Aggregator

工业和信息化部依据《个人信息保护法》《网络安全法》《电信条例》《电信和互联网用户个人信息保护规定》等法律法规，持续整治APP侵害用户权益的违规行为。

近期，工业和信息化部组织第三方检测机构进行抽查，共发现17款APP及SDK存在侵害用户权益行为，已予以通报。文中所述APP及SDK应按有关规定进行整改，整改落实不到位的，将依法依规组织开展相关处置工作。你的手机里是否也有安装如下软件？若有，速速卸载！

工信部通报存在问题的APP（SDK）名单

文章来源自：北京发布 工信部官网

Prerequisite: install mozlz4.

My Firefox is heavily customized with dozens of extensions and settings spread across multiple configuration files such as user.js and perf.js. It is, thus, not practical for me to migrate my Firefox profile to a machine while ensuring that all settings are synchronized and that it will behave exactly the same way if I were to rely on Firefox’s built-in Sync. The most reliable and efficient, albeit slightly “hacky” way, to migrate my Firefox profile to machine is, therefore, to straight up copy the entire profile to the new machine. There might be a more elegant way to do this, but until then, this will be the method I have to rely on. Additionally, this approach also makes it easy to reliably synchronize all of my few hundreds of tabs over to a different machine.

While I was synchronizing the profile, I noticed that Firefox made a default name and path for the profile. The profile name I got is a random string (yrdz6hff.default-release) generated based on how stars were aligned the day I created the profile. I’d rather not having to embed this random string in my automation scripts and etc., so I decided to look into changing it. This string is used both as the displayed profile name in Firefox and the name of the profile’s directory on the file system.

The profile’s name can be easily changed in the about:profiles page:

However, the same cannot be said about the profile’s directory name on the file system. On my Arch Linux system, Firefox’s profile is located under .mozilla/firefox/$PROFILE_NAME. If you simply rename the directory, Firefox will not be able to find the profile anymore and will simply make a new profile for you. Thus, we will need to change Firefox’s configurations so the profile-related configurations point to the right path.

In order to find out which files we need to change, we can use ripgrep to list all the files that contain the profile’s name under Firefox’s profiles directory. The following command lists all files that contain the profile name’s string, including binary files:

Let’s first rename the profile’s directory and then replace all occurrences of yrdz6hff.default-release in all text files. In this example, I’ll rename my profile directory’s name to k4yt3x:

Let’s try and start Firefox. Unfortunately, we’ll see that the extensions are broken:

The broken extensions and the fact that we did not change addonStartup.json.lz4 provides a pretty clear hint that this file may be causing the troubles. In fact, this file is, indeed, the culprit. We will need to update the content of this file as well. However, this file is compress in an uncommon format used by Firefox named mozlz4. It cannot be decompressed by Linux utilities such as lz4 or 7z.

In order to decompress and re-compress the addonStartup.json file, we will need a tool named mozlz4. This tool is available on AUR in the name of mozlz4 and mozlz4-bin. If your platform’s repository does not have it, you can download the compiled binaries on their GitHub releases page. After getting the tool, you can use the following commands to decompress the file, update its content, and re-compress the file:

Now, if we start Firefox again, we will see that all the extensions load correctly again:

There you have it. I hope this post would help whomever that also happens to need to do the same hacky thing. If you notice that something isn’t working after this modification or if there are other files that should be updated as well, please reach out and I’ll update this guide.

一种名为 Styx Stealer 的新网络安全威胁已经出现。它可以在使用频繁网络浏览器中窃取敏感数据（例如已保存的密码、cookie 和自动填充信息）来锁定用户。

该恶意软件影响涉及到 Chromium 和 Gecko 的浏览器，并将其影响范围扩展到了浏览器扩展、加密货币钱包，甚至 Telegram 和 Discord 等消息平台。

Styx Stealer 的曝光引起了网络安全专家和用户的警惕，它对网络安全构成了重大风险。

利用 Windows Defender 漏洞

Styx Stealer 利用了 Microsoft Windows Defender SmartScreen 中的漏洞，该漏洞编号为CVE-2023-36025，也称为 Phemedrone Stealer。

该漏洞于 2024 年初广泛传播，使得恶意分子能够绕过安全措施并渗透到用户的系统。

不断的漏洞的利用，给网络安全防御带来了持续挑战，特别是当威胁分子发现和利用广泛使用的软件中的漏洞时。

有趣的是，Styx Stealer 的功能演示已发布在其开发人员的社交媒体上。尽管该媒体账号影响力不大，但此次演示还是引起了网络安全专业人士的注意。

此外，有威胁分子在俄罗斯一个热门论坛上发现出售 Styx Stealer，这表明该病毒具有广泛传播的潜力。这一事件发展无疑警醒了用户和组织需要保持警惕以保护其数字资产。

随着情况的发展，专家建议用户更新安全软件，对可疑链接和下载保持警惕，并定期更改密码，以防止潜在的违规行为。

Styx Stealer 的出现提醒人们网络威胁形势的不断演变以及主动网络安全措施的重要性，增强网络安全意识和手段刻不容缓。