Kali Linux

2024-04-12 10:34:55 DDoS

Logstalgia is a visualization tool that graphically repeats the web server access sequences simulating a retro arcade game.

The left column shows the IPs that make the requests. The right-hand column is the resource on the server (url), it can be an html file, an image, etc. The "points" that travel are the requests/responses, and lastly, the 200s you see is the code that the web server returns (Http response code) to the requests.

source Buka / Bagaimana

2024-04-02 21:11:28 @kalilinux Buka / Bagaimana

2024-03-31 20:19:43 Millions of customers' data found on dark web in latest AT&T data breach

AT&T said the information included in the compromised data set varies from person to person. It could include social security numbers, full names, email and mailing addresses, phone numbers, and dates of birth, as well as AT&T account numbers and passcodes.

@kalilinux

https://www.npr.org/2024/03/30/1241863710/att-data-breach-dark-web Buka / Bagaimana

2024-03-30 03:10:31 The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.

This backdoor could potentially allow a malicious actor to compromise sshd authentication. If you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.

More information can be found at:

https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/

And

https://www.openwall.com/lists/oss-security/2024/03/29/4

If you would like to be sure that you are up to date and not affected by this vulnerability, you can do the following to upgrade your local version of the package:
sudo apt update && sudo apt install —only-upgrade liblzma5

Full blog post:
https://www.kali.org/blog/about-the-xz-backdoor/

@kalilinux Buka / Bagaimana

2024-03-15 22:05:14 How fastest sorting algorithms compare.
@kalilinux Buka / Bagaimana

2024-03-10 07:58:02 Exploiting a vulnerability in Telegram's system that allows for matching user IDs with phone numbers

Russian security forces and officials employ a system known as "Insider," alongside Telegram bots, to de-anonymize users by exploiting a vulnerability in Telegram's system that allows for matching user IDs with phone numbers, thereby revealing their identities. This system, which utilizes leaked databases from sources like Yandex and Wildberries, is part of a broader initiative called "Demon of Laplace," aimed at monitoring social networks and identifying activists. The purchase of "Insider" by authorities, under contracts signed by several Russian regional departments, is funded by budget money.

The developer behind "Insider," Evgeny Venediktov, is known for his controversial past, and the legality of employing such systems for de-anonymization purposes raises significant questions under Russian law.

STATISTICS:
- More than 76 million mobile numbers are loaded into the "Insider" system from leaked databases.
- One license for "Laplace's Demon" costs on average 500 thousand rubles. ($5500 USD)
- In 2019, the database used had 10 million numbers, which has now grown to more than 76 million.
@kalilinux

Sources: [researcher lordx64 - zakharovchannel] Buka / Bagaimana

2024-03-09 23:05:39 Russian state-backed hackers gained access to some of Microsoft’s core software systems in a hack first disclosed in January, the company said Friday, revealing a more extensive and serious intrusion into Microsoft’s systems than previously known.

Microsoft believes that the hackers have in recent weeks used information stolen from Microsoft’s corporate email systems to access “some of the company’s source code repositories and internal systems,” the tech firm said in a filing with the US Securities and Exchange Commission.

@kalilinux

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/ Buka / Bagaimana

2024-03-01 00:08:34 European consumer rights groups are accusing Meta, of carrying out a “massive” and “illegal” operation. The buzz is all about Meta's pay-or-consent model, arguing that this “pay-or-consent” approach was an example of an unfair and “aggressive” commercial practice prohibited under EU law.

Meta disputes the allegations.

The European Consumer Organisation (BEUC), an umbrella body for 45 consumer groups, said eight of the groups were filing complaints with their respective national data protection authorities Thursday.

More on this Issue:
https://www.cnn.com/2024/02/29/tech/meta-data-processing-europe-gdpr/index.html

@kalilinux Buka / Bagaimana

2024-02-15 23:40:39 OpenAi just announced Sora, a video generating Ai. Sora can generate videos up to a minute long while maintaining visual quality and adherence to the user’s prompt. The model understands not only what the user has asked for in the prompt, but also how those things exist in the physical world. Sora can also create multiple shots within a single generated video that accurately persist characters and visual style.The current model has weaknesses. It may struggle with accurately simulating the physics of a complex scene, and may not understand specific instances of cause and effect. For example, a person might take a bite out of a cookie, but afterward, the cookie may not have a bite mark. more on that in the OpenAi's website:
https://openai.com/sora

@kalilinux Buka / Bagaimana

2024-02-09 04:01:04 In a YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico.
@kalilinux



Buka / Bagaimana