Wall Street Journal (paywalled) The digital payments company plans to build an ad sales business around the reams of data it generates from tracking the purchases as well as the broader spending behaviors of millions of consumers who use its services, which include the more socially-enabled Venmo app.

PayPal has hired Mark Grether, who formerly led Uber’s advertising business, to lead the effort as senior vice president and general manager of its newly-created PayPal Ads division.

Not sure if there’s a better community to ask this, but I’m trying to find a good quality non-cloud-based IP camera that I can feed into a standardized video recording software over a network. Ideally, it would be Wi-Fi capable as well.

Everywhere I’ve looked, they all reach out to a third-party and go through an app or are through junction box and are analog-based.

Does anyone know if an option like this exists?

Und mal wieder: Es ist nur ein Werkzeug, mit dem halt mit genug krimineller Energie auch Blödsinn gemacht wird. In dem Fall war es auch nicht mal ein Angriff auf das Auto, der “spezielle Hardware “ benötigen würde.

So, yeah. Other than stated, Spotify does not provide 2FA (shame on them!), so I use a strong password and since years nothing happened.

This early morning I got multiple mails that my account was logged in from Brazil, from the USA, from India, and some other countries. There were songs liked and playlists created so it wasn’t a malicious e-mail but some people actually were able to log on to my Spotify account.

I of course changed the password and logged out all accounts and checked allowed apps, etc. and everything looks fine.

But I wonder … was there something that happened recently? The common sites to check such things do not list my old Spotify password, and a quick web research does not bring anything up.

Any clue what could have happened here?

Infomaniak claims to use TLS, but

The first link in the TLS chain is executed via a purely internal network by the webmail and Smtp servers and is not available in TLS for performance reasons.

is this normal, acceptable, irrelevant, standard, a red flag?

they are the biggest hosting provider of Switzerland, so I somehow have a hard time believing, they lack resources to implement TLS right.

The reporting methodology employed should yield valuable insights, spanning both technical details and high-level strategic considerations.

Ex-CIA software engineer who leaked to WikiLeaks sentenced to 40 years

2 Feb 2024

Joshua Schulte had been found guilty of handing over classified materials in so-called Vault 7 leak.

The so-called Vault 7 leak was a major embarrassment for the CIA [File: Larry Downing/Reuters]

A former CIA software engineer has been sentenced to 40 years in prison for leaking classified information and possessing child sexual abuse material.

Joshua Schulte, 35, was found guilty in 2022 of four counts each of espionage and computer hacking and one count of lying to FBI agents after handing over classified materials to whistleblowing organisation WikiLeaks.

Schulte was also convicted of contempt of court and making false statements in 2020, and possession of child abuse material last year.

The bulk of the sentence announced on Thursday was imposed over the so-called Vault 7 leak, which revealed embarrassing details of the CIA’s spying overseas.

The leak, which the CIA called a “digital Pearl Harbor”, showed how US spies hacked Apple and Android smartphones and sought to turn internet-connected televisions into listening devices.

The security breach prompted US officials to plan for an “all-out war” against Wikileaks, including discussing the possible kidnapping or assassination of its founder Julian Assange, Yahoo News reported, citing anonymous officials.

Assange was indicted on espionage charges in 2019 – a move that prompted condemnation by press freedom organisations – and is currently in Britain fighting extradition to the US.

Judge Jesse M Furman said the full extent of the damage caused by Schulte would likely never be known “but I have no doubt it was massive”.

Furman said Schulte had also continued to commit crimes while in jail by trying to leak more classified materials and by creating a hidden file on his computer that contained child sexual abuse images.

US Attorney Damian Williams said in a statement that Schulte had committed some of the “most brazen, heinous crimes of espionage in American history”.

“He caused untold damage to our national security in his quest for revenge against the CIA for its response to Schulte’s security breaches while employed there,” Williams said.

Addressing the court ahead of his sentencing, Schulte complained about harsh conditions he had endured in detention, including being denied hot water and being subjected to constant noise and artificial light.

Schulte also said it was unfair for prosecutors to seek a life sentence as they had previously offered a plea deal that would have seen him sentenced to 10 years in prison.

“This is not justice the government seeks, but vengeance,” he said.

Thank you for visiting my post. I will go straight to the point:

• How can one usually seek job opportunities in Europe in cyber security? I tried Linkedin job posts but not sure if there is any specialised venue for people in this industry?

• Still specific to Europe, I saw that many employers in the countries there require another language proficiency beside English, such as French, German, Dutch, Italian, Swedish, among others. If you have a relevant experience in getting a job with English (and learning another later), I would be grateful to hear that.

• I heard some countries need citizenship status to work on cyber security in order to gain clearence. If that is indeed the case, then I guess I am out of the hiring pool. Could you prove (or disprove) this?

• If you have any success story to share, I would love to hear from you.

If that helps, I am not an EU citizen. I am a mid-career cyber security practitioner based in Thailand, my native country, seeking opportunities in Europe. Thank you for reading :-)

I wrote about my perception of what risks AI brings to society in 2024. And it's not all about cybersecurity 😉

Mozilla Foundation Security Advisory 2023-40

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

I only wonder because, while I know no one could advise per se that people deliberately make bad security decisions, I don't feel as a layman that the nature of the risk is adequately explained.

Specifically, if you use a really old OS or an old now unsupported phone. The explanations for why this is dangerous tend to focus on the mechanism by which it creates a security flaw (lack of patches, known hardware security flaws that can never be patched).

If we use an analogy of physical security whereby the goal is to prevent physical intrusion by thieves or various malicious actors, there's a gradient of risk that's going to depend a bit on things like who and where you are. If you live in a remote cabin in the woods and left your door open, that's bad, but probably less bad than in a high crime area in a dense city. Similarly, if you're a person of note or your house conspicuously demonstrates wealth, security would be more important than if it you're not and it doesn't.

I would think, where human beings are making conscious choices about targets for cybercrime some parralells would exist. If then, you turn on an old device that's long obsolete for the first time in years and connect to the internet with it, while I know you are theoretically at great risk because your doors and windows are essentially wide open, how risky is that exactly? If you just connect, at home on your wifi and don't do anything? Is someone inevitably going to immediately find and connect to this device and exploit it's vulnerabilities? Or does there have to be a degree of bad luck involved?

I've brought up the idea of malicious actors who are human beings making conscious decisions, (hackers), but I was once told the concern is more to do with automated means of finding such devices when they're exposed to the internet. This makes more sense since a theoretical hacker doesn't have to sit around all day just hoping someone in the world will use an outdated device and that they'll somehow see this activity and be able to exploit the situation, but I guess, it seems hard for me to imagine that such bots or automated means of scanning, even if running all day will somehow become aware the minute anyone, anywhere with an insecure device connects to the internet. Surely there has to be some degree coincidental happenstance where a bot is directed to scan for connections to a particular server, like a fake website posing as a bank or something? It just doesn't seem it could be practical otherwise.

If I'm at all accurate in my assumptions, it sounds then like there's a degree to which a random person, not well known enough to be a specific target, not running a website or online presence connecting an insecure device to the internet, while engaging in some risk for sure, isn't immediately going to suffer consequences without some sort of inciting incident. Like falling for a phishing scam, or a person specifically aware of them with mal intent trying to target them in particular. Is that right?

I know this may be a very general question, but there are so many resources I don't know where to start.

I'm afraid with the free TryHackMe plan I'm limiting myself a lot.

I know portswigger trining, is it better than TryHackMe?

Am I better off starting directly with CTFs? If yes, which is the best to use? (overthewire, hackthebox ...)

Is roadmap.sh reliable?

How important are the certificates? I am a tech illiterate but never cared about certificates.

Or as a last resort, is it better to start directly with hackthebox?

Researchers analyzed 190 million hacking events on a honeynet and categorized the types of hackers into Dungeons and Dragons classses.

Rangers evaluate the system and set conditions for a follow-on attack.

Thieves install cryptominers and other profiteering software.

Barbarians attempt to brute force their way into adjacent systems.

Wizards connect the newly compromised system to a previous to establish 'portals' to tunnel through to obscure their identity.

Bards have no apparent hacking skill and likely purchase or otherwise acquired access. They perform basic computer tasks.

OK, first of all, I'm no expert, I have some training in networking and very little in cyber security. I live in a small community and there's is an ISP providing service to the whole community. Today I got an old ip camera and tried to hook it up, I couldn't figure out it's ip address and scanned my network (let's say 10.0.0.0/24) for ip addresses and it still wouldn't show up, so I scanned what I know was it's last subnet, let's say 10.0.10.0/24 and found out there as a host at every address, one was even an HP printer from a family the other side of the community which I was able to gain access simply by going to it's address. When I go to my router's web ui I can see that it's gateway is 10.0.8.1 and a 255.255.252.0 subnet. So my question is, is this all normal? Or should I contact someone about it?

geteilt von: https://feddit.de/post/1475295

Bundle Description:

Become a cybersecurity champion

Want to train up to take on today’s biggest cybersecurity challenges? Go from zero to hero with this comprehensive bundle of courses from Packt. Focus on the fundamentals, and build up advanced skills through hands-on training. Learn how to write secure code, test your systems’ defenses, how to be an ethical hacker, and more—and help support World Wildlife Fund with your purchase!

Pay at least €1 for 4 items,
Pay more than the average for 9 items,
Pay at least €22.75 for 22 items

Does anyone has experience with Packt's courses? Anything good in there?

Phishing mongers have released a torrent of image-based junk emails that embed QR codes into their bodies to successfully bypass security protections and provide a level of customization to more easily fool recipients, researchers said.

In many cases, the emails come from a compromised email address inside the organization the recipient works in, a tactic that provides a false sense of authenticity, researchers from security firm Inky said. The emails Inky detected instruct the employee to resolve security issues such as a missing two-factor authentication enrollment or to change a password and warn of repercussions that may occur if the recipient fails to follow through. Those who take the bait and click on the QR code are led to a site masquerading as a legitimate one used by the company but it captures passwords and sends them to the attackers.

Inky described the campaign's approach as “spray and pray” because the threat actors behind it send the emails to as many people as possible to generate results.

There are a few things that make this campaign stand out. First, the emails contain no text. Instead, they have only an attached image file. This allows the emails to escape notice by security protections that analyze the text-based words sent in an email. Some email programs and services, by default, automatically display attached images directly in the body, with some providing no way to suppress them. Recipients then often don’t notice that the image-based email contains no text.

Another distinguishing feature: the images embed a QR code that leads to the credential-harvesting site. This can reduce the time it takes to visit the site and lower the chance the employee will realize something is amiss. The QR codes also cause the loaded website to prefill the recipient's unique email address in the username field. This adds another false sense of assurance that the email and site are legitimate.

In a writeup published Friday, the Inky researchers wrote:

It’s important to note that these three QR Code phishing emails weren’t sent to just a handful of INKY customers. They were part of a “spray and pray” approach. Phishers send their emails to as many people as possible (spray) and then hope (pray) that a strong majority of recipients will fall for the ruse. In this case, multiple industries were attacked. Of the 545 emails noted thus far, intended victims were in the US and Australia. They included nonprofits, multiple wealth management firms, management consultants, a land surveyor, flooring company, and more.

It has long been possible—not to mention a good practice—for privacy-minded people to configure email settings to block the loading of images stored remotely. Scammers and snoops use external images to determine if a message they sent has been opened since the recipient’s device makes a connection to a server hosting the image. Gmail and Thunderbird don't display attached images in the body, but Inky said other clients or services do. People using such clients or services should turn off this feature if possible.

Unfortunately, it's more problematic to block images that are embedded into an email. I couldn't find a setting in Gmail to suppress the loading of embedded images. Thunderbird prevents embedded images from being displayed, but it requires reading the entire message plaintext mode. That, in turn, breaks helpful formatting.

All of this leaves users with the same countermeasures that have been failing them for decades now. They include:

It’s easy for people to dismiss phishing attacks as unsophisticated and perpetuate the myth that only inattentive people fall for them. In fact, studies and anecdotal evidence suggest that phishing is among the most effective and cost-effective means for carrying out network intrusions. With 3.4 billion spam emails sent every day, according to AGG IT Services, and one in four people reporting they have clicked on a phishing email at work, according to Tessian, people underestimate the costs of phishing at their own peril.

Original URL: https://www.barmer.de/presse/presseinformationen/pressearchiv/hackerangriff-auf-externen-barmer-dienstleister-1231230

Hackerangriff auf externen BARMER-Dienstleister – Mögliches Schadensausmaß wird geprüft

Berlin, 17. Juni 2023 – Ein Dienstleister der BARMER ist Ziel eines Hackerangriffs geworden. Dieser Dienstleister unterstützt die Kasse bei der Umsetzung ihres Bonusprogramms. Aktuell laufen Prüfungen, ob bei diesem Angriff, der am 31. Mai 2023 stattfand, auch Zugriff auf BARMER-Daten erfolgt ist. Die entsprechende Sicherheitslücke wurde vom Dienstleister geschlossen. Der Angriff erfolgte ausschließlich auf den Dienstleister der Kasse. Eine Verbindung zur BARMER-IT-Umgebung bestand zu keinem Zeitpunkt. Vorsorglich wurden relevante Behörden über diesen Vorfall in Kenntnis gesetzt.

Für Rückfragen wenden Sie sich an Unternehmenssprecher Athanasios Drougias unter: 0170 7614752 bzw. athanasios.drougias@barmer.de

Presseabteilung der BARMER Athanasios Drougias (Leitung), Telefon 0800 33 30 04 99-1421 bzw. 0170 7614752 E-Mail: athanasios.drougias@barmer.de

I feel like I'm missing a step. You take down your website, but leave the DNS entry and the attacker does what? Builds a site that has the IP address your CNAME is pointing to? Can anyone make a website in azure and pick the IP address they want? Thanks