Cybersecurity

cross-posted from: https://programming.dev/post/27765876

BDSM, LGBTQ+, and sugar dating apps have been found exposing users' private images, with some of them even leaking photos shared in private messages.

Once installed and launched, the app requests permission to Android's accessibility services, after which contact is established with a remote server to receive further instructions, the list of financial applications to be targeted, and the HTML overlays to be used to steal credentials. Crocodilus is also capable of targeting cryptocurrency wallets with an overlay that, instead of serving a fake login page to capture login information, shows an alert message urging victims to backup their seed phrases within 12, or else risk losing access to their wallets.

Archive link: https://archive.is/idZEc

cross-posted from: https://lemmy.dbzer0.com/post/41036290

I was annoyed by MAC Randomization on my own network and wondered whether there are any effective attacks to re-id devices.

Sure enough.

See also (van Hoef is also the brains behind several of the WPA attacks.)

https://papers.mathyvanhoef.com/wisec2016.pdf [PDF]

You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing