Server Saturday: Controlling Access to Your Network - A Guide to Access Control

Welcome to Server Saturday, where we embark on a humorous and informative journey into the world of network access control. In this edition, we’ll unravel the mysteries of access control, using common analogies, playful emojis, and a funny tone to help novice readers understand this essential aspect of network security. Get ready to tighten the reins and control who enters your digital kingdom!…

View On WordPress

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from [email protected] This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

LIFE SUPPORT NETWORK CREDENTIALS FRAUD AND OR THEFT

going wild thinking about the use of Rocky Road to Dublin in Sinners. It’s a really tight microcosm of a lot of the film’s themes just by itself. Credentials: I’m a retired Irish dancer, I went to worlds and the whole bit. My family is appalachian and I grew up on bluegrass

It’s played on a banjo, an instrument with origins in West Africa formally invented in the US by enslaved people (and then popularized in Irish music through Irish American immigrants, largely in the South and Appalachia). Even the instrument telegraphs an attempt at cultural exchange morphing into theft and exploitation, especially because the history of the banjo has been purposefully obscured by white people

It’s got a strong down beat, making it the musical opposite of the swung blues sound (emphasis on 1/3 as opposed to 2/4). The scene is clearly meant to evoke klan imagery, and giving it this marching feel ABSOLUTELY contributes

It’s in 9/8 meter (with some mixed—it’s a uniquely weird song), making it, traditionally, a slip jig. Historically, this is a light shoe dance for women only (he’s dancing hard shoe in the movie) meaning that Remmick’s attempt to reclaim his own culture has been botched, obscured, and lost as he’s been alienated from it and co-opted into the symbolic hive of American whiteness/cultural orphanage/cultural patricide.

The song itself is about a guy cutting a shillelagh (a walking stick/club with a folkloric purpose of warding off evil spirits) to protect himself on his journey to Dublin, but winding up using it against a few Englishmen mocking him for his Irish accent. It’s a parallel to exactly what Remmick was not able to do—protect himself from monsters, and protect himself from colonization. It also highlights that this number is being used to threaten violence against the leads

It’s such a clever combination of inverting swing/jazz sounds and showing ways Remmick is missing the point. Since he sold his soul for power, comfort, and conformity, he’s only able to access a shadow of his culture, while misunderstanding and misrepresenting major pieces of his own traditions. Even his attempts to culturally “share” through the banjo is plowed over by his use of it and Black bodies and voices for his own individual pleasure and as a threat of further violence. It’s such a smart pick

"Genetics firm 23andMe confirms user data theft in a credential stuffing attack. The hackers released 1 million lines of data targeting Ashkenazi Jews and Chinese descent" this is so scary, wtf

OK followers this is not a drill. This is now the time to start calling out the antisemitism in your friends and family. This is truly some nazi level eugenics shit. I'm at work but I'd appreciate more help boosting what to do.

mod ali

Update:

Please send this to all your Jewish and Chinese friends and family. Stay safe and please boost this.

Cheating is pretty straightforward in a zero sum game. If you’re breaking the rules to gain an advantage you are likely cheating someone else *out* of something. The intuitions around that work similarly to intuitions around theft, I think.

Cheating in a non-zero-sum context (most, but notably not all cheating in school) is a little different. You may be fraudulently obtaining credentials you did not earn, and you may be devaluing those credentials a little but the harms, such as they are, are very diffuse. It’s unlikely you can point to an individual cheater and say “you specifically have fucked someone over.”

Cheating in romantic relationships is intuitionally very weird to me, because potentially there are no harms! It really is a case of “what you don’t know can’t hurt you.” The harm unique to cheating romantically exists necessarily only alongside the knowledge that the cheating has occurred. If you get away with it, in some very real sense, you have done no harm. But of course most people would still strongly feel that a wrong has been committed, and not only that, but that if you want to redress the wrong you must begin by coming clean—and thus realizing a harm that until that point has only been theoretical.

I think that’s interesting! Conceptually we kinda group all these things together even though they are very different. And intuitions around some of these things don’t map neatly to intuitions around others.

Welcome to the Lied On Their Resume Tournament!

[Plaintext: Welcome to the Lied On Their Resume Tournament!]

We come here to celebrate fictional characters who engaged in the time-honored tradition of lying to employers. We should all follow their example. Submission form here! Please read the guidelines below before submitting.

Guidelines

[plaintext: guidelines]

This poll is for characters who have told intentional falsehoods about their skills and/or expertise in order to gain some form of employment. The "resume" may be non-literal; a character does not need to have submitted a piece of paper listing their qualifications and gotten an interview in order to count toward this tournament. The "employment" may also be short-term or under-the-table.

This poll is NOT for characters who lied about or concealed their identities for a purpose other than falsifying their credentials. While identity theft or obfuscation and lying on your resume often go hand in hand, I will not accept submissions for characters whose false identities do not include a phony set of skills. - That being said, I understand this is a pretty nebulous zone in which to draw a line. Characters who faked their identities first and faked their skillsets second, but whose skillsets then became and remained plot-relevant, may be submitted. They will be carefully considered on a case-by-case basis by me and whatever friends want to help me out.

Fictional characters only. I will not be accepting any real people, even if their situation is extremely funny. Fictionalized versions of real people are fair game, but they must lie on their resumes within their source material and not as a bit of trivia otherwise not included within the text.

Given that this is a tournament that centers liars, spoilers will likely be present in all polls. Propaganda will be placed under a readmore, but be warned that following this blog may put you at risk for seeing a character you recognize and going "WHAT? What are THEY lying about?!" if you haven't, like, gotten to that part yet.

I will not be accepting Harry Potter submissions cuz I don't really wanna give the series more air. It's my poll I do what I want

Submissions will remain open until I have...let's go with 32 entrants. I like remaining optimistic

Want to remind you guys that there are NO official apps for AO3. It's designed to be read through your web-browser. There are a lot of unofficial apps that scrape AO3's data and display it through a fancy interface, but most of those are predatory.

Just got a submission with a really sketchy URL. It may have stolen my login credentials.

Please take care of yourself and don't use AO3 apps. And if you do, please don't send me links to those apps. I've found the story on AO3 and we're good, but I don't enjoy worrying about password theft.

Hello again,

Another lure that these Chuffed.org scam bots/scammers are using is hiding links behind text for example they might put "Chuffed: HERE" or any other donations website and under "Here" there is a line under the word or another example I been getting "PLEASE CAN YOU DONATE HERE?" also with a line under it.

This means there is a link attached to it. However, this feature on tumblr isn't 100% safe. As anyone can put any type of link behind it, including malware links of any kind of malware.

This is because Tumblr doesn't check the links that are attached to these messages,

For an example, there was bots going around stealing Tumblr Artists's art, putting them through a shady website since you can see a website linked to the reposted artwork and putting "Read more" under it with a link attached to it.

Many Palestine people and people in horrible situations who use Gofundme they put the gofundme page for everyone's view so people know they aren't going to get their banking information stolen, they never hide the link or page under other text as it can come off as shady due many bots and scammers/hackers have done it in the past.

This makes me think that these Chuffed.org scam bots/scammers might be using Banking Trojans links behind these texts.

If you don't know, Banking Trojans are malware designed to collect online banking credentials and other sensitive information from infected machines. This information, once exfiltrated to an attacker, can be used to steal money and commit other forms of fraud, such as identity theft.

Now, I don't have any proof of this since I'm not risking my computer getting a virus. However, I find it very shady that hiding links behind text and not giving a website link to a website. I think it's makes it pretty too obvious because other scam bots do put website links to shady websites, which get them a block and report in most cases. Also, people are catching on this scam, too, so giving them a website link might be out the window now. So hiding it makes it easier to scam people or people malware.

They are using a Genocide of Palestine, stealing Palestine people's photos and cries for help as a way to get victims because people will press the link or reblog it without a second thought.

If you do see it, please don't click on it. You don't know if it's a malware or a real website. Please block them!

Also preserved on our archive

By - Jessica Wildfire

You’ve been lied to, over and over, about Covid.

Here’s a recent example:

A public health grifter in Australia named Nick Coatsworth recently urged schools to “save your money” because “any investment in air filtration is unproven and wastes precious resources” and that “Covid is no more harmful to kids than any respiratory virus.” You’ve heard this before, from dozens of highly credentialed doctors and public health officials, all of them with their own motives.

In reality…

Up to 25 percent of children who catch Covid go on to develop Long Covid, a euphemistic term that describes long-lasting damage to virtually every organ and system in their bodies. One recent study has estimated that 5.8 million children in the U.S. currently suffer from the condition.

There are dozens of studies.

In many cases, children who were healthy and happy go from performing well in school and having lots of friends to barely being able to solve simple math problems and withdrawing socially, even after a mild illness.

As a pediatrician at NYU has said, “This is a public health crisis for children,” adding that we’re going to see the “long-term impacts of experiencing long covid in childhood for decades to come.”

So when someone tells you that Covid is a mild illness for children, they’re lying. They’re doing harm to your children. You should get angry.

People are sicker than ever, and it’s getting worse.

When they say air purifiers don’t work…

They’re also lying.

Public health officials like Ashish Jha and Rochelle Walensky have advised their own children’s schools to spend millions of dollars installing clean air systems at the beginning of the pandemic. Rich parents joined them. Jha and Walenksy, like Mandy Cohen after them, have become some of the most notorious Covid minimizers on the planet, continually spreading misinformation and encouraging a culture of “personal risk assessment” that has driven a mass disabling event, with tens of millions of adults and children now suffering from chronic illness and disability, with slim hope for treatment in the near future. It’s not because we lack knowledge, but because our governments lack initiative.

Meanwhile, they spare no expense for their own families.

You deserve to know the truth.

In the U.S., our government originally allocated billions of dollars explicitly for the purpose of installing air cleaning systems in schools.

What happened to all that money?

First, many states explicitly refused to spend those funds. They redirected as much of it as possible. At the same time, CEOs pulled off what federal prosecutors call “the biggest fraud in a generation,” spending pandemic relief dollars on toys. Even NBC reported on the scandal, describing how the rich engaged in “the theft of hundreds of billions of dollars in taxpayer money” by “purchasing luxury automobiles” as well as “mansions, private jet flights and swanky vacations.” They didn’t just raid payroll protection. They also took $80 billion from other disaster relief funds. As one attorney said, “Nothing like this has ever happened before.” It’s theft on a massive scale, and it happened during both administrations.

The rich did all of this while the rest of us were dragging ourselves through the hardest years of our lives. And of course, you remember how the minute things started looking a little brighter, those who stole from us started complaining about how we didn’t want to work anymore, and we had too much cash. Some of these thieves were prosecuted, but many more got away with it.

It gets worse.

While the rich were spending pandemic funds on yachts and sports cars, our governments were spending money on police, prisons, and courts. According to a bombshell report by The Marshall Project, “billions of dollars flowed to the criminal justice system by the first quarter of 2022, from covering payroll to purchasing new equipment,” as well as “courts, jails, and prisons.” The equipment included tasers, rifles, shooting ranges, and armored vehicles. Governments were very clever in how they framed their purchases. In one case, a town in Alabama said new tasers with longer ranges would help curb the spread of Covid, since “officers will not have to get so close to the perpetrator.” Another city said armored vehicles make the public feel safer during challenging times.

By the middle of 2023, an investigation by Epic uncovered that at least 70 different municipalities were spending even more relief funds on police surveillance equipment, mobile forensic technologies, monitoring stations, and drones. They also bought software to spy on our social media.

Basically, while the rich were stealing from us, our governments went to absurd lengths to spend billions of dollars on anything other than clean air. By 2022, Biden was even giving governments his blessing to do so, using the unspent funds as proof that he supported law enforcement, a largely political move. As The New York Times reported, Biden was “making a forceful push” ahead of midterm elections “to show he is a defender of law enforcement.” As PBS explained, Biden urged governors to spend the rest of the money on law enforcement even as the treasury department released another round of funds.

So, that’s why our schools don’t have air purifiers.

We have an overwhelming amount of information that HEPA air purifiers work. They don’t stop transmission in cases where someone is sitting or standing right next to you without a mask, but they remove anywhere from 70 to 99 percent of the virus in the air, when they’re installed properly.

They significantly reduce your risk.

Indoor air experts can tell you a lot more about how to maximize the efficiency of air purifiers and ventilation systems. The end of this post offers resources toward that end. For now, we’re just going to talk about the simple point that they work. There’s absolutely no reason not to fund them, especially given that our children’s futures depend on it. Let’s get started.

Carl Van Keirsbilck has written an extensive review of studies on the effectiveness of air purifiers. Nina Notman provides an extensive overview on the benefits of clean air, including air purifiers and why certain types might be so reluctant to embrace them. So does Andrew Nikiforuk.

First, the CDC found that adding two HEPA air purifiers “reduced overall exposure to simulated exhaled aerosol particles by up to 65 percent without universal masking.” When you add masks, it goes up to 90 percent. They recommend HEPA purifiers as part of an overall clean air strategy.

A review of more than 50 different studies in Indoor Air found that “when HEPA filters were utilized, regardless of the type of ventilation, number of ACH [air changes per hour] or hospital area, minimal surface-born and no airborne SARS-CoV-2 RNA was detected.” In other words, HEPA filters can significantly reduce the amount of virus in the air, even when you might struggle to ventilate a space.

A study in Environmental Science: Processes & Impacts found that portable air cleaners used in classrooms “reduce the mean aerosol intake of all students by up to 66 percent.” A study in Physics of Fluids found that using multiple HEPA purifiers in a classroom led to a reduction in viral aerosols “between 70% and 90%.” A study reported in Buildings & Facilities Management found that using a HEPA purifier in combination with open windows led to a 73 percent drop in the risk of infection in classrooms. A study in Virology found that a HEPA filter could remove between 80 and 99 percent of viral aerosols from a room.

A study in Aerosol Science and Technology found that when researchers installed four air purifiers in a high school classroom, “the aerosol concentration” of Covid “was reduced by more than 90 percent within less than 30 min” and the reduction “was homogeneous throughout the room…”

A study in the Journal of Hospital Infection found that HEPA filters can “reduce the viral load in air” by as much as 99 percent and that “air purification systems can be used as an adjunctive infection control measure.” A brief article in Nature reported that an ICU in Cambridge used HEPA purifiers to largely remove Covid and other pathogens from their wards. That brief report turned into a full study published in Clinical Infectious Diseases, showing that not only do these filters remove Covid but also “significantly reduced levels of bacterial, fungal, and other viral bioaerosols on both the surge ward and the ICU.”

A study in Infection Control & Hospital Epidemiology found that by using two HEPA air purifiers, “99% of aerosols could be cleared within 5.5 minutes.”

A study in Building and Environment found that combining air purifiers with ventilation in a gym “can reduce aerosol particle concentrations” by up to 90 percent, “depending on aerosol size.” Another study in the same journal found that adding a portable air purifier to a hospital patient’s room “could prevent the migration of nearly 98% of surrogate aerosols…”

So when someone says investment in air filters or purifiers is “unproven” or “a waste of resources,” they’re not just wrong.

They’re lying.

There’s a major movement for clean indoor air.

Many of these researchers gathered last fall at the Clean Air Expo, a virtual conference hosted by the World Health Network, where experts and advocates shared their knowledge and strategies for getting the public on board with the message. I sat through every minute of it, and I learned a lot.

(You can watch the stream here.)

Some cities like Boston have already deployed sophisticated air-cleaning systems and air quality monitors in their public schools. They did it because parents and teachers teamed up with nonprofits to get the job done. Groups like Indoor Air Quality Advocates are building local, regional, and national networks to do the same. Advocates like Liesl McConchie are touring schools and speaking at school board meetings to spread the truth. HVAC experts like Joey Fox run blogs to educate the public on effective strategies.

Companies like Clean Air Kits are changing the game by offering quiet, affordable PC Fan filters and quick guides on how to use them.

Startups like the Air Support Project are taking the Corsi-Rosenthal box into commercial territory, to make them more accessible and to clear the red tape that often keeps them out of schools. Other companies like SmartAir are providing people with portable air purifiers when they need extra protection.

Consumer Reports explains how air purifiers work and tests the most popular brands. Groups like the Clean Air Crew have posted multiple tutorials on clean air, including buying guides. Confused parents and teachers can also visit Clean Air Stars to find affordable, reliable filters.

The elite will tell you that clean air is a waste of money while they spend millions of dollars on it themselves, all while big tech companies make special deals with energy utilities to restart nuclear reactors and coal plants to power their data centers. They’re not being very honest, are they?

Maybe it’s comforting to believe that air purifiers don’t work, that Covid doesn’t make anyone very sick anymore, and that we don’t have to figure any of this out. Deep down, you probably know it’s not true.

Public health agencies are staying silent on clean air, and sellout doctors are pushing misinformation, all because our governments gave our clean air money to the police and let the rich walk away with hundreds of billions of it, which they spent on sports cars and vacations. Instead of facing consequences, they would rather have you believe that air purifiers don’t work.

Your children deserve clean air.

So do you.

A group of hackers that says it believes “AI-generated artwork is detrimental to the creative industry and should be discouraged” is hacking people who are trying to use a popular interface for the AI image generation software Stable Diffusion with a malicious extension for the image generator interface shared on Github.  ComfyUI is an extremely popular graphical user interface for Stable Diffusion that’s shared freely on Github, making it easier for users to generate images and modify their image generation models. ComfyUI_LLMVISION, the extension that was compromised to hack users, is a ComfyUI extension that allowed users to integrate large language models GPT-4 and Claude 3 into the same interface.  The ComfyUI_LLMVISION Github page is currently down, but a Wayback Machine archive of it from June 9 states that it was “COMPROMISED BY NULLBULGE GROUP.”  “Maybe check us out, and maybe think twice about releasing ai tools on such a weakly secured account,” the same archived Github page says.  The page said that it was a legitimate extension until it was compromised, and an archive of its Github page from May 25 shows that it was somewhat active, with 42 stars, four forks, and 12 commits. On its website, the hackers claim that it had control of the extension for “many months,” and they had taken control of ComfyUI_LLMVISION before its creator ever posted it, indicating that it may have contained malicious code the entire time its been up on Github.

11 June 2024

Hey, @asparklethatisblue, are you still looking for possible modern AU jobs for the Terror boys? I would like to submit for consideration:

A large museum!

This is purely based on my experience, but in terms of having lots of different possible jobs and specializations for the lads, with different levels of status associated with them, I think this could combine the best or the worst of the most popular Terror modern AU settings: corporate and academic. Please imagine with me:

Director John Franklin: more interested in sucking up to the board and/or bringing in large donations than he is the very real and present problems at the museum that are just threatening to get bigger.

Rival curators Crozier and Fitzjames: speaks for itself. Crozier's more of a traditionalist, Fitzjames wants big-budget, high-interaction, media-attention-grabbing new solutions. They fight about it in every weekly meeting.

Head of Admin Thomas Jopson: Secretly runs this place. If he ever took a sick day, the whole museum would fall apart.

Conservation lab technician Harry Goodsir: Loves his job, hates that he could do it EVEN BETTER if the higher-ups would only budget more for conservation. Type of dude who gets into the field because he genuinely loves it & is taken advantage of for the same reasons.

Visitor Services desk staff Gibson and Armitage: It takes two guys to do one half-assed job around here. They mostly sit around, gossip, make after-work plans, and judge tourists who don't know how to read a map.

Security guard Solomon Tozer: Do I have to explain this one? Might be gossiping with the guys at the Visitor Services desk.

Visiting scholar Cornelius Hickey: definitely faked his credentials and probably committed identity theft to get this grant money. Has no business being here. Visitor Services likes him.

Visiting scholar Silna: Doesn't respect any of these people. Just wants to get her research done in peace.

And that's not even all the jobs we can give the boys (and girls)! I haven't even touched on exhibition designers, archivists, social media coordinators, and more! I think Lady Jane would be an excellent advancement coordinator (a high-level fundraiser, basically), and Hodgson would be a very enthusiastic education coordinator.

The ship's boys, of course, are unpaid interns.

What happened?

A data breach exposed nearly 200 million records, including login credentials for Google, Apple, Meta, and more. The stolen information contains usernames, passwords, and login URLs connected to services like Spotify, PayPal, and Netflix. If exploited, cybercriminals can use this information to commit identity theft.

𝗪𝗲𝗲𝗸𝗹𝘆 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 & 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 𝗥𝗼𝘂𝗻𝗱𝘂𝗽 | 𝟭𝟬 𝗙𝗲𝗯 - 𝟭𝟲 𝗙𝗲𝗯 𝟮𝟬𝟮𝟱

1️⃣ 𝗙𝗜𝗡𝗔𝗟𝗗𝗥𝗔𝗙𝗧 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗚𝗿𝗮𝗽𝗵 𝗔𝗣𝗜 FINALDRAFT is targeting Windows and Linux systems, leveraging Microsoft Graph API for espionage. Source: https://www.elastic.co/security-labs/fragile-web-ref7707

2️⃣ 𝗦𝗸𝘆 𝗘𝗖𝗖 𝗗𝗶𝘀𝘁𝗿𝗶𝗯𝘂𝘁𝗼𝗿𝘀 𝗔𝗿𝗿𝗲𝘀𝘁𝗲𝗱 𝗶𝗻 𝗦𝗽𝗮𝗶𝗻 𝗮𝗻𝗱 𝗧𝗵𝗲 𝗡𝗲𝘁𝗵𝗲𝗿𝗹𝗮𝗻𝗱𝘀 Four distributors of the criminal-encrypted service Sky ECC were arrested in Spain and the Netherlands. Source: https://www.bleepingcomputer.com/news/legal/sky-ecc-encrypted-service-distributors-arrested-in-spain-netherlands/

3️⃣ 𝗔𝘀𝘁𝗮𝗿𝗼𝘁𝗵: 𝗡𝗲𝘄 𝟮𝗙𝗔 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗞𝗶𝘁 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗠𝗮𝗷𝗼𝗿 𝗘𝗺𝗮𝗶𝗹 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀 The Astaroth phishing kit is used to bypass 2FA and steal credentials from Gmail, Yahoo, AOL, O365, and third-party logins. Source: https://slashnext.com/blog/astaroth-a-new-2fa-phishing-kit-targeting-gmail-yahoo-aol-o365-and-3rd-party-logins/

4️⃣ 𝗥𝗮𝗻𝘀𝗼𝗺𝗛𝘂𝗯 𝗕𝗲𝗰𝗼𝗺𝗲𝘀 𝟮𝟬𝟮𝟰’𝘀 𝗧𝗼𝗽 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗚𝗿𝗼𝘂𝗽 RansomHub overtook competitors in 2024, hitting over 600 organisations worldwide. Source: https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1/

5️⃣ 𝗕𝗮𝗱𝗣𝗶𝗹𝗼𝘁 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻: 𝗦𝗲𝗮𝘀𝗵𝗲𝗹𝗹 𝗕𝗹𝗶𝘇𝘇𝗮𝗿𝗱 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗚𝗹𝗼𝗯𝗮𝗹 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀 The Seashell Blizzard subgroup runs a multiyear global operation for continuous access and data theft. Source: https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

Additional Cybersecurity News:

🟢 𝗔𝗽𝗽𝗹𝗲 𝗙𝗶𝘅𝗲𝘀 𝗔𝗰𝘁𝗶𝘃𝗲𝗹𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 Apple patches a critical zero-day vulnerability affecting iOS devices. Source: https://www.techspot.com/news/106731-apple-fixes-another-actively-exploited-zero-day-vulnerability.html

🟠 𝗝𝗮𝗽𝗮𝗻 𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗲𝘀 "𝗔𝗰𝘁𝗶𝘃𝗲 𝗖𝘆𝗯𝗲𝗿 𝗗𝗲𝗳𝗲𝗻𝗰𝗲" 𝗕𝗶𝗹𝗹 Japan is moving towards offensive cybersecurity tactics with a new legislative push. Source: https://www.darkreading.com/cybersecurity-operations/japan-offense-new-cyber-defense-bill

🔴 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗡𝗩𝗜𝗗𝗜𝗔 𝗔𝗜 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱 A severe flaw in NVIDIA AI software has been discovered, enabling container escapes. Source: https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132

One of the biggest hacks of the year may have started to unfold. Late on Friday, embattled events business Live Nation, which owns Ticketmaster, confirmed it suffered a data breach after criminal hackers claimed to be selling half a billion customer records online. Banking firm Santander also confirmed it had suffered a data breach impacting millions of customers and staff after its data was advertised by the same group of hackers.

While the specific circumstances of the breaches—including exactly what information was stolen and how it was accessed—remain unclear, the incidents may be linked to attacks against company accounts with cloud hosting provider Snowflake. The US-based cloud firm has thousands of customers, including Adobe, Canva, and Mastercard, which can store and analyze vast amounts of data in its systems.

Security experts say that as more details become clear about hackers' attempts to access and take data from Snowflake’s systems, it is possible that other companies will reveal they had data stolen. At present, though, the developing situation is messy and complicated.

“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts,” wrote Brad Jones, Snowflake’s chief information security officer in a blog post acknowledging the cybersecurity incident on Friday. Snowflake has found a “limited number” of customer accounts that have been targeted by hackers who obtained their login credentials to the company’s systems, Jones wrote. Snowflake also found one former staff member’s “demo” account that had been accessed.

However, Snowflake doesn’t “believe” it was the source of any leaked customer credentials, the post says. “We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product,” Jones wrote in the blog post.

While the number of Snowflake accounts accessed and what data may have been taken have not been released, government officials are warning about the impact of the attack. Australia’s Cyber Security Center issued a “high” alert on Saturday, saying it is “aware of successful compromises of several companies utilizing Snowflake environments” and companies using Snowflake should reset their account credentials, turn on multifactor authentication, and review user activity.

“It looks like Snowflake has had some rather egregiously bad security compromise,” security researcher Troy Hunt, who runs data breach notification website Have I Been Pwned, tells WIRED. “It being a provider to many other different parties, it has sort of bubbled up to different data breaches in different locations.”

Details of the data breaches started to emerge on May 27. A newly registered account on cybercrime forum Exploit posted an advertisement where they claimed to be selling 1.3 TB of Ticketmaster data, including more than 560 million people’s information. The hacker claimed to have names, addresses, email addresses, phone numbers, some credit card details, ticket sales, order details, and more. They asked for $500,000 for the database.

One day later, the established hacking group ShinyHunters—which first emerged in 2020 with a data-stealing rampage, before selling 70 million AT&T records in 2021—posted the exact same Ticketmaster ad on rival marketplace BreachForums. At the time, Ticketmaster and its parent company Live Nation had not confirmed any data theft and it was unclear if either post selling the data was legitimate.

On May 30, ShinyHunters also claimed to be selling 30 million customer details and staff information from Santander, putting a $2 million price tag on the information. Both posts on BreachForums have drawn attention to the illegal marketplace, which was recently revived by ShinyHunters after the FBI took the website down on May 15. The posts may, at least in part, be efforts to restore the disrupted forum’s damaged reputation with criminals.

The two hacks were linked to Snowflake’s systems by Israeli security firm Hudson Rock, which, in a now-removed blog post, posted conversations its researchers had with the alleged hacker who claimed to have accessed Snowflake’s systems and exfiltrated data. The hacker claimed they had tried to sell the data back to Snowflake for $20 million. (Hudson Rock did not respond to WIRED’s questions about why it has removed its research).

The Hudson Rock post claimed that a Snowflake employee may have been infected by an infostealer that collected the details the hacker needed to log in to its systems. Charles Carmakal, the chief technology officer at Google-owned security firm Mandiant, told BleepingComputer that its investigations, which have been taking place in recent weeks, indicate information-stealing malware may have been used to get Snowflake account credentials.

A Ticketmaster spokesperson told TechCrunch that its stolen database was hosted on Snowflake after the company acknowledged a data breach in a filing to the Securities and Exchange Commission on Friday evening. In the middle of May, before its data was advertised online, Santander first said it had seen unauthorized access to one of its databases “hosted by a third-party provider,” however it has refused to name the third party.

Snowflake’s CISO, Jones, acknowledged the security incident on Friday, saying that if a “threat actor obtains customer credentials, they may be able to access the account.” The company says it became aware of the suspicious activity on May 23 but has since found out it had been happening since mid-April. Jones’ post says Snowflake has notified all of its customers and “encouraged” them to review account settings and ensure they have implemented multi-factor authentication. In an additional security bulletin, Snowflake says it has seen “malicious traffic” from a client calling itself “rapeflake” and also connections from another client called “DBeaver_DBeaverUltimate.” A company spokesperson tells WIRED they have “nothing else to add” beyond the information included in company posts.

Cloud security company Mitiga says its investigations have seen a threat actor targeting organizations using Snowflake databases and using an attack tool called “​​rapeflake” in the process. Roei Sherman, field CTO at Mitiga, tells WIRED one possible scenario is that a threat actor managed to get information about Snowflake’s systems and then stole information about its clients, possibly using automated tools and brute-forcing their way into accounts.

Sherman says little is known about what data was stolen at the moment or the “​​rapeflake” tool, but that the attack could have wider ramifications going forward. There are already early signs other companies may be impacted.

Sherman says some of Mitiga’s customers have reached out to it for help, while Mandiant told BleepingComputer it had been assisting Snowflake customers in recent weeks. Cybersecurity researcher Kevin Beaumont shared online that he knows of six companies that have been impacted. And Australian events company Ticketek has also revealed customer names and email addresses stored in a “cloud-based platform, hosted by a reputable, global third-party supplier” have been accessed, although a spokesperson refused to confirm if this was related to Snowflake at all.

“We haven’t seen the entire blast radius yet,” Sherman says. “Snowflake has thousands of clients—they offer self-registration—and some of their clients are huge companies. We expect to learn about additional companies compromised.”

Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned.

Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.

None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a “mysterious database” with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.

“This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale,” researchers said.

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.

What do the billions of exposed records contain?

Researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets, and repackaged leaks.

There was no way to effectively compare the data between different datasets, but it’s safe to say overlapping records are definitely present. In other words, it’s impossible to tell how many people or accounts were actually exposed.

However, the information that the team managed to gather revealed that most of the information followed a clear structure: URL, followed by login details and a password. Most modern infostealers – malicious software stealing sensitive information – collect data in exactly this way.

Information in the leaked datasets opens the doors to pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services. It’s hard to miss something when 16 billion records are on the table.

According to the researchers, credential leaks at this scale are fuel for phishing campaigns, account takeovers, ransomware intrusions, and business email compromise (BEC) attacks.

“The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” the team said.

What dataset exposed billions of credentials?

The datasets that the team uncovered differ widely. For example, the smallest, named after malicious software, had over 16 million records. Meanwhile, the largest one, most likely related to the Portuguese-speaking population, had over 3.5 billion records. On average, one dataset with exposed credentials had 550 million records.

Some of the datasets were named generically, such as “logins,” “credentials,” and similar terms, preventing the team from getting a better understanding of what’s inside. Others, however, hinted at the services they’re related to.

For example, one dataset with over 455 million records was named to indicate its origins in the Russian Federation. Another dataset, with over 60 million records, was named after Telegram, a cloud-based instant messaging platform.

“The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,”

While naming is not the best way to deduce where the data comes from, it seems some of the information relates to cloud services, business-oriented data, and even locked files. Some dataset names likely point to a form of malware that was used to collect the data.

It is unclear who owns the leaked data. While it could be security researchers that compile data to check and monitor data leaks, it’s virtually guaranteed that some of the leaked datasets were owned by cybercriminals. Cybercriminals love massive datasets as aggregated collections allow them to scale up various types of attacks, such as identity theft, phishing schemes, and unauthorized access.

A success rate of less than a percent can open doors to millions of individuals, who can be tricked into revealing more sensitive details, such as financial accounts. Worryingly, since it's unclear who owns the exposed datasets, there’s little impact users can do to protect themselves.

However, basic cyber hygiene is essential. Using a password manager to generate strong, unique passwords, and updating them regularly, can be the difference between a safe account and stolen details. Users should also review their systems for infostealers, to avoid losing their data to attackers.

No, Facebook, Google, and Apple passwords weren’t leaked. Or were they?

With a dataset containing 16 billion passwords, that’s equivalent to two leaked accounts for every person on the planet.

We don’t really know how many duplicate records there are, as the leak comes from multiple datasets. However, some reporting by other media outlets can be quite misleading. Some claim that Facebook, Google, and Apple credentials were leaked. While we can’t completely dismiss such claims, we feel this is somewhat inaccurate.

Bob Diachenko, a Cybernews contributor, cybersecurity researcher, and owner of SecurityDiscovery.com, is behind this recent major discovery.

16-billion-record data breach signals a shift in the underground world

According to Cybernews researcher Aras Nazarovas, this discovery might signal that criminals are abandoning previously popular methods of obtaining stolen data.

"The increased number of exposed infostealer datasets in the form of centralized, traditional databases, like the ones found be the Cybernews research team, may be a sign, that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups, which were previously the go-to place for obtaining data collected by infostealer malware," Nazarovas said.

He regularly works with exposed datasets, ensuring that defenders secure them before threat actors can access them.

Here’s what Nazarovas suggests you should do to protect yourself.

"Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult. These cookies can often be used to bypass 2FA methods, and not all services reset these cookies after changing the account password. Best bet in this case is to change your passwords, enable 2FA, if it is not yet enabled, closely monitor your accounts, and contact customer support if suspicious activity is detected."

Billions of records exposed online: recent leaks involve WeChat, Alipay

Major data leaks, with billions of exposed records, have become nearly ubiquitous. Last week, Cybernews wrote about what is likely the biggest data leak to ever hit China, billions of documents with financial data, WeChat and Alipay details, as well as other sensitive personal data.

Last summer, the largest password compilation with nearly ten billion unique passwords, RockYou2024, was leaked on a popular hacking forum. In 2021, a similar compilation with over 8 billion records was leaked online.

In early 2024, the Cybernews research team discovered what is likely still the largest data leak ever: the Mother of All Breaches (MOAB), with a mind-boggling 26 billion records.

16 billion passwords exposed: how to protect yourself

Huge datasets of passwords spill onto the dark web all the time, highlighting the need to change them regularly. This also demonstrates just how weak our passwords still are.

Last year, someone leaked the largest password compilation ever, with nearly ten billion unique passwords published online. Such leaks pose severe threats to people who are prone to reusing passwords.

Even if you think you are immune to this or other leaks, go and reset your passwords just in case.

Select strong, unique passwords that are not reused across multiple platforms

Enable multi-factor authentication (MFA) wherever possible

Closely monitor your accounts

Contact customer support in case of any suspicious activity