What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-08-06 10:25:00 | (Déjà vu) Hack the Box: Holiday Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Holiday” which is available online for those who want to increase their skill in penetration testing and black box testing. Holiday is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
|
2018-08-06 09:08:03 | (Déjà vu) Hack the Box: Silo Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Silo” which is available online for those who want to increase their skill in penetration testing and black box testing. Silo is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
|
2018-08-05 20:14:02 | (Déjà vu) Hack the Lampião: 1 (CTF Challenge) (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Lampião: 1”. This VM is developed by Tiago Tavares, which is a standard Boot-to-Root challenge. Our goal is to get into the root directory and see the congratulatory message. Level: Easy Task: To Find The Final Flag. Let's Breach!! The target holds 192.168.1.105 as... Continue reading → | Hack | ||
|
2018-08-05 15:42:03 | Hack the Bulldog:2 (CTF Challenge) (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Bulldog 2”. This VM is developed by Nick Frichette, which is a standard Boot-to-Root challenge. Our goal is to get into the root directory and see the congratulatory message. Level: Intermediate Task: To Find The Final Flag. Steps involved: Post scanning to discover open... Continue reading → | Hack | ||
 |
2018-08-03 14:05:04 | CVE-2018-14773 Symfony Flaw expose Drupal websites to hack (lien direct) | A vulnerability in the Symfony HttpFoundation component tracked as CVE-2018-14773, could be exploited by attackers to take full control of the affected Drupal websites. Maintainers at Drupal addressed the security bypass vulnerability by releasing a new version of the popular content management system, the version 8.5.6. “The Drupal project uses the Symfony library. The Symfony […] | Hack Vulnerability | ||
|
2018-08-03 11:42:03 | (Déjà vu) Hack the Box: Bart Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Bart” which is available online for those who want to increase their skill in penetration testing and black box testing. Bart is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
 |
2018-08-02 14:19:00 | Reddit hacked - but don\'t give up on 2FA just yet (lien direct) |  Yes, SMS-based 2FA can be intercepted by someone determined to hack into your account.
But it's also better than not having any multi-factor authentication in place at all.
Read more in my article on the Hot for Security blog.
|
Hack | ||
 |
2018-08-02 12:38:02 | Attackers Circumvent Two Factor Authentication Protections to Hack Reddit (lien direct) | Popular Community Site Reddit Breached Through Continued Use of NIST-Deprecated SMS Two Factor Authentication (2FA) | Hack | ||
 |
2018-08-02 10:05:03 | Reddit\'s hack response causes concern (lien direct) | Social media site Reddit has suffered a data breach, but has refused to disclose its scale. The site said it discovered in June that hackers compromised several employees’ accounts to gain access to databases and logs. View Full Story ORIGINAL SOURCE: BBC | Hack | ||
 |
2018-08-01 19:30:01 | G Suite Can Now Alert You of Government-Backed Attacks (lien direct) | Google announced today that administrators of G Suite accounts can now enable and configure a special alert when a government-backed cyber-espionage group is trying to hack into one of their company's user accounts. [...] | Hack | ||
|
2018-08-01 03:05:01 | Hack the Box: Valentine Walkthrough (lien direct) | Hello friends! Today we are going to solve the CTF challenge “Valentine” which is a vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have a very good collection of vulnerable labs as challenges from beginners to Expert level. Difficulty Level: Medium Task: find user.txt and root.txt file on victim's machine. Steps involved:... Continue reading → | Hack | ||
|
2018-07-31 14:16:01 | How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign (lien direct) | Security researchers at Check Point have lifted the lid on the infrastructure and methods of an enormous “malvertising” and banking trojan campaign. The operation delivered malicious adverts to millions worldwide, slinging all manner of nasties including crypto-miners, ransomware and banking trojans. View Full Story ORIGINAL SOURCE: The Register | Ransomware Hack | ||
|
2018-07-31 11:55:01 | Shipping Firm Avoids Customer Data Dump in Last Year\'s Hack & Ransom Incident (lien direct) | UK-based shipping company Clarkson PLC (or Clarksons) has revealed more details about a security breach that took place last year, and during which hackers threatened to release some of the company's data online if it didn't pay a ransom demand. [...] | Hack | ||
 |
2018-07-31 10:00:00 | HP will give you $10,000 to hack your printer (lien direct) | Researchers can earn up to $10,000 for issues which allow attackers to target you through your printer. | Hack | ||
|
2018-07-31 08:54:02 | Dixons Carphone admits hack far bigger than originally thought (lien direct) |  Company now says approximately 10 million personal records could have been accessed in security breach.
|
Hack | ||
 |
2018-07-31 08:28:05 | Inmates hack tablets for free credits prison (lien direct) | >The nature of the vulnerability hasn't been disclosed, but is said to have already been identified and fixed | Hack Vulnerability | ||
|
2018-07-30 06:34:00 | (Déjà vu) Hack the Box: Aragog Walkthrough (lien direct) | Hello Friends!! Today we are going to solve another CTF Challenge “Aragog”. This VM is also developed by Hack the Box, Aragog is a Retired Lab and there are multiple ways to breach into this VM. Level: Medium Task: Find the user.txt and root.txt in the vulnerable Lab. Let's Begin!! As these labs are only... Continue reading → | Hack | ||
|
2018-07-30 00:15:00 | KickICO Platform Loses $7.7 Million in Recent Hack (lien direct) | On Friday, ICO platform KickICO acknowledged a security breach during which an unknown attacker (or attackers) stole over 70 million KICK tokens ($7.7 million at the time of the hack) from the platform's wallets. [...] | Hack | ||
|
2018-07-29 05:13:02 | Hack the Jarbas: 1 (CTF Challenge) (lien direct) | Hello readers. We'd recently tried our hands on the vulnerable VM called Jarbas on vulnhub. It is developed to look like a 90s Portuguese search engine. It is made by Tiago Tavares. You can download the lab from here. The objective of this challenge is to get root shell. Difficulty Level: Easy Steps involved: Method... Continue reading → | Hack | ||
 |
2018-07-27 18:20:00 | Idaho inmates hack prison system and steal $225,000 in credits (lien direct) | The scheme was discovered after the prisoners boosted their accounts with artificial credits. | Hack | ||
 |
2018-07-27 13:00:00 | Things I Hearted this Week, 27th July 2018 (lien direct) |
Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need.
As always, these news stories are human-curated by me - no fancy algorithms, no machine learning, and definitely no trending topics here.
We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there - pop along to booth 528 and say hello if you’re there.
Google: Security Keys Neutralized Employee Phishing
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.
Google: Security Keys Neutralized Employee Phishing | Krebs on Security
While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M | Krebs on Security
We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost.
Somewhat related:
Scam of the week, another new CEO fraud phishing wrinkle | KnowBe4
Breaking the Chain
Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk.
Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains.
Tesla, VW data was left exposed by supply chain vendor Level One Robotics | SC Magazine
SIM Swap - A Victim’s Perspective
This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud.
“It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails. Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.”
SIM Swap Fraud - a victim’s perspective | AntiSocial Engineer
EU Fails to Regulate IoT Security
In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups' calls for mandatory security for consumer internet-connected devices because they believe voluntar |
Data Breach Hack | Tesla | |
|
2018-07-25 12:50:05 | Expert says: Hack your Smart Home to Secure It (lien direct) | Smart home security starts at home, according to researcher Michael Sverdlin who says that consumers should explore the security of their smart home technology and consider simple modifications or hacks to remove insecure or promiscuous features. Not long ago, Michael Sverdlin, the back-end team leader for IoT security startup Vdoo, bought his...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/560700964/0/thesecurityledger -->» | Hack Guideline | ||
|
2018-07-25 07:34:02 | Hack the Temple of Doom (CTF Challenge) (lien direct) | Temple of Doom is a new CTF challenge vm on vulnhub made by 0katz. You can download it from here. The aim of this lab is to capture the flag in root directory of the system. Inspired from the Indiana Jones movie Temple of Doom, the level of this lab is intermediate. Steps Involved Port... Continue reading → | Hack | ||
|
2018-07-24 16:01:01 | Hack the Golden Eye:1 (CTF Challenge) (lien direct) | Welcome to another boot2root CTF challenge “Golden Eye” uploaded by Creosote on vulnhub. As, there is a theme, and you will need to snag the flag in order to complete the challenge and you can download it from: https://www.vulnhub.com/entry/goldeneye-1,240/ By author, it has a good variety of techniques needed to get root – no exploit... Continue reading → | Hack | ||
 |
2018-07-24 01:39:05 | New Bluetooth Hack Affects Millions of Devices from Major Vendors (lien direct) | Yet another bluetooth hacking technique has been uncovered.
A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.
The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects
|
Hack Vulnerability | ||
|
2018-07-23 11:23:05 | Sign-language hack lets Amazon Alexa respond to gestures (lien direct) | A prototype uses an artificial intelligence system that can interpret hand movements. | Hack | ||
|
2018-07-23 08:00:02 | Hack the FourAndSix:1 (CTF Challenge) (lien direct) | FourAndSix is a CTF challenge uploaded by Fred on vulnhub. You can download it from here. The aim of this lab is to capture a flag in the root directory. This lab was very confusing to even begin with due to the lack of description by author. So, on the basis of our experience, we... Continue reading → | Hack | ||
|
2018-07-23 07:22:04 | Experts believe US Cyber Command it the only entity that can carry out \'hack backs\' (lien direct) | The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector. The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military's hacking unit should hit […] | Hack | ||
|
2018-07-22 07:32:00 | Hack the Blacklight: 1 (CTF Challenge) (lien direct) | Hello everyone. In this article we'll be hacking a new lab Blacklight. The motto of the lab is to capture 2 flags. It is made by Carter B (downloadable from here) and after a lot of brainstorming, we are presenting before you a really efficient method to get root and capture the flags. Steps involved:... Continue reading → | Hack | ||
|
2018-07-22 07:10:01 | (Déjà vu) Hack the Box Challenge: Ariekei Walkthrough (lien direct) | Hello friends! Today we are going to solve another CTF challenge “Ariekei” which is available online for those who want to increase their skill in penetration testing and black box testing. Ariekei is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
|
2018-07-20 14:27:04 | Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router (lien direct) | A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router. The victim of the hack is PIR Bank, which lost at least $920,000 in money it had stored in a corresponding account at the Bank of Russia. View Full Story ORIGINAL ... | Hack | ||
|
2018-07-20 12:08:00 | Singapore personal data hack hits 1.5m, health authority says (lien direct) | The attack by hackers on a health database has affected about a quarter of the population. | Hack | ||
|
2018-07-20 09:39:00 | Hack the Violator (CTF Challenge) (lien direct) | Welcome to another boot2root / CTF this one is called Violator. The VM is set to grab a DHCP lease on boot. As, there is a theme, and you will need to snag the flag in order to complete the challenge. for downloading open this link: https://www.vulnhub.com/entry/violator-1,153/ Some hints for you: Vince Clarke can help... Continue reading → | Hack | ||
|
2018-07-20 07:01:02 | Microsoft uncovered and stopped attempts to launch spear-phishing attacks on three 2018 congressional candidates (lien direct) | Microsoft helped the US Government is protecting at least three 2018 midterm election candidates from attacks of Russian cyberspies. Microsoft revealed that Russian cyberspies attempted to hack at least three 2018 midterm election candidates and it has helped the US government to repeal their attacks. A Microsoft executive speaking at the Aspen Security Forum revealed the hacking attempts against […] | Hack | ★★★★★ | |
|
2018-07-19 14:35:01 | Industry Reactions to U.S. Indicting 12 Russians for DNC Hack (lien direct) | The U.S. last week indicted 12 Russian intelligence officers over their alleged role in a hacking operation targeting the Democratic National Committee (DNC) and Hillary Clinton's 2016 presidential campaign. | Hack | ||
|
2018-07-19 13:35:00 | Microsoft Says Russia Tried to Hack Three 2018 Midterm Election Candidates (lien direct) | Microsoft said it detected and helped the US government to block Russian hacking attempts against at least three congressional candidates this year, a Microsoft executive revealed speaking at the Aspen Security Forum today.
Although the company refused to name the targets but said, the three candidates were "people who, because of their positions, might have been interesting targets from an
|
Hack | ||
 |
2018-07-19 04:00:00 | IDG Contributor Network: Hack like a CISO (lien direct) | I have written several times over the last couple of years about how the role of today's CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as their most senior security executive requires one to be creative and flexible on how to approach issues. Part of this creativity that many CISOs develop over time is specific processes or “hacks” that they have found useful to grow their security programs and use resources efficiently.A hack has multiple definitions; it can be defined as a piece of computer code providing a quick or inelegant technique to solve a particular problem. It also can be what I believe is a more appropriate definition for CISOs – a process, strategy or technique for managing one's time, resources, teams or program more efficiently. | Hack | ||
|
2018-07-17 09:29:04 | (Déjà vu) Hack the Teuchter VM (CTF Challenge) (lien direct) | Hello friends!! Today we are going to solve latest CTF challenge “Teuchter” presented by vulnhub for penetration practice and design by knightmare. This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Download it from here: https://www.vulnhub.com/entry/teuchter-03,163/... Continue reading → | Hack | ||
|
2018-07-17 07:35:00 | (Déjà vu) Hack the Box Challenge: Enterprises Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Enterprise” which is available online for those who want to increase their skill in penetration testing and black box testing. Enterprise is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
|
2018-07-16 15:54:01 | IoT search engine exposes passwords of over 30,000 vulnerable DVRs (lien direct) |  A researcher has discovered that it's easier than ever before to hack at least one brand of internet-enabled DVR, as an IoT search engine has cached their passwords within search results.
