Author Topic: X-Ploits  (Read 887 times)

0 Members and 1 Guest are viewing this topic.

X-Ploits
« on: June 01, 2017, 02:58:21 PM »
With the amount of exploits, zero-day(s), vulnerabilities, and data breaches constantly happening, a thread to keep up on them, and their remedies / mitigation, probably isn't a bad idea.
It will also keep the Function Random thread a little cleaner. ;)
Dump them here...


Re: X-Ploits
« Reply #1 on: June 01, 2017, 02:58:41 PM »
Linux users w/SELinux enabled: Update your systems...   NOW !
(Everyone else, update them now !  ;)
http://thehackernews.com/2017/05/linux-sudo-root-hack.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

https://threatpost.com/patches-available-for-linux-sudo-vulnerability/125985/

Debian and derived systems (Mint, Ubuntu...) from the debian link in the above url.
https://security-tracker.debian.org/tracker/CVE-2017-1000367


Quick fix for Debian derived systems:

Copy and paste into the terminal (Ctrl + Alt + T    to bring it up.)
Code: [Select]
sudo apt-get update && sudo apt-get upgrade
In Synaptic, click 'Mark All Upgrades', then 'Apply'

Re: X-Ploits
« Reply #2 on: June 01, 2017, 02:59:55 PM »
Chrome users - Take Note:
http://thehackernews.com/2017/05/browser-camera-microphone.html
Web-RTC & JavaScript are at it again. (You might want to disable E-Tags also.)

From the article: "  Edward Snowden leaks also revealed Optic Nerve – the NSA's project to capture webcam images every 5 minutes from random Yahoo users. In just six months, 1.8 Million users' images were captured and stored on the government servers in 2008.  "
You can bet they were added to their facial recognition AI database too. >:(



Re: X-Ploits
« Reply #3 on: June 01, 2017, 03:00:46 PM »
“All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.”
“Dealing with [the] aftermath. This is a massive leak.”
https://www.tripwire.com/state-of-security/latest-security-news/customer-data-reportedly-stolen-onelogin-security-incident/


Re: X-Ploits
« Reply #4 on: June 01, 2017, 03:01:12 PM »
"  A hacker claims to have stolen the upcoming season of Netflix's hit series Orange Is the New Black, and is demanding that the video streaming service pay an unspecified ransom to prevent all the new episodes from being prematurely released online. "
http://www.nzherald.co.nz/entertainment/news/article.cfm?c_id=1501119&objectid=11847778

Re: X-Ploits
« Reply #5 on: June 01, 2017, 03:02:19 PM »
"  As outlined by security firm Check Point, 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., "infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.
... It's "possibly the largest malware campaign found on Google Play," according to Check Point.
... the total spread of the malware may have reached between 8.5 and 36.5 million users. "

http://www.pcmag.com/news/353943/judy-malware-potentially-hits-up-to-36-5m-android-devices


Re: X-Ploits
« Reply #6 on: June 01, 2017, 03:06:03 PM »
Microsoft says it has updated its Malicious software Removal Tool to fight the latest ransomeware. It probably runs automatically but to be sure simply type MRT in the run box (or whatever it's called now.)

Re: X-Ploits
« Reply #7 on: June 14, 2017, 06:28:40 PM »

Re: X-Ploits
« Reply #8 on: June 14, 2017, 06:33:05 PM »

Re: X-Ploits
« Reply #9 on: June 14, 2017, 10:42:13 PM »

Re: X-Ploits
« Reply #10 on: June 30, 2018, 05:52:24 PM »

Re: X-Ploits
« Reply #11 on: June 30, 2018, 06:44:07 PM »
Still using facebook ?

"   Ceukelaire reported the flaw via Facebook’s Data Abuse Bounty Program on April 22, and over a month later the social media informed him that it could take three to six months to investigate the issue.

