Betrusted

https://betrusted.io

A prototype security-foccussed open-software/hardware device (akin to a PDA) for delegating your sensitive information and tasks to. It has a microkernel and userspace in rust and the development version uses a reconfigurable FPGA instead of a CPU.

Betrusted is a secure and private communications system. It gives users an evidence-based reason to believe that private matters are kept private.

Betrusted is more than just an app, and more than just a gadget – it is a co-designed hardware + software solution that provides safe defaults for everyday users. It’s also open source, empowering advanced users to analyze, extend and explore this secure mobile computer.


#betrusted #mobile #phone #alternatives

Inside eBay’s Cockroach Cult: The Ghastly Story of a Stalking Scandal

“People are basically good” was eBay’s founding principle. But in the deranged summer of 2019, prosecutors say, a campaign to terrorize a blogger crawled out of a dark place in the corporate soul.

1. Dad stabs a chair

Veronica Zea is pretty sure that before showing up to work at eBay in the spring of 2017, she used the site only once. She bought a surfing poster. It ended up in her closet.

Although Ms. Zea grew up in Santa Clara, Calif., in the heart of Silicon Valley, she cared little for the dazzlements of technology. In college, she studied criminology. After graduating, and a year spent recovering from knee surgery, she surprised herself by answering a classified ad and ending up at the e-commerce pioneer.

Ms. Zea’s first job at eBay was intelligence operator. In a windowless room at corporate headquarters in San Jose, she watched closed-circuit cameras and helped people who were locked out of their offices. Ms. Zea (pronounced ZAY) was 23, with no special skills, but she worked hard. Soon she was promoted to intelligence analyst, charged with staying ahead of geopolitical and individual threats.

Her division, Global Security and Resiliency, consisted of dozens of people, including retired police captains and former security consultants. But it was surprisingly intimate. “We’re a family,” James Baugh, the boss, and Stephanie Popp, her immediate supervisor, would say to the analysts. “We’re Mom and Dad.”

True, Dad could be kind of scary. Mr. Baugh was a stocky, middle-aged guy with thinning hair who loved to talk and did not like to be questioned. He would often say he used to work for the C.I.A. Sometimes he said his wife was working for the C.I.A. right now. Once, he found a knife on a barbecue grill on campus. A deranged person could have used it to hurt someone, he told the analysts, and proceeded to stab a chair. It was never removed, a warning for the timid. (Through his lawyer, Mr. Baugh declined to comment.)

Ms. Zea had never worked in an office. Her only real job before this was on the Grizzly roller coaster at California’s Great America amusement park. So she just accepted things. Like the way eBay was a regular film festival. Mr. Baugh would bring the analysts into a conference room and show the scene from “American Gangster” where Denzel Washington coolly executes a man in front of a crowd to make a point. Or a clip from “The Wolf of Wall Street,” where the feds are investigating shady deeds but none of the perpetrators can recall a thing. Or the bit from “Meet the Fockers” about a retired C.I.A. agent’s “circle of trust.”

That one came up frequently. “No one is supposed to know this,” Mr. Baugh would tell the analysts about some piece of office gossip. “We’ll keep it in the circle of trust.”

👀 👉🏼 https://www.nytimes.com/2020/09/26/technology/ebay-cockroaches-stalking-scandal.html

#ebay #cockroaches #stalking #scandal #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group

Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms

A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.

U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”

“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”

“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”

Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.

👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group

#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google to update Play Store guidelines to make it harder to bypass the 30% fee

https://www.xda-developers.com/google-double-down-30-in-app-fee

Google will reportedly get stricter with developers over in-app purchases, according to Bloomberg. The move is set to be announced next week and will surely upset some developers who have previously circumvented Google’s rules.

Bloomberg’s report claims Google will issue updated guidelines that will clarify a requirement for apps to use Google Play In-app Billing service for in-app purchases. That means if you purchase a Spotify subscription through the Android app, Google wants its 30% cut of the revenue.

Google’s policies aren’t necessarily changing. Rather, the company is reportedly cracking down and will no longer allow developers to prompt users to pay with their credit card, rather than offering a subscription through Google’s billing service for in-app purchases.

Here’s what Google’s existing Play Store guidelines say, in part:
Developers offering products within a game download on Google Play or providing access to game content must use Google Play In-app Billing as the method of payment.
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
Payment is solely for physical products.
Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).

