home.social

#acropalypse — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #acropalypse, aggregated by home.social.

  1. Les talks de Sonia Seddiki sont toujours incr : elle explique et vulgarise si bien. Franchement, tu écoutes & t'as envie de l'avoir comme collègue ! #devoxx #acropalypse #acropalypseNow #images

  2. Как не стоит обрезать изображения. aCropalypse (CVE-2023-21036)

    В январе 2023 года экспертами Саймон Ааронс и Дэвид Бьюкенен была обнаружена уязвимость в линейке смартфонов google pixel. При работе во встроенном редакторе изображений Markup и редактировании файлов .png данные исходника не удалялись полностью и подлежали восстановлению.

    habr.com/ru/articles/788196/

    #cve #acropalypse #bugs

  3. We already covered the #aCropalypse flaw in these last two episodes, so probably won't revisit it.

    But I want to highlight this post from Trail of Bits because it covers the technical details so well.

    blog.trailofbits.com/2023/03/3

  4. Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:

    opalsec.substack.com/p/soc-gou

    Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.

    #Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.

    The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.

    A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.

    The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!

    Catch all this and much more in this week's newsletter:

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA

  5. Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:

    opalsec.substack.com/p/soc-gou

    Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.

    #Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.

    The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.

    A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.

    The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!

    Catch all this and much more in this week's newsletter:

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA

  6. Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:

    opalsec.substack.com/p/soc-gou

    Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.

    #Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.

    The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.

    A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.

    The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!

    Catch all this and much more in this week's newsletter:

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA

  7. Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:

    opalsec.substack.com/p/soc-gou

    Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.

    #Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.

    The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.

    A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.

    The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!

    Catch all this and much more in this week's newsletter:

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA

  8. Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:

    opalsec.substack.com/p/soc-gou

    Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.

    #Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.

    The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.

    A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.

    The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!

    Catch all this and much more in this week's newsletter:

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA

  9. After rolling out an update to Windows Insiders last week, Microsoft has now released a security patch for all Windows 10 & 11 users that patches the aCropalypse vulnerability in the Snipping Tool. bleepingcomputer.com/news/micr

  10. #Microsoft hat ein Sicherheitsupdate bereitgestellt. Es behebt einen Fehler, der dazu führt, dass sensible und zensierte Inhalte in Screenshots von Dritten unbefugt wiederhergestellt werden könnten #Acropalypse winfuture.de/news,135332.html?

  11. Turns out not just the Google Pixel phones were affected by the #acropalypse bug, where cropped screenshots could be recovered to almost-fullscreen versions.

    Windows(!) was affected too. Win 11 seems to have a fix now, Win 10 not yet.

    bleepingcomputer.com/news/micr

  12. The headline doesn't mention it but this affects the #Windows 10 snipping tool as well. It's all looking to be rather bigger and worse than I thought. How many other platforms' screenshot tools have the same problem? How many years back are we talking?

    "The Register: Microsoft scrambles to fix Windows 11 '#aCropalypse' privacy-battering bug"
    theregister.com/2023/03/24/mic

  13. Unpatched bug can be exploited with modified versions of the #Android scripts.

    Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in #Google's Markup screenshot editing tool for its Pixel phones. Dubbed #acropalypse, the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.

    #InfoSec
    arstechnica.com/information-te

  14. @bsmaalders @cks writing a temp file and renaming it also avoids the failure-to-truncate issues found in screenshot cropping tools recently (), but as some folks at work recently discovered, you need to be sure to fsync() before the rename, or a failure at the wrong moment can leave you with a zero-length file instead of the old one as the directory metadata can get written before the file contents data on ZFS.

  15. Microsoft has released an updated version of the Windows 11 Snipping Tool that fixes the aCropalypse vulnerability that affected cropped screenshots, allowing you to recover the full image. Available for Win11 Insiders only so far. bleepingcomputer.com/news/micr

  16. تحذير من خبراء ‫#أمن_المعلومات‬ من  ‫#هفوات‬ برمجية في هاتف ‫#غوغل‬ ‫#بيكسل‬"و في ‫#ويندوز11‬ تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل ‫#أندرويد
    لهاتف "بيكسل". الفاصيل 👇 مع تحيات ‫#نايلةالصليبي
    #Acropalypse
    #pixel
    #windows11
    mc-d.co/1pW0
    ‏‪#

  17. تحذير من خبراء ‫#أمن_المعلومات‬ من  ‫#هفوات‬ برمجية في هاتف ‫#غوغل‬ ‫#بيكسل‬"و في ‫#ويندوز11‬ تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل ‫#أندرويد
    لهاتف "بيكسل". الفاصيل 👇 مع تحيات ‫#نايلةالصليبي
    #Acropalypse
    #pixel
    #windows11
    mc-d.co/1pW0
    ‏‪#

  18. تحذير من خبراء ‫#أمن_المعلومات‬ من  ‫#هفوات‬ برمجية في هاتف ‫#غوغل‬ ‫#بيكسل‬"و في ‫#ويندوز11‬ تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل ‫#أندرويد
    لهاتف "بيكسل". الفاصيل 👇 مع تحيات ‫#نايلةالصليبي
    #Acropalypse
    #pixel
    #windows11
    mc-d.co/1pW0
    ‏‪#

  19. تحذير من خبراء ‫#أمن_المعلومات‬ من  ‫#هفوات‬ برمجية في هاتف ‫#غوغل‬ ‫#بيكسل‬"و في ‫#ويندوز11‬ تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل ‫#أندرويد
    لهاتف "بيكسل". الفاصيل 👇 مع تحيات ‫#نايلةالصليبي
    #Acropalypse
    #pixel
    #windows11
    mc-d.co/1pW0
    ‏‪#

  20. Käsittämätön moka, sekä Googlelta että Microsoftilta.

    Sekä Googlen Pixel -puhelimista että Windows 11 on löytynyt ongelma, jossa niiden oletusarvoiset kuvienkäsittelyyn tarkoitetut sovellukset jättävät alkuperäisen kuvan mukaan muokatun kuvan tiedostoon.

    Eli jos rajaat tai suttaat vaikkapa ruutukaappauksesta arkaluonteisia asioita ja lähetät kuvan eteenpäin, tiedostosta löytyy myös sensuroimaton kuva.

    fin.afterdawn.com/uutiset/2023

    #tietoturva #uutiset #teknologia #googlepixel #acropalypse

  21. The #Acropalypse has expanded to the realm of desktop computers too.

    This is where cropped images still contain potentially sensitive data that can be recovered by bad actors.

    On desktop I always use CMD+OPT+4 instead of +3. (mac ecosystem). Which allows you to select the area you want to screenshot and skip any requirement for cropping. I'd assume the PC ecosystem has a similar shortcut option.

    arstechnica.com/information-te

  22. If you edit PNG files using the Windows 11 Snipping Tool or the Markup tool on a Google Pixel, you should be aware the "#Acropalypse" security flaw that leaves information recoverable even after you've cropped an image.

    bleepingcomputer.com/news/micr #security #privacy #Windows11 #GooglePixel

  23. Scheinbar ist #Windows auch von der #Acropalypse betroffen.

    im Speziellen das Snipping Tool unter Windows 11 und die Windows 10-App Snip & Sketch

    Damit könnte die Zensur von manchen Bildern/Screenshots im Nachhinein aufgehoben werden.

    winfuture.de/news,135255.html

    #Datenschutz #Informationssicherheit

  24. So that aCropalypse vulnerability that allows you to restore a full image from a screenshot cropped using Google's Markup utility for Pixel phones? It may also be present in Microsoft's Windows Snipping Tool. twitter.com/David3141593/statu

  25. Re-encoding and optimization of PNG images removes junk data from files.

    Optimizing PNGs (including #ImageOptim) happens to fix leaky files from the "#Acropalypse" Android bug.