Over two months after initially reporting the issue to Facebook, Ceukelaire noticed that NameTests has fixed the issue, and told him it had found no evidence of abuse of the exposed data by any third party.   "

https://thehackernews.com/2018/06/facebook-users-data-leak.html

Re: X-Ploits
« Reply #12 on: June 30, 2018, 07:37:36 PM »
Android users, RowHammer is back.

https://thehackernews.com/2018/06/android-rowhammer-rampage-hack.html
I like that they want me to open up a .pdf to read about more details.  ;)

Re: X-Ploits
« Reply #13 on: October 12, 2018, 05:35:08 AM »
I like that they want me to open up a .pdf to read about more details.  ;)
There's one PDF link in the article, and it's listed in big bold blue letters as "PDF".
It's simple, pull the DL, shut down your internet connection - if you're running Doze OS, scan the file. If it's clean, read it in read only mode.
That's pretty basic, and should be standard operating procedure for anyone that DL's PDF's.
Seriously. CYA
;)
(Never open a PDF online. (If your system isn't hardened, you're fucked.)
That's no shit.
Sometimes I forget that my S.O.P. doesn't apply to 96% of the people out there.  :(
Things I do out of force of habit, most people never even heard of. 
It's up to the reader to cover their own ass. I just try to post useful information, (although I'll never knowingly post malicious links or sub-links.) 

Nope, never ever ever open a recently DL'ed file while you are still on-line.
You're right about your skepticism though.
Just take proper precautions - CYA.    ;)

Re: X-Ploits
« Reply #14 on: October 12, 2018, 06:02:20 AM »
How To Hack A Voting Machine      LOL

https://www.darkreading.com/iot/the-abcs-of-hacking-a-voting-machine/d/d-id/1332386

(Read the comment at the end of the page -  it's pretty good.  )   ;)

Re: X-Ploits
« Reply #15 on: October 12, 2018, 06:08:19 AM »
DEFCon (BlackHat) PDF's... 
https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/

There's some cool stuff on this site.   ;)

Re: X-Ploits
« Reply #16 on: October 12, 2018, 07:06:40 AM »
How To Hack A Voting Machine      LOL

https://www.darkreading.com/iot/the-abcs-of-hacking-a-voting-machine/d/d-id/1332386

(Read the comment at the end of the page -  it's pretty good.  )   ;)

It's a great comment........

Re: X-Ploits
« Reply #17 on: October 13, 2018, 05:58:00 PM »
It's a great comment........
And should be implemented IMHO.  ;)

Re: X-Ploits
« Reply #18 on: October 13, 2018, 06:02:29 PM »
And...
This is why I don't sign up for for anything online that I can avoid signing up for.

https://haveibeenpwned.com/
(Scroll down 3/4 of the way down the page to see the major breeches.

https://haveibeenpwned.com/PwnedWebsites
An alphabetical listing of all the sites they have tracked, with dates and information that was exposed - and verified exposed. (If it's unverified, it's listed as such.)  ;)
Gamers, take note.

Re: X-Ploits
« Reply #19 on: October 13, 2018, 06:18:44 PM »
How To Hack A Voting Machine      LOL

https://www.darkreading.com/iot/the-abcs-of-hacking-a-voting-machine/d/d-id/1332386

(Read the comment at the end of the page -  it's pretty good.  )   ;)

The old fashioned way:

https://en.wikipedia.org/wiki/Irving_Slosberg

Immediately after the 2000 election in which Slosberg was elected to the Florida State House by 88 votes and at the peak of the vote recount during the Bush-Gore United States presidential election in Florida, 2000, Palm Beach Sheriff's Deputies confiscated a Votamatic voting machine from Slosberg.[8] When initially approached by the Supervisor of Elections Office and asked about the voting machine, Slosberg denied having it. On November 11, 2000, police confronted Slosberg about the voting machine which Slosberg then retrieved from his car and delivered to the police.[9] No reason was ever provided for Slosberg having possession of the voting machine, and despite additional allegations of misconduct Democrat Supervisor of Elections Theresa Lepore neither investigated nor pressed charges against Slosberg.

 >:( >:( >:(