!Friendica Support I take this opportunity to point out this guide to Friendica in Italian (but with an automatic translator you can understand everything). It doesn't seem to me that so far there have been produced guides to Friendica that are so easy and so conversational
La guida di Informapirata a Friendica, dedicata a tutti coloro che dal Fediverso vogliono ottenere tutto il possibile.
Un Mastodon con gli steroidi e attualmente l’unica alternativa a Facebook di tutto il Fediverso. Con mille pregi e, soprattutto, mille difetti. E mai nessuno che ci spieghi come utilizzarlo.
Almeno finora…
W la Friendica (che dio la benedèndica): la guida al Facebook del Fediverso - informapirata
La guida di Informapirata a Friendica, dedicata a tutti coloro che dal Fediverso vogliono ottenere tutto il possibile. Un Mastodon con gli steroidi e…informapirata
like this
reshared this
Newsletter: https://news.risky.biz/risky-biz-news-new-dns-attack-impacts-a-quarter-of-all-open-dns-resolvers/
Podcast: https://risky.biz/RBNEWS313/
-New DNS attack impacts a quarter of all open DNS resolvers
-EU MP targeted with Candiru spyware;
-Meta suspends Nigerian scammer accounts;
-US charges Andariel member for ransomware attacks
-Israel govt covers NSO in lawsuit
-Tech giants go against NSO in another lawsuit
-CrowdStrike losses to reach $15 billion
-China+Russia use CrowdStrike outgage for propaganda
-Russia admits slowing down YouTube
-ServiceNow exploitation
New DNS attack impacts a quarter of all open DNS resolvers
In other news: EU MP targeted with Candiru spyware; Meta suspends Nigerian scammer accounts; US charges Andariel member for ransomware attacks.Catalin Cimpanu (Risky.Biz)
reshared this
Plus:
-Leidos, big US govt IT contractor, gets hacked
-Z-Library copycat leaks user data
-India's BSNL has a breach
-Spytech spyware vendor gets hacked, data leaked
-MonoSwap crypto platform gets hacked
-CrowdStrike blames outage on content validator bug
-A buggy Windows Update is sending systems to BitLocker recovery boots
-Proton launches crypto-wallet
-Chrome 127 is out with cookie protection
-Chrome also adds warning for password-protected archives
-Switzerland govt goes FOSS
Catalin Cimpanu reshared this.
And:
-French authorities take down PlugX botnet, disinfect victims
-New Cronus ransomware
-EvolvedAim Tarkov cheat delivers malware
-Stargazer Goblin group spams GitHub via 3K accounts
-BlackMeta hacktivist group is Anonymous Sudan alternative persona
-Malware reports on SocGolsih, BruteRatel, Flame Stealer
-NVIDIA+Telerik release sec fixes
-Docker AuthZ auth bypass goes unpatched 6 years
-New CFOR vulnerability class
-ConfusedFunction vulnerability in GCP
-Pwnie Awards 2024 nominations are out
Catalin Cimpanu reshared this.
"Recently, two ex-spy chiefs from the German foreign intelligence agency (BND) rang the alarm in a prominent German news outlet. They argued that the German intelligence community was being reduced to ‘toothless watchdogs’ because of ‘an excess of oversight’ and that ‘policies and courts must no longer denigrate intelligence services as a threat to the rights of German citizens’."
https://bindinghook.com/articles-binding-edge/can-lawyers-lose-wars-by-stifling-cyber-capabilities/
Can lawyers lose wars by stifling cyber capabilities? - Binding hook
Intelligence experts argue that stringent legal frameworks weaken the effectiveness of Western cyber defence capabilitiesBinding hook
reshared this
@womble what does something from 80 years ago have to do with this?
because at any point some country somewhere did something extremely horrible
@womble they have a very valid point... there's more bureaucracy than spying in western countries
you literally have Russian FSB agents traveling to their countries to bribe politicians, and getting caught on camera by amateurs while intel agencies are too busy doing paperwork
US offers $10 mil reward for Andariel APT member identified as Rim Jong Hyok
reshared this
Reward comes as both CISA and Google/Mandiant have published reports on the group (Andariel=APT45) today:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
Don't see any sanctions or DOJ indictment yet.
APT45: North Korea’s Digital Military Machine
APT45 is a long-running, moderately sophisticated North Korean cyber operator operating since as early as 2009.Mandiant (Google Cloud)
According to an FBI Cyber Most Wanted page, he appears to have been charged in Kansas
https://www.fbi.gov/wanted/cyber/rim-jong-hyok
Gazzetta del Cadavere reshared this.
French authorities take down PlugX botnet
Parquet de Paris on LinkedIn: communiqué de presse PlugX | 13 comments
CYBERCRIMINALITE (J3) - DEMANTELEMENT DU BOTNET PLUGX - COMMUNIQUE DE PRESSE A l'ouverture des Jeux Olympiques et Paralympiques Paris 2024 - Comité… | 13 comments on LinkedInParquet de Paris (www.linkedin.com)
reshared this
EvolvedAim, a cheat tool for Escape from Tarkov, was caught installing malware on its users' devices.
Final payload was an infostealer. Estimated number of victims is around 1K.
Double Dipping Cheat Developer Gets Caught Red-Handed
Following our post “A Brief History of Game Cheating,” it’s safe to say that cheats, no matter how lucrative or premium they might look, always carry a degree of danger. Today’s story revolves...www.cyberark.com
reshared this
F5: AI Applications Will Complicate ‘Unsustainable’ Hybrid Multicloud Sprawl in Australia
F5 claims AI application growth could make enterprise hybrid multicloud strategies even more complex, expensive and insecure.Ben Abbott (TechRepublic)
Newsletter: https://news.risky.biz/risky-biz-news-new-russian-ics-malware-cuts-heat-to-600-ukrainian-apartment-buildings/
Podcast: https://risky.biz/RBNEWS312/
-New Russian ICS malware cuts heat to 600 Ukrainian apartment buildings
-Telegram fixes zero-day
-Ofcom to look at telco Global Titles
-FCC to investigate "surveillance pricing"
-Google will not deprecate third-party cookies after all
-Russia to punish phone use on the frontlines
-Pentagon hacker case dropped in Kuwait
-UK takes down DigitalStress DDoS service
-Dutch malware coder sentenced, caught using IMSI catcher
Russian ICS malware cuts heat to 600 Ukrainian buildings
In other news: Telegram fixes zero-day; FCC to investigate "surveillance pricing;" Google will not deprecate third-party cookies after all.Catalin Cimpanu (Risky.Biz)
reshared this
Plus:
-New Vigorish Viper group
-KnowBe4 hired a fake DPRK IT worker
-LA court reeling from ransomware attack
-Israeli newspaper Globes reports massive cyberattack
-Red Art Games got hacked
-CrowdStrike says it developed new recovery technique
-Oracle reaches $115mil privacy lawsuit settlement
-7777-Botnet linked to BEC gang
-Indian company behind Fake-DMCA-takedowns-as-a-service
-APT28 behind Rejetto server attacks
-Wiz leaves Google deal
-Google open-sources Altitude
-BIND security updates
Catalin Cimpanu reshared this.
Cyber Security Public-Private Partnerships Are Taking Off in APAC
Australia is among the APAC governments forging closer ties with the private sector, especially to fight the increase in cyber crime.Ben Abbott (TechRepublic)
Newsletter: https://news.risky.biz/risky-biz-news-crowdstrike-faulty-update-affects-8-5-million-windows-systems/
Podcast: https://risky.biz/RBNEWS311/
-CrowdStrike faulty update affects 8.5 million Windows systems
-US sanctions two Russian hacktivists (Cyber Army of Russia Reborn)
-Spain detains three NoNam057 members
-MGM hacking suspect detained in the UK
-Two LockBit members plead guilty
-FleepBot hacked to post propaganda on Ukrainian channels
-a16z has a data leak
-Rho Markets hacked for $7.6mil
-Nigeria fines Meta a massive $220mil
-Apache to change its logo
CrowdStrike faulty update affects 8.5 million Windows systems
In other news: US sanctions two Russian hacktivists; MGM hacking suspect detained in the UK; two LockBit members plead guilty.Catalin Cimpanu (Risky.Biz)
reshared this
Mandiant's Dan Kelly has published a Twitter post about how one member of a Chinese APT hacked dozens of MMORPG gaming companies.
Kelly says the individual appears to have been running a secret game cheating service that used his access to the gaming company's database to increase in-game currency for users—some of which were Twitch and YouTube streamers.
reshared this
reshared this
What MSM is focusing on after the CrowdStrike outage:
Automatic updates are bad!
...le sigh!
reshared this
The CrowdStrike outage is also impacting the Mercedes F1 team they're sponsoring... who are in the middle of the Hungarian GP right now
https://www.youtube.com/watch?v=qm735NyExZQ
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
reshared this
Newsletter: https://news.risky.biz/risky-biz-news-trickbot-dev-arrested-in-moscow/
Podcast: https://risky.biz/RBNEWS310/
-Trickbot dev arrested in Moscow
-Indian crypto exchange hacked for $235mil
-Judge dismisses most of SolarWinds SEC lawsuit
-UK wants mandatory ransomware reporting
-new Port Shadow attack on VPNs
-Fractal ID breach impacts cryptoland
-300+ fraud suspects detained
-AstroStress admin sentenced to 9 months
-2 hackers arrested for hacking... and torturing a third one for his money
-PyPI malware linked to Iraqi crew
Risky Biz News: Trickbot dev arrested in Moscow
In other news: Indian crypto exchange hacked for $230 million; UK wants mandatory ransomware reporting; new Port Shadow attack on VPNs.Catalin Cimpanu (Risky.Biz)
reshared this
Plus:
-SocGolish BOINC campaign
-New R0BL0CH0N TDS
-Cloudflare WARP abuse
-FIN7 behind AvNeutralizer tool
-Doppelganger infrastructure taken down
-APT reports on Kimsuky, Patchwork, UAC-0180, Ghost Emperor, APT17, APT41
-Security updates from Oracle, Cisco, Ivanti, Atlassian, Sonicwall
-Two Cisco bugs are just... something else
-SAPwned vulnerability impacts AI systems
-Traffic lights vulnerabilities
-Pwn2Own Toronto moves to Cork, Ireland
-x33fcon and BlueHat IL videos
Catalin Cimpanu reshared this.
reshared this
Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
-Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 21, a Russian national of Chechen Republic, Russia
-Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario
Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
NEWARK, N.J. –Two foreign nationals pleaded guilty today in Newark federal court to participating in the LockBit ransomware group – at various times the most prolific ransomware variant in the world – and to deploying LockBit attacks against victims …www.justice.gov
reshared this
La Consulta non elimina il requisito del “trattamento di sostegno vitale” per essere aiutati a morire, ma fa passi avanti, nonostante le richieste del Governo. Siamo pronti ad affrontare i nuovi processi e disobbedienze civili.
Fine vita: La Corte costituzionale ha depositato la Sentenza | Associazione Luca Coscioni
Gallo e Cappato commentano: "Il requisito di sostegno vitale non è stato eliminato, ma la Consulta fa passi avanti, nonostante le richieste del Governo. Siamo pronti per nuovi processi"Ass. Luca Coscioni (Associazione Luca Coscioni)
Lorenzo likes this.
reshared this
Chengdu 404, one of the APT41 contractors, is in the middle of a hiring spree
No news on i-SOON
In the meantime, GoogleTAGMandiant has published a report on APT41's 2023-2024 campaigns: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust/
reshared this
Hackney ransomware attack initial access
RDP on the kiosk/kiosk account 🤦♂️
cc: @GossiTheDog
London Borough of Hackney reprimanded following cyber-attack
We have issued the London Borough of Hackey with a reprimand following a cyber-attack in 2020 that led to hackers gaining access to and encrypting 440,000 files, affecting at least 280,000 residents and other individuals including staff.ico.org.uk
reshared this
"Over the last few years, our consumer-focused Pwn2Own event took place in the Trend Micro office in Toronto. However, that office closed, so we needed to find a new home. This isn’t unusual for this event, as it moved from Amsterdam to Tokyo to Austin to Toronto. We’re moving again. This year, we are heading to our offices in Cork, Ireland!"
https://www.zerodayinitiative.com/blog/2024/7/16/announcing-pwn2own-ireland-2024
Announcing Pwn2Own Ireland – Bringing Pwn2Own (and WhatsApp) to the Emerald Isle
If you just want to read the rules, you can find them here . Over the last few years, our consumer-focused Pwn2Own event took place in the Trend Micro office in Toronto. However, that office closed, so we needed to find a new home.Dustin Childs (Zero Day Initiative)
reshared this
Orange CERT has discovered a previously known traffic-distribution system (TDS) used to redirect traffic from hacked sites to affiliate marketing scams.
Named R0BL0CH0N, Orange says the TDS has impacted more than 110 million Internet users.
reshared this
Thanks for sharing! Just to clarify, I have never seen a network of compromised sites that redirect to this TDS. The first redirect step is handled by a dedicated infrastructure of the affiliate's choice.
However I already seen affiliates leveraging hacked websites and SEO poisoning to promote affiliate offers (on other network).
A new report claims that Google appears to have switched to a no-index default policy and is refusing to crawl new content unless it deems it necessary
https://www.vincentschmalbach.com/google-now-defaults-to-not-indexing-your-content/
Google Now Defaults to Not Indexing Your Content - Vincent Schmalbach
Picture this: It’s ten years ago, and you’ve just launched a new WordPress blog. Within hours, sometimes even minutes, your content is indexed by Google.Vincent Schmalbach
reshared this
The Ukrainian government says that a threat actor known as UAC-0180 has been targeted local defense enterprises with spear-phishing emails using the topic of UV purchases as lures
Державна служба спеціального зв’язку та захисту інформації України
Вебсайт Державної служби спеціального зв’язку та захисту інформації Україниcip.gov.ua
reshared this
I prefer CERT-UA's link: https://cert.gov.ua/article/6280099
This one contains IOC and a more detailed analysis of the infection chain.
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.cert.gov.ua
Blockchain identity platform Fractal ID suffered a data breach on July 14.
The company says that a threat actor gained access to an employee account and ran an API script that collected personal data from customer accounts.
At least four crypto platforms (Gnosis Pay, Polygon, Ripple, and NEAR) have confirmed that their users were impacted.
PDF: https://app.fractal.id/documents/id/breach-notification.pdf
reshared this
Talks from the BlueHat IL 2024 security conference, which took place in May, are now available on YouTube
https://www.youtube.com/watch?v=KhdzIPPW4W0
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
reshared this
European hosting companies Hetzner and Hostinger suspended accounts linked to Russian disinformation group Doppelganger.
The web hosting accounts were exposed in a hoint report last week by Correctiv and the Qurium Foundation.
The suspension has impacted around 35% of the group's web hosting infrastructure.
„Doppelgänger“ gerät nach Correctiv-Recherche ins Stocken
Hetzner und Hostinger haben auf CORRECTIV-Recherchen zur russischen Desinformations-Kampagne Doppelgänger reagiert. Einige Links laufen nun ins Leere.Alexej Hock (CORRECTIV)
reshared this
Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.
Cado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.
The company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.
WARPscan - Cloudflare WARP abused to hijack cloud services
Cado Security researchers have observed several recent campaigns making use of Cloudflare’s WARP service in order to attack vulnerable internet-facing services.Nate Bill (Cado Security Ltd)
reshared this
❄️ freezr ❄️
in reply to informapirata • • •@informapirata @Informa Pirata @informapirata :privacypride: @The Pirate Post @Nome Cognome @Franc Mac @Poliverso - notizie dal fediverso @The Privacy Post @Cybersecurity & cyberwarfare @suoko @Il Disinformatico @Umberto gaetani @EduINAF @Evan Prodromou @Bridgy Fed for Bluesky @Poliverso @H9k @Polo Bianciardi @Sarah Perez @Privacy Pride @L'ultimo dei miei cani
Voglio farti alcune notazioni... Friendica supporta tre protocolli il suo nativo DFRN; quello di Diaspora*; e infine ActivityPub. Adesso l'uso di quest'ultimo per mia esperienza mi sembra limitato, quando usi funzioni specifiche di Friendica funzionano solo tra utenti Friendica e si muovono grazie al protocollo nativo, altrimenti l'interazione con Mastodon è limitata, tipo i sondaggi.
Ritorno ancora sui protocolli perché Friendica insieme a SocialHome e Hubzilla, appartiene alle uniche piattaforme capaci di dialogare con il network di Diaspora*.
Per quanto concerne un app per android, Friendiqa è orribile, vecchia e piena di bugs, io non la consiglierei a nessuno. Io uso Tusky sebbene sia disegnata per Mastodon ma è sufficiente per leggere e rispondere alla maggioranza dei messaggi che ti appaiono. C'è un'altra app in via di sviluppo che si chiama Relatica che promette molto bene, è ancora in una fase embrionale ma è possibile scaricarla (in un modo un po' complicata veramente) e contribuire al suo sviluppo con dei feedbacks...
Informa Pirata likes this.
Informa Pirata
in reply to ❄️ freezr ❄️ • • •@❄️ freezr ❄️ @Poliverso - notizie dal fediverso @informapirata :privacypride:
Vero, ma a parte i "gruppi privati" non c'è nulla di Friendica che non funziona con gli utenti Mastodon, così come non c'è nulla di Mastodon oltre ai sondaggi che non funzioni per gli utenti Friendica
Molto carina, ma al momento non ci scommetterei molto. Del resto una vera app avrebbe costi non sostenibili e non compatibili con lo Stato attuale della community degli sviluppatori e soprattutto degli utenti Friendica
like this
informapirata :privacypride: e Diego100 like this.
informapirata :privacypride: reshared this.
❄️ freezr ❄️
in reply to informapirata • • •@informapirata @Informa Pirata @informapirata :privacypride: @The Pirate Post @Nome Cognome @Franc Mac @Poliverso - notizie dal fediverso @The Privacy Post @Cybersecurity & cyberwarfare @suoko @Il Disinformatico @Umberto gaetani @EduINAF @Evan Prodromou @Bridgy Fed for Bluesky @Poliverso @H9k @Polo Bianciardi @Sarah Perez @Privacy Pride @L'ultimo dei miei cani
Ma quanto è attivo lo sviluppo di Friendica? Se lo dovessi giudicare dalla UI mi sembra che non si sia fatto praticamente nulla...
Informa Pirata
in reply to ❄️ freezr ❄️ • • •@❄️ freezr ❄️ sull'interfaccia grafica non si è fatto niente, ma credo che sia meglio così.
Se gli sviluppatori di Friendica hanno energie da spendere sulla parte grafica, allora è opportuno che si mettano a lavorare su un'app, perché quello è l'unico investimento che ti ritorna indietro.
Se pensi a Misskey, che vale la metà di Friendica, ma che ha un'interfaccia dieci volte migliore, puoi renderti conto che a causa del fatto che non ha un'app davvero funzionante e completa, presenta i dati di "mortalità" utente più alti del Fediverso
@Poliverso - notizie dal fediverso @informapirata :privacypride:
❄️ freezr ❄️
in reply to informapirata • • •@informapirata @Informa Pirata @informapirata :privacypride: @The Pirate Post @Nome Cognome @Franc Mac @Poliverso - notizie dal fediverso @The Privacy Post @Cybersecurity & cyberwarfare @suoko @Il Disinformatico @Umberto gaetani @EduINAF @Evan Prodromou @Bridgy Fed for Bluesky @Poliverso @H9k @Polo Bianciardi @Sarah Perez @Privacy Pride @L'ultimo dei miei cani
Come ho scritto io uso Tusky o alternativamente un browser leggero... Il mio preferito è sempre Diaspora, ma penso che Friendica debba tagliare un po' di cose per renderlo più sostenibile, altrimenti non riuscirà mai a modernizzarsi nella UI ne tanto meno ad avere un app decente...
informapirata :privacypride:
in reply to ❄️ freezr ❄️ • • •io mi trovo abbastanza bene sia con Tusky sia con Fedilab, Ma l'esperienza migliore continua ad avercela come browser dello smartphone, che preferisco addirittura al browser desktop A meno che non si tratti di scrivere post complessi.
Il fatto è che utilizzando Friendica da un'app mastodon, ti perdi tutte le caratteristiche che rendono Friendica diverso da mastodon. A quel punto conviene utilizzare direttamente Mastodon...
@informapirata@poliverso.org @macfranc @notizie
❄️ freezr ❄️ likes this.