Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

11K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policyTerms of service

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#dataexfiltration

0 posts0 participants0 posts today
nemo™ 🇺🇦

Cybersecurity researchers have uncovered two malicious packages, zebo and cometlogger, on the Python Package Index (PyPI) that exfiltrate sensitive data from compromised systems! 🚨 With over 280 downloads before removal, these packages employ advanced techniques for surveillance and credential theft. Always verify code before running! 🔍💻 #Cybersecurity #Malware #Python #DataExfiltration #Fortinet #newz

thehackernews.com/2024/12/rese

The Hacker NewsResearchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social AccountsPyPI packages "Zebo" and "Cometlogger" downloaded 280+ times, exfiltrate data with obfuscation and anti-detection.
Replied in thread
Kevin Karhan :verified:

@gurkanctn @nazgul not just invading, but illegal...

  • Imagine if a Web Mailer (i.e. Protonmail) or eMail client (i.e. Outlook) were to scan your /home/ directory and preemptively upload all the PDFs and OOXML files to OneDrive just in case you want to sent them from your laptop...

This is called an "info stealer" and it's classified as a malware for very good reasons!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@femme_mal@mstdn.social @Catawu@mastodon.social @DamonWakes@mastodon.sdf.org @lrhodes@merveilles.town @nazgul@infosec.exchange either way I'm convinced this shit is so flatout illegal in the EU that it's literally a felony in places like Germany, where even having such functionality may fall under *"production, possession, distribution and use of tools to facilitate data manipulation and/or extraction against the owners' consent"* ([§202c penal code](http://gesetze-im-internet.de/stgb/__202c.html))... But that's [just](https://infosec.space/@kkarhan/113413999824933801) [my opinion](https://infosec.space/@kkarhan/113413981213042913), and #NotLegalAdvice! #EU #Germany #Facebook #NSAbook #InfoSealer #DataExfiltration #DataProtection #ConsumerRights
#Privacy#DataProtection#ConsumerRights
*
Kevin Karhan :verified:

@nickali @nazgul that's because they never faced actual accountability nor consequences.

  • And I don't mean a fine, but actual jailtime!

infosec.space/@kkarhan/1134139
infosec.space/@kkarhan/1134140

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@femme_mal@mstdn.social @Catawu@mastodon.social @DamonWakes@mastodon.sdf.org @lrhodes@merveilles.town @nazgul@infosec.exchange either way I'm convinced this shit is so flatout illegal in the EU that it's literally a felony in places like Germany, where even having such functionality may fall under *"production, possession, distribution and use of tools to facilitate data manipulation and/or extraction against the owners' consent"* ([§202c penal code](http://gesetze-im-internet.de/stgb/__202c.html))... But that's [just](https://infosec.space/@kkarhan/113413999824933801) [my opinion](https://infosec.space/@kkarhan/113413981213042913), and #NotLegalAdvice! #EU #Germany #Facebook #NSAbook #InfoSealer #DataExfiltration #DataProtection #ConsumerRights
#Accountability#Consequences#LackOfAccountability
Replied in thread
*
Kevin Karhan :verified:

@femme_mal @Catawu @DamonWakes @lrhodes @nazgul either way I'm convinced this shit is so flatout illegal in the EU that it's literally a felony in places like Germany, where even having such functionality may fall under "production, possession, distribution and use of tools to facilitate data manipulation and/or extraction against the owners' consent" (§202c penal code)...

But that's just my opinion, and #NotLegalAdvice!

#EU#Germany#Facebook
Replied in thread
Todd A. Jacobs | Pragmatic Cybersecurity

@briankrebs The best way to prevent #dataexfiltration when breached is not to collect or store unnecessary data in the first place. That makes many of the current spate of #databreaches avoidable, self-inflicted incidents for which large companies are never held accountable in any truly meaningful way.

You're spot on when you say that #databrokers rely on large #datalakes of sensitive data they don't need directly. They also rely on large data sets where any typical datum may be harmless in itself, but often becomes sensitive or dangerous when aggregated, and often exponentially more so when connected to intrinsically sensitive data such as #PII, #PHI, or identity.

Setting aside the financial incentives and lack of accountability for the data brokers, how do #businessleaders, #regulatoryagencies, and #electedpoliticians justify this state of affairs to you? It's not like the public and private sectors don't also have data they want to protect, so why allow this shadow industry to prosper? This seems even more mystifying when it's so clearly a double-edged sword even for the brokerages' paying customers!

TrendingLive feeds
About