/os/ - Online Security

Hak5
Apple Adds Privacy Updates to iOS 13 at WWDC - ThreatWire
https://youtube.com/watch?v=uBZaCxXa4Lc
Published : 04 Jun 2019 Duration  : 08:40

Links:
Support me on alternative platforms! https://snubsie.com/support
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/
https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html
https://blogs.technet.microsoft.com/msrc/2019/05/30/a-reminder-to-update-your-systems-to-prevent-a-worm/
https://arstechnica.com/information-technology/2019/05/microsoft-says-its-confident-an-exploit-exists-for-wormable-bluekeep-flaw/
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
https://arstechnica.com/information-technology/2019/05/why-a-windows-flaw-patched-nine-days-ago-is-still-spooking-the-internet/
https://securityledger.com/2019/05/microsoft-bluekeep-flaw-threatens-medical-devices-iot/

http://newsroom.questdiagnostics.com/AMCADataSecurityIncident
https://www.huffpost.com/entry/quest-diagnostics-data-breach_n_5cf54eaae4b0e346ce8267f7?ncid=tweetlnkushpmg00000067
https://techcrunch.com/2019/06/03/quest-diagnostics-breach/
https://www.chicagotribune.com/business/ct-quest-data-hack-1214-biz-20161213-story.html

https://www.zdnet.com/article/wwdc-2019-apple-debuts-new-privacy-features-in-ios-13/
https://9to5mac.com/2019/06/03/apple-launches-sign-in-with-apple-button-for-apps-no-tracking-login/
https://www.zdnet.com/article/wwdc-2019-apple-announces-sign-in-with-apple-feature/
https://threatpost.com/wwdc-2019-apple-facebook-privacy/145290/

Hak5
Ring Doorbells Create a Surveillance State - ThreatWire
https://youtube.com/watch?v=0sHdPjrREi0
Published : 11 Jun 2019 Duration  : 09:59

Windows Zero Day ByeBear Posted to Bypass Windows Patch
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
https://www.microsoft.com/en-us/msrc/bounty
Amazon Ring Doorbell used by police for surveillance network
https://blog.ring.com/2019/02/14/how-rings-neighbors-creates-safer-more-connected-communities/
https://www.theinformation.com/go/b7668a689a
https://www.cnet.com/features/amazons-helping-police-build-a-surveillance-network-with-ring-doorbells/
https://www.vice.com/en_us/article/evkgpw/smart-doorbell-company-ring-is-working-with-cops-to-report-suspicious-people-and-activities
https://www.businessinsider.com/amazon-ring-video-doorbell-footage-used-by-police-report-2019-6
https://www.cnet.com/news/these-laws-make-police-get-public-buy-in-on-surveillance-tools/
https://www.cnet.com/news/amazons-ring-takes-heat-for-considering-facial-recognition-for-its-video-doorbells/
https://www.vice.com/en_us/article/pajm5z/amazon-home-surveillance-company-ring-law-enforcement-advertisements
238 Google Play apps found with malicious code
https://arstechnica.com/information-technology/2019/06/238-google-play-apps-with-440-million-installs-made-phones-nearly-unusable/
https://threatpost.com/android-completely-obnoxious-pop-ups/145390/
https://blog.lookout.com/beitaplugin-adware
https://www.zdnet.com/article/440-million-android-users-installed-apps-with-an-aggressive-advertising-plugin/

Hak5
RAMBleed Steals Crypto Keys; Yubikeys Recalled - ThreatWire
https://youtube.com/watch?v=Am4GmkdtKQs
Published : 18 Jun 2019, Duration  : 10:01
RAMBleedshoutout to CypherDragon:
https://access.redhat.com/articles/1377393
https://rambleed.com/
https://rambleed.com/docs/20190603-rambleed-web.pdf
https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/
https://threatpost.com/rambleed-side-channel-privileged-memory/145629/
https://thehackernews.com/2019/06/rambleed-dram-attack.html
Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
https://www.zdnet.com/article/yubico-to-replace-vulnerable-yubikey-fips-security-keys/
https://www.yubico.com/replaceorder/

Hak5
Amazon Surveillance Delivery Drones; Patch Linux! - ThreatWire
https://youtube.com/watch?v=fCzu0LYZFwQ
Published : 25 Jun 2019  Duration  : 08:14
Firefox Zero Day:
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
https://www.zdnet.com/article/mozilla-fixes-second-firefox-zero-day-exploited-in-the-wild/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/
https://twitter.com/SecurityGuyPhil/status/1141466335592869888
https://threatpost.com/mozilla-patches-firefox-critical-flaw-under-active-attack/145814/
Amazon Drones:
https://www.cnet.com/news/amazon-granted-patent-for-surveillance-drones-service/
https://www.zdnet.com/article/amazon-patent-suggests-surveillance-as-a-service-could-be-future-offering/
https://www.businessinsider.com/amazon-wins-patent-for-surveillance-drones-2019-6
Linux Vulns:
https://arstechnica.com/information-technology/2019/06/new-vulnerabilities-may-let-hackers-remotely-sack-linux-and-freebsd-systems/
https://threatpost.com/linux-kernel-bug-pcs-iot-offline/145797/
https://www.zdnet.com/article/netflix-to-linux-users-patch-sack-panic-kernel-bug-now-to-stop-remote-attacks/
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Hak5
Cities Pay Up After Ransomware Attacks - ThreatWire
https://youtube.com/watch?v=CstOiRBTZic
Published : 02 Jul 2019
Duration  : 09:09

Hak5
Big Problems for OpenPGP - ThreatWire
https://youtube.com/watch?v=iQwUIgfeFrw
Published : 09 Jul 2019  Duration  : 09:24
Links:
https://www.nytimes.com/2019/07/02/technology/china-xinjiang-app.html
https://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
https://github.com/motherboardgithub/bxaq
https://www.cnet.com/news/china-is-reportedly-scanning-tourists-phones-with-malware/
https://threatpost.com/pgp-ecosystem-targeted-in-poisoning-attacks/146240/
https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html
https://www.cnet.com/news/alexa-privacy-concerns-prompt-senator-to-seek-answers-from-amazon-ceo-jeff-bezos/
https://www.cnet.com/news/amazon-alexa-keeps-your-data-with-no-expiration-date-and-shares-it-too/
https://www.theverge.com/2019/7/3/20681423/amazon-alexa-echo-chris-coons-data-transcripts-recording-privacy
https://www.cnet.com/how-to/you-can-finally-delete-most-of-your-amazon-echo-transcripts-heres-how/

Hak5
WPA3 Passwords Still Vulnerable To Hacks, Capital One Hack Breakdown - ThreatWire
https://youtube.com/watch?v=RdEVE-IUJpo
Published: 06 Aug 2019  Duration: 11:05
Capital One breach, WPA3 is still vulnerable to hacks, and US utility companies are targeted in attacks!
WPA3 Hacking
https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/
https://www.zdnet.com/article/new-dragonblood-vulnerabilities-found-in-wifi-wpa3-standard/
https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html
https://wpa3.mathyvanhoef.com/#new
https://eprint.iacr.org/2019/383.pdf
US Utilities targeted in hack
https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
https://arstechnica.com/information-technology/2019/08/new-advanced-malware-possibly-nation-sponsored-is-targeting-us-utilities/
https://www.zdnet.com/article/suspected-state-sponsored-hacking-group-tried-to-break-into-us-utilities/
https://www.cyberscoop.com/apt-10-utilities-phishing-proofpoint/
Capital One
https://www.cyberscoop.com/capital-one-cybersecurity-data-breach-what-went-wrong/
https://www.prnewswire.com/news-releases/capital-one-announces-data-security-incident-300892738.html
https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
https://www.capitalone.com/applications/responsible-disclosure/
https://www.justice.gov/usao-wdwa/press-release/file/1188626/download
https://techcrunch.com/2019/07/31/capital-one-breach-vodafone-ford-researchers/
https://www.scribd.com/document/420587413/GitHub-CapitalOne-Complaint
https://www.cyberscoop.com/capital-one-data-breach-credit-freeze-credit-cards/
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire

DEF CON 2019: How To Hack A Canon Camera - ThreatWire
https://youtube.com/watch?v=l6MefN0bw2A
Published : 14 Aug 2019 Duration : 08:18
Steam Vulnerability:
https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/
https://threatpost.com/gamers-zero-day-steam-client-affects-windows/147225/
https://amonitoring.ru/article/steamclient-0day/
https://twitter.com/enigma0x3/status/1159103239729471488
Canon DSLR Hacking:
https://thehackernews.com/2019/08/dslr-camera-hacking.html
https://asia.canon/en/support/security-advisory-ptp-communication-and-firmware-functions/notice
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://threatpost.com/hack-of-a-canon-eos-80d-dslr/147214/
Fingerprint on Android:
https://thehackernews.com/2019/08/android-local-user-verification.html
https://security.googleblog.com/2019/08/making-authentication-even-easier-with_12.html
https://arstechnica.com/information-technology/2019/08/google-lets-android-users-skip-the-password-when-logging-in/
https://www.cnet.com/news/google-now-offers-no-password-login-if-you-have-android-phone/

