slh @slh@infosec.exchange

🔥CVE-2019-2234
#Vulnerability in #android's #camera app allowed third party apps to take pictures and video WITHOUT CAMERA PERMISSION.
Video PoC: https://youtu.be/XJAMJOVoVyw
Article of @Checkmarx Security Research Team who found the vulnerability: https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera

Le #ransomware CryptoMix Clop, a été confirmé comme source de l'attaque du CHU de Rouen.
Mais l’ampleur des dégâts réels reste inconnue.
https://www.lemagit.fr/actualites/252474281/Le-CHU-de-Rouen-apparait-victime-du-ransomware-CryptoMix-Clop

#uBlock Origin Now Blocks Sneaky First-Party #Trackers in #Firefox
https://www.bleepingcomputer.com/news/security/ublock-origin-now-blocks-sneaky-first-party-trackers-in-firefox/

Why #LetsEncrypt is a really, really, really bad idea…
https://medium.com/swlh/why-lets-encrypt-is-a-really-really-really-bad-idea-d69308887801
#SSL #TLS

#Facebook is secretly using your #iPhone’s #camera as you scroll your feed
https://thenextweb.com/apps/2019/11/12/facebook-camera-ios-iphone/

Create a pocket #pentest platform with #P4wnP1, a framework which turns a #RapsberryPi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements.
Read the article: https://gideonwolfe.com/posts/security/p4wnp1/
#security #hacking #raspberrypi #electronics

Remember these when you’re sad

• pain is part of growing

• everything in life is temporary

• every little struggle is a step forward

• other people’s negativity is not your problem

• what’s meant to be will eventually be

• the best thing you can do is keep going

💚

Via @depressionate

Most #antivirus software can't detect #steganography. Read "The Threat of Digital Steganography-cloaked #Malware to U.S. Critical Infrastructure Systems" by @z3roTrust
https://medium.com/@z3roTrust/the-threat-of-digital-steganography-cloaked-malware-to-u-s-critical-infrastructure-systems-f0a8eb81a9e8

Iranian #hackers breached computers of the American #satellite technology industry with help from a fake website and an unsuspecting college professor. 
https://www.thedailybeast.com/iranian-hacking-group-targeted-us-satellite-companies

#Humor #DataPrivacy #Facebook

#motivation

Serious #XSS #Vulnerability Found In #Avast Desktop Antivirus For Windows https://latesthackingnews.com/2019/11/10/serious-xss-vulnerability-found-in-avast-desktop-antivirus-for-windows/

2019 is a Big Year for #Cybersecurity #Investments in the U.S.
https://www.statista.com/chart/17935/cybersecurity-tech-investments/

7+ Great #RaspberryPi Projects You Can Make Today
https://interestingengineering.com/7-great-raspberry-pi-projects-you-can-make-today

What is #Spoofing? How It Works and How to Prevent it
https://cybersecuritynews.com/spoofing/

#Mastercard Bans Automatic Billing After Free Trials.
The credit card company now requires merchants to get a cardholder's approval, via text or email, at the end of a trial before they start billing.
https://www.pcmag.com/news/366051/mastercard-bans-automatic-billing-after-free-trials

#Apple Mail on macOS leaves parts of #encrypted #emails in #plaintext
Apple has known since July, but a fix is still not available.
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/

Analysis of a #Kubernetes #hack — Backdooring through #kubelet
https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c

Follow a #blackbox external #pentest, with the name of the company as only given information
https://hakin9.org/shell-lunch-box-rotimi-akinyele/

Build Yourself a Tiny #Macintosh Mini #Linux Console
https://www.hackster.io/news/build-yourself-a-tiny-macintosh-mini-linux-console-2017849a13f8