Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'
Messaging app makes inadvertent oversharing too easy
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.
Folk who activate this feature see a list of other users within a few miles to "quickly add people nearby... and discover local group chats."
Using a utility that fakes the location of an Android device, Ahmed Hassan was able to discover the distance of individuals from three different points, and then use trilateration to pinpoint exactly where they were. He was able to retrieve exact home addresses using this method, which is not technically difficult.
https://www.theregister.com/2021/01/05/telegram_location_people_nearby/
Messaging app makes inadvertent oversharing too easy
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.
Folk who activate this feature see a list of other users within a few miles to "quickly add people nearby... and discover local group chats."
Using a utility that fakes the location of an Android device, Ahmed Hassan was able to discover the distance of individuals from three different points, and then use trilateration to pinpoint exactly where they were. He was able to retrieve exact home addresses using this method, which is not technically difficult.
https://www.theregister.com/2021/01/05/telegram_location_people_nearby/
The Defense Digital Service (DDS) and HackerOne today announced the launch of DDS’s eleventh bug bounty program with HackerOne and the third with the U.S. Department of the Army. Hack the Army 3.0 is a time-bound, hacker-powered security test aimed at surfacing vulnerabilities so they can be resolved before they are exploited by adversaries. The bug bounty program is open to both military and civilian participants and will run from January 6, 2021 through February 17, 2021.
https://www.hackerone.com/press-release/defense-digital-service-kicks-third-hack-army-bug-bounty-challenge-hackerone
https://www.hackerone.com/press-release/defense-digital-service-kicks-third-hack-army-bug-bounty-challenge-hackerone
Hello friends ! This user is a scammer.
Introduces itself as the administrator of @freedom_fox Private Channel !
But he is lying
Introduces itself as the administrator of @freedom_fox Private Channel !
But he is lying
▶️ pwn.college
pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.
ASU’s Fall 2020 CSE466 class :
Module 0: Introduction
Module 1: Program Misuse
Module 2: Shellcode
Module 3: Sandboxing
Module 4: Binary Reverse Engineering
Module 5: Memory Errors
Module 6: Exploitation
Module 7: Return Oriented Programming
Module 8: Kernel Introduction
Module 9: Dynamic Allocator Misuse
Module 10: Race Conditions
Module 11: Advanced Exploitation
Module 12: Automatic Vulnerability Discovery
🌐 Website
@securebyte
pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.
ASU’s Fall 2020 CSE466 class :
Module 0: Introduction
Module 1: Program Misuse
Module 2: Shellcode
Module 3: Sandboxing
Module 4: Binary Reverse Engineering
Module 5: Memory Errors
Module 6: Exploitation
Module 7: Return Oriented Programming
Module 8: Kernel Introduction
Module 9: Dynamic Allocator Misuse
Module 10: Race Conditions
Module 11: Advanced Exploitation
Module 12: Automatic Vulnerability Discovery
🌐 Website
@securebyte
Hack your APIs: interview with Corey Ball - API security expert https://portswigger.net/blog/hack-your-apis-interview-with-corey-ball-api-security-expert
PortSwigger Blog
Hack your APIs: interview with Corey Ball - API security expert
Corey Ball is a Cybersecurity Consulting Manager, and author of the forthcoming book Hacking APIs (working noscript - No Starch Press). As well as being a long-time API hacking enthusiast, Corey’s role g
CTF in Hacking: How to get started into Capture the Flag / Bug Hunting | Hacker101 CTF
A capture the flag (CTF) contest is a special kind of cyber security competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems.
#youtube #hacker101 #tutorials
https://thdrksdhckr.blogspot.com/2021/01/ctf-in-hacking-how-to-get-started-into.html
A capture the flag (CTF) contest is a special kind of cyber security competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems.
#youtube #hacker101 #tutorials
https://thdrksdhckr.blogspot.com/2021/01/ctf-in-hacking-how-to-get-started-into.html
Blogspot
CTF in Hacking: How to get started into Capture the Flag / Bug Hunting | Hacker101 CTF
How to Start CTF - Capture The Flag / Bug Hunting on Hacker101 CTF in Hacking: How to get started into Capture the Flag | Hacker101 CTF A ...
