It’s not procrastination if you’re optimizing your Workspaces.

Being conscious about digital security, considering the internet we have nowadays, isn’t easy. Today, tracking and surveillance occur by default. MacOS has some good browser options that respect your privacy.

#apple #macos #browser #privacy
https://www.macobserver.com/tips/round-ups/the-hidden-truth-about-privacy-oriented-browsers-for-macos/

Silent Credit Card Thief Uncovered

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persistent access, harvesting and exfiltrating sensitive financial data. The attack workflow involves system reconnaissance, downloading additional malicious files, and injecting scripts into web pages. The threat actor uses unique identifiers to track victims and employs sophisticated techniques to evade detection. The campaign demonstrates the evolving nature of web-based credit card skimming threats, highlighting the need for enhanced security measures against LNK-based attacks and unverified browser extensions.

Pulse ID: 67efc6e92fbd533808f09435
Pulse Link: https://otx.alienvault.com/pulse/67efc6e92fbd533808f09435
Pulse Author: AlienVault
Created: 2025-04-04 11:47:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

APT Targets South Korea with Deceptive PDF Lures

The Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a malicious LNK file attachment, which drops an obfuscated VBA script. This script then deploys additional files, including a PDF and a ZIP containing malicious components. The attacks involve sophisticated techniques such as Base64 encoding, obfuscation, and VM-aware evasion. The malware's functionalities include data exfiltration, cryptocurrency wallet theft, browser data extraction, keylogging, and establishing C2 communication. The campaigns demonstrate the group's continuous efforts to compromise South Korean targets using deceptive tactics and multi-stage malware.

Pulse ID: 67efe85af4503af2018d414e
Pulse Link: https://otx.alienvault.com/pulse/67efe85af4503af2018d414e
Pulse Author: AlienVault
Created: 2025-04-04 14:10:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Proactive ClickFix Threat Hunting with Hunt.io

ClickFix is a browser-based delivery technique that uses deceptive prompts and clipboard hijacking to trick users into executing malicious commands. Cybercriminals and advanced actors employ this method to deploy malware, primarily information stealers. The technique involves luring users with fake system alerts or CAPTCHA challenges, then silently staging payloads for execution. The article describes how Hunt.io's research team used custom queries to identify web infrastructure associated with ClickFix delivery, uncovering multiple live domains serving malicious content. Examples include a Bitcoin-themed domain posing as Cloudflare WAF to deliver Lumma and CryptBot malware, a page targeting Zoho Office Suite credentials, and a compromised website abusing PowerShell. The report emphasizes the growing traction of ClickFix as a low-friction method for malware delivery and credential harvesting.

Pulse ID: 67ef854620c41c3fd65378db
Pulse Link: https://otx.alienvault.com/pulse/67ef854620c41c3fd65378db
Pulse Author: AlienVault
Created: 2025-04-04 07:07:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

C++20 in Chromium (a playlist with four hours of videos):

https://www.youtube.com/playlist?list=PL9ioqAuyl6UK-d0CS7KF9ToelBJVzxrkv

What’s your #1 go-to button in the panel, and what comes in second?

BeaverTail and Tropidoor Malware Distributed via Recruitment Emails

A sophisticated malware campaign has been uncovered, involving the distribution of BeaverTail and Tropidoor malware through fake recruitment emails. The attackers, suspected to be of North Korean origin, impersonated a developer community to lure victims into downloading malicious code. The campaign utilizes a downloader disguised as 'car.dll' and BeaverTail malware masquerading as 'tailwind.config.js'. BeaverTail functions as an infostealer and downloader, targeting web browsers and cryptocurrency wallets. Tropidoor, a backdoor malware, establishes communication with command and control servers, allowing remote execution of various commands. The attack methodology shares similarities with previous North Korean campaigns, including the use of techniques reminiscent of the Lazarus group's LightlessCan malware.

Pulse ID: 67ef0692d6ed151e2be71213
Pulse Link: https://otx.alienvault.com/pulse/67ef0692d6ed151e2be71213
Pulse Author: AlienVault
Created: 2025-04-03 22:07:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Development #Releases
New to the web platform (March 2025) · The latest browser features at a glance https://ilo.im/1635he

_____
#Browser #Chrome #Firefox #Safari #WebPlatform #WebDev #Frontend #CSS #JavaScript #API

Firefox still promises to prioritize privacy, but it’s now in line with other commercial browsers. These privacy-focused browsers for Mac are the best that still walk the talk and have the trust of the privacy-conscious.

#apple #macos #privacy #browser
https://www.macobserver.com/tips/round-ups/5-best-privacy-focused-browsers-for-mac-goodbye-firefox/

BeaverTail and Tropidoor Malware Distributed via Recruitment Emails

An attack involving BeaverTail and Tropidoor malware was discovered, targeting victims through fake recruitment emails from a developer community. The attackers provided a BitBucket link containing malicious code, including BeaverTail disguised as 'tailwind.config.js' and a downloader called 'car.dll'. BeaverTail, known for information theft and downloading additional payloads, was found in South Korea. The downloader shares similarities with the Lazarus group's LightlessCan malware. BeaverTail steals credential information and cryptocurrency wallet data from web browsers, while Tropidoor acts as a backdoor, connecting to C&C servers and executing various commands. The attack is suspected to be carried out by North Korean threat actors, highlighting the need for caution when dealing with executable files from unknown sources.

Pulse ID: 67eec30f88dc6ea426373c6b
Pulse Link: https://otx.alienvault.com/pulse/67eec30f88dc6ea426373c6b
Pulse Author: AlienVault
Created: 2025-04-03 17:19:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Title: Eclipse Theia & Theia IDE
️ What's: A libre framework for Cloud & Desktop tools & a libre IDE
️ https://theia-ide.org/
️ https://github.com/eclipse-theia/
#LinuxGameDev #Programming #IDE #Framework
️ #Libre #Bin #Browser-version #Arch #AppIm
Our entry: https://lebottinlinux.vps.a-lec.org/LO.html

️ Update: 1.60.0
Major release (Stable) ️
️ Changes: https://github.com/eclipse-theia/theia/releases
️From: ️ https://github.com/eclipse-theia/theia/releases.atom

https://www.youtube.com/embed/
️https://www.youtube.com/embed/1u9_RqNyFvY
️ https://www.youtube.com/embed/wGJHwc5ksMA
️[fr] https://www.youtube.com/embed/mJveydycbTc?start=195

In response to Mozilla's recent privacy changes, Zorin OS 17.3 replaces Firefox -- its previous default browser -- with Brave, albeit a customized version that hides features like Brave Rewards, Wallet, Leo AI, and more.

#brave #browser #zorin #firefox
https://www.theregister.com/2025/04/03/zorin_os_173/

#Development #Explorations
Forbidden request headers · Some request headers are more trustworthy than others https://ilo.im/16333j

_____
#Specification #HttpHeaders #Browser #JavaScript #FetchAPI #XMLHttpRequest #CloudflareWorker #WebDev #Frontend #Backend

Rilide: Chromium-based Browser Extension Stealing Crypto

Pulse ID: 67edfcdff8674b66f42ba573
Pulse Link: https://otx.alienvault.com/pulse/67edfcdff8674b66f42ba573
Pulse Author: cryptocti
Created: 2025-04-03 03:13:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Rilide: Chromium-based Browser Extension Stealing Crypto

Pulse ID: 67edfce0a2d2ec65213d0bf0
Pulse Link: https://otx.alienvault.com/pulse/67edfce0a2d2ec65213d0bf0
Pulse Author: cryptocti
Created: 2025-04-03 03:13:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Rilide: Chromium-based Browser Extension Stealing Crypto

Pulse ID: 67edfce0ec3392924eaaa17d
Pulse Link: https://otx.alienvault.com/pulse/67edfce0ec3392924eaaa17d
Pulse Author: cryptocti
Created: 2025-04-03 03:13:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

als PDF:

https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/

 #DSGVO #TDDDG ( #unplugtrump )
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena  #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz