home.social

#skimmer — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #skimmer, aggregated by home.social.

  1. Watch this butterfly poke around with its proboscis while bees, ants, and a lizard hang out nearby. A garden of earthy delights. #nature #bees #butterflies #skimmer

  2. Black skimmer fishing in the waves. I love sharp pointy angles of the beak and wings. #birds #seabirds #skimmer #beach #nature

  3. Black skimmer fishing in the waves. I love sharp pointy angles of the beak and wings. #birds #seabirds #skimmer #beach #nature

  4. Black skimmer fishing in the waves. I love sharp pointy angles of the beak and wings. #birds #seabirds #skimmer #beach #nature

  5. Black skimmer fishing in the waves. I love sharp pointy angles of the beak and wings. #birds #seabirds #skimmer #beach #nature

  6. Black skimmer fishing in the waves. I love sharp pointy angles of the beak and wings. #birds #seabirds #skimmer #beach #nature

  7. Tajemniczy incydent w banku Santander. Milionowe straty i kilkaset osób okradzionych

    W sobotę ok. 500 klientów Santandera zostało okradzionych na łączną kwotę ponad w miliony złotych i to w sposób, który budzi wiele pytań. Przestępcy wypłacili pieniądze z rachunków ofiar poprzez transakcje w …bankomatach. Jest to o tyle dziwne, że w przypadkach niektórych klientów, takie transakcje nie miały prawa się udać, bo mieli “zablokowany pasek magnetyczny”. Ale zacznijmy od początku.
    Jesteś już zapisany na nasz środowy LIVE pt. Dane Twoich Klientów Wyciekły — Co Teraz? podczas którego przekażemy praktyczne porady, co musisz zrobić, kiedy ktoś Cię zhackuje, aby nie pogorszyć sytuacji? Będzie o tym jak informować klientów i jak rozmawiać z UODO oraz dziennikarzami. Wiele praktycznych porad. Zapisać możesz się klikając na ten link.

    Wypłacali w wielu bankomatach w różnych miastach
    W sobotę klienci Santandera widzą powiadomienia, że ich pieniądze są wypłacane w różnych bankomatach na terenie kraju. Niektórzy tracą kilkaset złotych. Inni kilkadziesiąt (!) tysięcy. Ofiary zgłaszają się na policję, a policja przy pomocy mediów publikuje apel, aby “zmienić limity na zero” lub tymczasowo blokować karty.
    W wypowiedziach policjantów pada też hipoteza, że powodem kradzieży jest skimming. Wedle doniesień prasowych, tak samo dziennikarzom powtarzają nieprzywołani z nazwiska “bankowi eksperci”.
    I tu pojawia się pierwsze pytanie:
    Skoro gdzieś założono skimmer i sczytywano karty płatnicze, to dlaczego ofiarami są tylko klienci jednego banku?
    Teoretycznie, mogło być tak, że skimmer był tylko na urządzeniach w oddziałach Santandera. Wtedy nie powinno nas dziwić, że zdecydowana większość ofiar to klienci tego banku.
    Zielony skimmer imitujący anti-simmerową [...]

    #Banki #Bankomaty #Kradzież #Santander #Skimmer #Skimmery

    niebezpiecznik.pl/post/tajemni

  8. How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2 | Silent’s Blog

    Link
    GTA San Andreas 的水上飛機「Skimmer」在升級 Windows 11 24H2 後消失並出現無法生成的問題,經過深入除錯發現,根本原因是遊戲中對 Skimmer 資料檔 vehicles.ide 的解析缺漏。該機種在資料中遺漏了前後輪比例(wheel scale)的定義,導致該項變數未初始化造成遊戲內物理計算錯誤,使飛機生成位置異常飆升並引發遊戲當機。Windows 11 24H2 系統變更內部 Critical Section 佔用堆疊空間,使本來未初始化但意外保持合理數值的變數被覆寫,因而觸發此隱藏已久的 BUG。修正方法有兩種:直接修改 vehicles.ide 以補足缺失參數,或由 SilentPatch 應用程式內修補 sscanf 的讀取行為,預設合理輪比例。此 BUG 其實早於 Xbox 版已修正,PC 版則因兼容性問題維持多年未被發現。此案例說明瞭舊遊戲因未完全驗證輸入資料及依賴未初始化變數而隱藏 BUG,且硬體或作業系統底層變動可能意外導致問題暴露,提醒開發和維護者必須嚴謹處理資料完整性與程式警告,確保長期相容性與穩定性。

    🎯 Key Points:

    → 問題現象:Windows 11 24H2 更新讓 GTA San Andreas 中 Skimmer 飛機消失且無法正常生成,使用 SilentPatch 時還會造成遊戲凍結。

    → 根本原因:Skimmer 在 vehicles.ide 中遺漏前後輪比例參數(wheel scale),導致 sscanf 讀取時未初始化數值,進而影響碰撞模型的 bounding box 資料。

    → 技術細節:

     ★ Skimmer 在 車輛資料載入函式 CFileLoader::LoadVehicleObject 中解析參數未完全,缺少參數未設默認值。

     ★ Windows 11 24H2 新版作業系統中內部 Critical Section 物件釋放寫入堆疊的行為與舊版本不同,覆寫了未初始化的局部變數空間。

     ★ 依靠先前堆疊資料保留的「運氣」破滅,導致錯誤數據被使用,觸發物理計算出錯飛機異常消失。

    → 解決策略:

     ① 對 vehicles.ide 手動補充 Skimmer 缺失的前後輪比例,推薦值為0.7,與其它類似車輛一致。

     ② SilentPatch 內部修改 sscanf 的包裝函式,提供合理預設值,修復不完整資料的讀取問題。

    → 深入見解:

     ★ 此 BUG 並非作業系統錯誤,而是遊戲自身未定義行為依賴導致。

     ★ 類似情況曾在 Bully: Scholarship Edition 遊戲上因 Windows 10 變動而爆發,顯示堆疊與底層 API 變更可能造成相容性隱患。

     ★ 舊平臺(如 Xbox 版)早已修正此缺失,部分 PC 版非官方版本基於 Xbox 分支已修復。

    → 實務價值:促使遊戲維護者加強輸入資料驗證及警告處理,避免因未初始化變數或資料缺失導致長久隱藏的 BUG 在系統升級時才被意外激發。

    🔖 Keywords:
    #GTA_San_Andreas #Skimmer #Windows_11_24H2 #vehicles.ide #SilentPatch

  9. well poop. my CC was either skimmed or at one of the restaurants we visited this weekend they just out-and-out copied the info. Not a great way to end what otherwise was a really great weekend of hiking and skiing. #fraud #cc #theygotme #skimmer #stupid

  10. Not cool seeing this pop up mere hours after my card gave an obscure error at a Royal Farms not too far from the ones in the article.

    #Privacy
    #Skimmer

    patch.com/pennsylvania/marplen

  11. Blue Dashers at Van Horne Retention Pond

    20 July 2024

    After the disappointing visit to Fairview Farm Wildlife Preserve, I decided to stop at the retention pond at Van Horne Park. On the 45-minute drive home, my mind drifted, and I had a brief conversation with myself about bacon.

    [caption id="attachment_116518" align="aligncenter" width="1200"] Blue Dasher (Pachydiplax longipennis) · 20 July 2024 · FujiFilm X-T3 · XF150-600mmF5.6-8 R LM OIS WR[/caption]

    When I say bacon to someone from the United States, they usually think [...]

    islandinthenet.com/blue-dasher

  12. A Black #Skimmer #flies just over the surface of a pond at #Merritt #Island National #Wildlife Refuge.
    #BlackSkimmers feed by flying just above the water and opening their beak so that it scoops up small fish, insects, and other prey.
    The water’s surface also creates a perfect #reflection

    Get a print of this image or another at heronfox.pixels.com/featured/b

    #RynchopsNiger #Bird #BirdsOfMastodon #Waterfowl #MINWR #Florida #WildlifePhotography #Photograph

  13. A Black #Skimmer #flies just over the surface of a pond at #Merritt #Island National #Wildlife Refuge.
    #BlackSkimmers feed by flying just above the water and opening their beak so that it scoops up small fish, insects, and other prey.
    The water’s surface also creates a perfect #reflection

    Get a print of this image or another at heronfox.pixels.com/featured/b

    #RynchopsNiger #Bird #BirdsOfMastodon #Waterfowl #MINWR #Florida #WildlifePhotography #Photograph

  14. A Black #Skimmer #flies just over the surface of a pond at #Merritt #Island National #Wildlife Refuge.
    #BlackSkimmers feed by flying just above the water and opening their beak so that it scoops up small fish, insects, and other prey.
    The water’s surface also creates a perfect #reflection

    Get a print of this image or another at heronfox.pixels.com/featured/b

    #RynchopsNiger #Bird #BirdsOfMastodon #Waterfowl #MINWR #Florida #WildlifePhotography #Photograph

  15. A Black #Skimmer #flies just over the surface of a pond at #Merritt #Island National #Wildlife Refuge.
    #BlackSkimmers feed by flying just above the water and opening their beak so that it scoops up small fish, insects, and other prey.
    The water’s surface also creates a perfect #reflection

    Get a print of this image or another at heronfox.pixels.com/featured/b

    #RynchopsNiger #Bird #BirdsOfMastodon #Waterfowl #MINWR #Florida #WildlifePhotography #Photograph

  16. @loren thank youuu these are absolutely awesome!!! ☺️ :blobcat_hearthug: I had no idea about these #skimmer birds

  17. @admford No one cc'ed in @briankrebs ? He'd surely love to add this to his collection!

    #skimmer

  18. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  19. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  20. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  21. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  22. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD