> (...) we present the first security and privacy assessment of e-scooters internals. We cover Xiaomi M365 (2016) and ES3 (2023) e-scooters and their interactions with Mi Home (their companion app).

> We extensively RE their internals and uncover four critical design vulnerabilities, including a remote code execution issue with their BMS. Based on our RE findings, we develop E-Trojans, four novel attacks targeting BES internals. The attacks can be conducted remotely or in wireless proximity. They have a widespread real-world impact as they violate the Xiaomi e-scooter ecosystem safety, security, availability, and privacy. For instance, one attack allows the extortion of money from a victim via a BMS undervoltage battery ransomware. A second one enables user tracking by fingerprinting the BES internals. With extra RE efforts, the attacks can be ported to other BES featuring similar vulnerabilities.

Their gitlab seems to be down though, that slows down the documentation and install process.

> A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an npm package called “rtn-centered-text” exploited an example from React Native’s Fabric Native Components guide in an attempt to trick developers into downloading their package, putting systems at risk.

Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I'd assume. It's bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

🇳🇱 Nederlandse versie van dit artikel 🇫🇷 Version française de cet article 🇩🇪 Deutsche Version dieses Artikels

We're happy to announce that BusKill cables can now be purchased in-person in Haaksbergen, Netherlands.

[!\[BusKill\] Our Dead Man Switch Magnetic USB Breakaway cables are Now Available in-person in The Netherlands at NovaCustom](https://buskill.in/netherlands-novacustom/) The BusKill project has partnered with NovaCustom to make BusKill laptop kill cords available from another brick-and-mortar location in Europe. You can now go to the NovaCustom office and purchase a BusKill cable with cash or cryptocurrency.

> ⚠ NOTE: In-person orders at NovaCustom's offices require an appointment. Please contact them over email or Signal to schedule an appointment before you go. > > And, if paying with cash, bring the exact amount. They do not provide change.

About BusKill

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously (or make their own), there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. A better solution (in addition to making the hardware designs open-source) is to let users purchase the device anonymously. Generally, the best way to defeat interdiction is to go to a physical brick-and-mortar and pay with cash.

About NovaCustom

In Mar 2015, Wessel klein Snakenborg (founder of NovaCustom) started selling highly-customizable Linux laptops from Europe. In Aug 2021, NovaCustom released their first laptop (NV40) with coreboot pre-installed with Dasharo.

| [!Photo of a laptop showing the Dashero Boot Menu, running Heads](https://buskill.in/netherlands-novacustom/) | [!Photo of a screw that's been covered with a unique pattern of (multi-color) glitter nail polish](https://buskill.in/netherlands-novacustom/) | |:--:|:--:| | The Qubes-Certified NV41 with Heads pre-installed by NovaCustom | NovaCustom offers anti-tamper options, including glitter nail polish applied to the chassis screws (photos sent to you via Proton Mail before shipment — specify PGP key at checkout for e2ee) |

In 2023, NovaCustom caught the eye of many in the security community, as they announced a number of major milestones:

• In Apr 2023, NovaCustom started offering Intel ME disabling
• In May 2023, NovaCustom demonstrated their commitment to free software and the security community by obtaining Qubes certification on their NV41 Series laptop.
• In Sep 2023, NovaCustom started offering anti-interdiction services, which includes applying a unique glitter pattern to your new laptop's chassis screws before shipment.

And in Feb 2024, NovaCustom started selling their NV41 laptop with Heads pre-installed.

And now, as part of the partnership with the BusKill project, NovaCustom allows customers to place orders anonymously on their website, pickup the order in-person, and pay with cash (Euros only, exact cash required, and per-arranged appointment required for pickup). They also accept payments in Monero and Bitcoin. We're excited to partner with another leader in privacy solutions for high-risk folks in Europe, and we hope you'll consider buying a Qubes-certified NovaCustom laptop + BusKill Kit from NovaCustom in The Netherlands.

Buy BusKill in-person in The Netherlands

Order at novacustom.com or stop by in-store to purchase a BusKill cable.

Bitcoin, monero, and fiat (cash) are all accepted payment methods at NovaCustom.

Stay safe, The BusKill Team https://www.buskill.in/ http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

> This article explores Netcraft’s research into the global growth of fake stores, including activity that makes use of the e-commerce platform SHOPYY to target Black Friday shoppers. Insights include: > - An increase of 110% in fake stores identified between August to October 2024 > - Tens of thousands of fake stores utilizing the e-commerce tech platform SHOPYY > - More than 66% of SHOPYY-powered sites identified as fake stores > - More than 9,000 new and unique fake store domains detected by Netcraft between November 18–21, hosted on SHOPYY alone > - Most activity attributed to threat actors likely operating from China > - Activity primarily targeting U.S. shoppers > - Use of Large Language Models (LLMs) to generate text for product listings

Key Points

> - Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. > - Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines > - The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. > - This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. > - Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. > - A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.

> ESET researchers analyze the first UEFI bootkit designed for Linux systems

> In this article, we’ll explore a malicious loader known as PSLoramyra. This advanced malware leverages PowerShell, VBS, and BAT scripts to inject malicious payloads into a system, execute them directly in memory, and establish persistent access. > > Classified as a fileless loader, PSLoramyra bypasses traditional detection methods by loading its primary payload entirely into memory, leaving minimal traces on the system.

Summary

> Operation Undercut is a covert influence operation conducted by Russia’s Social Design Agency (SDA) to sway public opinion against Ukraine and weaken Western support. Leveraging AI-enhanced videos and impersonating reputable news sources, Operation Undercut disseminates disinformation targeting audiences across the US, Ukraine, and Europe. This operation, running in tandem with other campaigns like Doppelgänger, is designed to discredit Ukraine’s leadership, question the effectiveness of Western aid, and stir socio-political tensions. The campaign also seeks to shape narratives around the 2024 US elections and geopolitical conflicts, such as the Israel-Gaza situation, to deepen divisions.

> ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

Introduction

> In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the CVE-2020-1472 vulnerability (Zerologon). > > The identified variant abuses the Everything library and provides an easy-to-use GUI for the attacker to customize the operations performed by the malware. It also has features for disabling security mechanisms and running system commands. > > This ransomware variant is named “Elpaco” and contains files with extensions under the same name. In this post, we provide details about Elpaco, besides already shared, as well the tactics, techniques and procedures (TTPs) employed by the attackers.