Their gitlab seems to be down though, that slows down the documentation and install process.

(...) we present the first security and privacy assessment of e-scooters internals. We cover Xiaomi M365 (2016) and ES3 (2023) e-scooters and their interactions with Mi Home (their companion app).

We extensively RE their internals and uncover four critical design vulnerabilities, including a remote code execution issue with their BMS. Based on our RE findings, we develop E-Trojans, four novel attacks targeting BES internals. The attacks can be conducted remotely or in wireless proximity. They have a widespread real-world impact as they violate the Xiaomi e-scooter ecosystem safety, security, availability, and privacy. For instance, one attack allows the extortion of money from a victim via a BMS undervoltage battery ransomware. A second one enables user tracking by fingerprinting the BES internals. With extra RE efforts, the attacks can be ported to other BES featuring similar vulnerabilities.

A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an npm package called “rtn-centered-text” exploited an example from React Native’s Fabric Native Components guide in an attempt to trick developers into downloading their package, putting systems at risk.

Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I'd assume. It's bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

This article explores Netcraft’s research into the global growth of fake stores, including activity that makes use of the e-commerce platform SHOPYY to target Black Friday shoppers. Insights include:

• An increase of 110% in fake stores identified between August to October 2024
• Tens of thousands of fake stores utilizing the e-commerce tech platform SHOPYY
• More than 66% of SHOPYY-powered sites identified as fake stores
• More than 9,000 new and unique fake store domains detected by Netcraft between November 18–21, hosted on SHOPYY alone
• Most activity attributed to threat actors likely operating from China
• Activity primarily targeting U.S. shoppers
• Use of Large Language Models (LLMs) to generate text for product listings

ESET researchers analyze the first UEFI bootkit designed for Linux systems

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

In this article, we’ll explore a malicious loader known as PSLoramyra. This advanced malware leverages PowerShell, VBS, and BAT scripts to inject malicious payloads into a system, execute them directly in memory, and establish persistent access.

Classified as a fileless loader, PSLoramyra bypasses traditional detection methods by loading its primary payload entirely into memory, leaving minimal traces on the system.

A major technology provider for hundreds of large retailers is struggling to recover from a ransomware attack that began last Thursday.

🇳🇱 Nederlandse versie van dit artikel
🇫🇷 Version française de cet article
🇩🇪 Deutsche Version dieses Artikels

We're happy to announce that BusKill cables can now be purchased in-person in Haaksbergen, Netherlands.

The BusKill project has partnered with NovaCustom to make BusKill laptop kill cords available from another brick-and-mortar location in Europe. You can now go to the NovaCustom office and purchase a BusKill cable with cash or cryptocurrency.

⚠ NOTE: In-person orders at NovaCustom's offices require an appointment. Please contact them over email or Signal to schedule an appointment before you go.

And, if paying with cash, bring the exact amount. They do not provide change.

About BusKill

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously (or make their own), there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. A better solution (in addition to making the hardware designs open-source) is to let users purchase the device anonymously. Generally, the best way to defeat interdiction is to go to a physical brick-and-mortar and pay with cash.

About NovaCustom

In Mar 2015, Wessel klein Snakenborg (founder of NovaCustom) started selling highly-customizable Linux laptops from Europe. In Aug 2021, NovaCustom released their first laptop (NV40) with coreboot pre-installed with Dasharo.

The Qubes-Certified NV41 with Heads pre-installed by NovaCustom	NovaCustom offers anti-tamper options, including glitter nail polish applied to the chassis screws (photos sent to you via Proton Mail before shipment — specify PGP key at checkout for e2ee)

In 2023, NovaCustom caught the eye of many in the security community, as they announced a number of major milestones:

• In Apr 2023, NovaCustom started offering Intel ME disabling
• In May 2023, NovaCustom demonstrated their commitment to free software and the security community by obtaining Qubes certification on their NV41 Series laptop.
• In Sep 2023, NovaCustom started offering anti-interdiction services, which includes applying a unique glitter pattern to your new laptop's chassis screws before shipment.

And in Feb 2024, NovaCustom started selling their NV41 laptop with Heads pre-installed.

And now, as part of the partnership with the BusKill project, NovaCustom allows customers to place orders anonymously on their website, pickup the order in-person, and pay with cash (Euros only, exact cash required, and per-arranged appointment required for pickup). They also accept payments in Monero and Bitcoin. We're excited to partner with another leader in privacy solutions for high-risk folks in Europe, and we hope you'll consider buying a Qubes-certified NovaCustom laptop + BusKill Kit from NovaCustom in The Netherlands.

Buy BusKill in-person in The Netherlands

Order at novacustom.com or stop by in-store to purchase a BusKill cable.

Bitcoin, monero, and fiat (cash) are all accepted payment methods at NovaCustom.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

Distributed Denial of Service (DDoS) attacks are cyberattacks that aim to overwhelm and disrupt online services, making them inaccessible to users. By leveraging a network of distributed devices, DDoS attacks flood the target system with excessive requests, consuming its bandwidth or exhausting compute resources to the point of failure. These attacks can be highly effective against unprotected sites and relatively inexpensive for attackers to launch. Despite being one of the oldest types of attacks, DDoS attacks remain a constant threat, often targeting well-known or high traffic websites, services, or critical infrastructure. Cloudflare has mitigated over 14.5 million DDoS attacks since the start of 2024 — an average of 2,200 DDoS attacks per hour. (Our DDoS Threat Report for Q3 2024 contains additional related statistics).

A threat actor known as Mysterious Elephant has been observed targeting Pakistani entities in a new espionage campaign.