Read more in my article on the Bitdefender BOX blog.
|
Hack | ||
|
2018-07-16 02:58:00 | 5 ways to hack blockchain in the enterprise (lien direct) | One of the hottest topics in cybersecurity circles is the enterprise blockchain. This is the same technology that underpins cryptocurrencies like Bitcoin. Simply defined, blockchain is a list of transactions or contracts shared with peers and locked down by some clever cryptography. Beyond Bitcoin, it can ensure the integrity of supply chains, manage contracts, or even as serve as a platform for financial transactions. | Hack | ||
|
2018-07-15 18:30:04 | Hack the Billu Box2 VM (Boot to Root) (lien direct) | Hello freinds!! Today we are going to solve latest CTF challenge “Billu Box2” presented by vulnhub for penetration practice and design by Manish Kishan Tanwar. This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. You can... Continue reading → | Hack | ||
|
2018-07-15 13:35:05 | Hack the Lin.Security VM (Boot to Root) (lien direct) | Hello Guy's!! In our previous article “Linux Privilege Escalation using Sudo Rights” we had described how some weak misconfiguration sudo rights can lead to root privilege escalation and today I am going to solve the CTF “Lin.Security – Vulnhub” which is design on weak sudo right permissions for beginners to test their skillset through this... Continue reading → | Hack Guideline | ||
|
2018-07-15 00:49:00 | 12 Russian Intelligence Agents Indicted For Hacking DNC Emails (lien direct) | The US Justice Department has announced criminal indictments against 12 Russian intelligence officers tied to the hack of the Democratic National Committee (DNC) during the 2016 US presidential election campaign.
The charges were drawn up as part of the investigation of Russian interference in the 2016 US presidential election by Robert Mueller, the Special Counsel, and former FBI director.
|
Hack | ||
|
2018-07-14 18:09:05 | Hack The Toppo:1 VM (CTF Challenge) (lien direct) | Hello friends!! Today we are going to solve latest CTF challenge presented by vulnhub for penetration practice and design by Mr. Hadi Mene. This lab is proposal for beginners and mode of difficulty level is easy. You can download it from this Link: https://www.vulnhub.com/entry/toppo-1,245/ Penetration Methodologies Network scaning Directory brute-force attack Abusing HTTP web directories... Continue reading → | Hack | ||
|
2018-07-14 11:11:02 | Hack the Basic Pentesting:2 VM (CTF Challenge) (lien direct) | Basic pentesting 2 is a boot2root VM and is a continuation of the Basic Pentesting series by Josiah Pierce. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security. VirtualBox is the recommended platform for this challenge (though it should also... Continue reading → | Hack | ||
|
2018-07-14 06:33:05 | (Déjà vu) Hack the Box Challenge: Falafel Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “falafel” which is available online for those who want to increase their skill in penetration testing and black box testing. Falafel is a retired vulnerable lab presented by hack the box for making online penetration practices according to your experience level; they have the... Continue reading → | Hack | ||
 |
2018-07-14 01:59:03 | Indictment of Russian Intelligence Operatives Should Quell Harebrained Conspiracy Theories on DNC Hack (lien direct) | Longtime Donald Trump associate Roger Stone pauses while speaking to members of the media after testifying before the House Intelligence Committee on Sept. 26, 2017. | Hack | ||
|
2018-07-13 16:58:00 | Russians indicted over US election hack (lien direct) | Twelve Russian intelligence officers are indicted for hacking Democrat emails during 2016 election. | Hack | ||
|
2018-07-13 16:06:00 | Justice Dept. indicts 12 Russian spies over 2016 DNC hack (lien direct) | The 12 indictments were sought by US special counsel Robert Mueller. | Hack |
To see everything:
Our RSS (filtrered)