Even with these policies in place, Google has more or less allowed some high-profile companies to circumvent the guideline by turning a blind eye when they offer an alternative method of payment. With Google ready to double down on the requirement, developers will allegedly get a short grace period to comply before facing enforcement. Apple has recently come under fire for a similar practice — though the Cupertino-based company has strictly enforced its own requirements from the very beginning.

Google’s updated policies will surely escalate what is growing into an ugly battle between developers and Apple and Google. Both companies are already embroiled in an ugly legal battle with Epic Games, which recently tried to circumvent App Store and Play Store policies by encouraging Fortnite players to purchase in-game content from Epic directly. Apple and Google responded by taking Fortnite down from their respective app stores.

Meanwhile, it was announced this week that some of the industry’s most popular developers, including Epic Games, Spotify, and Tile, were banding together to create the Coalition for App Fairness. The group’s aim is to “create a level playing field for app businesses.”

Google’s Android platform allows users to access multiple app stores, while apps can also be side-loaded. But if developers want to be in the Play Store, they have to abide by Google’s rules. We’ll see what the response is like when Google clarifies its stance on in-app purchases next week.


#google #playstore #fee #30%

Apple reverses decision to charge businesses fees for events, but Facebook still isn’t happy

https://www.cnbc.com/2020/09/25/apple-temporarily-reverses-decision-to-take-fees-for-facebook-events.html

Facebook said Apple temporarily reversed its decision to take a 30% cut of sales from businesses hosting paid events through Facebook.
Previously, Facebook said Apple blocked an update to the Facebook app that displayed a message saying Apple would take a cut of the transactions.
Apple’s reversal only lasts for three months, and does not apply to gaming companies hosting paid events, Facebook said.


#Apple #appstore #facebook #fee #30% #events

Elon Musk Says He's Scared Of Google

https://www.youtube.com/watch?v=KvMfuan5wRo


#Elon #Musk #Google #ai

The company email promised bonuses. It was a hoax — and Tribune Publishing employees are furious.

The company apologized for the email intended to test its cyberdefenses

Employees of the Tribune Publishing Company were momentarily thrilled Wednesday after they received a company email announcing that they were each getting a bonus of up to $10,000, to “thank you for your ongoing commitment to excellence.”

To see how big their bonus would be, they just had to click on a link that … well, that’s when they learned they had failed the test. And there was no bonus at all.

The entire charade was Tribune’s effort to test its collective defenses against Internet scams that tempt email recipients to click on a link that has the effect of interfering with computer systems or getting them to volunteer personal data. To bolster caution, many companies have taken to sending out these kinds of tests to their employees and taking note of how many fall for a scam.

https://www.washingtonpost.com/media/2020/09/23/tribune-bonus-email-phishing-hoax/

#US #Chicago #email #phishing

Hootsuite Denied Providing Tech to ICE. This Contract Shows That It Did

Hootsuite has yet to provide any evidence it has or will end its contract with ICE.

On Wednesday night, an employee at Vancouver-based tech company Hootsuite revealed on Twitter that the company was working with U.S. Immigration and Customs Enforcement.

“Been debating talking about this publicly because I don’t want to get fired, but it seems like the cat’s already out of the bag so whatever: yesterday Hootsuite signed a three-year deal with ICE. Over 100 employees have been extremely vocal in their opposition to this deal,” the employee tweeted, adding that support team members in Mexico City relayed their personal experiences of harassment by ICE to no avail.

https://www.vice.com/en_us/article/jgx75b/hootsuite-denied-providing-tech-to-ice-this-contract-shows-that-it-did

#US #ICE #Hootsuite #contracts

When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

👀 👉🏼 https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

#coffee #ransomware #iot #hacker #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Don’t trust Cloudflare with your personal data

It has been over a year since I cancelled my Cloudflare account. They keep emailing me and haven’t taken me off their marketing lists despite repeated requests. Their CTO told me he would investigate, but nothing changed. Their Data Protection Office hasn’t respond to my requests.

Cloudflare do not appear to respect the GDPR.

I’ve escalated this to the highest levels of Cloudflare, but they just don’t seem to be able to take any action. This is concerning.

👀 👉🏼 https://shkspr.mobi/blog/2020/09/dont-trust-cloudflare-with-your-personal-data/

#cloudflare #personal #data #gdpr #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How to deal with Google's and YouTube's aggressive popups (before you continue, sign in)

When you visit Google's main website for the first time, or after clearing cookies, you get a "before you continue" popup. On YouTube, another Google property, you will get a "sign in to YouTube" popup instead.

