Microsoft enabled the notorious "Recall" with the last update (for Windows 11 copilot+ enabled pcs only). It's part of the OS and can't be uninstalled. This software stores metadata about EVERYTHING that appears on your screen, including passwords/urls/images/videos/any messages you send or emails etc

To disable this gross spyware, run the following as admin on the command line:

Dism /Online /Disable-Feature
/Featurename:Recall

#Windows #Spyware #Recall #PrivacyAbuse

My RedisDB honeypot is now open source:

https://gitlab.com/bontchev/redispot

It is based on the RedisDB honeypot from the honeypots package

https://github.com/qeeqbox/honeypots

but has many improvements:

- output plugins - the ability to send reports to various places
- bugfixes - the original assumes that numbers are single-digit in a couple of places
- correct error messages - the original doesn't use exactly the same error messages as a real server
- supports the inline protocol - the original supports only the bulk one; all credential stuffing attackers use the inline one

Time for my monthly reminder to support your instance. Most instances are volunteer run and paid for by donations, including from the instance administrators. I know these are tough times and not everyone can afford it, and that is OK (I am personally out of work, so I understand that first hand).

You can generally find information to donate on youe instance's "about" page. For example, https://infosec.exchange/about, for those on infosec.exchange.

Thank you for being here and making this place awesome, regardless of your ability to donate. 

Just published the second-longest blog post in my 14 year career as an independent reporter.

This story is the result of a ridiculous amount of research. I hope you like it, because I learned tons reporting this, and there needs to be a broader conversation about some of the issues raised by this research. The lede:

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

MITRE disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: @howelloneill) and their incident response actions. No IOC provided. 🔗 https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks and https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8 h/t @reverseics

cc: @campuscodi @briankrebs

#MITRE #Ivanti #ConnectSecure #CVE_2023_46805 #CVE_2024_21887 #threatintel #cyberespionage