LibTracker Updates 11/25/24: Simplify Dependency Management with this simple SBOM Tool

We are excited to announce the latest updates to *LibTracker*, our VSCode extension designed for professionals to simplify software bill of materials (SBOM) management. With LibTracker, you can effortlessly analyze and manage your apps, ensuring up-to-date versions, addressing security vulnerabilities, and resolving licensing issues—all at a glance.

Access it here: [LibTracker on VSCode Marketplace](https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker)

### New Features in the Latest Release:

- **Grouped Paths**: Added the ability to associate multiple apps with a root folder, easing project transfers between computers.

- **App Detail Page**:

  - **Subdependency Information**: View detailed info and license info for subdependencies.

  - Toggle between root and subdependency data to explore license and CVE details.

- **Bulk Group Path Update**:

  - Recursively searches for app basenames within directories. or the exact subPath. Can specify a recusion level

### Upcoming Features:

- **App Detail Page Enhancements**:

  - Integration of CVE details for all subdependencies.

  - Search functionality extended to include nested child rows.

  - Expand and collapse all subtables within rows for streamlined navigation.

  - Responsive design updates to allow a card-based layout for improved usability.

- **Toggle Select All Apps**: Introducing a select-all option on the project detail page.

- **Workspace Folder Management**: Development depends on VSCode API’s ability to support VSCode profiles.

- **SBOM Generation**: Investigating whether to retrieve license and CVE details for every version of each package used in the app.

### Future Milestones (Exploring Feasibility):

- **Git Backup Changes**: Enhancements to streamline version control and backup capabilities.

- **AI-Powered Summaries**: Considering automated generation of license and CVE category summaries.

- **Subdependency Navigation**: Exploring the possibility of linking subdependencies in the license pane to their locations in the dependency table

- **Advanced Table Features** - the current package does not support

  - child row search

  - expand and collapse all subtables in a given row

  - responsiveness (remove columns or using cards at a certain viewport)

Random Doctor Who Facts You Might Not Know, Part 63

Adric had programmed the route back to E-Space into the TARDIS before he died. When the TARDIS came close into a CVE, Adric set the program to automatically travel into E-Space, specifically to Alzarius. This is how the Fifth Doctor, Tegan, Nyssa, and Turlough ended up in E-Space. (Audio: Mistfall)

The Eighth Doctor once took a ton of a drug called Om-Tsor in order to psychically stop a lot of missiles. (Novel: Revolution Man)

Meglos considers himself to be the Doctor's greatest enemy because the Doctor only defeated him once (while they have defeated Daleks, etc many times). (Short story: Meglos)

The Seventh Doctor hates swimming. (Novel: The Also People)

After Sabbath removed the Eighth Doctor's heart and implanted it into his own chest, the Doctor could not die. Even when he was absolutely crushed by sandbags, one of his hearts was still beating in Sabbath's chest, so he would survive. (Novel: Camera Obscura)

The Brigadier liked Persephone a lot. As in he fell in love with her. As in fighting Hades for her. As in kissing her. As in thinking that she had a perfect bum and that she was both delicious and delectable. Yeah. (Novel: Deadly Reunion)

One time, Ace mentioned that it was a bit of a coincidence that both Gallifrey and America had a "CIA." Narvin said she could think it was a coincidence if she wanted and that his people "get around," thus implying that there are ties between the two. (Audio: The Quantum Possibility Engine)

The Mara once possessed Kamelion through Tegan's subconscious. Kamelion assumed the form of a Gorgon and used his abilities to turn people into stone. (Short story: Mark of the Medusa)

One time, the Eighth Doctor tried to get his companion Izzy to go exploring in a new city with him, but she was too busy reading a history book on it. Annoyed after arguing with her, the Doctor explored by himself, going into a jam shop only to find that the merchant had been murdered by a guy with a hook for a hand. While trying to remove the hook, the Doctor was knocked unconscious, so when the police came, he was found with the dead body and the murder weapon. He was charged with several murders and sentenced to die, but Izzy was able to phone in a tip using information she knew from the history book to vindicate him just before he was executed. (Comic: By Hook or By Crook)

If the Valeyard had beaten the Sixth Doctor during their battle in the Matrix, he would have messed with time so dramatically that it would become catastrophically damaged. Eventually, he would have left hiding away in his TARDIS, afraid that any action he took would make things worse. The TARDIS would have confined him inside, immobilized with force fields. The TARDIS would only still be alive due to the symbiotic nuclei connecting her to her pilot, and the Valeyard would only be alive because of his connection to his TARDIS. Unable to do anything, they (including Mel) would be trapped there seemingly forever. (Audio: He Jests At Scars...)

Fitz Kreiner had a dream where he and the Eighth Doctor were both naked in the TARDIS console room, their bottoms touching each other's. The Dream Doctor made sure to tell him that he didn't think this was his subconscious telling him anything about his sexuality. He panicked when he realized he couldn't feel the Doctor's bottom anymore - which was because they were merging into one. (Novel: Halflife)

The Mara eventually entered the Fifth Doctor's mind, using him as a primary host to try to subjugate Manussa in an earlier time period. He was freed when Tegan and Turlough used a circle of cameras and screens (similar to the mirrors). (Audio: The Cradle of the Snake)

The Eighth Doctor, Anji, and Fitz were once made to wear collars and leashes while walking around on all fours naked. They had been provided with plastic chew toys. The Doctor and Fitz didn't appear to be bothered by this. (Novel: Mad Dogs and Englishmen)

The Eighth Doctor once commented that he could potentially have a bunny slipper fetish. (Novel: Grimm Reality)

While on Trenzalore, the Eleventh Doctor lost a leg while fighting a tsunami snake. (Short story: The Dreaming)

First 1 Prev 62 Next 64

Stay safe! Make sure to use Discord on safe browsers like Chrome or any Chromium-based browser until Discord sends out a patch!

You don't want Ford to send you a .webp file on the Discord app and, just by viewing it, be infected with whatever malware he hid inside that funny picture! As cute as that face is, you can't trust them!

In all seriousness though, do stay safe. Considering it's a zero day exploit, Discord is going to roll out a patch asap. But until then, we will have to stick with browser Discord.

Here are some helpful articles, so you can stay informed!

CVE-2023-5129 is currently still a very real threat for apps such as Slack, Discord, Skype, Visual Studio Code, Twitch, Microsoft Teams, and the Github app.

Many browsers, such as Google Chrome, Firefox, Brave, and Opera have rolled out patches so as long as you update your browser you'll be all good!

A bad day on the USS Altamaha (CVE-18)...

This Grumman F4F Wildcat had an issue landing aboard USS Altamaha. It struck something with the right wingtip and ended up in the water. I've no more information on the incident... I hope the pilot got out.

USS Altamaha...

... was part of the class of "escort carriers", often referred to as "jeep carriers". Constructed using commercial hulls like transports with a flight deck built on top, they were much smaller, slower, lightly armed and carried fewer planes than the fleet carriers. Escort carriers mostly served as transports and support vessels since they couldn't keep up with the fleet in major actions and were very vulnerable to attack. In the Atlantic ocean, several served with distinction in anti-submarine task groups, protecting convoys from German U-boats.

if you use linux, UPDATE YOU SYSTEM NOW

XZ got backdoored, specifically the release tarballs of version 5.6.0-1 and 5.6.1-1.

for more information on the status in your specific distro go to their website.

for more information on the backdoor itself its CVE-2024-3094

Impact of successful SQLi, examples

Three common ways SQL injection attacks can impact web apps: - unauthorized access to sensitive data (user lists, personally identifiable information (PII), credit card numbers) - data modification/deletion - administrative access to the system (-> unauthorized access to specific areas of the system or malicious actions performance) examples as always speak louder than explanations! there are going to be two of them 1. Equifax data breach (2017) - 1st way Hackers exploited a SQL injection flaw in the company’s system, breaching the personal records of 143 million users, making it one of the largest cybercrimes related to identity theft. Damages: The total cost of the settlement included $300 million to a fund for victim compensation, $175 million to the states and territories in the agreement, and $100 million to the CFPB in fines. 2. Play Station Network Outage or PSN Hack (2011) - 2nd way Tthe result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. Damages: Sony stated that the outage costs were $171 million. more recent CVEs: CVE-2023-32530. SQL injection in security product dashboard using crafted certificate fields CVE-2020-12271. SQL injection in firewall product's admin interface or user portal, as exploited in the wild per CISA KEV. ! this vulnerability has critical severity with a score 10. Description: A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) CVE-2019-3792. An automation system written in Go contains an API that is vulnerable to SQL injection allowing the attacker to read privileged data. ! this vulnerability has medium severity with a score 6.8.

Zero-Day CVE-2024-24919 Discovered in Check Point's VPN Software

Cybersecurity software vendor Check Point has issued a critical warning to customers, urging them to update their software immediately due to a zero-day vulnerability in their Virtual Private Network (VPN) products that is actively being exploited by attackers. The vulnerability, assigned CVE-2024-24919 and a CVSS score of 8.6 (high severity), affects Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

VPN Exploit Targets Older Local Accounts

According to Check Point's advisory, the vulnerability involves attackers "using old VPN local accounts relying on unrecommended password-only authentication method." The company strongly recommends against relying solely on password authentication for logging into network infrastructure, emphasizing that it is an unfavorable method for ensuring the highest levels of cybersecurity.

Potential Impact and Lateral Movement

If successfully exploited, the vulnerability could grant an attacker access to sensitive information on a security gateway, as well as enable lateral movement within the network with domain administrator privileges. Threat intelligence firm Mnemonic, which was contacted by Check Point regarding the vulnerability, has confirmed that the exploit allows threat actors to retrieve all files on the local filesystem, including password hashes for local accounts, SSH keys, certificates, and other critical files.

Patches Available and Recommended Mitigations

Check Point has released patches for all affected systems, and customers are strongly advised to apply the updates as soon as possible. In addition to installing the patches, Check Point recommends hardening VPN posture by implementing multi-factor authentication (MFA) and reviewing and removing unnecessary local VPN accounts. For any necessary local accounts, additional authentication measures should be added to mitigate the risk of exploitation. The actively exploited zero-day vulnerability in Check Point's VPN products underscores the importance of promptly applying security updates and following best practices. While implementing MFA can be a hassle, the consequences of a data breach or network compromise can be far more severe. Organizations using affected Check Point products are urged to take immediate action to secure their systems and protect their valuable data and infrastructure. Read the full article

Skip to content

Simplified Privacy

Menu



Google’s Surveillance: The Shocking Truth

Google is the opposite of privacy.  They maliciously collect data from you in the following ways:

The Sources for this article can be found here.

1) Saving all your Google searches, tied to your identity across devices [1] [2] [30]

2) Reading all your emails.  Even if you don’t use Gmail directly, but you’re sending email to someone who does.  [5] [6]



3) Saving all your web traffic if the website uses Google Ads, Captchas, or Analytics (and over 85% of all websites use some of their services).  Even if you aren’t signed in to a Google account, and you’re using a VPN, they can still use past cookies and browser fingerprinting to identify you.  [35] [1] [25] [26]

Google’s reCaptcha fingerprinting includes mouse movements, response time, timezone, screen dimensions, IP address, and any cookies.  ReCAPTCHA uses the google.com domain instead of one specific to ReCAPTCHA, which allows Google to receive any cookies you have directly, instead of the website you’re visiting. [35] This concentrates the vast majority of all traffic data in the hands of a single company, which can then be used to de-anonymize users.

4)  Everything you do in Google’s Chrome Browser is recorded, including even how long you are idle on a page.  [7] [8]



5) Tracking and Saving your physical location, via Android’s GPS and Wifi triangulation. [12] [13]

Even if you turn location features off or set the phone to airplane mode, it still saves your location via Wifi triangulation, which is the process of pinging nearby Wifi hotspots to identify where you are.  [9] [10] [11] Wifi triangulation can figure out your real location, even if you have a fake IP address from a VPN. [14]



As intelligence expert and ex-law enforcement Michael Bazzell says, Google is one of the first places law enforcement goes to for information because Androids track everyone’s location so accurately. Bazzell points out that even if you’re not directly involved in something, just owning an Android that was near it, can get you involved in answering police questions.  Bazzell’s experience serving in law enforcement and intelligence motivated him to completely cut Google out of his life even though he’s doing “nothing wrong”.  [11]

6) Keeping track of who you know to identify new phones or email accounts as you.

Rob Braxman

Privacy expert and phone operating system designer Rob Braxman points out that, by synching everyone’s phones’ contact lists and who they are physically standing near, Google (and therefore governments) can identify unknown devices or email accounts as you.  [30] [31] [32a]  Braxman further points to publicly available websites made by Google’s Jigsaw division and their partner Moonshot CVE, which openly sells services to governments to track and manipulate search results for targeted users.  These users targeted by Jigsaw & Moonshot CVE’s government clients have their search history, location, and identifying fingerprint stored in a database. [32b]

7) Recording and saving audio of your private conversations [16] [17] [18]



Google’s Android has the microphone constantly recording and saving your intimate personal conversations against your wishes for their profit and power.  As an extensive academic study of tech patents by Consumer Watch Dog points out, Google will claim this is only to find out if you said the words “Google Assistant,” but yet they have publicly filed patents to scan audio conversations and any available visuals on a variety of home smart devices to identify who is speaking, what you’re interested in, and what you’re doing for the purpose of targeted advertising.  [15]



Tracking what you say, what you like, when you sleep, and even when you go the bathroom, goes well beyond Google Assistant helping you do a quick search and would instead be considered an all-inclusive surveillance. [15]

In addition, they’ll allow 3rd party apps to record you without your knowledge because of poor permissions control. As University of California Santa Barbara cybersecurity researchers presented at a BlackHat European conference, 3rd party apps like Silverpush can play high frequency audio, which is invisible to the human ear, on another device like a television ad or mall kiosk.  Then your phone’s mic picks up the frequency, to rat out your real identity or location. [34]



Silverpush’s advertising system is embedded into many “free” apps on the Google Play Store.  These doctoral researchers warned of the dangers this presents by being connected to wide-spread platforms like Google Ads.  To demonstrate this, they played video of their lab experiment, which de-anonymatized a laptop through Tor Browser, because of an Android’s mic next to the laptop’s speakers, which was signed in to a Google account. [34]

Is the Data Sold?



Google has marketing propaganda which claims that they are merely selling advertising space on your devices and not selling the data itself.  However, this claim is misleading in a number of ways. 

First, not only is advertising sold by demographics or interests, but in addition, Google also allows its advertising customers to target users by name, email, or device ID and reach them almost anywhere. [1] So advertisers can target you specifically and then serve you anything on your specific device by name.



Second, while it’s true that Google technically doesn’t  sell your actual name to the advertiser, when your device interacts with an ad, the third party advertiser can easily use your IP address, cross-site cookies, and/or browser fingerprinting to identify you.   For example, suppose an advertiser runs an ad for an ebook on how to get out of debt.  The advertiser could collect the IP addresses of anyone who clicks it, and so they’d know whose indebted.



“I think the big problem is that we give much more data to Google than it needs,” said Guillaume Chaslot, former Google engineer who worked on YouTube’s recommendations algorithm. [4a] Chaslot’s first-hand experience with Google’s spyware and manipulation inspired him to create the non-group AlgoTransparency.org, which openly says in it’s manifesto, “algorithms don’t have your best interests at mind”. [4b]

Play Store and Chrome Extensions Leak Data



Third, the Google Play Store and their Chrome Browser Extension Store leak application and user data directly to the app’s developers.  This is sensitive private information, and these third party app developers are NOT carefully vetted, as almost anyone can put an app in the Google Play or Chrome Extension Store with minimal screening.  Examples: [21] [23] [24]

Mental Outlaw

“Mental Outlaw” is a cybersecurity Youtube video influencer who is constantly having his videos about torrents flagged by Google as “dangerous content”.  He points out how ridiculous this is because Google does so little to stop real dangerous content.  One of the numerous examples he’s given is the Chrome webstore featuring extensions that are malicious hacking malware, which does URL injections to force online shoppers, without their knowledge, to use the malware creator’s affiliate links when they shop online. [22b] These 5 popular extensions got over 1.3 million downloads, which got the attention of McAfee Labs, the research department of the respected anti-virus company.



From McAfee Labs’ articulate research, this is huge security risk because not only is your personal data, like name and location, sent to malicious actors, but the attacker can forward the URL to any site they want.  So you might think you’re going BestBuy.com, but it’s really the attacker’s bullshit site to get your credit card info.  [22b]



Youtuber Mental Outlaw points out how ludicrous it is that not only did Google allow 1.3 million people to download these extensions, but they have featured status on the Google Chrome store. [22a] And not only does Mental Outlaw find similar malware in the Android Play Store, but Google has changed how apps disclose permissions to remove themselves of liability.  Starting in mid-2022, Google has the app developers themselves disclose what permissions the app uses, so Google does not have to do any research.  This is a conflict of interest, since app developers are self-reporting what information they get access to, and the end user may not properly be able to evaluate it. [19] [20a]

Sell it via Cookies



Google’s defense to these types of criticisms has always been that they don’t “sell your data” directly.  But as laid out in research from the tech-savvy lawyers at the Electronic Frontier Foundation, Google allows advertisers to connect their cookies with Google’s in order to process data on the customer.  This process is called “cookie matching” and essentially allows Google to sell the advertiser your information through a cookie. [1] 

In the European Union, if Google were caught selling this data directly, it would be illegal.  [27] [28] [29] So instead Google finds sneaky work-arounds such as the cookie matching, which allows them to appease the regulators and make statements like “we don’t sell data, we just use the data.” [1]



Conclusion



The more influence that Google has in our society, the more difficult it becomes to avoid their fingerprinting.  If every website has a Google Captcha and everyone you talk to demands you talk to them on Gmail, then Google has become the gatekeeper for overseeing all human behavior.  They can use this power to influence who sees your messages and what information you are able to find.



By using Gmail or Google Docs, you’re forcing and enabling Google to fingerprint your loved ones or friends.  Even if you think you’re doing nothing illegal, you assume that Google will give you and those you care about an equal opportunity for your business to thrive.  They can reduce Google’s search traffic to your website, or bounce your emails to potential employers or customers.  They can buckle your business at the knees if they think it fits its agenda and by giving them so much information you’ve completely surrendered your freedom.

Well what is their agenda?

In our next article, we’ll discuss Google’s censorship ability to shape society and how affects you.

The Sources for this article can be found here.

Related Articles

Big Tech Abuses Medical Privacy

February 25, 2023  No Comments

In the US, your medical records are protected by HIPAA but your internet medical browsing history on websites like WebMD is NOT.  That is the

Read More »

Browser Fingerprints Lead to Price Discrimination

February 25, 2023  No Comments

Some people mistakenly believe they do not need to worry about online privacy because they have “nothing to hide.”  In reality, your digital identity expressed

Read More »

Avoid this Monero Vulnerability

February 25, 2023  No Comments

We love Monero.  It’s our favorite and number one recommended cryptocurrency.  However, it does not offer completely perfect anonymity under all circumstances because there are

Read More »

How to Reduce Google’s Control Over You

February 25, 2023  No Comments

There’s a huge number of steps you can take to reduce Google’s power and influence over your business and personal life.  You would get a

Read More »

Google Censors Freedom

February 25, 2023  No Comments

This article presents evidence that Google promotes an agenda of centralized control through systematic censorship on its search, email, video, app store, and ad platforms

Read More »

Session username: Simple / Signal #: +855 68 504 905

Web 3 on IPFS: SimplifiedPrivacy.x

Tor Onion: privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion

Nostr Public Key: npub14slk4lshtylkrqg9z0dvng09gn58h88frvnax7uga3v0h25szj4qzjt5d6

[email protected] / @Matrix:SimplifiedPrivacy.is

got pinged by @siderods for an ask game, thanks for the tag!

gonna keep it short for yall tonight

nine things / nine people (nine doors?)

Last Song: I Am A Man Of Constant Sorrow. DJ and I were going to watch O Brother, Where Art Thou? but she keeps blowing me off so i have to listen to the soundtrack at work by myself. sad!

Favorite Color: to wear? black. in general? green.

Last Movie/TV Show: last thing I watched was VH1's 2008 documentary series on the sexual revolution. It was pretty interesting as a cultural artifact, a great snapshot in time and pretty informative too! it's called Sex: The Revolution, check it out if you can find it!

Sweet/Savory/Spicy: Savory most of the time, but I am a slut for all three.

Last Thing I Googled: "changes on tumblr" needed to see if the activity feed eating reblog notifs was on their to-fix list. it was not!

Current Obsession: ugh. The USS Guadalcanal CVE-60. don't look at me, i like boats now.

Last Book: Illinois Railway Museum In Color by Aaron Isaacs, a photohistory of my local railway museum.

Last Fic: A Patient's Guide To Living With ICS (House MD fic). I'm gonna be honest I only clicked on this one because it's set in Chicago. The dialogue was really good though, and the smut wasn't bad either!

Looking Forward To: getting my fuuuuucking car fixed tomorrow. oh and my friend @calliclassic is working on a commission for me that's almost done!

i tag: @the-commonplace-book @galushanationalrailways @stukagoggles @theskoomacat aaaand anyone else who wants to do this i feel shy about tagging anyone else lol

2 different posts by [@]khaledbeydoun on Instagram uploaded January 2, 2024

1: "Very sad and ugly. I recognised some of the accounts. But it’s important to have a good team and network to know how to respond to those stirring up division from “within.”

This isn’t surprising to me, given the work I’ve been doing on surveillance, CVE, Islamophobia in the US and globally.

Sadly, some of the tactics I was using to identify Hindutva bigots in #India and Chinese agents suppressing my work on the Uyghur Muslims genocide have proven useful again.

We need to focus on Gaza, Lebanon, and Yemen — but have people actively undermining and suppressing from the inside to a company that already wants to silence our voices. Please be wary of those stirring up division and launching personal attacks during a live genocide.

You can’t make this up. But knowledge is power, and I’m trying to garner as much information as I can to protect people and take action."

2: "This is how they disconnect our efforts and silo people on the ground in Gaza.

Go to [@]motaz_azaiza’s page and engage as much as possible.

The suppression and censorship is getting worse and worse, and like I said in my last post, it’s being aided by some from “within”."

Also, here are some comments on the 1st post:

------------------------------------------------------------------------------

[id: 1st picture is all text, it says:

I learned today, that through a formal request, that specific Arab/Muslim accounts were reporting other prominent accounts on Palestine with frivolous complaints.

Sad to say this – but some of the suppression on Palestine content is being spurred from “within” the community.

2nd image has text and a screenshot of a warning from Instagram:

Instagram won’t let me post Motaz’s posts anymore without punitive action.

-- Underneath this is a screenshot from Instagram that says:

This post could limit your account’s reach with non-followers

Your post may go against our Recommendation Guidelines. This couled impact your account’s reach on Reels, Feed Recommendations, Explore, Search, or Suggested Acctounts to people who don’t follow you.

-- Underneath this it shows the image that Instagram is warning about. It’s too small to properly see, but it’s of an injured man laying on the ground, with another man crouched near him. The uploader is [@]motaz_azaiza

3rd image if of a string of comments from the 1st picture’s comment section:

khaledbeydoun: I don’t take any of this personally. But take practical action when it harms me or others.

akacaoimhe: [@]khaledbeydoun That’s exactly what they’re being to vicious about too…the fact that you threaten them with legal action, despite the fact that they’re libelling you

anonymouspalan: [@]khaledbeydoun I watched a video today from [@]greg.j.stoker about Hasbara’s next tactics being divide and conquer. Maybe all the big accounts should post about this and make the Pro-Palestinian movement aware that this is coming up. I mean we’re already seeing it as you said.

cookieny29: [@]khaledbeydoun did everyone not watch the movie Fara?! There is always one.

osipmandelstam: [@]khaledbeydoun People aren’t making frivolous complaints. They’re naming people who take money from foundations and NGOs that support Zionism. I used to work at OSF. It has certainly never supported anything or anyone rooted in authentic resistance. That place puts the normal in normalization. I don’t know what your personal endgame is beyond gaining a large personal following and making money off these nonprofits – but you certainly aren’t a revolutionary. And anyone who loves Shaun King like you do can’t be completely above board.

margarita_consalt: [@]osipmandelstam the accounts making these frivolous accusations, like yours, are newly opened (Dec 2023) and have no followers. You are a zi@nist b@t trying to divide us. Find another hobby.

halal.around.the.globe: [@]Osipmandelstam zionist troll! /id]

#CERT/CC Reports R Programming Language Vulnerability

CERT/CC Reports R Programming Language Vulnerability 05/01/2024 08:00 AM EDT CERT Coordination Center (CERT/CC) has released information on a vulnerability in R programming language implementations (CVE-2024-27322). A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply the…

View On WordPress

WordPress users, beware! A new phishing scam targeting the popular content management system was discovered on January 5th, 2024. This scam involves a fake 'CVE-2024-46188' patch that claims to fix a security vulnerability in WordPress. However, this is actually a cleverly crafted phishing attempt to steal sensitive information from unsuspecting website owners. 

Remember, as per the WordPress team, "Official communications from WordPress will always come from a wordpress.org or wordpress.com email address." To know more about Read our full blog on Fake CVE Phishing Scam Tricks.

Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity

Source: https://arstechnica.com/information-technology/2023/03/ransomware-crooks-are-exploiting-ibm-file-exchange-bug-with-a-9-8-severity/

More info: https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

The Hacker News : Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before http://dlvr.it/SxcVKs Posted by : Mohit Kumar ( Hacker )

[Media] ​​afrog

​​afrog A Vulnerability Scanning Tools For Penetration Testing afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner. https://github.com/zan8in/afrog #cybersecurity #infosec #bugbounty #pentesting

CVE number - CVE-2024-48895 Multiple vulnerabilities have been discovered in the firmware of the Rakuten Turbo 5G, which may allow a third party to execute arbitrary commands without authorization. The supplier is already conducting automatic firmware updates for affected Rakuten Turbo 5G devices. There is no action required from you, but if the automatic firmware update setting is turned off, the update will not be applied, so we ask that you update the firmware. Affected firmware versions V1.3.18 and earlier versions Firmware version after update is complete V1.3.19 and later versions Further details - https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/ Read the full article