bureaucratic boredom.

👉🏼 PDF:
https://www.cl.cam.ac.uk/~bjc63/Crime_is_boring.pdf

#cybercrime #hacker #infrastructure #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Shodanfy.py

Get ports, vulnerabilities, informations, banners,..etc for any IP with Shodan (no apikey! no rate limit!)

💡 Usage:

# python3 shodanfy.py <ip> [OPTIONS]
e.g:
python3 shodanfy.py 111.111.111.111
python3 shodanfy.py 111.111.111.111 --getports
python3 shodanfy.py 111.111.111.111 --getvuln
python3 shodanfy.py 111.111.111.111 --getinfo
python3 shodanfy.py 111.111.111.111 --getmoreinfo
python3 shodanfy.py 111.111.111.111 --getbanner
python3 shodanfy.py 111.111.111.111 --getports --getvuln
python3 shodanfy.py 111.111.111.111 --proxy 127.0.0.1:8080
# support pipeline, --stdin option is required..
# echo "<ip>" or cat ips.txt | python3 shodanfy.py --stdin [OPTIONS]
e.g:
echo "111.111.111.111"|python3 shodanfy.py --stdin
echo "111.111.111.111"|python3 shodanfy.py --stdin --proxy 127.0.0.1:8080
echo "111.111.111.111"|python3 shodanfy.py --stdin --getvuln
cat ips.txt|python3 shodanfy.py --stdin --getports
dig google.com +short A | grep -oi '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | python3 shodanfy.py --stdin --geports

👉🏼 https://github.com/m4ll0k/Shodanfy.py

⚠️ Always remember to use these techniques, instructions or hardware only with devices whose owners or users have allowed this !! The unauthorized access to foreign infrastructure is punishable by law.

#shodan #vulnerabilities #pentesting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Children spend 80 minutes a day with Tiktok - almost as much as Youtube

Tiktok is becoming increasingly popular with children and is now almost on a par with YouTube. Children between the ages of 4 and 15 spend an average of 80 minutes a day on Tiktok, according to a report by Qustodio, a provider of parental control apps. On Youtube, it's five minutes more.

👉🏼 PDF 🇬🇧:
https://qweb.cdn.prismic.io/qweb/e59c2e0f-ef4f-4598-b330-10c430e2ec71_Qustodio+2020+Annual+Report+on+Children%27s+Digital+Habits.pdf

👉🏼 Read more 🇩🇪:
https://t3n.de/news/kinder-verbringen-taeglich-80-1288824

#tiktok #youtube #digitalhabits #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Fake ransomware decryptor double-encrypts desperate victims' files

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

While ransomware operations such as Maze, REvil, Netwalker, and DoppelPaymer get wide media attention due to their high worth victims, another ransomware called STOP Djvu is infecting more people then all of them combined on a daily basis.

With over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.

Emsisoft and Michael Gillespie had previously released a decryptor for older STOP Djvu variants, but newer variants cannot be decrypted for free.

If the ransomware is so common, you may be wondering why it doesn't get much attention?

The lack of attention is simply because the ransomware mostly affects home users infected through adware bundles pretending to be software cracks.

While downloading and installing cracks is not excusable, many of those who are infected simply cannot afford to pay a $500 ransom for a decryptor.

Double-encrypting someone's data with a second ransomware is just kicking someone while they are already down.

👉🏼 Read more:
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/

https://twitter.com/demonslay335/status/1268908281151586304

https://www.golem.de/news/zorab-schadsoftware-ransomware-tarnt-sich-als-entschluesselungs-tool-2006-148959.html

#zorab #Djvu #fake #ransomware #decryptor
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The A1 Telekom Austria Hack - they came in through the web shells

On the 3rd of February 2020 I received an encrypted email on 3 of my email addresses from a person calling themself "Libertas" with the subject "Information for the public".

"I am writing to you today because you seem to be a IT security related guy from Austria with a brain. I hope this assumption is correct, otherwise please disregard this message.

I am writing concerning your local telecom company A1 Telekom. -Libertas"

At first I thought it's some conspiracy theorist who wants to publish something on my blog (they always do) but it was not one of these cases and I wasn't prepared to what they presented me.

Disclaimer:

After confirming the hack with A1 I was asked to postpone the publishing of this post until A1 has kicked the attackers out. I complied with their request so I wouldn't interfere with the ongoing investigation. Since I did not publish this post for months the whistleblower also contacted a journalist from Heise.de and we agreed to release our articles at the same time.

Since I have no way of checking the validity of individual statements made by the whistleblower, they could all be fabricated. I find them very plausible and many details of the email were confirmed by A1 but keep it in the back of your head that the statements of "Libertas" might be untrue or half-true until confirmed by A1 Telekom. Since I had the opportunity to talk to people from A1 I will add their statements in blue.

👉🏼 Read more:
https://blog.haschek.at/2020/the-a1-telekom-hack.html

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/oesterreich-hackerangriff-bei-a1-telekom-2006-148984.html

#austria #telekom #hack #hacked #Libertas
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Europol uses Palantir

Since 2016, the European Police Agency has been using the "Gotham" software to evaluate mass data. Europol has signed a contract for 7.5 million euros with the company Capgemini in 2012, just over half of the money has already been spent. Palantir promoted the software at the "European Police Congress".

The police agency Europol in The Hague has been running the "Gotham" software of the US concern Palantir for several years. This is what the European Commission writes in its answer to a parliamentary question. The application was tested in 2016 within the framework of the "Fraternité" task force, which Europol set up after the attacks in France at the time. Palantir is also criticised for his close cooperation with the military and secret services in the USA.

Since mid-2017, "Gotham" has been in continuous operation, Europol uses it for "operational analysis". This enables investigators to calculate and visualize relationships between people, objects or the course of events. "Structured data", such as contact lists, tables from radio cell queries and travel histories, are linked with "unstructured data" such as photos or location data. This so-called mass data evaluation is intended to generate new investigative approaches.

👉🏼 Parliamentary request:
https://www.europarl.europa.eu/doceo/document/E-9-2020-000173-ASW_EN.html

👉🏼📺 Audit-Protokoll-Analysis with Palantir Gotham
https://t.me/BlackBox_Archiv/403

👉🏼 🇩🇪 Indications on the use of Facebook data by Palantir:
https://t.me/cRyPtHoN_INFOSEC_DE/3147

👉🏼 Read more 🇩🇪:
https://netzpolitik.org/2020/europol-nutzt-palantir/

#eu #palantir #europol #Capgemini #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Researchers detail huge hack-for-hire campaigns against environmentalists

‘Dark Basin’ is said to have targeted nonprofit groups battling Exxon Mobil

Hackers for hire have targeted thousands of individuals as part of campaigns against environmental advocacy groups, journalists, and others, according to a report produced by Citizen Lab, the University of Toronto’s cybersecurity watchdog group. Citizen Lab dubbed the group behind the campaigns “Dark Basin,” noting that it specifically targeted climate-change organizations who were campaigning against Exxon Mobil.

The report concludes that the campaigns represent “a clear danger to democracy” and could allow powerful organizations to target their opponents. “The extensive targeting of American nonprofits exercising their first amendment rights is exceptionally troubling,” Citizen Lab’s report says. The group has provided its information to federal prosecutors who are investigating the hackers and who hired them, The New York Times reports.

https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/

https://www.nytimes.com/2020/06/09/nyregion/exxon-mobil-hackers-greenpeace.html

#DarkBasin #researchers #hackers #hack #ExxonMobil
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Real-Time Passive Sound Recovery from Light Bulb Vibrations

Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room

You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits.

A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.

The findings were published in a new paper by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August.

The technique for long-distance eavesdropping, called "Lamphone," works by capturing minuscule sound waves optically through an electro-optical sensor directed at the bulb and using it to recover speech and recognize music.

https://www.nassiben.com/lamphone

PDF:
https://ad447342-c927-414a-bbae-d287bde39ced.filesusr.com/ugd/a53494_443addc922e048d89a664c2423bf43fd.pdf

👉🏼 Read more:
https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

#spy #cybersecurity #lightbulb #blackhat #sidechannel #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

You can bypass youtube ads by adding a dot after the domain

💡On desktop browsers.

To follow up: I had initially assumed that it didn't work on mobile because the browsers normalized the URL, however this isn't the case. The redirection happens on the server side. So, if you want this to work on mobile browsers, use the "Request Desktop Site" feature.

For example:

https://www.youtube.com/watch?v=DuB8VUICGqc // will occasionally show ads

https://www.youtube.com./watch?v=DuB8VUICGqc // will not show ads

It's a commonly forgotten edge case, websites forget to normalize the hostname, the content is still served, but there's no hostname match on the browser so no cookies and broken CORS - and lots of bigger sites use a different domain to serve ads/media with a whitelist that doesn't contain the extra dot

💡 This works for many news websites as well serving paywalls, e.g.

https://www.nytimes.com./2020/06/09/us/george-floyd-who-is.html

👉🏼 Read more:
https://www.reddit.com/r/webdev/comments/gzr3cq/fyi_you_can_bypass_youtube_ads_by_adding_a_dot/

https://www.ghacks.net/2020/06/13/bypass-ads-on-youtube-and-some-paywalls-without-third-party-tools/

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/url-trick-ein-zeichen-mehr-und-youtube-ist-werbefrei-2006-149095.html

#youtube #yt #ads #paywalls
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Many Police Departments Have Software That Can Identify People In Crowds

BriefCam, a facial recognition and surveillance video analysis company, sells the ability to surveil protesters and enforce social distancing — without the public knowing.

As protesters demand an end to police brutality and the coronavirus pandemic sweeps the nation, police departments around the country are using software that can track and identify people in crowds from surveillance footage — often with little to no public oversight or knowledge.

Dozens of cities around the country are using BriefCam, which sells software that allows police to comb through surveillance footage to monitor protests and enforce social distancing, and almost all of these cities have hosted protests against police brutality in the weeks since George Floyd was killed in police custody, BuzzFeed News has found.

Some of the cities using BriefCam’s technology — such as New Orleans and St. Paul — have been the site of extreme police violence, with officers using rubber bullets, tear gas, and batons on protesters. Authorities in Chicago; Boston; Detroit; Denver; Doral, Florida; Hartford, Connecticut; and Santa Fe County, New Mexico have also used it.

Some cities said they were not using BriefCam in conjunction with the protests or the pandemic. The St. Paul Police Department told BuzzFeed News that it has not used BriefCam “to detect social distancing or face masks” or “for crowd detection/monitoring protests.” The department representative did not respond when asked if there is department policy that prevents it.

BriefCam shows the line between contact tracing, policing, and surveillance can be thin — as cities can spend tens of thousands of dollars for powerful technology, with few restrictions on how police can use it.

BriefCam did not return multiple requests for comment or respond to a detailed list of questions.

💡 https://www.buzzfeednews.com/article/carolinehaskins1/police-software-briefcam

💡 https://www.crunchbase.com/organization/briefcam#section-funding-rounds

💡 https://www.briefcam.com/company/about/

Read more 🇩🇪:
https://netzpolitik.org/2020/briefcam-dutzende-staedte-in-den-usa-haben-gesichtserkennung-fuer-demonstrationen/

#usa #surveillance #police #software #BriefCam #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Who Is Bill Gates? (Full Documentary, 2020)

Just in time for #ExposeBillGates Global Day of Action, The #CorbettReport is releasing the full Who Is #BillGates? documentary in a single upload. Please help to spread the word about this documentary, including the audio and video downloads and hyperlinked transcript at corbettreport.com/gates

👉🏼 Watch this video on
BitChute / LBRY / Minds.com / YouTube

https://www.corbettreport.com/who-is-bill-gates-full-documentary-2020/

#documentary #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Anonymous Tweets U.S. Hit by Major DDoS Attack on June 15

Following a massive cell phone service outage that affected hundreds of thousands of T-Mobile, AT&T, Verizon and Sprint customers on Monday, the hacktivist group Anonymous tweeted that it was a result of a “major DDoS attack.” The companies affected and authorities have not confirmed the claim.

DDoS, short for Distributed Denial of Service, is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Attackers target a wide variety of important resources, from banks to news websites, flooding the sites with too much information to operate and causing a major challenge to people wanting to publish or access important information.

Anonymous tweeted out a digital map that appeared to show the various types of attacks happening between America and the rest of the world on Monday.

The U.S. is currently under a major DDoS attack. https://t.co/7pmLpWUzUp pic.twitter.com/W5giIA2Inc

— Anonymous (@YourAnonCentral) June 15, 2020

👉🏼 Read more:
https://heavy.com/news/2020/06/anonymous-ddos-attack-cell-service-outage/

#anonymous #usa #ddos #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

L’App unique - France goes it alone on digital contact tracing

The European Commission wants to make Corona-tracing apps work across borders ahead of the summer holidays. But the French app has been excluded.

Today, Germany has launched its much-debated app for digital contact tracing in a bid to prevent a second wave of the Corona virus. While the app is only available in Germany, the European Union wants to make digital contact tracing work beyond borders.

On the same day the German app was rolled out, the EU Commission has unveiled technical specifications that shall enable different corona apps to exchange data and thus function across countries. In technical jargon this is called interoperability.

Based on the decentralised approach, the European Commission has announced it will set up a server infrastructure to link national apps. This federation gateway, as it is referred to in a 10-page technical document released by the Commission, shall be up and running within three weeks.

A pilot test between Germany, the Netherlands, Poland and Ireland shall start shortly after, Commission spokesperson Johannes Bahrke said in Brussels.

However, one country is notably absent from the European undertaking – France. The Commission says that the data exchange will erstwhile only work for apps using a decentralised approach to store user data.

👉🏼 Corona-Warn-App
The official COVID-19 exposure notification app for Germany:
https://github.com/corona-warn-app

👉🏼 Read more 🇬🇧:
https://netzpolitik.org/2020/france-goes-it-alone-on-digital-contact-tracing/

#corona #app #france #germany #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

UntrackMe

What does UntrackMe do?

Basically it handles urls. It can do these:

💡 Redirect:
Transform YouTube, Twitter, Instagram and Google Maps URLs into URLs of front-ends and services that respect your privacy.

💡 Unshorten:
See the real link behind short URLs of some URL shortening services without loading the web page

💡 Cleanup:
Remove known UTM parameters from a URLs

👉🏼 Read more:
https://fedilab.app/wiki/untrackme/

#UntrackMe #clearlinks #redirect #unshorten #cleanup
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

The Beauty and the (Fraud) Beast

White Ops Threat Intelligence and Research Team June 2020

👉🏼 List (pdf) of fraudulent picture editing applications:
https://www.whiteops.com/hubfs/BeautyFraud-Appendix-A.pdf

#pdf #fraudulent #picture #editing #applications #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

A Quick and Dirty Guide to Cell Phone Surveillance at Protests

As uprisings over police brutality and institutionalized racism have swept over the country, many people are facing the full might of law enforcement weaponry and surveillance for the first time. Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance.

Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.

The bottom line is this:
there is very little concrete evidence of cell site simulators being used against protesters in the U.S. The threat of cell site simulators should not stop activists from voicing their dissent or using their phones. On the other hand, given that more than 85 local, state, and federal law enforcement agencies around the country have some type of CSS (some of which are used hundreds of times per year), it’s not unreasonable to include cell site simulators in your security plan if you are going to a protest and take some simple steps to protect yourself.

💡 Surveillance Self-Defense - Your Security Plan:
https://ssd.eff.org/en/module/your-security-plan

👉🏼 Read more:
https://www.eff.org/deeplinks/2020/06/quick-and-dirty-guide-cell-phone-surveillance-protests

#surveillance #police #usa #defence #phone #CSS #SecurityPlan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

2020: A Facebook user's Odyssey?

Join us on a journey to try to solve the mystery behind the advertisers who have uploaded our personal data to Facebook but with whom we've never interacted with before.

👀 Key findings:

👉🏼 In summer 2019, we noticed that "unknown" companies had been uploading our data to Facebook and we decided to send Data Subject Access Requests (DSARs) to find out more.

👉🏼 This ended up being a lengthy and tedious process, involving requests to fill in unnecessary forms or being asked to provide more data than needed as well as other obstacles to the proper and smooth exercise of our data access rights.

👉🏼 Eventually, we managed to shed some light on the "Facebook advertisers mystery" by finding out more about the involvement of third parties in the process.

👉🏼 However, our investigation demonstrates the need to continue challenging this opacity overall and Facebook's less than adequate transparency

👉🏼 As a result of this investigation some companies reviewed their practices and we have written to Facebook to demand changes.

👉🏼 Read more:
https://privacyinternational.org/long-read/3857/2020-facebook-users-odyssey

#DeleteFacebook #fb #privacy #mydata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools

👀 Summary:

👉🏼 In October 2019 Amnesty International published a first report on the use of spyware produced by Israeli company NSO Group against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui. Through our continued investigation, Amnesty International’s Security Lab identified similar evidence of the targeting of Omar Radi, a prominent activist and journalist from Morocco from January 2019 until the end of January 2020.

👉🏼 Evidence gathered through our technical analysis of Omar Radi’s iPhone revealed traces of the same “network injection” attacks we described in our earlier report that were used against Maati Monjib. This provides strong evidence linking these attacks to NSO Group’s tools.

👉🏼 These findings are especially significant because Omar Radi was targeted just three days after NSO Group released its human rights policy. These attacks continued after the company became aware of Amnesty International’s first report that provided evidence of the targeted attacks in Morocco. This investigation thus, demonstrates NSO Group’s continued failure to conduct adequate human rights due diligence and the inefficacy of its own human rights policy.

👀 Introduction:

In October 2019 Amnesty International published the report “Morocco: Human Rights Defenders Targeted with NSO Group’s Spyware”, where we detailed the targeting of Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui using surveillance technology produced by the company NSO Group. In this current report, Amnesty International now reveals that Omar Radi, another prominent human rights defender and journalist from Morocco was also targeted using NSO Group’s tools.

👉🏼 Read more:
https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/

#morocco #journalist #spy #nso
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

80,000 printers are exposing their IPP port online

Printers are leaking device names, locations, models, firmware versions, organization names, and even WiFi SSIDs.

For years, security researchers have warned that every device left exposed online without being protected by a firewall is an attack surface.

Hackers can deploy exploits to forcibly take control over the device, or they can just connect to the exposed port if no authentication is required.

Devices hacked this way are often enslaved in malware botnets, or they serve as initial footholds and backdoors into larger corporate networks (Russian hackers already use this technique).

However, despite this being common knowledge among cyber-security and IT experts, we still have a large number of devices that are left exposed online unsecured.

👉🏼 Open IPP Report – Exposed Printer Devices on the Internet:
https://www.shadowserver.org/news/open-ipp-report-exposed-printer-devices-on-the-internet/

👉🏼 Read more:
https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/

#leak #breach #hacked #exposed #iot #ipp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN