riQQ's recent activity

  1. Comment on FrostyGoop malware attack cut off heat in Ukraine during winter in ~tech

    riQQ
    Link

    Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures.

    According to an LB.UA report, the attack forced district heating company Lvivteploenergo to disconnect heating services on January 23, impacting over 100,000 people across Lviv's Sykhiv residential area.

    FrostyGoop, the Windows malware used in this attack, is designed to target industrial control system (ICS) using the Modbus TCP communications, a standard ICS protocol across all industrial sectors.

    It was first discovered by cybersecurity company Dragos in April 2024, whose researchers initially believed it was still under testing. However, Ukraine's Cyber Security Situation Center (CSSC) shared details that the malware was being used in attacks and linked it with the January heating outage in Lviv.

    5 votes

  3. Comment on The joy of reading newspapers from other countries in ~news

    riQQ
    Link Parent
    Deutsche Welle (DW) has many articles in English: https://www.dw.com/en/

    Deutsche Welle (DW) has many articles in English:
    https://www.dw.com/en/

  4. Comment on EU Council has withdrawn the vote on Chat Control in ~tech

  5. Comment on Advice for hosting (and building) a personal website in ~comp

    riQQ
    (edited )
    Link Parent
    No worries, I mainly posted this for future readers.

    No worries, I mainly posted this for future readers.

  6. Comment on Advice for hosting (and building) a personal website in ~comp

    riQQ
    Link Parent
    FE = frontend, right? Took me some time to guess.

    FE = frontend, right? Took me some time to guess.

    1 vote

  7. Comment on The time I built an ROV to solve missing person cases in ~engineering

    riQQ
    (edited )
    Link
    In the same vein as The hunt for the Death Valley Germans I found this to be a super interesting read.

    In the same vein as The hunt for the Death Valley Germans I found this to be a super interesting read.

    By the autumn of 2020 the story had faded from my mind until my brother called me with an interesting missing person case. That phone call was the starting point of the most interesting adventure I’ve ever had, and it lead to us solving two missing person cold cases, which had been unsolved for 9 and 15 years.

    8 votes

  9. Comment on Do signed or annotated git tags have any special advantage over lightweight tags? in ~comp

  10. Comment on All Santander staff and 'thirty million' customers in Spain, Chile and Uruguay hacked in ~tech

  11. Comment on Cybercriminals pose as "helpful" Stack Overflow users to push malware in ~comp

    riQQ
    Link

    Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

    Sonatype researcher Ax Sharma (and a writer at BleepingComputer) discovered this new PyPi package is part of a previously known 'Cool package' campaign, named after a string in the package's metadata, that targeted Windows users last year.

    This PyPi package is named 'pytoileur' and was uploaded by threat actors to the PyPi repository over the weekend, claiming it was an API management tool. Notice how the package has the "Cool package" string in the Summary metadata field, indicating it is part of this ongoing campaign.

    7 votes

  13. Comment on Tesla’s two million car Autopilot recall is now under US federal scrutiny in ~transport

    riQQ
    Link
    New development on the same topic previously discussed here: https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issue

    NHTSA has now closed that engineering analysis, which examined 956 crashes. After excluding crashes where the other car was at fault, where Autopilot wasn't operating, or where there was insufficient data to make a determination, it found 467 Autopilot crashes that fell into three distinct categories.

    First, 221 were frontal crashes in which the Tesla hit a car or obstacle despite "adequate time for an attentive driver to respond to avoid or mitigate the crash." Another 111 Autopilot crashes occurred when the system was inadvertently disengaged by the driver, and the remaining 145 Autopilot crashes happened under low grip conditions, such as on a wet road.

    NHTSA also found that Tesla's telematics system has plenty of gaps in it, despite the closely held belief among many fans of the brand that the Autopilot system is constantly recording and uploading to Tesla's servers to improve itself. Instead, it only records an accident if the airbags deploy, which NHTSA data shows only happens in 18 percent of police-reported crashes.

    New development on the same topic previously discussed here:
    https://tildes.net/~transport/1cul/tesla_recalls_two_million_us_vehicles_over_autopilot_software_issue

    19 votes

  15. Comment on How GM tricked millions of drivers into being spied on (including me) in ~transport

  16. Comment on Backdoor in upstream libxz targeting sshd in ~comp

  17. Comment on Backdoor in upstream libxz targeting sshd in ~comp

  18. Comment on Backdoor in upstream libxz targeting sshd in ~comp

    riQQ
    Link
    Another write-up by Kevin Beaumont: https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd

    Another write-up by Kevin Beaumont:
    https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd

    Nobody else had raised concerns, and I don’t believe any existing security tooling or processes would have caught this (I realise there will be a torrent of vendors claiming they detect this… but they will detect this now that somebody told them).

    How advanced was the threat actor? The backdoor attempt was a very serious one, with a very high bar of knowledge, research, development and tradecraft to reach this far into the Linux ecosystem. Additionally, changes made by the threat actor on Github span multiple years, and include things like introducing functions incompatible with OSS Fuzzer due to outstanding small issues since 2015, then getting OSS Fuzzer to exclude XZ Utils from scanning last year. The backdoor itself is super well put together, and even includes the ability to remotely deactivate and remove the backdoor via a kill command. Several days in, despite global focus, I haven’t seen anybody who has finished reverse engineering it.

    Also, Andres had a unique testing environment and a set of coincidental setup issues which allowed him to discover the issue. I don’t know of anybody else has this setup.

    When I installed a vulnerable Linux box, I had to double check it was actually vulnerable as I wouldn’t even see a speed issue. For me, it was a completely transparent backdoor — where sshd was running from disk as usual, with the usual file hash and no extra network activity.

    15 votes

  19. Comment on Visa, Mastercard settle long-running antitrust suit over swipe fees with merchants in ~finance

    riQQ
    Link

    Visa and Mastercard announced a major settlement with U.S. merchants on Tuesday, potentially ending nearly two decades of litigation over the fees charged every time a credit or debit card is used in a store or restaurant.

    The deal would lower and cap the fees charged by Visa and Mastercard and allow small businesses to collectively bargain for rates with the payment processors in a similar way that the large merchants do on their own now.

    According to the settlement announced Tuesday, Visa and Mastercard will cap the credit interchange fees until 2030, and the companies must negotiate the fees with merchant-buying groups.

    The law firm that announced the settlement put the value of the savings in swipe fees at close to $30 billion.

    9 votes