SolarLeaks site claims to sell data stolen in SolarWinds attacks.
Attackers' website: http://solarleaks.net/
https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
Attackers' website: http://solarleaks.net/
https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
BleepingComputer
SolarLeaks site claims to sell data stolen in SolarWinds attacks
A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack.
#Malware_analysis
1. Obfuscated DNS Queries
https://isc.sans.edu/diary/rss/26992
2. Detecting Mylibot, Unseen DGA Based Malware
https://blogs.akamai.com/sitr/2021/01/detecting-mylobot-unseen-dga-based-malware-using-deep-learning.html
3. Advanced Emotet Updates
https://www.netskope.com/blog/you-can-run-but-you-cant-hide-advanced-emotet-updates
1. Obfuscated DNS Queries
https://isc.sans.edu/diary/rss/26992
2. Detecting Mylibot, Unseen DGA Based Malware
https://blogs.akamai.com/sitr/2021/01/detecting-mylobot-unseen-dga-based-malware-using-deep-learning.html
3. Advanced Emotet Updates
https://www.netskope.com/blog/you-can-run-but-you-cant-hide-advanced-emotet-updates
SANS Internet Storm Center
Obfuscated DNS Queries - SANS Internet Storm Center
Obfuscated DNS Queries, Author: Guy Bruneau
Espressif IoT Development Framework: 71 выстрел в ногу
https://habr.com/ru/post/538292/?utm_campaign=538292&utm_source=habrahabr&utm_medium=rss
https://habr.com/ru/post/538292/?utm_campaign=538292&utm_source=habrahabr&utm_medium=rss
Хабр
Espressif IoT Development Framework: 71 выстрел в ногу
Один из наших читателей обратил наше внимание на Espressif IoT Development Framework. Он нашёл ошибку в коде проекта и поинтересовался, смог бы её найти статиче...
GerdaOS: a custom ROM to liberate the heart of Kai
Welcome to the home page of world's first custom ROM for Nokia 8110 4G and (in the future) other KaiOS based phones that aims for users' privacy, security and freedom to control everything about their own devices.
Our mission is to liberate Kai's heart, as in "The Snow Queen" Hans Christian Andersen. Hence the name.
💡 See it in action!
https://streamable.com/zi50r
👉🏼 Key features 👈🏼
✅ Say no to ads and tracking. By default.
✅ Install what you want, not they.
✅ Overcome the limits and multitask.
✅ Be the master of your own device.
✅ Shape the future.
💡 GerdaOS Frequently Asked Questions
https://gitlab.com/project-pris/system/-/wikis/GerdaOS-FAQ#which-hardware-does-gerdaos-work-on
https://gerda.tech/
Welcome to the home page of world's first custom ROM for Nokia 8110 4G and (in the future) other KaiOS based phones that aims for users' privacy, security and freedom to control everything about their own devices.
Our mission is to liberate Kai's heart, as in "The Snow Queen" Hans Christian Andersen. Hence the name.
💡 See it in action!
https://streamable.com/zi50r
👉🏼 Key features 👈🏼
✅ Say no to ads and tracking. By default.
✅ Install what you want, not they.
✅ Overcome the limits and multitask.
✅ Be the master of your own device.
✅ Shape the future.
💡 GerdaOS Frequently Asked Questions
https://gitlab.com/project-pris/system/-/wikis/GerdaOS-FAQ#which-hardware-does-gerdaos-work-on
https://gerda.tech/
Streamable
Watch GerdaOS (alpha) on Nokia 8110 4G TA-1048: boot, file manager, packages, multitasking, screenshots, browser tweaks | Streamable
Watch "GerdaOS (alpha) on Nokia 8110 4G TA-1048: boot, file manager, packages, multitasking, screenshots, browser tweaks" on Streamable.