You need to click on "I agree" on Google's site or "no thanks" on YouTube to get rid of these popups and start using the sites.

Problem is: if you clear cookies regularly, you will get these prompts again. It can be quite annoying to deal with these popups each time, e.g. to inform YouTube for the hundredth time that you don't want to sign-in to the site.

https://www.ghacks.net/2020/09/27/how-to-deal-with-googles-and-youtubes-aggressive-popups-before-you-continue-sign-in


#youtube #yt #google #popups #cookies
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How to use Whonix | TOR Tutorial Part 2

Whonix is the safest way to be online and surf the web. Learn how to be anonymous and private with Tor Tutorial Part 2.

📹 Watch it via:
YouTube || Invidious || BitChute

• Part 1 of TOR series: HERE

• Download Whonix: HERE

📡 @howtobeprivateonline
#TOR #Guide #Privacy #OS

Hi all,

New GPlayAPI is ready, its available here.

I need few device configs to add as default for device spoof.
Atleast one for each SDK (21 to 30) + Android TV & Android GO.

If anyone of you wish to share you device config, kindly DM it to @whyorean or @aurora_dev.

I will remove any personal data from config before making it public, so feel safe.

You can export you current device config from AuroraStore 3.2.x

Follow this:
1. Open Aurora Store
2. Go to Spoof, from side drawer
3. Click on "Export Device Info"
4. Send me the device-<YouDeviceName>.properties file, it should be available in default download directory.

Enjoy!

GitLab
Projects · Aurora OSS / GPlayApi

Bing mobile apps suffered a data leak, leaking 6.5TB of search data

Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.

Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.

The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:

✅ Search terms (excluding any searches in ‘private’ mode)

✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)

✅ Date and time of the search

✅ Firebase notification tokens

✅ Coupon data

✅ Partial list of the URLs visited by the user from the search results

✅ Device model

✅ Operating system

✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash

None of the data was encrypted.

https://www.onmsft.com/news/microsoft-bing-data-leak

#Microsoft #Bing #mobile #app #dataleaks

German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed

FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more. Because of this, Amnesty International’s Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to Human Rights Defenders.

Amnesty International published a report in March 2019 describing phishing attacks targeting Egyptian human rights defenders and media and civil society organizations staff carried out by an attacker group known as “NilePhish”. While continuing research into this group’s activity, we discovered it has distributed samples of FinSpy for Microsoft Windows through a fake Adobe Flash Player download website. Amnesty International has not documented human rights violations by NilePhish directly linked to FinFisher products.

Through additional technical investigations into this most recent variant, Amnesty’s Security Lab also discovered, exposed online by an unknown actor, new samples of FinSpy for Windows, Android, and previously undisclosed versions for Linux and MacOS computers.

https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/

#FinSpy #surveillance

A Facebook employee has stolen my account. Thread! (RTs appreciated)

TLDR: some rich kid in LA now has my Instagram account because he got his friend who works at Facebook to steal it... and nobody at Facebook or Instagram is doing anything about it

👀 👉🏼 https://nitter.net/dannyjhall/status/1310231730591346689

#DeleteFacebook #fb #instagram #thinkabout #why #lol
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Last phase of the desktop wars?

The two most intriguing developments in the recent evolution of the Microsoft Windows operating system are Windows System for Linux (WSL) and the porting of their Microsoft Edge browser to Ubuntu.

For those of you not keeping up, WSL allows unmodified Linux binaries to run under Windows 10. No emulation, no shim layer, they just load and go.

Microsoft developers are now landing features in the Linux kernel to improve WSL. And that points in a fascinating technical direction. To understand why, we need to notice how Microsoft’s revenue stream has changed since the launch of its cloud service in 2010.

Ten years later, Azure makes Microsoft most of its money. The Windows monopoly has become a sideshow, with sales of conventional desktop PCs (the only market it dominates) declining. Accordingly, the return on investment of spending on Windows development is falling. As PC volume sales continue to fall off , it’s inevitably going to stop being a profit center and turn into a drag on the business.

Looked at from the point of view of cold-blooded profit maximization, this means continuing Windows development is a thing Microsoft would prefer not to be doing. Instead, they’d do better putting more capital investment into Azure – which is widely rumored to be running more Linux instances than Windows these days.

Our third ingredient is Proton. Proton is the emulation layer that allows Windows games distributed on Steam to run over Linux. It’s not perfect yet, but it’s getting close. I myself use it to play World of Warships on the Great Beast.

The thing about games is that they are the most demanding possible stress test for a Windows emulation layer, much more so than business software. We may already be at the point where Proton-like technology is entirely good enough to run Windows business software over Linux. If not, we will be soon.

👀 👉🏼 http://esr.ibiblio.org/?p=8764

#windows #microsoft #linux #WSL #ubuntu #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto crime - KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

The Bitcoin exchange KuCoin has become the victim of a hacker attack. According to estimates, 150 to 200 million US dollars disappeared. Most of the money is said to have already been recovered.

The Bitcoin exchange KuCoin has announced that it became the victim of a hacker attack on September 26. Mainly Bitcoin (BTC), Ether (ETH) and ERC 20 tokens were acquired by the attackers on their raid. The exchange did not explicitly comment on the amount of damage and reassured that it was a small part of the exchange's total capital. According to external estimates, however, crypto-values of 150 to 200 million US dollars (USD) were apparently lost in the process.

👀 👉🏼 https://nitter.net/kucoincom/status/1309689557206491137

👀 👉🏼 🇩🇪 https://www.btc-echo.de/kucoin-hacker-stehlen-150-millionen-us-dollar-von-bitcoin-boerse/

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Ransomware Hits Healthcare Provider UHS, Shuts Down Hospital IT Systems

Although Universal Health Services largely runs behavioral healthcare facilities, it also operates some emergency care centers, potentially putting patients' lives at risk.

A ransomware attack appears to have taken down all IT systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the US and the UK.

UHS employees began reporting problems on Monday via Reddit; the attack has been shutting down computers at various hospitals, forcing them to turn away patients, they say.

One UHS employee based in Arizona told PCMag that the disruption has been blamed on ransomware infecting hospital systems. “Everything is down. No access to any computer at all," the employee said. The hospital has only recently managed to restore the phone system.

“I believe we are turning patients away,” the employee added. “We have been doing everything on paper charts. What gets me is we had no downtime protocols in place. It’s all been improv.”

BleepingComputer reports that a notorious ransomware strain known as Ryuk appears to be behind the attack, which has encrypted computers across the UHS network, making them impossible to access.

https://www.pcmag.com/news/ransomware-hits-healthcare-provider-uhs-shuts-down-hospital-it-systems

#US #ransomware #attack #hospital

Police told not to download NHS Covid-19 app

The National Police Chiefs Council (NPCC) has confirmed officers are being told not to install the NHS Covid-19 app on their work smartphones.

The app detects when users have been in proximity to someone with the virus.

Some officers have also been told they may not need to obey self-isolate alerts generated by the app when downloaded to their personal phones.

Lancashire Constabulary has told staff to call the force's own Covid-19 helpline instead.

The BBC contacted the North-West of England force after a source claimed the advice had been given because of "security reasons".

The source also said officers had been told not to carry their personal phones while on duty if they had activated the app.

This applies to staff working in public-facing roles as well as those in back-office positions.

https://www.bbc.com/news/technology-54328644

#Europe #UK #police #covid #app

Google will make it easier to install and use third-party app stores with Android 12

Unlike other popular mobile operating systems, Android has always allowed the installation of third-party app stores. In fact, many Android phones ship with multiple app stores out of the box. After hearing feedback from some third-party developers, Google now says it plans to make installing and using third-party app stores easier with the next major release of Android…

This issue was highlighted most recently by Epic, the company behind popular mobile game Fortnite. Epic pulled their game from the Play Store earlier this year citing unfair billing practices and in a lawsuit accused Google of anticompetitive behavior for the barriers it has in place — mostly for preserving platform security — around users installing third-party app stores.

Google touches on this in its blog post today about the changes coming to Android:

"Each store is able to decide its own business model and consumer features. This openness means that even if a developer and Google do not agree on business terms the developer can still distribute on the Android platform. This is why Fortnite, for example, is available directly from Epic’s store or from other app stores including Samsung’s Galaxy App store."

👀 👉🏼 https://9to5google.com/2020/09/28/google-easier-third-party-app-stores/

👀 👉🏼 https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html

#google #appstores #android12 #aurora
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag