0xor0ne@infosec.exchange - Nice short blog post by Aditya Dixit explaining how to intercept and manipulate AES encrypted traffic used by mobile applications
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
0xor0ne@infosec.exchange - Beginners introduction to stack buffer overflows by Stefano Lanaro
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/
#infosec #cybersecurity #beginners #learning #BufferOverflow
https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/
#infosec #cybersecurity #beginners #learning #BufferOverflow
6 Best Secure Messaging Alternatives to WhatsApp | Avoid the Hack – https://avoidthehack.com/best-secure-messengers
The content of your messages and the metadata associated with them should be secure and private. Unfortunately many messengers out there fail to do this.
Telegram operates in the cloud, and while this does have good portability across multiple devices and device types, the service provider (or anyone with access to the cloud server) could theoretically read them at any time with relative ease; Telegram stores messages on the third-party cloud provider's server.
According to Telegram’s privacy policy, the service itself logs IP addresses and phone numbers.
#Infosec #Session #SimpleXchat #Briar #Threema
#Element #Telegram #privacy
The content of your messages and the metadata associated with them should be secure and private. Unfortunately many messengers out there fail to do this.
Telegram operates in the cloud, and while this does have good portability across multiple devices and device types, the service provider (or anyone with access to the cloud server) could theoretically read them at any time with relative ease; Telegram stores messages on the third-party cloud provider's server.
According to Telegram’s privacy policy, the service itself logs IP addresses and phone numbers.
#Infosec #Session #SimpleXchat #Briar #Threema
#Element #Telegram #privacy
0xor0ne@infosec.exchange - Very cool research on Laser-Based Audio Injection on Voice-Controllable Systems
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
0xor0ne@infosec.exchange - Interesting blog post on embedded devices reverse engineering, ARM TrustZone and secure boot bypass
https://blog.xilokar.info/firmware-key-extraction-by-gaining-el3.html?s=09
#iot #infosec #embedded #cybersecurity
https://blog.xilokar.info/firmware-key-extraction-by-gaining-el3.html?s=09
#iot #infosec #embedded #cybersecurity
KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings
BY DO SON · JUNE 19, 2023
KeePassXC, a modern and secure password manager, is the bulwark of choice for many who demand the utmost security in managing their personal data. However, every fortress has its weakness. A recent vulnerability was discovered in KeePassXC: CVE-2023-35866.
mttaggart@infosec.exchange - Right so, in KeePassXC, if you have an unlocked session, the change password flow does not require you to enter the current database password.
That means someone who accesses the machine locally (Or via RDP? Maybe?) would be able to change those settings. But then, they'd also be able to just read the passwords so ¯\_(ツ)_/¯
#CVE202335866 #ThreatIntel #InfoSec #CyberSecurity
#KeepassXC
BY DO SON · JUNE 19, 2023
KeePassXC, a modern and secure password manager, is the bulwark of choice for many who demand the utmost security in managing their personal data. However, every fortress has its weakness. A recent vulnerability was discovered in KeePassXC: CVE-2023-35866.
mttaggart@infosec.exchange - Right so, in KeePassXC, if you have an unlocked session, the change password flow does not require you to enter the current database password.
That means someone who accesses the machine locally (Or via RDP? Maybe?) would be able to change those settings. But then, they'd also be able to just read the passwords so ¯\_(ツ)_/¯
#CVE202335866 #ThreatIntel #InfoSec #CyberSecurity
#KeepassXC
0xor0ne@infosec.exchange - Very cool series about persistence in Linux environments
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec
Persistence map: https://pberba.github.io/assets/posts/common/20220201-linux-persistence.pdf
Auditd, Sysmon, Osquery: https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Account Creation and Manipulation: https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
Systemd, Timers, and Cron: https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
Initialization Scripts and Shell Configuration: https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
Systemd Generators: https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
#Linux #kernel #malware #cybersecurity #infosec
Over 130,000 solar energy monitoring systems exposed online
#infosec #solar
Cyble’s threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI.
It is important to note that the exposed assets are not necessarily vulnerable or misconfigured in a way that allows attackers to interact with them.
However, Cyble’s research shows that unauthenticated visitors can glean information, including settings, that could be used to mount an attac
k#infosec #solar
arstechnica@mastodon.social -
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Most critical of the bugs allowed attackers to root federated instances.
The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users.
#Mastodon #backdoors #vulenerability #infosec #TootRoot
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Most critical of the bugs allowed attackers to root federated instances.
The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users.
#Mastodon #backdoors #vulenerability #infosec #TootRoot
Forwarded from Pegasus NSO & other spyware
How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom
#Storm0558 #China #Infosec
#espionage
For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.
Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.
This latest attack uses a unique trick: Microsoft says hackers stole a cryptographic key that let them generate their own authentication “tokens”—strings of information meant to prove a user’s identity—giving them free rein across dozens of Microsoft customer accounts.
#Storm0558 #China #Infosec
#espionage
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability - SecurityWeek
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had apparently exploited a zero-day vulnerability.
Lemmy is an open source software designed for running self-hosted news aggregation and discussion forums. Each Lemmy instance is run by a different individual or organization, but they are interconnected, allowing users from one instance to interact with posts on other servers. Currently there are more than 1,100 instances with a total of nearly 850,000 users.
A few days ago, someone started exploiting a cross-site scripting (XSS) vulnerability related to the rendering of custom emojis.
The attacker leveraged the vulnerability to deface pages on some popular instances, including Lemmy.world, the most popular instance, which has over 100,000 users.
#Lemmy #RedditAlternative #ZeroDay #Infosec
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had apparently exploited a zero-day vulnerability.
Lemmy is an open source software designed for running self-hosted news aggregation and discussion forums. Each Lemmy instance is run by a different individual or organization, but they are interconnected, allowing users from one instance to interact with posts on other servers. Currently there are more than 1,100 instances with a total of nearly 850,000 users.
A few days ago, someone started exploiting a cross-site scripting (XSS) vulnerability related to the rendering of custom emojis.
The attacker leveraged the vulnerability to deface pages on some popular instances, including Lemmy.world, the most popular instance, which has over 100,000 users.
#Lemmy #RedditAlternative #ZeroDay #Infosec
Android Pentesting Methodology | Redfox Security – Part 1
Android Pentesting Methodology Part 2
#MobileSecurity #AndroidSecurity #Infosec
In this blog, we’ll discuss Android architecture and the different layers of Android architecture. This blog is part 1 of the “Android Pentesting Methodology” series and forms a basis for our upcoming blog.
Before we get into the nitty-gritty of the Android Pentesting Methodology, it’s crucial to understand the inner workings of the Android platform.
Android Pentesting Methodology Part 2
We briefly discussed the Android architecture in part 1 of the "Android Pentesting Methodology" series. In part 2 of the same series, we will explore what APKs are, start reversing Android applications and discuss popular debugging tools.
#MobileSecurity #AndroidSecurity #Infosec
BleepingComputer@infosec.exchange -
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
#AI #Infosec
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
#AI #Infosec
BleepingComputer
New acoustic attack steals data from keystrokes with 95% accuracy
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
0xor0ne (@0xor0ne): "Nice short reading for anyone interested in starting with embedded/IoT devices analysis and reversing.
https://whiterose-infosec.super.site/mjsxj09cm-recovering-firmware-and-backdooring
#embedded #infosec
https://whiterose-infosec.super.site/mjsxj09cm-recovering-firmware-and-backdooring
#embedded #infosec
0xor0ne (@0xor0ne): "List with more than 300 links to blog posts, write-ups and papers related to cybersecurity, reverse engineering and exploitation (continuously updated) https://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md?ref=0xor0ne.xyz #cybersecurity #infosec" | nitter –
Forwarded from Pegasus NSO & other spyware
Bypassing the “run-as” debuggability check on Android via newline injection | Meta Red Team X –
#Infosec #Vulnerabilities #CVE #Android #ADB
An attacker with ADB access to an Android device can trick the “run-as” tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the system—including many privileged apps, but not ones that run as the system user. Furthermore, they can achieve persistent code execution as Google Mobile Services (GMS) or as apps that use its SDKs by altering executable code that GMS caches in its data directory.
Google assigned the issue CVE-2024-0044 and fixed it in the March 2024 Android Security Bulletin, which becomes public today. Most device manufacturers received an advance copy of the Bulletin a month ago and have already prepared updates that include its fixes.
#Infosec #Vulnerabilities #CVE #Android #ADB
Forwarded from Pegasus NSO & other spyware
Attacking Android
"
#Android #Infosec #Vulnerabilities
"
In this comprehensive guide, we delve into the world of Android security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise Android devices and infiltrate their sensitive data. From exploiting common coding flaws to leveraging sophisticated social engineering tactics, we explore the full spectrum of attack surfaces present in Android environments."
#Android #Infosec #Vulnerabilities
Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica –
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday
#Apple #Vulnerability #Infosec
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday
#Apple #Vulnerability #Infosec
Ars Technica
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
Free Android VPN Security Flaws: 100 Apps Tested
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec