As themselves state "#uBlock Origin is a #browser extension that blocks unwanted content, such as #ads, #trackers, and #malicious URLs. It is easy on CPU and memory".

On #Google Messages tab, it blocks 11% of such content. On#Facebook Messanger, 6%. On #Instagram 5%.

On #Mastodon, #Element, #PixelFed none. 0.

That, should tell you something.

Fake Booking.com phishing pages used to deliver malware and steal data
Attackers use #cybersquatting, mimicking Booking website to create legitimate-looking phishing pages that trick users into executing malicious actions.
Leveraging #ANYRUN's interactivity, security professionals can follow the entire infection chain and gather #IOCs.

Case 1: The user is instructed to open the Run tool by pressing Win + R, then Ctrl + V to paste the script, and hit Enter. This sequence of actions executes a #malicious script that downloads and runs malware, in this case, #XWorm.
Take a look at the analysis: https://app.any.run/tasks/61fd06c8-2332-450d-b44b-091fe5094335/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice

TI Lookup request to find domains, IPs, and analysis sessions related to this campaign:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522mktoresp.com%255C%2522%2520AND%2520domainName:%255C%2522booking.*.%255C%2522%2522,%2522dateRange%2522:30%7D%20%20

Use this search query to find more examples of this fake #CAPTCHA technique and enhance your organization's security response:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522commandLine:%5C%2522

Case 2: In this scenario, threat actors aim to steal victims’ banking information. It’s a typical phishing site that mimics Booking website and, after a few steps, prompts users to enter their card details to ‘verify’ their stay.
See example: https://app.any.run/tasks/87c49110-90ff-4833-8f65-af87e49fcc8d/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice

A key domain in this campaign, Iili[.]io, was also used by #Tycoon2FA #phishkit.
Use this TI Lookup query to find more examples:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522bzib.nelreports.net%255C%2522%2520AND%2520domainName:%255C%2522xpaywalletcdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520AND%2520domainName:%255C%2522xpaycdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522iili.io%255C%2522%2522,%2522dateRange%2522:180%7D%20

Investigate the latest #malware and #phishing attacks with #ANYRUN

#DeepSeek Temporarily Limits Recordings Due to #Malicious #Attacks

https://technewsro.blog/deepseek-limiteaza-temporar-nregistrarile-din-cauza-atacurilor-malicioase/

→ ChatGPT search tool vulnerable to manipulation and deception, tests show
https://www.theguardian.com/technology/2024/dec/24/chatgpt-search-tool-vulnerable-to-manipulation-and-deception-tests-show

“[I]f the current ChatGPT search system was released fully in its current state, there could be a "high risk" of people creating websites specifically geared towards deceiving users.”

“A security researcher has also found that ChatGPT can return malicious code from websites it searches.”

Seriously, this should be law.

• "[...] 2.12 The web can be consumed in any way that people choose

• People must be able to change web pages according to their needs. For example, people should be able to install style sheets, assistive browser extensions, and blockers of unwanted content or scripts. We will build features and write specifications that respect peoples' agency, and will create user agents to represent those preferences on the web user's behalf. [...]"

And slso the entire rest of the code

• Use @torproject / #TorBrowser instead of accepting #Enshittification!

• #AdBlocking is an essential #Accessibility technology and necessary protection against #malicious actors that commit #Malvertising!

@shaknais No, #VoLTE - like any #tech - can't and won't solve issues caused by #humans being #malicious and/or #corrupt, espechally since it's a #blackbox that the user can't even verify a checksum or fingerprint of.

• Whereas with #PGP one can use #DueDiligence, #MFA & #WebOfTrust independently from each other to verify things!

• You're goalposting, so the entire conversation is just a waste of time and traffic for me.

#Ventoy Security Concerns (please boost for visibility)

Ventoy is a popular utility for making USB drives containing multiple operating systems in the form of bootable image files. While very useful in theory, the source tree contains numerous binary blobs without source code. This issue has been brought up to the authors multiple times, have not been corrected, and have even gotten worse (more blobs have been added to the code over time). This is a potential malware vector, similar to the "test files" in the xz-utils backdoor catastrophe.

