cRyPtHoN™ INFOSEC (EN)

2021-05-12 22:26:47 Alaska courts restore email, lack answers on cyber attack.

JUNEAU, Alaska (AP) — The Alaska court system said Tuesday it had restored email capabilities nearly two weeks after a cybersecurity attack.

The court system, in a statement, said it doesn’t know who was behind the attack, why the court system was targeted or how long it will be before services are fully back online. It says it does not believe personal or confidential data was taken from the courts’ computer systems and says no credit card information was accessed.

https://apnews.com/article/ak-state-wire-alaska-courts-technology-email-32115ec34446aa3cd824b40cfce69752

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-12 22:05:28 All Wi-Fi devices impacted by new FragAttacks vulnerabilities.

Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.

Three of these bugs are Wi-Fi 802.11 standard design flaws in the frame aggregation and frame fragmentation functionalities affecting most devices, while others are programing mistakes in Wi-Fi products.

https://www.bleepingcomputer.com/news/security/all-wi-fi-devices-impacted-by-new-fragattacks-vulnerabilities/

https://www.fragattacks.com/

https://www.securityweek.com/fragattacks-new-vulnerabilities-expose-all-devices-wi-fi-attacks

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-12 22:01:42 Microsoft Patch Tuesday, May 2021 Edition.

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.

https://krebsonsecurity.com/2021/05/microsoft-patch-tuesday-may-2021-edition/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-12 21:48:49 Germany Halts Facebook Sharing WhatsApp Data.

A German regulator on Tuesday slapped a three-month ban on Facebook collecting user data from WhatsApp accounts and referred the case to an EU watchdog, citing concerns about election integrity.

The Hamburg Commissioner for Data Protection and Freedom of Information sent the order to the social network, which owns the popular messaging service. Hamburg has jurisdiction because Facebook's German branch is based in the city.

The tech giant informed WhatsApp users earlier this year that they had to consent to a new data-use policy to continue using the service.

https://www.securityweek.com/germany-halts-facebook-sharing-whatsapp-data

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-12 21:37:40 Adobe: Windows Users Hit by PDF Reader Zero-Day.

Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in “limited attacks targeting Adobe Reader users on Windows.”

Adobe’s confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.

“These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user,” according to the bulletin.

https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-11 19:30:27 Imagine is an open source image compression utility for Windows, macOS,and Linux.

If you take hundreds of photos or screenshots, and save on them on your computer's hard drive, its gonna get full sooner or later. To avoid this, you can save the images to a cloud service, move it to an external storage device, or just delete the ones you don't need anymore.

Sometimes you may want to keep a bunch of pictures because they are irreplaceable, but their file size could be really large, especially if they are in a very high resolution. Imagine can help you recover some disk space by compressing your images. Oh, and don't confuse this with the legacy picture viewer of the same name.

https://www.ghacks.net/2021/05/11/imagine-is-an-open-source-image-compression-utility-for-windows-macosand-linux/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-11 19:25:52 Chinese hackers attacked a Russian developer of military submarines.

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

https://www.ehackingnews.com/2021/05/chinese-hackers-attacked-russian.html

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-11 19:19:29 Thousands of Tor exit nodes attacked cryptocurrency users over the past year.

For more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites.

The attacks, which began in January 2020, consisted of adding servers to the Tor network and marking them as “exit relays,” which are the servers through which traffic leaves the Tor network to re-enter the public internet after being anonymized.

But since January 2020, a threat actor has been inserting thousands of malicious servers into the Tor network to identify traffic heading to cryptocurrency mixing websites and perform an SSL stripping attack, which is when traffic is downgraded from an encrypted HTTPS connection to plaintext HTTP.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-11 19:03:41 WhatsApp users only have a few weeks to accept a controversial privacy update that sparked fears of data sharing with Facebook - or risk losing access to the app's chat function.

WhatsApp is giving users 'several weeks' to agree to the privacy update

If they don't, the app's functionality will eventually be taken away from them

Any users who don't accept the update will not be able to access their chat list

But they will be able to answer incoming phone and video calls - for a short time

What happens if you don't accept?

BEST WHATSAPP ALTERNATIVES.

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2021-05-11 18:44:33 iPhone app tracking feature greyed out? Try this fix.

Are you still having problems enabling the new app tracking transparency feature even after upgrading to iOS 14.5.1? You're not alone.

One of the most anticipated -- or hated if you are Facebook -- features in iOS 14.5.1 has been the new app tracking transparency tool that means that developers must ask users for permission to use their data to track them for targeted advertising purposes.

But the feature isn't working for everyone. In fact, it was so broken that Apple rolled out a fix in iOS 14.5.1 to try to fix it.

But even that didn't fix it for some, leaving the setting greyed out.

https://www.zdnet.com/article/iphone-app-tracking-feature-greyed-out-try-this-fix/

@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment