Notices by Catalin Cimpanu (campuscodi@mastodon.social)

Fun times ahead for Pegasus customers

Israeli ambassador to Spain threatens to use Pegasus data seized from NSO to attack Spanish government

"Mi Gobierno aún no ha respondido con revelaciones de Pegasus"

"My Government has not yet responded with Pegasus revelations"

https://www.elespanol.com/espana/politica/20250527/embajador-israel-funciones-advierte-gobierno-no-respondido-revelaciones-pegasus/1003743774464_0.html

@cR0w Is it related to this?

https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/

@cR0w yeah, looks like a zero-day patch for me too

details line up perfectly

I wish I could see what's in that private SAP page

@cR0w looks like there's another hushed-up zero-day out there

in CraftCMS: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3

@malwaretech @GossiTheDog the entire game looks dated on all platforms, yet the CoD fanboys preach it like GOTY

That recent Firefox zero-day was used to target Tor Browser users

https://blog.torproject.org/new-release-tails-6-8-1/

DMCA takedowns at GitHub and YT are a joke

A company can get your code/video taken down in 3 nano-seconds but when you file a complaint against a big corp it takes months to "review"

https://tech.lgbt/@obfusk/113120199714429241

This account is now on delete posts older than a week.

CrowdStrike ex-employees: ‘Quality control was not part of our process’

https://www.semafor.com/article/09/12/2024/ex-crowdstrike-employees-detail-rising-technical-errors-before-july-outage

Ok, so this is very clever.

Some infostealer devs are forcing browsers to enter in Kiosk Mode and forcing users to enter credentials on legitimate sites.

Once entered, they are stored in Chrome's password manager, from where the passwords can be easily extracted

https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html

Newsletter: https://news.risky.biz/risky-biz-news-uk-nca-on-its-knees-bleeding-staff-seriously-underpaid/
Podcast: https://risky.biz/RBNEWS333/

-UK NCA "on its knees," bleeding staff, seriously underpaid
-Poland's Pegasus inquiry reaches a roadblock
-Poland disrupts Russian cyber-saboteurs
-Americans lost $5.6 billion to crypto-fraud last year
-US arrests Terrorgram admins
-Sextortion gang charged
-Australia to introduce minimum age for social media
-Russian to invest $650mil in national firewall
-Wix leaves Russia
-Ford seeks new car-spying patent

Google has removed the TENET Media YouTube channel after the DOJ indictment revealed the organization took money from Russia to publish Kremlin propaganda

https://therecord.media/youtube-removes-tenet-media-russian-ties

I just removed a bookmark from by browser toolbar after two decades

Yes, I said two decades 😭 😭 😭 😭 😭

Damn, I'm actually old now

Telegram has removed multiple channels hosting deepfake porn starring local South Korean women.

The company apologized for its late response to the police's request and provided authorities with a dedicated email where they can report future crimes.

It's a surprise how responsive to law enforcement investigations a platform can get after you arrest its CEO. Shocking, right? :nigmathink: :nigmathink: :nigmathink: :nigmathink:

https://en.yna.co.kr/view/AEN20240903008900320

D-Link says it won't patch four recently discovered vulnerabilities impacting a line of now discontinued SOHO routers (DIR-846)

All four bugs are critical RCEs

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411

The city of Columbus sues a security researcher who exposed the administration for lying about a recent ransomware attack

https://www.10tv.com/article/news/local/city-columbus-sues-cybersecurity-expert/530-fc59233d-39cb-463f-9454-0234f1c8cced

NSA will launch a podcast:

https://pca.st/yx9w8c4v

"My gut says Telegram is an FSB operation."

I'm glad someone else says it and lays down the arguments for it.

https://blog.thc.org/keep-pavel-durov-locked-up

Holy f***ing s**t!

I need 250GB to update Call of Duty!

What tf is wrong with that company's engineers!!!!

Latest CrowdStrike threat actor naming scheme

Source/PDF: https://go.crowdstrike.com/rs/281-OBQ-266/images/24-MA-099_2024-Threat-Hunting-Report_11.pdf