Chrome extension caught stealing crypto-wallet private keys

A Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys, security researcher says.

A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

It is unclear if the Shitcoin Wallet team is responsible for the malicious code, or if the Chrome extension was compromised by a third-party. A spokesperson for the Shitcoin Wallet team did not reply to a request for comment before this article's publication.

https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

The KGB Hack: 30 Years Later

The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later

#video #CCC #36c3 #KGB #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Mozilla: All Firefox users get California's CCPA privacy rights to delete personal data

The next version of Firefox will give users a way of requesting Mozilla delete their telemetry data.

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.

https://www.zdnet.com/article/mozilla-all-firefox-users-get-californias-ccpa-privacy-rights-to-delete-personal-data/

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Facebook Fined $1.65 Mn by Brazil

Brazil on Monday fined Facebook $1.65 million for improperly sharing users' data in a case linked to the global Cambridge Analytica scandal.

Facebook engaged in an "abusive practice" by allowing data from 443,000 users in Brazil to be unduly available to developers of the application "This is Your Digital Life," according to the Ministry of Justice.

https://www.securityweek.com/facebook-fined-165-mn-brazil

Read Via Telegram

By RepublicWorld - HERE

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

I Was Google’s Head of International Relations. Here’s Why I Left

https://medium.com/@rossformaine/i-was-googles-head-of-international-relations-here-s-why-i-left-49313d23065


#google #why #left #international #relations

Chaos Computer Club talks 2019

Videos:
https://media.ccc.de/b/congress/2019

Event presentations and slides:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/index.html


#ccc #talks

Obscurix: Linux Live System for privacy, security and anonymity

#Obscurix is a new open source #Live operating system based on #Arch #Linux. Obscurix attaches great importance to your #privacy, #security and #anonymity on the net. The live operating system routes all your traffic quite securely through the #Tor# network and also supports many other networks like #I2P and #Freenet.

Privacy, Security and Anonymity
To get it straight up front: Obscurix does not want to be a Linux operating system for pentesters. Even if you mainly want to play games on your computer, you better find something else. Obscurix is simply a secure and easy to use live operating system. In addition, the developers have done a lot to make it resistant against various forms of tracking and #surveillance. As a user you don't have to configure much, which makes it easy to get started.

One of the big differences between this and other Linux operating systems is the special focus on privacy, security and anonymity. Therefore Obscurix is not an operating system that you should install on your hard disk. As a pure live operating system it runs only in the memory of your computer. During shutdown the #OS automatically deletes all digital "traces" that third parties could otherwise evaluate later.

Continue on:
https://tarnkappe.info/obscurix-linux-live-system-fuer-privatsphaere-sicherheit-und-anonymitaet/

👉🏼 Obscurix:
https://obscurix.github.io/

👉🏼 ObscurixOS TG support group:
https://t.me/Obscurix_OS

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Google Boots Security Camera Maker From Nest Hub After Private Images Go Public

The issue came to light after a Reddit user claimed being able to see strangers on his Xiaomi Mijia smart camera.

China-based electronics company Xiaomi said it has fixed a “cache update” issue for its Xiaomi Mijia smart camera after a Reddit user’s claims that attempts to view Xiaomi camera footage on his Google Nest Hub instead showed videos of strangers.

https://threatpost.com/google-boots-security-camera-maker-from-nest-hub-after-private-images-go-public/151512/

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

The Schism at the Heart of the Open-Source Movement

Developers are protesting after revelations that the source-code repository GitHub contracted with ICE. But if you restrict access to open-source code, is it still open?

For the past two years, software engineers and systems administrators from San Jose to Seattle have engaged in the tech industry’s latest rite of passage: reading the news to discover that their employer contributed to something they find unethical. In 2018, Google workers learned of the company’s secret U.S. military contract and state-censorship search project in China from media reports.

https://www.theatlantic.com/technology/archive/2020/01/ice-contract-github-sparks-developer-protests/604339/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

ProtonMail pushes ProtonCalendar into beta

For those looking for an alternative to Google's calendar

Why it matters: As 2020 begins, it's safe to say 2019 was the year that trust in "Big Tech" plummeted. As that happens, companies like Proton and Mozilla are becoming better positioned as alternatives to Google as consumers yearn for more and better privacy. Well known encrypted email provider ProtonMail is getting a much requested calendar option, giving users another privacy-first alternative.

https://www.techspot.com/news/83370-protonmail-pushes-protoncalendar-beta.html

Read Via Telegram

Earlier Post - HERE

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Serious cyber-attack on Austria's foreign ministry

Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.

The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".

The hack started on Saturday night and experts warn it could continue for several days.

The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .

It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.

"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.

https://www.bbc.com/news/world-europe-50997773

https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/

#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Changelog : v3.1.7
• Fix a major major bug

Top Live Cyber Attack Maps for Visualizing Digital Threat Incidents

✳️ Arbor Networks DDoS Attack Map - HERE

✳️ Kaspersky Cyber Malware and DDoS Real-Time Map - HERE

✳️ ThreatCoud Live Cyber Attack Threat map - HERE

✳️ Fortinet Threat Map - HERE

✳️ Akamai Real-Time Web Attack Monitor - HERE

✳️ LookingGlass Phishing/Malicious URL Map - HERE

✳️ Threat Butt Hacking Attack Map - HERE

✳️ Talos Spam and Malware Map - HERE

✳️ Sophos Threat Tracking Map - HERE

✳️ FireEye Cyber Threat Map - HERE

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

OpenMediaVault

https://www.openmediavault.org

Network attached storage (NAS) solution based on Debian Linux. It contains services like SSH, (S)FTP, SMB/CIFS, DAAP media server, RSync, BitTorrent client and many more. Thanks to the modular design of the framework it can be enhanced via plugins.

openmediavault is primarily designed to be used in small offices or home offices, but is not limited to those scenarios. It is a simple and easy to use out-of-the-box solution that will allow everyone to install and administrate a Network Attached Storage without deeper knowledge


📡 @NoGoolag 📡 @Libreware
#omv #openmediavault #nas #debian #cloud #storage #alternatives

FreeNAS

https://www.freenas.org

Operating system that can be installed on virtually any hardware platform to share data over a network. FreeNAS is the simplest way to create a centralized and easily accessible place for your data. Use FreeNAS with ZFS to protect, store, backup, all of your data


📡 @NoGoolag 📡 @Libreware
#freenas #nas #bsd #cloud #storage #alternatives

Cutting Google out of your life
https://github.com/tycrek/degoogle

https://redd.it/ekreke
@r_privacy

Browser Extensions Are a Leaky Vessel for Phishers to Exploit

Some of the most common and helpful ways to optimize web browsers are by adding extensions, such as those offered by Google Chrome. These typically small software add-ons can be attached to a browser for better functionality, ad-blocking and more. But the customizations and increase in productivity they provide don’t come without risk. In fact, malicious activity conducted through browser extensions as an attack vector is on the rise.

https://www.cyberdefensemagazine.com/browser-extensions/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

NextCloud

http://nextcloud.com

💬 @nextcloud

The self-hosted productivity platform that keeps you in control.
Nextcloud is an easy-to-use cloud, privacy focused, and a fantastic alternative to any cloud like Google drive.
It supports 2fa, remote wipe, military grade encryption and other privacy-centric features.
It is used by millions of people and many enterprises.
It can be an alternative for the majority of google services.


🛠 apps.nextcloud.com

Nextcloud has many apps, developed by them and by third-parties. They can solve any need: from a videoconference platform to a musicplayer and a google docs alternative.


💬 @nextcloudpi
https://ownyourbits.com/nextcloudpi
An easy to deploy, use and manage fork, that runs on many SoC


Many providers offer from 2GB to 5GB for free
💻 https://nextcloud.com/signup


📡 @NoGoolag 📡 @Libreware
#nextcloud #nas #cloud #storage #alternatives

Interview: Vincent Canfield from cock.li comments on his expulsion from the 36C3

In our conversation Vincent Canfield tells us how the violent expulsion from 36C3 happened from his point of view. Vincent is not exactly an undisputed personality, to put it objectively. He tells us how he came up with the idea of founding his e-mail service cock.li. We also learn about Vincent’s political view of the world or how seriously he thinks cock.li should be taken. Of course we also talk to him about the „unpleasant“ moments he unfortunately had to experience at this year’s Chaos Communication Congress (36C3) in Leipzig. The man from the National.Shitposting.Agency (NSA?)had to face some questions in our interview.

Vincent Canfield: a topic about which people elsewhere prefer to remain silent?

No year should end without the annual Chaos Communication Congress (36C3). Also this year, one headline quickly followed the next. As has been the case for many years, the media have taken up the topics of the Chaos Communication Congress. Whether it’s about hacking in general, data protection or autonomous driving, 5G networks or the final proof that Deutsche Bahn is indeed unpunctual. As every year, everything was reported in detail. Apparently, (almost) nobody wanted to report on just one topic until today: Vincent Canfield, the head of cock.li, has obviously been thrown out of this year’s 36C3 congress in a rather unpleasant way.

👉🏼 The interview in english:
https://tarnkappe.info/vincent-canfield-from-cock-li-comments-on-his-expulsion-from-the-36c3/

👉🏼 The interview in german:
https://tarnkappe.info/interview-vincent-canfields-meinung-zu-cock-li-und-ueber-den-ccc/

https://twitter.com/gexcolo/status/1214261610338037761

#Vincent #cockli #CCC #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Hackers Deface U.S. Gov Website With Pro-Iran Messages

Post Related - HERE

https://web.archive.org/web/20200105010746/https://www.fdlp.gov/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Guide To Using Reverse Image Search For Investigations

https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations


#reverse #image #search