男性(27)

WIRED日本語版で私のBlackHatでの話を元にした記事がリリースされたようです。ぜひ読んでみてください。 北朝鮮IT労働者の日常が流出データで明るみに。管理体制から英語のやりとりまで wired.jp/article/leaked…

The #FBI seized multiple domains linked to Iranian intelligence that were actively used to facilitate cyberattacks, post stolen data, and call for the killing of regime dissidents and U.S. residents. The FBI and @TheJusticeDept will continue to defend the homeland by disrupting Iranian hacking and repression schemes that target dissidents and impact Americans. justice.gov/opa/pr/justice…

Qwen 3.5 397B A17Bええな。

@cheenanet 水分補給忘れずに。

牡蠣食べた ノロウイルスに人生奪われた お尻から水が出る 助けて

Kudelskiが書いたレポート内で言及されているRB Proxyというやつもそう。

いやもう全部書いてて笑う。RBがRyonBongの略称で内部で使われてるってあえて表で言わなかったのに😭 flare.io/learn/resource…

国家情報某とか対外情報某的なものができて情報源の保護を真剣に考えると単にProtonMailが信用できるできないとかSignalが安全という短絡的な見方から、国際関係と法執行、情報共有の枠組みの中における相対的な手段の使い分けに重きを置いていくバランサー型の人が必要になると思ってる。

この記事かなり体系的にまとまっていて助かるな。脅威モデルにもよると思うが、何が見られる可能性があってどう対策するかを考えながら使うことを考えるべき(真に安全性を求めるなら)。究極はサービス頼みをやめて自分で全部やることが一番安全性を求めることに繋がると思う。 sambent.com/proton-helped-…

Protonはちょっとプライバシー的にマシなGmailぐらいの感覚で要所要所気を使いながら使うという方法を取らないと色々と勘違いしてしまいそう。

March 1st incident report On March 1, 2026, Bitrefill was the target of a cyberattack. Based on indicators observed during the investigation - including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) - we find many similarities between this attack and past cyberattacks by the DPRK Lazarus / Bluenoroff group against other companies in the crypto industries. The initial access originated through a compromised employee laptop, from which a legacy credential was exfiltrated. That credential provided access to a snapshot containing production secrets. From there, the attackers were able to escalate their access to our broader infrastructure, including parts of our database and certain cryptocurrency wallets. We first detected the incident after noticing suspicious purchasing patterns with certain suppliers. We realized that our gift card stock and supply lines were being exploited. At the same time we found some of our hot wallets being drained and funds transferred to attacker-controlled wallets. The moment we identified the breach, we took all of our systems offline as part of our containment response. Bitrefill operates a global e-commerce business with dozens of suppliers, thousands of products, and multiple payment methods across many countries. Safely switching all these things off and bringing them back online is not trivial. Since the incident, our team has been working closely with top industry security researchers, incident response specialists, on-chain analysts and law enforcement to understand what happened and how we can prevent it from happening again. A sincere thank you to @zeroshadow_io, @SEAL_Org, @RecoverisTeam and @fearsoff for their rapid response and support throughout this ordeal. What about your data Based on our investigation and our logs we don’t have reason to think that customer data was the target of this breach. There is no evidence that they extracted our entire database, only that the attackers ran a limited number of queries consistent with probing to understand what there was to steal, including cryptocurrency and Bitrefill gift card inventory. Bitrefill was designed to store very little personal data. We are a store, not a crypto service provider. We don’t require mandatory KYC. When a customer chooses to verify their account - e.g. to access higher purchasing tiers or certain products - that data is kept exclusively with our external KYC provider, with no backups in our system. Still, based on database logs, we know that a subset of purchase records was accessed and we want to be transparent about that. Around 18,500 purchase records were accessed by the attackers. Those records contained limited customer information, such as email addresses, crypto payment address, and metadata including IP address. For approximately 1,000 purchases, specific products required customers to provide a name. That information is encrypted in our database. However, since the attackers may have gotten access to the encryption keys, we are treating this data as potentially accessed. Customers in this category have already been notified directly by email. At this time, based on the information currently available, we do not believe customers need to take specific action. As a precaution, we recommend remaining cautious of any unexpected communications related to Bitrefill or crypto. If this assessment changes, we will of course immediately inform those affected. What we are doing We have already significantly improved our cybersecurity practices, but vow to continue to draw learnings from this experience to make sure user and company balances and data remain maximally safe. Specifically we’re: -Continuing thorough cybersecurity reviews and pentests with multiple external experts and implementing recommendations; -Further tightening internal access controls; -Further improving logging and monitoring for faster detection and more effective response; and -Continuing to refine and test our incident response procedures and automated shutdown procedures. The bottom line Getting hit by a sophisticated attack sucks (a lot). We’ve been in business for over 10 years and it’s the first time we’ve been hit this hard. But we survived. Bitrefill was designed to limit the impact if something like this ever happened. Bitrefill remains well funded, has been profitable for several years and will absorb these losses from our operational capital. Almost everything is back to normal: payments, stock, accounts. Sales volumes are also back to normal, and we are eternally thankful to our customers for your continued confidence in us. We will continue to do our best to continue deserving your trust. Thank you!

MacBook Neoは海外出張or旅行用の使い捨て端末として優秀すぎると思うのでしばらく出しててほしい。

IYKYK x.com/Narcass3/statu…

@9jo2 これ

おれの答え、結論がよくわからなくなってきたな。

おれの答えはこれや

言っていることがコロコロ変わる人、阿修羅だと思えば普通に見えてくる。

@banthisguy9349 Owning a hosting provider reduces the uncertain concerns for these actors that their information might be seized or passed on to law enforcement agencies. I believe the recent actions of the U.S. government are a countermeasure against this.

Also that if the hosting provider tries to fucking the APTs over he would have some serious issues with the government that are sponsoring these APTs

There are some Hosting Providers around there that are very sus to have close ties to APTs. It would not be surprising to me that Nation State actors have the power or ability to get themselves a reliable bulletproof hoster to facilitate their campaigns.

How AI-powered ‘vibe coding’ threatens North Korea’s illicit IT worker schemes dlvr.it/TRW8r7

카톡 친구가 보낸 파일 눌렀더니…북한발 '지인 사칭' 피싱 포착 yna.co.kr/view/AKR202603…

NEW: VIPs & regular people are losing their @signalapp accounts to a clever deception. I've made a little graphic of how the attack works. Here's how to protect yourself1/