The leaked slide focuses on Google Pixel phones and mentions those running the security-focused GrapheneOS operating system.#cellebrite #Hacking #News
Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details
Someone recently managed to get on a Microsoft Teams call with representatives from phone hacking company Cellebrite, and then leaked a screenshot of the company’s capabilities against many Google Pixel phones, according to a forum post about the leak and 404 Media’s review of the material.The leak follows others obtained and verified by 404 Media over the last 18 months. Those leaks impacted both Cellebrite and its competitor Grayshift, now owned by Magnet Forensics. Both companies constantly hunt for techniques to unlock phones law enforcement have physical access to.
This post is for subscribers only
Become a member to get access to all content
Subscribe now
Breaking News Channel reshared this.
A hacking group called the Crimson Collective says it pulled data from private GitHub repositories connected to Red Hat's consulting business. Red Hat has confirmed it is investigating the compromise.
A hacking group called the Crimson Collective says it pulled data from private GitHub repositories connected to Red Hatx27;s consulting business. Red Hat has confirmed it is investigating the compromise.#News #Hacking
Red Hat Investigating Breach Impacting as Many as 28,000 Customers, Including the Navy and Congress
A hacking group claims to have pulled data from a GitLab instance connected to Red Hat’s consulting business, scooping up 570 GB of compressed data from 28,000 customers.The hack was first reported by BleepingComputer and has been confirmed by Red Hat itself. “Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps,” Stephanie Wonderlick, Red Hat’s VP of communications told 404 Media.
A file released by the hackers and viewed by 404 Media suggested that the hacking group may have acquired some data related to about 800 clients, including Vodafone, T-Mobile, the US Navy’s Naval Surface Warfare Center, the Federal Aviation Administration, Bank of America, AT&T, the U.S. House of Representatives, and Walmart.
“The security and integrity of our systems and the data entrusted to us are our highest priority,” she said. “At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain.”
playlist.megaphone.fm?p=TBIEA2…
Red Hat is an open source software company that provides Linux-based enterprise software to a vast number of companies. As part of its business, Red Hat sells consulting contracts to users to help maintain their IT infrastructure. A hacking group that calls itself the Crimson Collective claims it breached a Red Hat GitLab repository that contained information related to Red Hat’s consulting clients.“Since RedHat doesn't want to answer to us,” the hackers wrote in a channel on Telegram viewed by 404 Media, suggesting they have attempted to contact Red Hat. “Over 28000 repositories were exported, it includes all their customer's CERs [customer engagement reports] and analysis of their infra' [infrastructure] + their other dev's private repositories, this one will be fun,” the message added.. A CER is an internal document consultancy firms use to understand how its clients interact with their business. For an IT firm like Red Hat, this kind of document would contain a lot of information about a client's tech infrastructure including configuration data, network maps, and information about authentication tokens. A CER could help someone breach a network.
💡
Do you know anything else about this story? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +1 347 762-9212 or send me an email at matthew@404media.co.“We have given them too much time already to answer lol instead of just starting a discussion they kept ignoring the emails,” the message added.In another message, the group said it had “gained access to some of their clients' infrastructure as well, already warned them but yeah they preferred ignoring us.”
404 Media viewed data related to the breach and attempted to contact some of the affected clients, including the US Navy’s Naval Surface Warfare Center in Panama City and T-Mobile, but did not hear back.
Joseph Cox contributed additional reporting to this article.
Correction: this piece has been updated to say that the breach impacted a Red Hat GitLab, not a GitHub.
The Halo 3C is a vape detector installed in schools and public housing. A young hacker found it contains microphones and that it can be turned into an audio bug, raising privacy concerns.#News #Hacking
It Looks Like a School Vape Detector. A Teen Hacker Showed It Could Become an Audio Bug
This article was produced with support from WIRED.A couple of years ago, a curious, then-16-year-old hacker named Reynaldo Vasquez-Garcia was on his laptop at his Portland-area high school, seeing what computer systems he could connect to via the Wifi—“using the school network as a lab,” as he puts it—when he spotted a handful of mysterious devices with the identifier “IPVideo Corporation.”
After a closer look and some googling, Garcia figured out that a company by that name was a subsidiary of Motorola, and the devices he’d found in his school seemed to be something called the Halo 3C, a “smart” smoke and vape detection gadget. “They look just like smoke detectors, but they have a whole bunch of features like sensors and stuff,” Garcia says.
As he read more, he was intrigued to learn that the Halo 3C goes beyond detecting smoke and vaping—including a distinct feature for discerning THC vaping in particular. It also has a microphone for listening out for “aggression,” gunshots, and keywords such as someone calling for help, a feature that to Vasquez-Garcia immediately raised concerns of more intrusive surveillance.
Upgrade to continue reading
Become a paid member to get access to all premium content
Upgrade
The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.
The wiping commands probably wouldnx27;t have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.#News #Hacking
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.Joseph Cox (404 Media)
Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris
Hackers behind the breach of “nearly all” of AT&T customers’ metadata searched for records associated with members of the Trump family, Kamala Harris, and Marco Rubio’s wife.Joseph Cox (404 Media)
Here’s the Indictment Against the Alleged Snowflake and AT&T Hacker
The indictment also charges a second hacker that 404 Media previously reported as being linked to the AT&T breach.Joseph Cox (404 Media)
Connor Moucka said he didn't have a lawyer yet. He was arrested at the request of the U.S.
Connor Moucka said he didnx27;t have a lawyer yet. He was arrested at the request of the U.S.#News #Hacking
Alleged Snowflake Hacker Appears in Court, Says Prison in Lockdown
Connor Moucka said he didn't have a lawyer yet. He was arrested at the request of the U.S.Joseph Cox (404 Media)
For more than a week Judische, the hacker linked to the AT&T, Ticketmaster and other breaches, has not been responding to messages. That's because he's been arrested.
For more than a week Judische, the hacker linked to the AT&T, Ticketmaster and other breaches, has not been responding to messages. Thatx27;s because hex27;s been arrested.#News #Hacking
Suspected Snowflake Hacker Arrested in Canada
For more than a week Judische, the hacker linked to the AT&T, Ticketmaster and other breaches, has not been responding to messages. That's because he's been arrested.Joseph Cox (404 Media)
Fin7 has made multiple ‘nudify’ sites that promise to use AI to undress photos of people but which are actually vehicles for malware, according to researchers. 404 Media found one advertised on one of the web's biggest porn aggregators.
Fin7 has made multiple ‘nudify’ sites that promise to use AI to undress photos of people but which are actually vehicles for malware, according to researchers. 404 Media found one advertised on one of the webx27;s biggest porn aggregators.#News #Hacking
A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers
Fin7 has made multiple ‘nudify’ sites that promise to use AI to undress photos of people but which are actually vehicles for malware, according to researchers. 404 Media found one advertised on one of the web's biggest porn aggregators.Joseph Cox (404 Media)
The Walls Are Closing in on the Snowflake Hacker
As security researchers circle around Judische, and authorities takedown his servers, how much longer will a hacker responsible for breaching Ticketmaster, AT&T, and many more companies remain free?Joseph Cox (404 Media)
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 reshared this.
