Kyputer

Kyputer - Twitch NEW YEAR VIBES! 😎 Cruel mode POE noob gets clapped up! Back Seating allowed! | Cyber Guy AMA | 🍉🇵🇸FREE PALESTINE!🇵🇸🍉

Blowin em up like a cybertruck! twitch.tv/kyputer

ArunAnnow - Twitch 🔴 ATUL SUBHASH LETTER EXPOSED 🔴 NEWS AND REACTS

WE'RE LIVE AND ALIVE TALKING ABOUT ATUL SUBHASH'S DEATH AND LETTER AND THE REACTIONS TO SAID LETTER

twitch.tv/ARUNANNOW

SHE DREW ME 😭🤣

I was showing a woman some pictures of my video game collection at a dinner party, and she interjected that I was "really jacked, and that's cool." "Thanks! So anyways, the gameboy pocket came after the gameboy, but before the gameboy color! Mine is red!"

I am training around 5 people in Brooklyn rn. Turning all the twinks into twunks. You can thank me later 🫡

Me: That's nice and all, but what role do you play? Mid? Jg?

Honestly, I gotta respect the hustle 🤣

twitch.tv/kyputer

Password-Stealing Chrome Extension Demonstrates New Vulnerabilities Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.

Due to the lack of boundaries between the DOM and extensions, researchers at the Univ. Wisconsin - Madison developed a chrome extension that can reliably rip passwords from the fields of tons of websites.

Mirai variant infects low-cost Android TV boxes for DDoS attacks A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming.

Mirai botnet has been found on low-end Android TV boxes. This variant is based on the Pandora backdoor from 2015. These boxes are hefty enough to effectively DDoS a target in small groups. The malware is either being delivered via updates or pirate apps.

A zero-day in Atlas VPN Linux Client leaks users' IP address Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user's IP address by visiting a website.

There is a zero-day in the latest version of the Atlas VPN client for Linux-based clients. An adversary can disconnect you from the VPN and obtain your IP with a few simple requests. If you navigate to an attacker-controlled resource, this is trivial.

Bike nature stream! twitch.tv/kyputer

Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink Prolific hackers accused of being a front for Russian cyber-operation shares counter evidence with the BBC.

Is Anon Sudan Russian or Sudanese? The criminals provided passport pictures and their live location over Telegram(easily spoofable) to prove they are not Russian. The group has attacked various government web services and claims to fight for islam and Sudan.

GhostSec Claim Breaching Iranian Govt Surveillance Software Tool Twitter @Hackread - Facebook @ /Hackread

GhostSec has breached the software suite used by Iranian authorities to surveil and oppress their populace. The dump includes everything from facial data to source code. GhostSec is a politically motivated hacktivist group fighting fort privacy rights.

Japan's cybersecurity agency admits it was hacked for months Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for the nation's defences against cyber attacks, has itself been hacked.

The national Japanese cybersecurity readiness agency has been compromised for MONTHS. Going public with this info at the start of Aug, the agency has said that emails have been leaked to unauthorized parties and could be used for further attacks.
www.bitdefender.com/blog/hotfors...

Trojanized Signal and Telegram apps on Google Play delivered spyware Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF.

A Chinese APT has been using trojanized versions of the Signal and Telegram Android apps to compromise unwitting users. This malware can extract everything from geoloc to call and sms logs. It also can activate the cameras and pull files/contacts.

Microsoft weighs in on Russian-led UN cybercrime treaty It could be used to put ethical hackers, and citizens, behind bars

Microsoft is pushing for updating a UN proposal for a cybercrime treaty. Microsoft fears that this could lead to legalizing state surveillance across borders, suppression of dissent, and criminalizing research instead of meeting its goals of stopping cybercrime.

Qakbot botnet disrupted, malware removed from 700,000+ victim computers - Help Net Security Qakbot botnet crippled: 52 of its servers have been seized, and the malware loader has been removed from over 700,000 victim computers.

Is this the biggest botnet ever recorded? Eclipsing Srizbi by about 250k compromised machines, Qakbot owned a massive ~700k hosts. The US DOJ worked with France, Germany, the Netherlands, the UK, Romania, and Latvia to shut down Qakbot's operations.

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel Attention developers! Malicious packages found on Rust's crate registry. They target your machines, capture OS info, and use Telegram for data transfe

Typosquatting and malicious packages are a part of the adversary toolkit for targeting developers and their companies. The latest malicious packages discovered on the Rust language's registry, crate, capture and send OS information to a telegram.
thehackernews.com/2023/08/deve...

KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities KmsdBot botnet malware has evolved, now targeting a wider range of IoT devices.

This botnet malware scans ransom IP addresses for open SSH ports, and uses a wordlist from an attacker-controlled resource, to brute force servers. It has started targeting the telnet protocol and other CPU architectures as well.

PoC for no-auth RCE on Juniper firewalls released - Help Net Security WatchTowr Labs Researchers have released a PoC exploit that allows no-auth RCE on Juniper Networks' SRX firewalls.

There is a PoC to upload, without prior authentication, and execute arbitrary PHP code on @JuniperNetworks firewalls and switches. They achieve this by using the PHPRC env variable to change the php.ini file used. They then point that at their code.
www.helpnetsecurity.com/2023/08/28/p...

Leaseweb is restoring ‘critical’ systems after security breach Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled following a recent security breach.

LeaseWeb disabled some critical systems following a recent security breach. They put out a statement saying they are reducing potential risks to clients in the future and have brought in an external firm to assist in restoring and securing systems.

IT Contractor Data Breach Affects 47,000 Met Police Personnel Twitter @Hackread - Facebook @ /Hackread

What would happen if your company's ID card vendor was breached? That is now the reality for the UK Met Police Force. The details of the 47k personnel include everything from photos and ranks to full ID numbers.

LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants The leak of LockBit 3.0 ransomware builder has led to the emergence of various new cyber threats: Bl00dy, Buhti, and NATIONAL HAZARD AGENCY.

The leak of the LockBit 3.0 Builder has given way to nearly 400 variants of the ransomware. Ransomware ops are moving quickly, now with a median of 5 days dwell time in the first half of 2023 (down from 9 days).

Deepfakes Are Being Used to Circumvent Facial Recognition Systems Twitter @Hackread - Facebook @ /Hackread

Newly coined 'camera injection' attack techniques pose a threat to facial recognition systems. By injecting manipulated video content it is possible to circumvent authentication systems utilizing facial recognition.

Kyputer - Twitch Bottom G Politics™ Variety Streamer: cybersecurity/tech news every day, espresso making, building keyboards, and cycling/IRL! Subs get cat tricks or rubik's cube solves. https://throne.com/kyputer/w...

Deepfakes bypass Facial Recognition 😨 LockBit 3.0 -> Hundreds of Variants 🤖 | Cyber Guy AMA ✋ www.twitch.tv/kyputer

MSI: Recent wave of Windows blue screens linked to MSI motherboards MSI has officially confirmed the recent surge of blue screens of death (BSODs) encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard m...

MSI mobo's and recent Windows updates have culminated in BSODs. It is best to avoid these preview updates if you have an affected motherboard.

Data breach at French govt agency exposes info of 10 million people Pôle emploi, France's governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging to 10 million individuals.

10M French citizens utilizing employment/unemployment services from the government have had their data stolen in the latest MOVEit breach.

China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns The cyber-espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.

Chinese APT Flax Typhoon has been infiltrating dozens of Taiwanese orgs, carrying out extensive cyber espionage campaigns using Living-off-the-land techniques.

US charges founders of Tornado Cash mixer used by Lazarus hackers The U.S. Justice Department charged two Tornado Cash founders with helping criminals, including the notorious North Korean Lazarus hacking group, launder over $1 billion worth of stolen cryptocurrency...

Criminal groups have been able to launder over a billion dollars through Tornado Cash since its launch. Groups like Lazarus use these services because they do not enforce Anti-Money Laundering tactics and Know Your Customer programs.
#cc