It affects mainly docker and kubernets containers. I did a little research and apparently docker isn't based of lxc/lxd anymore, so I suppose that it doesn't affect those. Although I'm not sure what kubernets is based off
AnyDesk has copped to an IT security "incident" in which criminals broke into the remote-desktop software maker's production systems.
The application developer, which is said to have more than 170,000 customers worldwide, disclosed the intrusion in a statement on its website late on Friday, claiming it is "not related to ransomware."
While there's no specific mention of stolen data, some infosec analysts have pointed out that the disclosure indicates that criminals got hold of AnyDesk's code signing certificate.
According to infosec world watchers, criminals are selling AnyDesk customer credentials on the dark web, though these may not be related to this latest heist.
Other security shops warned that the pillaging has already begun with "multiple threat actors" selling access to stolen AnyDesk credentials.
Nick Hyatt, director of threat intelligence at managed detection and response firm BlackPoint, told The Register that the credentials are legitimate, but not newly stolen.
The original article contains 359 words, the summary contains 147 words. Saved 59%. I'm a bot and I'm open source!
NSO is an Israeli company and they marketed Pegasus to many regimes, including Saudi Arabia.
Before being tortured and murdered the critical Journalist Jamal Kashoggi was also spied on with Pegasus. It is no suprise, that Israel is also helping the Jordanian regime to supress civil society, human rights activism and independant journalism
You should better point to the official site than promote a suspicious third-party one. It contains incorrect information on the license, maybe some other mistakes.
In a 2022 report detailing a much smaller group of Pegasus victims in Jordan, digital sleuths at the University of Toronto’s Citizen Lab identified two operators of the spyware it said may have been agents of the Jordanian government.
The rest were identified by Human Rights Watch, Amnesty International’s Security Lab, and the Organized Crime and Corruption Reporting Project.
The U.S. government was unpersuaded and blacklisted the NSO Group in November 2021, when iPhone maker Apple Inc. sued it, calling its employees “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”
Coogle’s local, personal iPhone was successfully hacked in October 2022, he said, just two weeks after the human rights group published a report documenting the persecution and harassment of citizens organizing peaceful political dissent.
Human Rights Watch said in a statement Thursday that it had contacted NSO Group about the attacks and specifically asked it to investigate the hack of Coogle’s device “but has received no substantive response to these inquiries.”
Along the way, he said, he’s learned important lessons about not clicking on links in messages purporting to be from legitimate contacts, which is how one of the Pegasus hacks snared him.
The original article contains 707 words, the summary contains 202 words. Saved 71%. I'm a bot and I'm open source!
@BlanK0@security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.
Just installed parrot on an "old" laptop the other day. Need to find time time to have a look around and see how it runs.
The install experience was very very smooth and at least in the live dvd (usb stick) guide also worked well over WiFi, which Debian installers generally don't.
The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company's part, a researcher said.
In Thursday’s post updating customers on findings from its ongoing investigation, Microsoft provided more details on how the hackers achieved this monumental escalation of access.
In Thursday’s update, Microsoft officials said as much, although in language that largely obscured the extent of the major blunder.
Threat actors like Midnight Blizzard compromise user accounts to create, modify, and grant high permissions to OAuth applications that they can misuse to hide malicious activity.
They created a new user account to grant consent in the Microsoft corporate environment to the actor controlled malicious OAuth applications.
The threat actor then used the legacy test OAuth application to grant them the Office 365 Exchange Online full_access_as_app role, which allows access to mailboxes.
The original article contains 339 words, the summary contains 156 words. Saved 54%. I'm a bot and I'm open source!
it seems that when Apple brings RCS to iPhone, it will focus on the wrapper and ignore the sweetie. Typing indicators and haptic responses—yes. Cross-platform end-to-end encryption—not so much.
Except… RCS IS the wrapper. End-to-end encryption isn’t part of the RCS standard; it’s a proprietary Google extension, hosted on Google services.
Security
Hot