Jérôme Meyer

@jmeyer@infosec.exchange
136 Followers
146 Following
32 Posts

Security research at Nokia Deepfield (he/they).

EN/FR posts | Fan of Crocker’s Rules, art, and the Oxford comma.

Homepagehttps://med.ac/about
Signaljmeyer.01
Work accounthttps://infosec.exchange/@deepfield
Jérôme Meyer1d ago
Catalin Cimpanu2d ago

Google has filed a lawsuit against the operators of the BADBOX botnet.

The group is known for infecting Android-based smart TVs with malware that engages in ad fraud.

The botnet is believed to have infected over 10 million devices.

https://blog.google/technology/safety-security/google-taking-legal-action-against-the-badbox-20-botnet/

We’re taking legal action against the BadBox 2.0 botnet.

Recently, our researchers partnered with HUMAN Security and Trend Micro to uncover BadBox 2.0, the largest known botnet of internet-connected TVs. Building on our previous actions to stop these cybercriminals, we filed a lawsuit in New York federal court against the botnet’s perpetrators.The Badbox 2.0 attack compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections. Cybercriminals infected these devices with pre-installed malware and exploited them to conduct large-scale ad fraud and other digital crimes.Our Ad Traffic Quality team identified and quickly acted against this threat, and we updated Google Play Protect, Android’s built-in malware and unwanted software protection, to automatically block BadBox-associated apps.While these actions kept our users and partners safe, this lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud. The FBI has also issued an alert about this illicit activity, and we continue to coordinate with them on our efforts to safeguard consumers and businesses worldwide.

Google
Jérôme Meyer2d ago
Kevin Beaumont3d ago

NoName is finally fully down - the origin C2 server in Latvia, that authorities refused to take down for years, is offline. It was hidden behind a bunch of nginx relays.

Great that it’s down, finally!

A bunch of security researchers spent years weakening the infrastructure by having relays taken down etc etc, it verifiably reduced Ddosia’s capability as the user numbers over halved.

I’m a little bit miffed a bunch of people almost got caught in cross fire for those efforts.

Jérôme Meyer3d ago
Catalin Cimpanu3d ago

Europol disrupts pro-Kremlin hacktivist group NoName057(16)

-2 arrests (1 preliminary arrest in France and 1 in Spain)
-7 arrest warrants issued (6 by Germany, and 1 by Spain)
-DDoS infrastructure taken down
-1k+ supporters identified and notified

https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

Jérôme Meyer3d ago
abuse.ch 3d ago

We are incredibly proud to have assisted Europol 🇪🇺 in a global operation against the notorious pro-Russian #hacktivist group #NoName057(16) 🥳

Over the years, NoName057(16) has carried out thousands of #DDoS attacks against websites of western organisations and national critical infrastructure 🏛️ , aiming to spread pro-Russian ideology 🇷🇺 and stir up distrust and uncertainty in the western hemisphere 🌎 😵‍💫

https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

Global operation targets NoName057(16) pro-Russian cybercrime network – The offenders targeted Ukraine and supporting countries, including many EU Member States | Europol

The offenders targeted Ukraine and supporting countries, including many EU Member States. Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol, targeted the pro-Russian cybercrime network NoName057(16). The actions led to the shutdown of several hundred servers worldwide, while the group's central server infrastructure was taken offline.

Europol
Jérôme MeyerJul 5
bert hubert 🇺🇦🇪🇺🇺🇦Jul 5
The attempts by law enforcement & governments to subvert end-to-end encryption are ongoing. The European Commission is going to spend a year thinking about their new "Roadmap for law enforcement access to data", and they are (genuinely) asking for people to join their expert group to help. Here I urge you to join that group (also because I can't): https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/
Possible End to End to End Encryption: Come Help - Bert Hubert's writings

tl;dr: The European Commission is honestly asking for experts to advise them on ways to institute “effective and lawful access to data for law enforcement”. If you are an expert, I urge you to apply to join this group. You have until September 1st. Do read on for more details! The never-ending battle where police and intelligence services demand more/total access to communications shows no sign of stopping, even in the face of mathematical and practical impossibilities.

Bert Hubert's writings
Jérôme MeyerJul 4
Christoffer S.Jul 3

The number of websites lacking proper RSS/Atom feeds is too damn high.

#RSS #Web #Atom

Jérôme MeyerJul 3

A notable effect of BIND’s long-standing v6-bias (default since 9.11, and previously discussed in https://blog.apnic.net/2020/06/03/overcoming-the-challenges-of-ipv6-support-in-bind/) is that it helps broaden DNS water-torture attacks.

Even if the spoofed queries are IPv4-only (which it almost always is), BIND’s upstream resolution may span both IPv4 and IPv6, effectively making the attack dual-stack.

(IPv6 adoption is good, but operators should account for this when defending name servers. We just don't see this as much for other DNS server implementations.)

Overcoming the challenges of IPv6 support in BIND | APNIC Blog

Guest Post: The slow transition to IPv6 has made for some interesting and ongoing challenges for BIND developers but there is light at the end of the tunnel.

APNIC Blog
Jérôme MeyerJul 1

The usual DDoS "noisy influencer" group I will not name started attacking French local/regional government websites this morning (~2025-07-01T06:25Z).

Most of them are unaffected.

Jérôme MeyerJun 13
evacideJun 13

If you have an iPhone, make sure you always have the latest security update.

If you are concerned that you might be targeted by government spyware, enable Lockdown Mode.

https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

Apple fixes new iPhone zero-day bug used in Paragon spyware hacks | TechCrunch

The iPhone maker quietly updated a February security advisory to publicize a flaw that was used to hack at least two journalists in Europe.

TechCrunch
Jérôme MeyerJun 9
Alexandre DulaunoyJun 9

Digging a bit more into the infrastructure of DNS4EU, dns0.eu, and Quad9, there isn’t much documentation or design detail available about how things actually work including how filtering is implemented. I couldn’t find any Git repositories with their tooling or information about the software they use.

Does anyone have good resources? Transparency about how these services work would help build trust.

#dns4eu #dns #opensource