Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-07-20 21:15:25 |
Pro-Russia hack campaigns are running rampant in Ukraine (lien direct) |
Hacks also exploit critical Follina vulnerability and phishing campaigns. |
Hack
Vulnerability
|
|
|
|
2022-07-20 14:53:48 |
Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers (lien direct) |
>Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles. An attacker […]
|
Hack
|
|
|
|
2022-07-19 15:03:20 |
SATAn Hack Uses SATA Cable As An Antenna To Steal Data (lien direct) |
>Security researchers at the Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Israel have published a paper illustrating how a hacker can steal data and sensitive information from an “air-gapped system” through a Serial ATA (SATA) cable and transfer it from a compromised PC on to a nearby receiver. For those […]
|
Hack
|
|
|
|
2022-07-19 14:36:53 |
U.S. government recovers nearly $500,000 from North Korean hack on Kansas medical facility (lien direct) |
>Deputy Attorney General Lisa Monaco said it's just the latest example of the benefits of prompt incident reporting.
|
Hack
|
|
|
|
2022-07-18 07:50:10 |
Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand (lien direct) |
Thai activists involved in the country's pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware.
At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their |
Hack
|
|
|
|
2022-07-14 14:31:04 |
New Browser De-anonymization Technique (lien direct) |
Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another:
The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data.
When you visit a website, the page can capture your IP address, but this doesn’t necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target’s browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser... |
Hack
|
|
|
|
2022-07-14 14:30:46 |
Bandai Namco Confirms Hack And Data At Risk Of Being Leaked (lien direct) |
>Bandai Namco, the Japanese video game publisher of many popular games such as Elden Ring, Dark Souls, Pac-Man, Tekken and more, on Wednesday confirmed that they suffered a cyberattack earlier this month and warned that some of their customers’ confidential data may have been stolen. The confirmation of the breach by Bandai Namco comes after […]
|
Hack
|
|
|
|
2022-07-14 10:00:00 |
Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say (lien direct) |
>The previously unreported campaigns represent one of several ongoing nation-state attempts to hack journalists, the researchers said.
|
Hack
|
|
|
|
2022-07-13 16:50:18 |
Bandai Namco confirms hack after ALPHV ransomware data leak threat (lien direct) |
Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. [...] |
Ransomware
Hack
Threat
|
|
|
|
2022-07-13 08:13:00 |
BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains (lien direct) |
For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.Likewise, data from Netscout's 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. To read this article in full, please click here |
Hack
Threat
|
|
|
|
2022-07-12 22:58:06 |
Ongoing phishing campaign can hack you even when you\'re protected with MFA (lien direct) |
Campaign that steals email has targeted at least 10,000 organizations since October. |
Hack
|
|
|
|
2022-07-12 14:03:27 |
Hackers stole $620 million from Axie Infinity via fake job interviews (lien direct) |
The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game's developers. [...] |
Hack
|
|
|
|
2022-07-12 08:12:36 |
Marriott Hotels Repeat Hack Proves Businesses Still Way Behind On Cybersecurity (lien direct) |
Marriott Hotels has been the victim of a third data breach in four years, according to reports. It is clear that today’s businesses are way off the mark when it comes to responsible resilience against cyber threats – especially in preventing repeat attacks. |
Data Breach
Hack
Threat
|
|
|
|
2022-07-11 12:15:05 |
Microsoft resorts to Registry hack to keep Outlook from using Windows 11 search (lien direct) |
Only a short-term solution to prevent the OS interfering with email results Microsoft has identified Windows Indexing as the culprit for broken Outlook Search results in Windows 11.… |
Hack
|
|
|
|
2022-07-11 11:14:33 |
(Déjà vu) Hackers Used Fake Job Offer on LinkedIn to Target Axie Infinity (lien direct) |
It has emerged that the $540 million hack of Axie Infinity’s Ronin Bridge in March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn. According to a report written by The Block, which was published last week, two people familiar with the matter were cited. […]
|
Hack
|
|
|
|
2022-07-10 22:43:38 |
Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity (lien direct) |
The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.
According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing |
Hack
|
|
|
|
2022-07-08 16:00:00 |
Spear Phishing Fake Job Offer Likely Behind Axie Infinity\'s Lazarus $600m Hack (lien direct) |
The message with the fake offer contained a PDF that would have delivered spyware |
Hack
|
APT 38
|
|
|
2022-07-08 10:40:00 |
Aon Hack Exposed Sensitive Information of 146,000 Customers (lien direct) |
Hackers breached Aon systems for well over a year |
Hack
|
|
|
|
2022-07-07 10:00:00 |
How can SOC analysts use the cyber kill chain? (lien direct) |
This blog was written by an independent guest blogger.
Security Operation Centers (SOCs) offer a robust method of ensuring cybersecurity and safety within an organization. Their demand has continued to grow, specifically with a significant rise in cyber-attacks amidst a looming cybersecurity skills gap. However, despite a typical SOC analyst's immense training and knowledge, mitigating the increase in cyber-attacks is no easy job. Compared to 2020, cybercrime has risen by 50% in 2021, which ultimately demands the use of robust security models such as the Cyber Kill Chain Model, which can help attain strong cybersecurity for organizations.
Developed in 2011, the Cyber Kill Model is a widely accepted security model that helps SOC analysts and security practitioners attain security from several cyber-attacks. However, despite its usefulness, the model is yet to achieve the proper recognition it deserves.
What is a cyber kill chain?
The cyber kill chain model is a cyber security attack framework that helps explain how a specific cyber-attack is executed. In theory, the framework helps break down the steps taken by threat actors while conducting a successful cyber-attack. According to the model, there are seven stages of a cyber-attack that are:
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and control (C2)
Actions on objectives
The cyber kill chain model essentially debunks the traditional castle and moat method of attaining cyber security for organizations. Instead, the model helps identify, analyze and prevent cyber-attacks altogether.
Developed as part of the Intelligence Driven Defense model for identifying and preventing cyber-attacks and data exfiltration, the model is widely accepted and used by various security practitioners. It is recognized as one of the most informative methods for understanding cyber-attacks and places emphasis on both the technology-driven and the social engineering-driven aspects of an attack. A proper understanding of the model can help prevent various attacks such as data breaches, privilege escalation, phishing, malware, ransomware, social engineering, and many more.
How do SOC analysts use the cyber kill chain?
SOC systems are built within organizations to monitor, detect, investigate, and respond to various cyber-attacks. The teams are charged with protecting sensitive data and the organization's assets, such as personal data, business systems, brand integrity, and intellectual property. Amidst this, the cyber kill chain model can effectively help them identify and mitigate a myriad of cyber-attacks.
The seven stages of the cyber kill model demonstrate a specific goal along with a threat actor's path. SOC teams can therefore use the Cyber Kill Chain model to understand these attacks and implement security controls to prevent and detect the cyber-attacks before it thoroughly infiltrates the organization's network in the following method:
1. Reconnaissance
This is the first stage of the cyber kill chain and involves the threat actor researching the potential target before the actual attack. Since the threat actor is on the hunt for vulnerabilities within the organization's cybersecurity posture, SOC analysts can ensure security through various means.
They can use threat intelligence and network Intrusion Detection System (IDS) to mitigate the attack. Moreover, to minimize the chances of an attack, SOC analysts can also maintain an |
Ransomware
Malware
Hack
Tool
Threat
|
|
|
|
2022-07-06 13:06:58 |
(Déjà vu) CyberheistNews Vol 12 #27 [New FBI and CISA Alert] This Ransomware Strain Uses RDP Flaws to Hack Into Your Network (lien direct) |
|
Ransomware
Hack
|
|
|
|
2022-07-06 10:48:56 |
Alleged Chinese Police Database Hack Leaks Data of 1 Billion (lien direct) |
Hackers claim to have obtained a trove of data on 1 billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.
|
Hack
|
|
|
|
2022-07-05 20:06:42 |
Pentagon: We\'ll pay you if you can find a way to hack us (lien direct) |
DoD puts money behind bug bounty program after reward-free pilot The US Department of Defense has created a broad but short bug bounty program for vulnerabilities in public-facing systems and applications.… |
Hack
|
|
|
|
2022-07-05 16:36:56 |
UK Military Investigates Hacks on Army Social Media Accounts (lien direct) |
British military authorities are trying to find out who hacked the army's social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
|
Hack
|
|
|
|
2022-07-04 11:00:00 |
The Worst Hacks and Breaches of 2022 So Far (lien direct) |
From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year's first half. |
Hack
|
|
|
|
2022-07-04 10:17:26 |
Threat Actor Group Claims Responsibility for High Profile University Hacks (lien direct) |
Reportedly, CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. Used by a TA to get clicks […]
|
Hack
Threat
|
|
|
|
2022-07-01 19:09:27 |
OpenSea NFT Marketplace Faces Insider Hack (lien direct) |
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list. |
Hack
|
|
|
|
2022-07-01 16:00:00 |
Threat Actor Claims Responsibility For IBM and Stanford University Hack (lien direct) |
The module reportedly has desktop takeover capabilities that would be used to get clicks on ads |
Hack
|
|
|
|
2022-07-01 14:17:57 |
(Déjà vu) UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers (lien direct) |
It has been reported that a new security vulnerability has been disclosed in RARlab’s UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that […] |
Hack
Vulnerability
|
|
|
|
2022-07-01 10:47:10 |
[New FBI and CISA Alert] This ransomware strain uses RDP flaws to hack into your network (lien direct) |
|
Ransomware
Hack
|
|
|
|
2022-06-30 17:58:47 |
Experts blame North Korea-linked Lazarus APT for the Harmony hack (lien direct) |
>North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's […]
|
Hack
Threat
|
APT 38
|
|
|
2022-06-30 17:27:16 |
North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist (lien direct) |
The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony's Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.
|
Hack
|
APT 38
|
|
|
2022-06-30 16:54:28 |
NXM Announces Platform That Protects Space Infrastructure and IoT Devices From Cyberattacks (lien direct) |
NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities. |
Hack
|
|
|
|
2022-06-30 16:00:00 |
North Korea\'s Lazarus Group Suspected of $100m Harmony Hack (lien direct) |
Elliptic used Tornado demixing techniques to trace the stolen funds to new Ethereum wallets |
Hack
|
APT 38
|
|
|
2022-06-29 23:01:41 |
North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack (lien direct) |
The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022.
The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. |
Hack
Medical
|
APT 38
|
|
|
2022-06-29 16:30:00 |
New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack (lien direct) |
Successful exploitation would give an attacker access to all emails on a compromised server |
Hack
Vulnerability
|
|
|
|
2022-06-29 14:48:08 |
Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers (lien direct) |
>Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […]
|
Hack
Vulnerability
|
|
|
|
2022-06-29 01:29:21 |
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (lien direct) |
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary.
The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. |
Hack
Vulnerability
|
|
|
|
2022-06-28 13:18:14 |
AMD investigates RansomHouse hack claims, theft of 450GB data (lien direct) |
Chip manufacturer AMD says they are investigating a cyberattack after threat actors claimed to have stolen 450 GB of data from the company last year. [...] |
Hack
Threat
|
|
|
|
2022-06-28 10:02:01 |
Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (lien direct) |
In May of 2022, the wedding planning and registry site Zola suffered a major security breach due to a credential stuffing attack. due to password reuse. Here's what happened and what could have been done to prevent the attack. [...] |
Hack
|
|
|
|
2022-06-27 11:39:17 |
Microsoft Exchange bug abused to hack building automation systems (lien direct) |
A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. [...] |
Hack
Threat
|
|
|
|
2022-06-25 17:14:05 |
Harmony Blockchain Bridge Loses $100 Million In Crypto Hack (lien direct) |
>U.S. based firm Harmony, the crypto start-up behind Horizon Blockchain Bridge, on Friday announced that $100 million worth of digital tokens were stolen from one of its key products. For the unversed, Horizon Blockchain Bridge allows users to transfer their crypto assets including tokens, stablecoins, and NFTs, between Ethereum, Binance Smart Chain, and the Harmony blockchain. The company said that on June 23, 2022, […]
|
Hack
|
|
|
|
2022-06-23 19:36:46 |
Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks.
"Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, |
Hack
Threat
|
|
|
|
2022-06-23 15:28:48 |
CISA: Log4Shell exploits still being used to hack VMware servers (lien direct) |
CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [...] |
Hack
Threat
|
|
|
|
2022-06-23 06:05:37 |
Conti ransomware hacking spree breaches over 40 orgs in a month (lien direct) |
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. [...] |
Ransomware
Hack
|
|
|
|
2022-06-20 21:46:13 |
Russian APT28 hacker accused of the NATO think tank hack in Germany (lien direct) |
>The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […]
|
Hack
|
APT 28
|
|
|
2022-06-20 10:58:14 |
Jury Convicts Seattle Woman in Massive Capital One Hack (lien direct) |
A federal jury on Friday convicted a former Seattle tech worker of several charges related to a massive hack of Capital One bank and other companies in 2019.
|
Hack
|
|
|
|
2022-06-17 20:19:14 |
BSidesSF 2022 Writeups: Tutorial Challenges (Shurdles, Loadit, Polyglot, NFT) (lien direct) |
Hey folks,
This is my (Ron's / iagox86's) author writeups for the BSides San Francisco 2022 CTF. You can get the full source code for everything on github. Most have either a Dockerfile or instructions on how to run locally. Enjoy!
Here are the four BSidesSF CTF blogs:
shurdles1/2/3, loadit1/2/3, polyglot, and not-for-taking
mod_ctfauth, refreshing
turtle, guessme
loca, reallyprettymundane
Shurdles - Shellcode Hurdles
The Shurdles challenges are loosely based on a challenge from last year, Hurdles, as well as a Holiday Hack Challenge 2021 challenge I wrote called Shellcode Primer. It uses a tool I wrote called Mandrake to instrument shellcode to tell the user what's going on. It's helpful for debugging, but even more helpful as a teaching tool!
The difference between this and the Holiday Hack version was that this time, I didn't bother to sandbox it, so you could pop a shell and inspect the box. I'm curious if folks did that.. probably they couldn't damage anything, and there's no intellectual property to steal. :)
I'm not going to write up the solutions, but I did include solutions in the repository.
Although I don't work for Counter Hack anymore, a MUCH bigger version of this challenge that I wrote is included in the SANS NetWars version launching this year. It covers a huge amount, including how to write bind- and reverse-shell shellcode from scratch. It's super cool! Unfortunately, I don't think SANS is doing hybrid events anymore, but if you find yourself at a SANS event be sure to check out NetWars!
Loadit - Learning how to use LD_PRELOAD
I wanted to make a few challenges that can be solved with LD_PRELOAD, which is where loadit came from! These are designed to be tutorial-style, so I think the solutions mostly speak for themselves.
One interesting tidbit is that the third loadit challenge requires some state to be kept - rand() needs to return several different values. I had a few folks ask me about that, so I'll show off my solution here:
#include
int rand(void) {
int answers[] = { 20, 22, 12, 34, 56, 67 };
static int count = 0;
return answers[count++];
}
// Just for laziness
unsigned int sleep(unsigned int seconds) {
return 0;
}
I use the static variable type to keep track of how many times rand() has been called. When you declare something as static inside a function, it means that the variable is initialized the first time the function is called, but changes are maintained as if it's a global variable (at least conceptually - in reality, it's initialized when the program is loaded, even if the function is never called).
Ironically, this solution actually has an overflow - the 7th time and onwards rand() is called, it will start manipulating random memory. Luckily, we know that'll never happen. :) |
Hack
Tool
|
|
★★★★
|
|
2022-06-15 13:59:37 |
DragonForce Gang Unleash Hacks Against Govt. of India (lien direct) |
In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India. |
Hack
|
|
|
|
2022-06-14 13:09:05 |
Report Reveals $1.7 Billion Hacked From Top 10 Centralised Crypto Exchanges Over The Last Decade (lien direct) |
A new study from BestBitcoinExchange.io has assessed which of the top crypto exchanges have suffered the worst hacks in the past, which are the safest to trust going forward, and which should be avoided. The experts analyzed data from the top 25 crypto exchanges over the last ten years, to identify which are the most […] |
Hack
|
|
|
|
2022-06-11 13:34:12 |
PACMAN, a new attack technique against Apple M1 CPUs (lien direct) |
>PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. The pointer authentication codes (PACs) allow to detect and guard against unexpected changes to pointers in memory. […]
|
Hack
|
|
|