Any account that has not been touched for two years could be eradicated, including a user’s Google Workspace apps like Drive, Docs and Photos.
https://nypost.com/2023/11/13/tech/google-will-delete-many-gmail-accounts-soon-is-yours-safe/
https://nypost.com/2023/11/13/tech/google-will-delete-many-gmail-accounts-soon-is-yours-safe/
New York Post
Google will start deleting many Gmail accounts soon — is yours safe?
The company is scheduled to delete troves of accounts as a cybersecurity initiative that goes into effect on Dec. 1. Here's why — and what you should do before then.
SektorCERT_The_attack_against_Danish_critical_infrastructure_TLP.pdf
11.5 MB
The attack against Danish, critical infrastructure
This year, Google has seen an increase in the number of vulnerabilities impacting central processing units (CPU) across hardware systems. Two of the most notable of these vulnerabilities were disclosed in August, when Google researchers discovered Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593), affecting Intel and AMD CPUs, respectively.
https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability
https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability
Google Cloud Blog
Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog
A new CPU vulnerability, ‘Reptar,’ found by Google researchers, has been patched by Google and Intel. Here’s what you need to know.
Recently Google Bard got some powerful updates, including Extensions. Extensions allow Bard to access YouTube, search for flights and hotels, and also to access a user’s personal documents and emails.
https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/
https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/
Embrace The Red
Hacking Google Bard: From Prompt Injection to Data Exfiltration
Google Bard allowed an adversary to inject instructions via documents and exfiltrate the chat history by injecting a markdown image tag.
"The Dragon Touch tablet also came with a very outdated version of the KIDOZ app pre-installed. This app touts being “COPPA Certified” and “turns phones & tablets into kids friendly devices for playing and learning with the best kids’ apps, videos and online content.” This version operates as kind of like a mini operating system where you can download games, apps, and configure parental controls within the app."
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
It’s easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
Forwarded from Informa Pirata: informazione e notizie
Gli stati Usa denunciano Meta perché danneggerebbe la salute mentale degli adolescenti
33 stati degli USA portano in tribunale Meta poiché non fa abbastanza per evitare i problemi di salute mentale e dipendenza da social network.
33 stati degli USA portano in tribunale Meta poiché non fa abbastanza per evitare i problemi di salute mentale e dipendenza da social network.
CBC
Social media is designed to get young people addicted to it, 33 U.S. states allege in lawsuit against Meta | CBC News
Thirty-three states, including California and New York, are suing Meta Platforms Inc. for harming young people's mental health and contributing to the youth mental health crisis by knowingly designing features on Instagram and Facebook that cause children…
NIS2 - Quick reference guide.pdf
5 MB
NIS2 - Quick reference guide
Securely configuring the potentially thousands of cloud identities, workloads, and other resources needed to support the high pace of modern software development is difficult—but also critical to prevent attackers from breaching these systems, where security gaps too often go unnoticed.
https://www.datadoghq.com/state-of-cloud-security/
https://www.datadoghq.com/state-of-cloud-security/
Datadog
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
NoName057 attacca alcuni siti web italiani, tra cui il sito web ufficiale di Giorgia Meloni (https://www.giorgiameloni.it) e altri portali istituzionali.
Forwarded from vx-underground
Hello, how are you? This will be a long post. Please read carefully. Please review the subsequent post following this to see information on the course.
This is our largest giveaway ever. This ONLY applies to students formally enrolled in a school, college, university, technical institute, or trade school. The minimum age of entry is 13 years old. There is no maximum age limit.
We are gifting a Red Team course: Red Team Ops I and Red Team Ops II from Zero Point Security. This an extremely length course - 257 lessons which will allow you to establish a solid foundation in offensive security. This gift includes
- Red Team Ops I (177 lessons)
- Red Team Ops II (80 lessons)
- 180 days of lab access
- The Red Team Ops exam which is rewarded with a badge upon successful completion
This complete course costs $1,185. We hope this will give someone the chance to accelerate their career and receive a formal education in offensive security they otherwise couldn't afford.
How to apply:
1. You MUST prove you're a student. You must supply us with a student photo ID, student e-mail (if applicable, some schools do not provide a student e-mail), and any other material you possess to provide you're a student. Inability to prove you're a student will immediately disqualify you. No country is exempt from this giveaway.
2. Write us an e-mail at staff@vx-underground.org with the subject noscriptd: "Red Team Ops opportunity". In this e-mail provide a brief introduction to who you are, why you would like this course, and how you intend to use this course to further expand your education and your career, and any other additional information to compel us to select you. If we suspect you're using ChatGPT we will orbital nuke you off of this planet.
3. The submission deadline is December 31, 2023. We will review all submissions and a winner will be chosen February 1, 2024. We will announce the winner on Twitter and Telegram (their PII will not be displayed, only an alias) and they will be contacted via e-mail. The winner will have 5 days to confirm they've received the e-mail and acknowledge they've won. Failure to reply in 5 days will result in a different winner be selected. Pay attention!
4. The winner will be provided with additional details on how to redeem the course and begin their educational course when they believe they're free to begin
This giveaway wouldn't be possible without our friend RastaMouse. He is an incredibly kind person and we are grateful he was able to hook us up with this to gift it to someone else. We hope this gift will give someone a chance in accelerate their career and do something they believe they might not have had the chance to do.
Good luck to everyone who chooses to submit an entry. Have a nice day.
This is our largest giveaway ever. This ONLY applies to students formally enrolled in a school, college, university, technical institute, or trade school. The minimum age of entry is 13 years old. There is no maximum age limit.
We are gifting a Red Team course: Red Team Ops I and Red Team Ops II from Zero Point Security. This an extremely length course - 257 lessons which will allow you to establish a solid foundation in offensive security. This gift includes
- Red Team Ops I (177 lessons)
- Red Team Ops II (80 lessons)
- 180 days of lab access
- The Red Team Ops exam which is rewarded with a badge upon successful completion
This complete course costs $1,185. We hope this will give someone the chance to accelerate their career and receive a formal education in offensive security they otherwise couldn't afford.
How to apply:
1. You MUST prove you're a student. You must supply us with a student photo ID, student e-mail (if applicable, some schools do not provide a student e-mail), and any other material you possess to provide you're a student. Inability to prove you're a student will immediately disqualify you. No country is exempt from this giveaway.
2. Write us an e-mail at staff@vx-underground.org with the subject noscriptd: "Red Team Ops opportunity". In this e-mail provide a brief introduction to who you are, why you would like this course, and how you intend to use this course to further expand your education and your career, and any other additional information to compel us to select you. If we suspect you're using ChatGPT we will orbital nuke you off of this planet.
3. The submission deadline is December 31, 2023. We will review all submissions and a winner will be chosen February 1, 2024. We will announce the winner on Twitter and Telegram (their PII will not be displayed, only an alias) and they will be contacted via e-mail. The winner will have 5 days to confirm they've received the e-mail and acknowledge they've won. Failure to reply in 5 days will result in a different winner be selected. Pay attention!
4. The winner will be provided with additional details on how to redeem the course and begin their educational course when they believe they're free to begin
This giveaway wouldn't be possible without our friend RastaMouse. He is an incredibly kind person and we are grateful he was able to hook us up with this to gift it to someone else. We hope this gift will give someone a chance in accelerate their career and do something they believe they might not have had the chance to do.
Good luck to everyone who chooses to submit an entry. Have a nice day.
There have been over 50 recent reports of frightening cyberattacks that have altered planes’ in-flight GPS, leading to what experts described as “critical navigation failures” onboard the aircraft.
https://nypost.com/2023/11/20/lifestyle/hackers-are-taking-over-planes-gps-experts-are-lost-on-how-to-fix-it/
https://nypost.com/2023/11/20/lifestyle/hackers-are-taking-over-planes-gps-experts-are-lost-on-how-to-fix-it/
New York Post
Hackers are taking over planes’ GPS — experts are lost on how to fix it
There have been over 50 recent reports of frightening cyberattacks that have altered planes' in-flight GPS, leading to what experts described as "critical navigation failures" onboard the aircraft.
🔥1
La Settimana Cibernetica del 19 novembre 2023
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 13 al 19 novembre 2023.
by CSIRT - https://www.csirt.gov.it/contenuti/la-settimana-cibernetica-del-19-novembre-2023
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 13 al 19 novembre 2023.
by CSIRT - https://www.csirt.gov.it/contenuti/la-settimana-cibernetica-del-19-novembre-2023
Sintesi riepilogativa delle campagne malevole nella settimana del 28 Ottobre – 03 Novembre 2023
In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 32 campagne malevole, di cui 31 con obiettivi italiani ed 1 generica che ha comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 248 indicatori di compromissione (IOC) individuati.
by CERT-AgID - https://cert-agid.gov.it/news/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-del-28-ottobre-03-novembre-2023/
In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 32 campagne malevole, di cui 31 con obiettivi italiani ed 1 generica che ha comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 248 indicatori di compromissione (IOC) individuati.
by CERT-AgID - https://cert-agid.gov.it/news/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-del-28-ottobre-03-novembre-2023/
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 28 Ottobre – 03 Novembre 2023
In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 32 campagne malevole, di cui 31 con obiettivi italiani ed 1 generica che ha comunque interessato l’Italia, mettendo a disposizione dei…
XXL-JOB 默认 accessToken 身份认证绕过导致的任意代码执行漏洞
XXL-JOB 默认 accessToken 身份认证绕过导致的任意代码执行漏洞
by SeeBug - http://www.seebug.org/vuldb/ssvid-99779
XXL-JOB 默认 accessToken 身份认证绕过导致的任意代码执行漏洞
by SeeBug - http://www.seebug.org/vuldb/ssvid-99779
Le recenti sanzioni finanziarie dell’UE hanno costretto il gruppo Ursnif a cambiare strategia?
Nella giornata di oggi è stata rilevata una campagna volta a veicolare il malware Remcos nel nostro Paese. Remcos non è un malware nuovo per l'Italia ed è ampiamente documentato in letteratura. Ad essere rilevante, in questa campagna, non è infatti il malware usato quanto le tecniche di diffusione (in [...]
by CERT-AgID - https://cert-agid.gov.it/news/le-recenti-sanzioni-finanziarie-dellue-hanno-costretto-il-gruppo-ursnif-a-cambiare-strategia/
Nella giornata di oggi è stata rilevata una campagna volta a veicolare il malware Remcos nel nostro Paese. Remcos non è un malware nuovo per l'Italia ed è ampiamente documentato in letteratura. Ad essere rilevante, in questa campagna, non è infatti il malware usato quanto le tecniche di diffusione (in [...]
by CERT-AgID - https://cert-agid.gov.it/news/le-recenti-sanzioni-finanziarie-dellue-hanno-costretto-il-gruppo-ursnif-a-cambiare-strategia/
CERT-AGID
Le recenti sanzioni finanziarie dell’UE hanno costretto il gruppo Ursnif a cambiare strategia?
Nella giornata di oggi è stata rilevata una campagna volta a veicolare il malware Remcos nel nostro Paese. Remcos non è un malware nuovo per l'Italia ed è ampiamente documentato in letteratura. Ad essere rilevante, in questa campagna, non è infatti il malware…
Risolte vulnerabilità in Google Chrome
(AL02/231116/CSIRT-ITA)
Google ha rilasciato un aggiornamento per il browser Chrome al fine di correggere 4 vulnerabilità di sicurezza con gravità “alta”.
by CSIRT - https://www.csirt.gov.it/contenuti/risolta-vulnerabilita-in-google-chrome-al02-231116-csirt-ita
(AL02/231116/CSIRT-ITA)
Google ha rilasciato un aggiornamento per il browser Chrome al fine di correggere 4 vulnerabilità di sicurezza con gravità “alta”.
by CSIRT - https://www.csirt.gov.it/contenuti/risolta-vulnerabilita-in-google-chrome-al02-231116-csirt-ita
Risolta vulnerabilità in VMware Workspace ONE UEM
(AL04/231102/CSIRT-ITA)
VMware ha rilasciato aggiornamenti di sicurezza per risolvere una vulnerabilità con gravità “alta” in VMWare Workspace ONE, soluzione di gestione unificata degli endpoint (UEM).
by CSIRT - https://www.csirt.gov.it/contenuti/risolta-vulnerabilita-in-vmware-workspace-one-uem-al04-231102-csirt-ita
(AL04/231102/CSIRT-ITA)
VMware ha rilasciato aggiornamenti di sicurezza per risolvere una vulnerabilità con gravità “alta” in VMWare Workspace ONE, soluzione di gestione unificata degli endpoint (UEM).
by CSIRT - https://www.csirt.gov.it/contenuti/risolta-vulnerabilita-in-vmware-workspace-one-uem-al04-231102-csirt-ita