Recently the author has ignored a very lengthy thread raising security concerns because of these binary blobs. Given the amount of attention the thread has gotten, this seems strange, especially given that the authors have been active since then. https://github.com/ventoy/Ventoy/issues/2795

Stranger yet still, a video by Veronica Explains (@vkc) on how to create bootable USB flash drives got flooded by comments heavily suggesting the use of Ventoy and even being somewhat accusing because Veronica didn't advertise Ventoy. This is... not anything I've seen users of ANY open-source project do, and it feels similar to the social engineering done against Lasse Collin that convinced him to add Jia Tan as a maintainer, thus compromising xz-utils. See the comments of https://www.youtube.com/watch?v=QiSXClZauXA&t=3s

If you're using Ventoy, you may want to consider ceasing its use for the time being out of an abundance of caution. If you truly need its functionality, you might look into something like the IODD SSD Enclosure (https://www.iodd.shop/HDD/SSD-Enclosure) which can emulate an optical drive and allows you to select an ISO saved to the drive to boot from.

Would you fall for this #scam: A #malicious website for a service you're normally using opens and presents you with a login form.

Let's assume the URL, web visual, source you open it from is good enough so that you don't notice anything suspicious at this point.

You press a shortcut combination for your favourite #passwordManager auto-fill and the malicious website renders inside the page a form that visually looks exactly like your your passwor managers login prompt.

In this scenario, at this point, would you enter your #password or not?

Trying to see if people actively make a check at this point or not.

Spamhaus Threat Intel Community Portal users | Submitting proof

When submitting suspicious activity or threats, if you have any evidence to support your submission, we want to see it. Adding a link to your evidence in the "Reason" field can help speed up the process of confirming malicious or suspicious activity.

For example, we recommend using free tools such as: https://urlscan.io to gather phishing evidence, including relevant screenshots. With urlscan.io you can include elements such as Geolocation, Agent, Screenshot, Redirect chain.

Learn more about what happens to your data when you make a submission here

https://submit.spamhaus.org/resources/what-will-happen-with-my-submission/

#Hackers Hijacked #notepadplusplus Plugin to Execute #Malicious Code

The plugin in question, “mimeTools.dll,” is a standard component of Notepad++ that provides encoding functionalities, such as #Base64.

https://gbhackers.com/hackers-hijacked-notepad-plugin-to-execute-malicious-code/

Apple is showing flagrant disregard for the EU #DigitalMarketsAct.

Their reluctant allowance of third-party app stores, #sideloading, & alternative payments is nothing more than an act of #malicious compliance by #apple

https://tuta.com/blog/apple-eu-dma-malicious-compliance
#monopoly #BigTech

Poisoned AI went rogue during training and couldn't be taught to behave again in 'legitimately scary' study
https://www.livescience.com/technology/artificial-intelligence/legitimately-scary-anthropic-ai-poisoned-rogue-evil-couldnt-be-taught-how-to-behave-again #Poisoned #AI #rogue #safety #malicious

#Typosquat alert: Someone set up a #fake site that mimics Sophos branding on Sopbos[.]com and that site delivers a #malware #coinminer installer called SophosInstaller.exe

If you work on a team with a #domain #reputation service or feature, please mark that domain as #malicious.

Let's all work to render this kind of garbage, and their domain registration, utterly useless. #FAFO

#Poland uncovers covert russian #cyber intelligence program

They established that a group of #hackers was stealing information from diplomatic missions in the EU, NATO member states, and African countries, posing as representative of embassies of various European countries. They would send emails with attachments that would include #phishing links, tricking users into installing #malicious software on their devices.

Source https://english.nv.ua/nation/poland-uncovers-covert-russian-cyber-intelligence-program-news-50318009.html

Another week, another ransomware attack.

MSI hacked: Watch out for malicious fake software https://www.pcworld.com/article/1780409/msi-confirms-ransomware-attack-asks-customers-to-be-alert.html

I have heard several #mainstream #media sources go on #AdNauseum about how difficult it is to win a #defamation case against a media company. They mention #malice specifically. Isn't it obvious that choosing to harm a company with statements you know to be #harmful and #false is #malicious? Saturating the #airwaves with this contrary #meme looks like #JuryTampering. #FoxNews #Dominion #Smartmatic #lawsuit

Once you're at the top, all your enemies want to do is tear you down.

Phony, malicious Bitwarden ads slip past Google's watch https://www.pcworld.com/article/1487690/phony-bitwarden-ads-are-the-latest-to-slip-through-on-googles-watch.html

In the early #pandemic, #conspiracy #theories that were shared the most on #Twitter highlighted #malicious purposes and secretive actions of supposed bad actors behind the crisis, according to an analysis of nearly 400,000 posts.
#SocialScience #Covid19 #sflorg
https://www.sflorg.com/2023/01/ss01252302.html

These supply chain attacks are no joke!

Looks to be Windows only right now, though.

More malicious packages posted to online repository. This time it’s PyPI https://arstechnica.com/information-technology/2023/01/more-malicious-packages-posted-to-online-repository-this-time-its-pypi/