#acropalypse — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #acropalypse, aggregated by home.social.
-
Les talks de Sonia Seddiki sont toujours incr : elle explique et vulgarise si bien. Franchement, tu écoutes & t'as envie de l'avoir comme collègue ! #devoxx #acropalypse #acropalypseNow #images
-
Как не стоит обрезать изображения. aCropalypse (CVE-2023-21036)
В январе 2023 года экспертами Саймон Ааронс и Дэвид Бьюкенен была обнаружена уязвимость в линейке смартфонов google pixel. При работе во встроенном редакторе изображений Markup и редактировании файлов .png данные исходника не удалялись полностью и подлежали восстановлению.
-
We already covered the #aCropalypse flaw in these last two episodes, so probably won't revisit it.
But I want to highlight this post from Trail of Bits because it covers the technical details so well.
https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/
-
Update your Windows now to avoid the Acropalypse vulnerability
https://www.foxnews.com/tech/update-your-windows-now-avoid-acropalypse-vulnerability
-
#Microsoft korrigiert "#Acropalypse"-Fehler im Windows Snipping-Tool | heise online https://www.heise.de/news/Microsoft-korrigiert-Acropalypse-Fehler-im-Windows-Snipping-Tool-8072177.html #Patchday
-
Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.
#Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.
The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.
A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.
The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA
-
Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.
#Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.
The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.
A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.
The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA
-
Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.
#Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.
The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.
A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.
The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA
-
Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.
#Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.
The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.
A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.
The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA
-
Catch up on everything cyber with this week's edition of our SOC Goulash newsletter!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
Images which were redacted or cropped on Google Pixel devices or using the Windows Snipping Tool can be reversed and sensitive data revealed. The bug, dubbed "Acropalypse", may have been fixed but any existing images - be they bank details, nudes, or confidential company information - remain up for grabs.
#Hacktivists launched a week-long, coordinated attack on Australian banks, hospitals, airports and more, in retaliation for an offensive submission by an Australian designer at the Melbourne Fashion Festival, of all things.
The takedown of #BreachForums was made official last week, with the subsequent disarray demonstrating that continued law enforcement action is succeeding in capitalising on the mistrust inherent to the cyber crime ecosystem.
A significant vulnerability in the #WooCommerce Payments plugin can let attackers takeover #WordPress sites, and a PoC #exploit has been released publicly for a vulnerability in #Veeam's backup software.
The #blueteam had a great week, with CISA releasing a tool that helps grab #Azure, #M365 and the #Defender suite telemetry to help run ad hoc investigations; #Splunk shared an awesome defensive guide to #ADCS attacks, and we've seen a bunch of great write-ups on #IcedID, #ASyncRAT, and more!
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-373
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #acropalypse #OpAustralia #darkweb #CISA
-
After rolling out an update to Windows Insiders last week, Microsoft has now released a security patch for all Windows 10 & 11 users that patches the aCropalypse vulnerability in the Snipping Tool. https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-oob-security-updates-for-windows-snipping-tool-flaw/
#Windows #Microsoft #security #privacy #acropalypse #SnippingTool #screenshots
-
#Microsoft hat ein Sicherheitsupdate bereitgestellt. Es behebt einen Fehler, der dazu führt, dass sensible und zensierte Inhalte in Screenshots von Dritten unbefugt wiederhergestellt werden könnten #Acropalypse https://winfuture.de/news,135332.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
#Microsoft released an emergency security update for the #Windows10 and #Windows11 Snipping tool to fix the #Acropalypse #privacy vulnerability.
-
Turns out not just the Google Pixel phones were affected by the #acropalypse bug, where cropped screenshots could be recovered to almost-fullscreen versions.
Windows(!) was affected too. Win 11 seems to have a fix now, Win 10 not yet.
-
Windows Snipping-Tool anfällig für "Acropalypse"
Anfang der Woche wurde eine "Acropalypse" genannte Lücke im Screenshot-Tool von Google Pixel-Phones bekannt. Das Windows 11 Snipping-Tool verhält sich ebenso.
#Acropalypse #Security #Sicherheitslücken #SnippingTool #Windows11 #WindowsSnippingTool
-
The headline doesn't mention it but this affects the #Windows 10 snipping tool as well. It's all looking to be rather bigger and worse than I thought. How many other platforms' screenshot tools have the same problem? How many years back are we talking?
"The Register: Microsoft scrambles to fix Windows 11 '#aCropalypse' privacy-battering bug"
https://www.theregister.com/2023/03/24/microsoft_snipping_tool_fix/ -
Unpatched bug can be exploited with modified versions of the #Android scripts.
Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in #Google's Markup screenshot editing tool for its Pixel phones. Dubbed #acropalypse, the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.
#InfoSec
https://arstechnica.com/information-technology/2023/03/windows-10-and-11-get-their-own-version-of-the-acropalypse-screenshot-bug/ -
This Week in Security: USB Boom! Acropalypse, and a Bitcoin Heist - We’ve covered a lot of sketchy USB devices over the years. And surely you know by ... - https://hackaday.com/2023/03/24/this-week-in-security-usb-boom-acropalypse-and-a-bitcoin-heist/ #thisweekinsecurity #hackadaycolumns #securityhacks #typosquatting #acropalypse #news #usb
-
@bsmaalders @cks writing a temp file and renaming it also avoids the failure-to-truncate issues found in screenshot cropping tools recently (#aCropalypse), but as some folks at work recently discovered, you need to be sure to fsync() before the rename, or a failure at the wrong moment can leave you with a zero-length file instead of the old one as the directory metadata can get written before the file contents data on ZFS.
-
Microsoft has released an updated version of the Windows 11 Snipping Tool that fixes the aCropalypse vulnerability that affected cropped screenshots, allowing you to recover the full image. Available for Win11 Insiders only so far. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-acropalypse-privacy-bug-in-windows-11-snipping-tool/
-
Cropping and Redacting Images Safely #acropalypse https://i5c.us/d29666
-
تحذير من خبراء #أمن_المعلومات من #هفوات برمجية في هاتف #غوغل #بيكسل"و في #ويندوز11 تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل #أندرويد
لهاتف "بيكسل". الفاصيل 👇 مع تحيات #نايلةالصليبي
#Acropalypse
#pixel
#windows11
https://mc-d.co/1pW0
# -
تحذير من خبراء #أمن_المعلومات من #هفوات برمجية في هاتف #غوغل #بيكسل"و في #ويندوز11 تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل #أندرويد
لهاتف "بيكسل". الفاصيل 👇 مع تحيات #نايلةالصليبي
#Acropalypse
#pixel
#windows11
https://mc-d.co/1pW0
# -
تحذير من خبراء #أمن_المعلومات من #هفوات برمجية في هاتف #غوغل #بيكسل"و في #ويندوز11 تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل #أندرويد
لهاتف "بيكسل". الفاصيل 👇 مع تحيات #نايلةالصليبي
#Acropalypse
#pixel
#windows11
https://mc-d.co/1pW0
# -
تحذير من خبراء #أمن_المعلومات من #هفوات برمجية في هاتف #غوغل #بيكسل"و في #ويندوز11 تتيح استعادة معلومات حساسة من الصور المحررة بأدوات القطع في نظام "ويندوز11 "و نظام تشغيل #أندرويد
لهاتف "بيكسل". الفاصيل 👇 مع تحيات #نايلةالصليبي
#Acropalypse
#pixel
#windows11
https://mc-d.co/1pW0
# -
Käsittämätön moka, sekä Googlelta että Microsoftilta.
Sekä Googlen Pixel -puhelimista että Windows 11 on löytynyt ongelma, jossa niiden oletusarvoiset kuvienkäsittelyyn tarkoitetut sovellukset jättävät alkuperäisen kuvan mukaan muokatun kuvan tiedostoon.
Eli jos rajaat tai suttaat vaikkapa ruutukaappauksesta arkaluonteisia asioita ja lähetät kuvan eteenpäin, tiedostosta löytyy myös sensuroimaton kuva.
https://fin.afterdawn.com/uutiset/2023/03/22/acropalypse-windows-google-pixel-aukko
-
The #Acropalypse has expanded to the realm of desktop computers too.
This is where cropped images still contain potentially sensitive data that can be recovered by bad actors.
On desktop I always use CMD+OPT+4 instead of +3. (mac ecosystem). Which allows you to select the area you want to screenshot and skip any requirement for cropping. I'd assume the PC ecosystem has a similar shortcut option.
-
If you edit PNG files using the Windows 11 Snipping Tool or the Markup tool on a Google Pixel, you should be aware the "#Acropalypse" security flaw that leaves information recoverable even after you've cropped an image.
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ #security #privacy #Windows11 #GooglePixel
-
The best article about the #acropalypse #vulnerability, by David Buchanan
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
-
Scheinbar ist #Windows auch von der #Acropalypse betroffen.
im Speziellen das Snipping Tool unter Windows 11 und die Windows 10-App Snip & Sketch
Damit könnte die Zensur von manchen Bildern/Screenshots im Nachhinein aufgehoben werden.
-
So that aCropalypse vulnerability that allows you to restore a full image from a screenshot cropped using Google's Markup utility for Pixel phones? It may also be present in Microsoft's Windows Snipping Tool. https://twitter.com/David3141593/status/1638222624084951040
#privacy #security #vulnerability #WindowsSnippingTool #SnippingTool #Windows #acropalypse
-
📬 Lesetipps: Dieser Pixel-Bug könnte eine Menge Leute in Gefahr bringen
#Lesetipps #Acropalypse #BreachForums #HudaPar #ManuelAtug #PixelHandys #pompompurin #Portmaster #qBitController https://tarnkappe.info/lesetipps/lesetipps-dieser-pixel-bug-koennte-eine-menge-leute-in-gefahr-bringen-267356.html -
Re-encoding and optimization of PNG images removes junk data from files.
Optimizing PNGs (including #ImageOptim) happens to fix leaky files from the "#Acropalypse" Android bug.