The service developers used the open source code of the Mastodon decentralized social network in violation of the license agreement.
The Software Freedom Conservancy (SFC), a not-for-profit organization that enforces the rights of open source software developers and the rules for using open licenses, accused in violation of the AGPLv3 license of the Trump social network developers Truth Social.
The Software Freedom Conservancy says that the developers of the service used the open source code of the decentralized social network Mastodon in violation of the license agreement.
Although the Mastodon code is free and free, the projects using it must comply with the terms of the Affero General Public License (or AGPLv3), among which is the mandatory availability of the project source code for all its users. Trump’s media company does not yet provide such an opportunity to TRUTH Social users and calls the social network a proprietary development.
The Software Freedom Conservancy gave Trump Media and Technology Group 30 days to get better. Otherwise, the use of Mastodon’s open source code will be prohibited for the company.
Hacker hacked "smart" dog feeder and spied on the mistress
The owner of the smart dog feeder had been using this device for many years and had no problem until she heard a man’s voice coming from the feeder.
An unknown man broke into a smart dog feeder equipped with a camera, gained access to the camera and spied on the owner of one of the animals. Reported by Nine.com.au.
Smart pet feeders are popular around the world. They provide feeding of pets remotely, at the command given by a person via the Internet. In addition, many devices are equipped with webcams and speakers. With their help, the owner of the animal can admire his pet from anywhere in the world and even say a few affectionate words to him.
Australian resident Angela Cuniberti has become a victim of her love for modern devices. An unknown intruder managed to connect to the camera of her dog’s smart feeder.
One day a woman was passing by the trough and she heard a man’s voice say “Hello, beauty!” Angela was very frightened, as she thought that a stranger had got into the house. Moreover, her dog began to get very nervous and bark.
“I saw that a red light was on and I thought it was strange,” she said. The woman suspected that she was being spied on.
When Cuniberty decided to take a closer look at the camera, she heard a man’s laugh.
Angela consulted a feeder manufacturer. The company’s specialists checked the product and found out that someone had hacked into the home Wi-Fi network and gained access to the camera. This was very strange, since not long before that the woman had changed the password and was sure of its reliability.
It is unknown how long the attacker watched the girl. Now the police are looking for the hacker, and the woman has replaced the feeder with a webcam with an ordinary dog bowl.
Experts talk about 17 frameworks for attacks on physically isolated systems
For 15 years, 17 frameworks have been discovered that are used by APT groups in attacks on SCADA systems and ICS.
In the first half of 2020 alone, four different malicious frameworks were discovered designed to attack physically isolated networks, and the total number of these tools, paving the way for cyber-espionage and theft of classified information, reached 17 in 15 years.
“All frameworks are designed for some form of espionage, and all frameworks use USB sticks as a physical means of transferring data to and from targeted physically isolated networks.” told ESET researchers Alexis Dorais-Joncas and Facundo Muñoz in a new study.
Since physical isolation is one of the most common ways to protect SCADA systems and process control systems, government-funded APT groups are increasingly looking at critical infrastructure in the hope of injecting malware into physically isolated networks to monitor targets of interest.
According to ESET experts, frameworks are mainly designed to attack computers running Windows. At least 75% of frameworks use malicious LNK or AutoRun files on USB drives, either to initially compromise physically isolated systems or to move laterally on physically isolated networks.
Experts managed to associate some frameworks with well-known APT groupings:
Retro – DarkHotel (aka APT-C-06 or Dubnium);
Ramsay – DarkHotel;
USBStealer – APT28 (aka Fancy Bear, Sednit or Sofacy);
USBFerry – Tropic Trooper (aka APT23 or Pirate Panda);
Fanny – Equation Group;
USBCulprit – Goblin Panda (aka Hellsing or Cycldek);
PlugX – Mustang Panda;
Agent.BTZ – Turla Group.
“Each framework works differently, but they all have one thing in common – they all, without exception, use malicious USB drives. The main difference between connected and offline frameworks is how the flash drive itself has been modified, ”the researchers said.
Connected frameworks work by deploying a malicious component to a connected system that monitors the plugging of new USB drives and automatically places the malicious code needed to compromise a physically isolated system. In the case of offline frameworks like Brutal Kangaroo, EZCheese, and ProjectSauron, attackers must infect their own USB drives with malware to carry out an attack.
As a precautionary measure, organizations with critical information systems are advised to block e-mail access on connected systems, disable USB ports, “disinfect” USB drives, restrict the execution of files on removable drives, and regularly examine isolated systems for signs of suspicious activity.
Simple vulnerability in smart contract software allows hacker to steal $ 31 million worth of digital currency
An accounting error in MonoX Finance’s software allowed an attacker to raise the price of the MONO token.
Blockchain startup MonoX Finance has fallen victim to cyberattacks , during which a hacker stole $ 31 million. The cybercriminal took advantage of a vulnerability in the software that the platform uses to draft smart contracts.
The company uses the MonoX decentralized financial protocol, allowing users to trade digital currency tokens without the specific requirements of traditional exchanges. An accounting error in the company’s software allowed an attacker to raise the price of the MONO token and then use it to cash out all other deposited tokens.
The cyber attack used the same token as in tokenIn and tokenOut, which are methods of exchanging the value of one token for another. MonoX updates prices after each swap, calculating new prices for both tokens. When the swap is complete, the price of tokenIn (the token sent by the user) decreases and the price of tokenOut (the token received by the user) increases.
By using the same token for both tokenIn and tokenOut, the hacker increased the price of the MONO token significantly because the tokenOut update overwritten the tokenIn price update. The hacker then exchanged the token for $ 31 million worth of tokens on the Ethereum and Polygon blockchains. MonoX Finance management attempted to contact the attacker by sending a message via a transaction on the ETH mainnet. Recall that in October of this year, an unknown attacker hacked the Discord server of the Creature Toadz NFT project and tricked community members into sending him money. In total, the hacker managed to lure out more than 88 ETH from the victims (over $ 340 thousand at the exchange rate at the time of the crime). It is noteworthy that the hacker later returned all the money.
FTC Seeks To Block Nvidia’s Purchase Of Arm In Court
The US Federal Trade Commission (FTC) has filed a lawsuit seeking to block the US $ 40 billion acquisition of...
The side wall of the Chieftec Stallion 3 case is made of tempered glass, while the front and top are made of mesh
The Chieftec catalog has expanded its Stallion 3 chassis, which will begin shipping in February 2022. Housing with catalog index...
Xiaomi has completed work on MIUI 13. Xiaomi 12 received the final assembly of the new interface based on Android 12
A developer from Poland and an active user of the XDA-Developers thematic forum, Kacper Skrzypek, shared an interesting observation: judging...
Power 750 HP and a cruising range of 750 km. Foxconn unveils its flagship Foxtron Model E sedan, which can compete with Tesla’s Model S
Foxconn has brought its flagship Model E sedan, created by the Foxtron automotive division in conjunction with the Italian coachbuilder...
News6 days ago
The crypto market has collapsed once again. Bitcoin fell by almost 8% per day, Ethereum – by 9%, Solana – by 6%, and Polkadot – by all 11%
Components7 days ago
Dual processors, dual 4K Sony Micro OLED screens, eight cameras and Mac-like performance. Apple headset is expected in the fourth quarter of 2022
Wearables6 days ago
This is what Huawei’s first smartwatch that measures blood pressure looks like. Huawei Watch D showed on the render
Security2 days ago
Windows Defender scares sysadmins with false Emotet detection