Hak5
Valve Apologizes to Banned Security Researcher - ThreatWire
https://youtube.com/watch?v=fYlkXrkvlrI
Duration  : 08:27  Published : 27 Aug 2019
Hacker must pay back 1 million euros:
https://www.theguardian.com/technology/2019/aug/23/bitcoin-seized-hacker-grant-west-uk-compensate-victims
https://thehackernews.com/2019/08/hacker-phishing-bitcoin.html
https://www.zdnet.com/article/police-to-sell-hackers-1-1-million-bitcoin-stash-to-compensate-victims/
http://news.met.police.uk/news/more-than-900000-pounds-confiscated-from-from-cyber-hacker-379015?hootPostID=11032480c2ac425d16457361a6932540
Valve:
https://threatpost.com/gamers-zero-day-steam-client-affects-windows/147225/
https://hackerone.com/valve
https://amonitoring.ru/article/onemore_steam_eop_0day/
https://threatpost.com/researcher-discloses-second-steam-zero-day-after-valve-bug-bounty-ban/147593/
https://www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/
https://twitter.com/enigma0x3/status/1160961861560479744
https://arstechnica.com/information-technology/2019/08/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake/
https://www.zdnet.com/article/valve-patches-recent-steam-zero-days-calls-turning-away-researcher-a-mistake/
Homomorphic encryption:
https://www.cyberscoop.com/homomorphic-encryption-nsa-silicon-valley-commercial/
https://www.microsoft.com/en-us/research/blog/the-microsoft-simple-encrypted-arithmetic-library-goes-open-source/
https://www.intel.ai/he-transformer-for-ngraph-enabling-deep-learning-on-encrypted-data/#gs.yi2ofi
https://www.theregister.co.uk/2018/03/08/ibm_faster_homomorphic_encryption/
https://www.cyberscoop.com/homomorphic-encryption-standards-intel-microsoft-google/
http://homomorphicencryption.org/aug-17-2019-homomorphicencryption-org-standards-meeting/#

Hak5
SIM Jacking Can Steal Device Data - ThreatWire
https://youtube.com/watch?v=AoXpWbYGwf0
Published : 17 Sep 2019, Duration: 09:04
3rd Party Cookies
https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/
https://private-network.firefox.com
https://thehackernews.com/2019/09/firefox-privacy-vpn-service.html
https://www.cnet.com/news/mozilla-tests-firefox-vpn-service-to-help-protect-your-privacy/
SIM JACKER
https://simjacker.com
https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
https://threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surveillance-attack/148277/
https://www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/
https://www.cyberscoop.com/simjacker-mobile-phone-vulnerability/
DNS over HTTPS
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
https://www.chromium.org/developers/dns-over-https
https://thehackernews.com/2019/09/chrome-dns-over-https.html
https://www.zdnet.com/article/google-to-run-dns-over-https-doh-experiment-in-chrome/

Hak5
Jailbreak Your iPhone! DoorDash Gets Hacked, and an Update to SIM Jacker - ThreatWire
https://youtube.com/watch?v=Uw0V_MWnSzE
Published:01 Oct 2019Duration :08:58DoorDash:
DoorDash:
https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996
https://www.zdnet.com/article/personal-info-on-nearly-5m-doordash-users-merchants-drivers-exposed/
https://www.vice.com/en_us/article/pa97g7/xnore-copy9-stalkerware-data-breach-thousands-victims
https://arstechnica.com/information-technology/2019/09/doordash-hack-spills-loads-of-data-for-4-9-million-people/
https://www.businessinsider.com/doordash-data-breach-hack-how-to-check-if-youre-affected-2019-9
iPhone Jailbreak:
https://twitter.com/axi0mX/status/1177542201670168576
https://arstechnica.com/information-technology/2019/09/unpatchable-bug-in-millions-of-ios-devices-exploited-developer-claims/
https://threatpost.com/ios-exploit-checkm8-could-allow-permanent-iphone-jailbreaks/148762/
https://www.wired.com/story/ios-exploit-jailbreak-iphone-ipad/
https://github.com/axi0mX/ipwndfu
Simjacker:
https://www.vice.com/en_us/article/qvgzqw/researchers-think-they-know-how-many-phones-are-vulnerable-to-simjack
er-attacks
https://srlabs.de/bites/sim_attacks_demystified/
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/

Hak5
Android Zero Day Actively Exploited In the Wild! - ThreatWire
https://youtube.com/watch?v=uaFbzTDk8SI
Published:08 Oct 2019 Duration:10:21

https://www.buzzfeednews.com/article/ryanmac/bill-barr-facebook-letter-halt-encryption
https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/
https://www.cnet.com/news/the-uss-renewed-calls-for-backdoor-access-to-encryption-has-all-the-same-flaws/
https://www.cyberscoop.com/facebook-encryption-william-barr-letter/
https://threatpost.com/ag-barr-facebook-dont-encrypt-messaging/148913/
https://www.cnet.com/news/governments-call-on-facebook-to-pause-encryption-efforts/
https://www.zdnet.com/article/signal-fixes-facetime-like-eavesdropping-bug/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
https://www.vice.com/en_us/article/3kx7n8/signal-bug-could-have-let-hackers-listen-to-android-users-via-microphone
https://thehackernews.com/2019/10/signal-messenger-bug.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
https://www.zdnet.com/article/google-finds-android-zero-day-impacting-pixel-samsung-huawei-xiaomi-devices/
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
https://threatpost.com/google-warns-of-zero-day/148924/
https://www.cnet.com/news/android-exploit-leaves-some-pixel-galaxy-phones-vulnerable-to-hacks/
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/

NordVPN Was Hacked, Google Pixel 4 Face Unlock to Receive Update - ThreatWire
https://youtube.com/watch?v=NjalaWjqdg4
Duration  : 09:50  Published : 22 Oct 2019
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire 
Links:
https://news.samsung.com/global/statement-on-fingerprint-recognition-issue
https://www.thesun.co.uk/tech/10127908/samsung-galaxy-s10-screen-protector-ebay/
https://www.vice.com/en_us/article/59nqdb/samsung-galaxy-s10-vault-like-security-beaten-by-a-dollar3-screen-protector
https://www.reuters.com/article/us-samsung-elec-smartphone/samsung-to-patch-galaxy-s10-fingerprint-problem-idUSKBN1WW0Q5
https://www.cnet.com/news/samsung-promises-to-fix-galaxy-s10-fingerprint-unlock-bug/
https://www.zdnet.com/article/google-pixel-4s-face-unlock-works-even-if-you-have-your-eyes-closed/
https://www.cnet.com/news/pixel-4-face-unlock-works-even-when-your-eyes-are-closed-unconscious-dead-google-patch-months-away/
https://www.zdnet.com/article/facial-recognition-doesnt-work-as-intended-on-42-of-110-tested-smartphones/
https://www.zdnet.com/article/google-to-roll-out-update-in-the-coming-months-to-fix-pixel-4-face-unlock-bypass/
https://www.theverge.com/2019/10/20/20924143/google-pixel-4-face-unlock-eyes-security-update-coming-months
https://www.cyberscoop.com/samsung-fingerprint-flaw-google-pixel-biometric-security/

https://www.theverge.com/2019/10/17/20917988/ron-wyden-facebook-privacy-data-regulation-do-not-track
https://www.zdnet.com/article/us-senator-introduces-privacy-bill-that-would-jail-ceos-for-user-privacy-violations/
https://threatpost.com/execs-jail-time-privacy-violations/149334/
https://www.cnet.com/news/senator-proposes-data-privacy-bill-with-serious-punishments/

https://nordvpn.com/blog/official-response-datacenter-breach/
https://www.zdnet.com/article/nordvpn-confirms-data-center-breach/
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://www.cnet.com/news/popular-vpn-service-nordvpn-confirms-datacenter-breach/

Adobe Creative Cloud Exposes Data for 7 Million+ Users - ThreatWire
https://youtube.com/watch?v=45pG1WhhsB4
Duration  : 06:56 Published : 29 Oct 2019
AWS Capital One Breach
https://www.cyberscoop.com/warren-wyden-aws-capital-one-breach/
https://www.cnet.com/news/warren-and-wyden-call-for-ftc-investigation-on-amazon-over-capital-one-breach/
Adobe:
https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/
https://theblog.adobe.com/security-update/
https://threatpost.com/adobe-creative-cloud-users-exposed-hackers/149563/
https://thehackernews.com/2019/10/adobe-database-leaked.html
PHP Flaw:
https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
https://github.com/neex/phuip-fpizdam
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

BlueKeep Attacks Surfacing; Persistent Malware on Android - ThreatWire
https://youtube.com/watch?v=CPlRvj_r5xA
Duration  : 09:02 Published : 05 Nov 2019
Hacking Telecom
https://thehackernews.com/2019/10/sms-spying-malware.html
https://arstechnica.com/information-technology/2019/10/researchers-unearth-malware-that-siphoned-sms-texts-out-of-telcos-network/
https://threatpost.com/china-hackers-spy-texts-messagetap-malware/149761/
https://www.zdnet.com/article/chinese-hackers-developed-malware-to-steal-sms-messages-from-telcos-network/
https://www.cyberscoop.com/chinese-hacking-group-breached-telecom-monitor-targets-texts-phone-metadata/
https://content.fireeye.com/apt-41/rpt-apt41/
BlueKeep
https://www.wired.com/story/microsoft-bluekeep-patched-too-slow/
https://threatpost.com/bluekeep-attacks-have-arrived-are-initially-underwhelming/149829/
https://www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html
https://www.wired.com/story/bluekeep-hacking-cryptocurrency-mining/
45k Androids infected w/ malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware 
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
https://thehackernews.com/2019/10/remove-xhelper-android-malware.html
https://threatpost.com/android-malware-45k-devices-mystery/149654/

Hacking Smart Speakers With Lasers - ThreatWire
https://youtube.com/watch?v=LA0L0cyGkj0
Duration09:22 Published:13 Nov 2019
Ring doorbell:
https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf
https://thehackernews.com/2019/11/ring-doorbell-wifi-password.html
https://arstechnica.com/information-technology/2019/11/ring-patches-total-lack-of-password-security-during-setup/
https://threatpost.com/amazon-fixes-ring-video-doorbell-flaw-that-leaked-wi-fi-credentials/150029/
https://www.zdnet.com/article/amazon-fixes-ring-video-doorbell-wi-fi-security-vulnerability/
https://www.cyberscoop.com/ring-doorbell-wi-fi-flaw/
MacOS Email:
boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4">https://medium.comboberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4
https://threatpost.com/encrypted-emails-on-macos-found-stored-in-unprotected-way/150065/
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/
https://www.cyberscoop.com/apple-mail-vulnerability-encryption-macos/
https://www.theverge.com/2019/11/8/20954130/apple-mail-encrypted-unencrypted-email-macos-siri-text
Lasers:
https://lightcommands.com/20191104-Light-Commands.pdf
https://www.cnet.com/news/lasers-can-seemingly-hack-alexa-google-home-and-siri/
https://thehackernews.com/2019/11/hacking-voice-assistant-laser.html
https://www.vice.com/en_us/article/3kxwvy/alexa-siri-and-google-assistant-can-be-hacked-remotely-with-lasers

Android Pixel, Samsung Cameras Vulnerable to Hijacking! - ThreatWire
https://youtube.com/watch?v=k2JcazwM33k
Duration:09:32 Published:26 Nov 2019

https://www.oneplus.com/uk/support/faq22119102
https://forums.oneplus.com/threads/security-notification.1144088/
https://www.cyberscoop.com/oneplus-breach-phone-hack/
https://www.zdnet.com/article/smartphone-maker-oneplus-discloses-data-breach/
https://www.zdnet.com/article/oneplus-confirms-hack-exposed-credit-cards-of-phone-buyers/
https://thehackernews.com/2019/11/oneplus-store-data-breach.html

https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
https://www.cyberscoop.com/voice-assistant-flaws-checkmarx-google-assistant-samsung-bixby/
https://www.zdnet.com/article/android-vulnerability-lets-rogue-apps-take-photos-record-video-even-if-your-phone-is-locked/
https://threatpost.com/google-android-camera-hijack-hack/150409/
https://arstechnica.com/information-technology/2019/11/google-samsung-fix-android-spying-flaw-other-makers-may-still-be-vulnerable/
https://thehackernews.com/2019/11/android-camera-hacking.html

https://www.t-mobile.com/customers/6305378822
https://thehackernews.com/2019/11/t-mobile-prepaid-data-breach.html
https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/
https://techcrunch.com/2019/11/22/more-than-1-million-t-mobile-customers-exposed-by-breach/
https://www.cnet.com/news/t-mobile-customers-personal-information-exposed-in-hack/

StrandHogg Gets an Android StrongHold - ThreatWire
https://youtube.com/watch?v=ED_xOP2WNXg
Duration:11:02 Published:03 Dec 2019
Mixcloud data breach:
https://www.vice.com/en_us/article/7x5g4q/mixcloud-investigating-data-breach-allegedly-impacting-21-million-users
https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/
https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice/
Android vuln:
https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html
https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/
https://promon.co/security-news/strandhogg/
https://www.androidcookbook.info/android-1-6-sdk/the-allowtaskreparenting-attribute.html
TrueDialog Database:
https://threatpost.com/insecure-database-exposes-millions-of-private-sms-messages/150706/
https://www.vpnmentor.com/blog/report-truedialog-leak/?=truedialog-exposed-data

Hijacking VPNs on Linux Distros - ThreatWire
https://youtube.com/watch?v=IBeuf1lHulc
Duration:10:23Published:11 Dec 2019
Links:
https://krebsonsecurity.com/2019/12/the-iphone-11-pros-location-data-puzzler/
https://www.cnet.com/news/iphone-11-pro-discovered-to-still-seek-user-location-data-despite-settings/
https://www.cnet.com/news/apple-iphone-feature-needs-your-location-even-when-you-dont-share-it/
https://discussions.apple.com/thread/250665845
https://krebsonsecurity.com/2019/12/apple-explains-mysterious-iphone-11-location-requests/
https://techcrunch.com/2019/12/05/apple-ultra-wideband-newer-iphones-location/
https://www.theverge.com/2019/12/5/20997338/apple-ultra-wideband-u1-chip-iphone-11-pro-location-data-request-privacy-issue
https://seclists.org/oss-sec/2019/q4/122
https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/
https://threatpost.com/linux-bug-vpns-hijacking/150891/
https://thehackernews.com/2019/12/linux-vpn-hacking.html
https://objective-see.com/blog/blog_0x51.html
https://arstechnica.com/information-technology/2019/12/north-koreas-lazarus-hackers-up-their-game-with-fileless-mac-malware/

Intel CPUs Attacked by Plundervolt - ThreatWire
https://youtube.com/watch?v=3WD6P46Asbo
Duration:09:59 Published:17 Dec 2019
FIN8 Fuel Pumps:
https://threatpost.com/fin8-targets-card-data-fuel-pumps/151105/
https://www.zdnet.com/article/visa-warns-of-pos-malware-incidents-at-gas-pumps-across-north-america/
https://www.documentcloud.org/documents/6575126-Visa-Security-Alert-CYBERCRIME-GROUPS-TARGETING.html
PlunderVolt:
https://plundervolt.com/
https://threatpost.com/intel-cpus-plundervolt-attack/151006/
https://arstechnica.com/information-technology/2019/12/scientists-pluck-crypto-keys-from-intels-sgx-by-tweaking-cpu-voltage/
https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/
https://github.com/KitMurdock/plundervolt
Amazon Cameras:
https://www.cnet.com/news/set-up-two-factor-authentication-to-keep-your-ring-camera-from-getting-hacked/
https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast
https://threatpost.com/amazon-blink-smart-camera-flaws/150962/
https://www.cyberscoop.com/blink-amazon-camera-tenable-iot-flaws/

10 Biggest Hacks of 2019 - ThreatWire
https://youtube.com/watch?v=DX7PxFPUmTw
Duration:09:16Published:24 Dec 2019
Links:
https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/
https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/ 
https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/ 
https://www.bloomberg.com/news/articles/2019-06-17/american-medical-collection-agency-parent-files-for-bankruptcy 
https://www.upguard.com/breaches/facebook-user-data-leak 
https://www.dailymail.co.uk/sciencetech/article-6864029/Biggest-breach-recorded-982-MILLION-peoples-personal-information-exposed.html 
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ 
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/ 
https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html 
https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

SHA-1 Is Terrible, Cable Modems Haunted By Flaw, SIM Swapping Gets Worse - ThreatWire
https://youtube.com/watch?v=HyyQAx8enMs
Duration:10:12 Published:14 Jan 2020
A major vulnerability affects modems, SIM swapping is still a huge threat, and SHA1 Still Sucks!
Cable Haunt:
https://threatpost.com/cable-haunt-remote-code-execution/151756/
https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19494
https://cablehaunt.com/
https://github.com/Lyrebirds/sagemcom-fast-3890-exploit
SIM Swapping:
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
https://www.issms2fasecure.com/dataset
https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh
https://www.vice.com/en_us/article/k7e8xx/sim-swapping-indictments-pile-up-as-congress-begs-the-fcc-to-do-more
SHA1:
https://en.wikipedia.org/wiki/SHA-1
https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
https://eprint.iacr.org/2020/014.pdf

Citrix Patches Major Vulnerability; Windows Patches NSA Reported Bug - ThreatWire
https://youtube.com/watch?v=uQUJv33_rsA
Duration:09:52 Published:21 Jan 2020
"A critical flaw in Citrix is finally patched, the NSA reports a major windows bug, and half a million usernames and passwords were leaked! All that coming up now on
ThreatWire."

Links:
Citrix:
https://www.cyberscoop.com/citrix-adc-vulnerability-positive-technologies/
https://support.citrix.com/article/CTX267027
https://www.cyberscoop.com/citrix-vulnerability-patch-exploit/
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html
https://github.com/trustedsec/cve-2019-19781
https://github.com/projectzeroindia/CVE-2019-19781
https://arstechnica.com/information-technology/2020/01/unpatched-citrix-vulnerability-now-exploited-patch-weeks-away/
https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability
https://www.zdnet.com/article/a-hacker-is-patching-citrix-servers-to-maintain-exclusive-access/
https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
https://support.citrix.com/article/CTX267027
NSA Windows:
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
https://www.cnet.com/news/major-windows-10-security-flaw-reported-nsa-same-day-windows-7-support-ended/
https://www.cyberscoop.com/windows-10-vulnerability-nsa-public-disclosure/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
https://arstechnica.com/information-technology/2020/01/researcher-develops-working-exploit-for-critical-windows-10-vulnerability/
https://github.com/ollypwn/cve-2020-0601
https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/
https://threatpost.com/microsoft-patches-crypto-bug/151842/
PW Leak:
https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

Honeypot ICS Network Tricks CyberCriminals - ThreatWire
Duration:10:04 Published:28 Jan 2020

Microsoft has a security blunder, a honeypot network tricks cybercriminals, and Jeff Bezos’ phone was hacked! All that coming up now on ThreatWire.

Microsoft’s Security Blunder via Joel:
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
https://www.engadget.com/2020/01/22/microsoft-database-exposure/
https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/
https://www.cnet.com/news/microsoft-fixes-error-that-exposed-customer-database/
https://thehackernews.com/2020/01/microsoft-customer-support.html
Mock ICS:
https://documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf
https://www.cyberscoop.com/trend-micro-honeypot-ransomware-factory-s4/
https://www.zdnet.com/article/ransomware-snooping-and-attempted-shutdowns-the-state-of-this-honeypot-shows-what-hackers-do-to-systems-left-unprotected-online/
https://threatpost.com/fake-smart-factory-honeypot-highlights-new-attack-threats/152170/
Bezos:
https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince
https://arstechnica.com/information-technology/2020/01/report-bezos-phone-uploaded-gbs-of-personal-data-after-getting-saudi-princes-whatsapp-message/
https://www.theverge.com/2020/1/21/21075968/amazon-jeff-bezos-hacked-saudi-arabia-crown-prince-whatsapp-message
https://www.cnet.com/news/in-bezos-phone-hack-un-wants-answers-on-saudi-princes-alleged-role/
https://www.wyden.senate.gov/imo/media/doc/012220%20Wyden%20Jeff%20Bezos%20Saudi%20Hacking%20Letter.pdf
https://www.vice.com/en_us/article/v74v34/saudi-arabia-hacked-jeff-bezos-phone-technical-report
https://assets.documentcloud.org/documents/6668313/FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf
https://www.cyberscoop.com/jeff-bezos-mbs-hack-fti-report-questions/

Honeypot ICS Network Tricks CyberCriminals - ThreatWire
https://youtube.com/watch?v=uCVKE8_hzSc
Published:28 Jan 2020 Duration:10:04

Hak5
DataMinr Used To Track Protests - ThreatWire
15,084 views•Jul 14, 2020
https://youtube.com/watch?v=xJ9DwmTFdUQ
"DataMinr is Used To Track Protests, a Zoom Zero Day is Patched, and the BlueLeaks Server was Seized by police!"

