Cybersecurity

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers.

cross-posted from: https://programming.dev/post/27765876

BDSM, LGBTQ+, and sugar dating apps have been found exposing users' private images, with some of them even leaking photos shared in private messages.

Once installed and launched, the app requests permission to Android's accessibility services, after which contact is established with a remote server to receive further instructions, the list of financial applications to be targeted, and the HTML overlays to be used to steal credentials. Crocodilus is also capable of targeting cryptocurrency wallets with an overlay that, instead of serving a fake login page to capture login information, shows an alert message urging victims to backup their seed phrases within 12, or else risk losing access to their wallets.

Archive link: https://archive.is/idZEc

I was annoyed by MAC Randomization on my own network and wondered whether there are any effective attacks to re-id devices.

Sure enough.

See also (van Hoef is also the brains behind several of the WPA attacks.)

https://papers.mathyvanhoef.com/wisec2016.pdf [PDF]

cross-posted from: https://lemmy.dbzer0.com/post/41036290