All posts in May 2021

■□□□□ Google Play to require privacy labels on apps in 2022, almost two years after Apple. https://go.theregister.com/feed/www.theregister.com/2021/05/07/google_play_security_privacy_disclosure_requirement/ https://t.me/cKure/7864

■□□□□ FYI: Apple’s AirTags have a hidden developer menu. https://www.theverge.com/2021/5/6/22422696/apple-airtags-hidden-developer-menu-back-end-data-how-to-access https://t.me/cKure/7863

■■□□□ Kids in Hong-Kong and other highly surveilled states worry infosec careers are just asking for trouble. https://go.theregister.com/feed/www.theregister.com/2021/05/07/asia_ethical_hacking/ https://t.me/cKure/7862

■■■■□ Active Directory Exploitation Cheat Sheet. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet https://t.me/cKure/7861

■■■□□ Judge-Jury-and-Executable – A File System Forensics Analysis Scanner And Threat Hunting Tool. https://github.com/AdamWhiteHat/Judge-Jury-and-Executable https://t.me/cKure/7860

■■■■■ DOM clobbering: Escaping from HTML-injection to execute XSS even if the web page has proper mitigation to prevent script execution. https://portswigger.net/web-security/dom-based/dom-clobbering https://t.me/cKure/7858

■□□□□ Cyber-Attack on Belgium as massive DDoS Attack disrupts Belgium Parliament. https://threatpost.com/ddos-disrupts-belgium/165911/ https://t.me/cKure/7857

■■■■■ CVE-2020-11292 | Qualcomm | Android bug. A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. A malicious app…

■□□□□ Moriya rootkit https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/ https://t.me/cKure/7854

■□□□□ Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites. https://go.theregister.com/feed/www.theregister.com/2021/05/06/chrome_code_protection/ https://t.me/cKure/7853