Hak5
Nvidia Patches Vulnerable Drivers and vGPUs; TikTok Caught! - ThreatWire
18,020 views •Premiered Jun 30, 2020
https://youtube.com/watch?v=9oPX4Y2KINw

EncroChat Encrypted Broken by Law Enforcement, Hundreds Arrested - ThreatWire
67,967 views•Jul 7, 2020
https://youtube.com/watch?v=niiTGFOpuUg

The Importance of the Twitter Hack, Explained - ThreatWire
20,243 views •Jul 21, 2020
https://youtube.com/watch?v=ld7euYtM7Yk

DJI’s Android App: Ripe for a Hack or Legitimate Usage? - ThreatWire
8,657 views •Jul 28, 2020
https://youtube.com/watch?v=15YTseZQyLc

Hak5
Facial Recognition Bans are Trending - ThreatWire
19,991 views •Jun 16, 2020
https://youtube.com/watch?v=Wv7pegbSNtI

Defeating Facial Recognition - Retia on Hak5
211,348 views•Jun 15, 2020
https://youtube.com/watch?v=tbdcL5Ux-9Y

Hak5
Rite Aid Used Facial Recognition Cameras; BootHole Hits GRUB2 - ThreatWire
10,663 views•Premiered Aug 4, 2020
https://youtube.com/watch?v=OIk58iXtUwQ
"Three have been arrested for the twitter hack, the BootHole vulnerability creates bigger problems, and Rite Aid used facial recognition technology in hundreds of stores!"

Satellite Comms Can Be Hacked; Intel Source Code Leaks - ThreatWire
https://youtube.com/watch?v=HdfXpxVM0IE
9,698 views•Premiered Aug 11, 2020
"Intel Source Code is Leaked, I’ve got news from Black Hat and DEF CON, and the NSA Warns of Location Data Exposure! "

Hak5
Alexa Can Be Hacked, Instagram Retains Deleted Data, Linux Malware Found By NSA & FBI - ThreatWire
https://youtube.com/watch?v=PZti9Lmw7pg

"Amazon’s ALEXA gets pwned, Instagram has been conducting illegal activities (allegedly), and new russian malware attacks linux! All that coming up now on ThreatWire. "

Hak5/ThreatWire
New Botnet Hits SSH Servers; Bernie Calls For Nationwide Biometric Privacy
https://youtube.com/watch?v=dGYLGodpx8A
13,560 views •Aug 25, 20200:21
"FritzFrog Attacks SSH Servers Worldwide, Weather Channel App Data Privacy Settlement, Nationwide Biometric Data Privacy?"

Hak5
Bypassing PINs on Contactless VISA Cards
https://youtube.com/watch?v=iqXzE9IOF-c

USPS Used Vulnerable Systems; Voatz vs. Ethical 
https://youtube.com/watch?v=9vCOXPbXmlo

So after weeks of people thinking they exit scammed... they're back! 
 
REMOVED
onion link did not work / spam promotion of something questionable.

ENDWALL: After a preliminary search about this topic, this is the information that I have found out:

https://www.darknetstats.com/deep-sea-market/

The darknet black market site DeepSea went offline for 15 days, and then came back online, people tried to recover their btc from escrow and couldn't, some claim they were able to.  Some claim that it's been taken down by LE and being used as a honey pot to catch people.  I don't know anymore about this than what I read in the comments section of the above link. but it seems wise to remain cautious and suspicious.  I don't use this market nor do I endorse it.

Hak5
How Attackers Hacked the Feds with VPN Vulnerabilities - ThreatWire
Sep 29, 2020 10:50
https://youtube.com/watch?v=kxlgrj8snaM
"An active directory flaw is being actively exploited, coffee makers can be hacked (which, are we surprised?), and a VPN vulnerability was used to hack the feds!"
Pay a Ransom for Ransomware? Pay a Penalty Too. - ThreatWire
https://youtube.com/watch?v=AdxgaV1SNZI
Oct 6, 2020 11:04
"Wanna pay that ransom? You might end up paying a penalty too. Medical services are being targeted by criminals, and phishing is getting smarter! "

Hak5
Linux Bluetooth Vulnerabilities, Barnes & Noble Hacked - ThreatWire
https://youtube.com/watch?v=Bs1aLstemP0
Oct 20, 2020 8:08
"Bluetooth vulnerabilities hit linux devices, the APT31 hacking group is mimicking McAfee Antivirus, and Barnes & Noble confirms a cyberattack!"
Ransomware for Charity?, Update GeForce Experience, and Hacking Campaigns Attributed - ThreatWire
https://youtube.com/watch?v=Nbwhhc5CCyg
Oct 27, 2020 9:11
"A ransomware gang donated $20000 to charity, Windows gamers - update Geforce Experience now to patch some security issues, and an election disinformation campaign is being attributed to hacking groups in another country!"

