Kali Linux

@kalilinux Source What the US PornHub ‘ban’ is really about?

@kalilinux Source

At least 33 browser extensions hosted in Google’s Chrome Web Store, some for as long as 18 months, were surreptitiously siphoning sensitive data from roughly 2.6 million devices. @Kalilinux https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices

Source-01 source-02 @Kalilinux

The United States Department of Justice is pushing Google to sell Google Chrome to break their search monopoly (not yet official). Source @Kalilinux

Source @Kalilinux CVE-2024-44308 — JavaScriptCore — Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 — WebKit — Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

On Monday Amazon confirmed a breach of employee data which was published on a crime-focused forum, according to a statement from Amazon to 404 Media. @Kalilinux https://www.404media.co/amazon-confirms-breach-of-employee-data/

https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/ @Kalilinux

@Kalilinux https://www.404media.co/suspected-snowflake-hacker-arrested-in-canada/

All donations to the Tor Project matched 1:1, now through Dec 31 Each year during this season, the Tor Project holds a fundraiser during which we ask for your support. We do this because the Tor Project is a nonprofit organization, powered by donations from our community. Donations make it possible for the Tor Project to build tools powered by people-not profit. Over the next few months, well be sharing stories from some of the millions of people you’re helping when you support Tor, details about what’s coming next to our suite of privacy and censorship circumvention tools, and ways you can help make privacy online easy and accessible. Now is a great time to give and spread the word about the Tor Project because through the end of the year, all donations will be matched. That means when you donate $25, you’re making a $50 impact. Plus, we’ve introduced a brand-new item to our list of gifts you can receive in return for making a donation. https://torproject.org/donate/donate-tel-yec2024

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. HIBP operator Troy Hunt confirmed to Bleeping Computer that nine days ago, he received a file containing “email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data” for 31 million unique email addresses, and confirmed it was valid by matching data with a user’s account. But 54 percent of the accounts were already in its database from previous breaches. Not so long after the breach, the Internet Archive suffered a DDoS attack, which has now been claimed by the BlackMeta hacktivist group, who says they will be conducting additional attacks. read more ... @Kalilinux

Gen Threat Labs has recently discovered a sophisticated rootkit targeting Arch Linux (6.10.2-arch1-1 x86_64) More details in the pictures and here is the source @Kalilinux

Caroline Ellison to 2 years for covering up Sam Bankman-Fried’s FTX fraud Caroline Ellison "deeply regrets" FTX lies, must now forfeit $11 billion. Source @Kalilinux

Yet another supply chain attack, yet another Chinese App on Google play. We're talking about the new version of the Necro malware loader for Android which has the same payload configurations and payloads as the previous version and is installed on 11 million devices through Google Play in malicious SDK supply chain attacks. Wuta Camera, a selfie retouching app developed by Shanghai Benqumark Network Technology and the Max Browser, which marketed itself as a privacy-focused browser for Android are the two Apps involved. the two apps were infected by an advertising SDK named 'Coral SDK,' which employed obfuscation to hide its malicious activities and also image steganography to download the second-stage payload, shellPlugin, disguised as harmless PNG images. While the trojan was removed in version 6.3.7.138, any payloads that might have been installed via the older versions might still lurk on Android devices. source-01 source-02 More detailed source-03 @kalilinux

UltraAV force-installed on Kaspersky users' PCs #Kaspersky antivirus has reportedly begun silently installing a new #antivirus product called "Ultra AV" on United States-based users machines! According to many online customer reports, including BleepingComputer's forums, UltraAV's software was installed on their computers without any prior notification, with many concerned that their devices had been infected with #malware.

"I woke up and saw this new antivirus system on my desktop and I tried opening kaspersky but it was gone. So I had to look up what happened because I was literally having a mini heart attack that my desktop somehow had a virus which uninstalled kaspersky somehow," one user said.

@kalilinux source

North Korean hackers target Python developers with malware disguised as coding tests — hack has been underway for a year and is likely to be continued. @Kalilinux Source-01 Sourse-02

https://www.youtube.com/watch?v=MKTN2OiR2R8 @Kalilinux

Today the United States Department of Justice announced the conviction of Remy St. Felix. St. Felix is accused of being the mastermind behind a string of violent home invasions targeting individuals possessing large quantities of cryptocurrency. Prosecutors state St. Felix targeted crypto holders in North Carolina, Florida, Texas, and New York. Due to the violence of the actions — including assaulting victims, zip-tying them, holding them at a gunpoint, and threatening to murder their family, St. Felix is facing charges for; conspiracy, kidnapping, Hobbs Act robbery, wirefraud, and brandishing a firearm in furtherance of a crime of violence. He is facing a maximum sentence of life in prison. @Kalilinux Source