Hak5
Hospitals Targeted In Ransomware Campaigns - ThreatWire
https://youtube.com/watch?v=vndloinbALk
Nov 3, 2020 10:16
"Ransomware is hitting hospitals, home depot canada leaks customer data through no fault but their own, and researchers found a new way to extract security keys from Intel CPUs!"
Feds Seize $1 Billion from Famous Bitcoin Wallet - ThreatWire
https://youtube.com/watch?v=Br4_Ez-ONCc
Nov 10, 2020 9:00
"Feds Seize $1 Billion in Bitcoin, Apple Patches 3 Zero Days, and Election Security and California’s new Prop 24!"

hi, i am woo from Sweden and i want to explain any thing about "pandemic". Please ask me :)

Restaurant POS Hacks, DNS Cache Poisoning is Back!, Hackers Target Covid Vaccine Orgs - ThreatWire
https://youtube.com/watch?v=iJjrM3KlTjU
25,086 views•Nov 17, 2020
Teslas Can Be Hacked (Again!), RCS Messages + E2EE Coming 2021 Via Google - ThreatWire
https://youtube.com/watch?v=LxqNnKsQUeI
15,944 views•Dec 1, 2020
Covid-19 Vaccine Distributors Under Attack; iPhones Could Be Hacked Over Wi-Fi - ThreatWire
https://youtube.com/watch?v=MwGyz8UFCrs
15,098 views•Dec 8, 2020
SolarWinds - ThreatWire
https://youtube.com/watch?v=JkdHmqnxuZ8
20,120 views•Dec 15, 2020

Find out if the desktop computer you desire has included programs. You habit to know what they are. You dependence to know if it has a word processor or spreadsheet program that you will use. This is important to many for their work. Also, find out if the software included are full versions or demos. The demos expire after 30 or 90 days, which require you to buy the full versions yourself.

 >>/1595/
 >>/1586/

OK woo, out with it. Tell us what you know about the pandemic.

Zoom
https://www.justice.gov/opa/press-release/file/1347146/download

DOJ criminal complaint against a "Technology and Security Officer" for teleconferencing company Zoom, for spying, harassing and censoring American citizens using Zoom, at the request of the Chinese government.

Zoom
https://www.justice.gov/opa/pr/china-based-executive-us-telecommunications-company-charged-disrupting-video-meetings

https://blog.zoom.us/our-perspective-on-the-doj-complaint/

Hak5
Discord and Slack Used To Spread RATs - ThreatWire
https://youtube.com/watch?v=mdTnhUJFnno
Apr 13, 2021
Facebook downplays the data leak, linkedin appears to be targeted in a similar attack, and Discord and Slack are being used to spread remote access trojans! All that coming up now on ThreatWire.

Hak5
Two Year Old Linux Backdoor Found, Microsoft Finds IoT Vulnerabilities - ThreatWire
https://youtube.com/watch?v=6d7EN1tbxQY
May 4, 2021
Microsoft finds a bunch of IoT vulnerabilities, a Linux backdoor existed for over two years undetected, and Emotet email addresses are now in have I been pwned! All that coming up now on ThreatWire. 
https://www.zdnet.com/article/linux-kernel-vulnerability-exposes-stack-memory/
https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/

Hak5
Colonial Pipeline Hit With Ransomware; Apple AirTags Hacked - ThreatWire
https://youtube.com/watch?v=QjLvIDWnc3w
May 11, 2021
A Qualcomm SoC could be exploited by attackers, the US’s biggest gas pipeline is hit with ransomware, and Apple AirTags get hacked! 

https://www.cnet.com/news/fbi-says-darkside-hacking-group-responsible-for-pipeline-cyberattack/
https://threatpost.com/pipeline-crippled-ransomware/165963/

Hak5
7 Year Old Linux Flaw Newly Discovered - ThreatWire
https://youtube.com/watch?v=12oSZ3FVXBA
Jun 15, 2021
"EA Source Code was Stolen, a 7 Year Old Linux Flaw was Discovered, and 1.2 Terabytes of Data was Mysteriously Stolen from millions of Windows pcs!"

Hak5
PrintNightmare Hits Windows, REvil Kaseya Ransomware Hits Businesses Worldwide - ThreatWire
https://youtube.com/watch?v=iCGuqW7NL9U
Jul 6, 2021
"3 Vulnerabilities were Found In Netgear Routers, Ransomware Hits Businesses Worldwide, and PrintNightmare Leads to remote code execution attacks!"

No Spam 3 year ban

Где Вы ищите свежие новости? 
Лично я читаю и доверяю газете https://www.ukr.net/. 
Это единственный источник свежих и независимых новостей. 
Рекомендую и Вам

Translation to English: Where do you look for the latest news? Personally, I read and trust the newspaper https://www.ukr.net/. It is the only source of fresh and independent news. I recommend it to you

ich hatte Recht :) mituns