What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-17 14:00:00 | A Vital Hack Could Turn Medical Devices Into Ventilators (lien direct) | Hundreds of thousands of lower-grade breathing devices are going unused because manufacturers say they can't perform life-saving functions. But a new patch might change that. | Hack | ||
 |
2020-04-15 09:04:01 | (Déjà vu) Russia-linked Energetic Bear APT behind San Francisco airport attacks (lien direct) | Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. Researchers from ESET believe that the attacks against two San Francisco International Airport (SFO) websites were carried out by the Russian cyber-espionage group known as Energetic Bear (aka […] | Hack | ||
 |
2020-04-14 13:46:46 | Russian state hackers behind San Francisco airport hack (lien direct) | ESET says a Russian hacker group known as Energetic Bear (DragonFly) is behind a hack of two of the airport's websites. | Hack | ||
 |
2020-04-14 10:14:14 | Russian hackers tried to steal San Francisco airport Windows accounts (lien direct) | The hack of employee web sites belonging to the San Francisco International Airport has been attributed to a Russian hacker group who used the SMB protocol to steal Windows passwords. [...] | Hack | ||
|
2020-04-11 16:31:23 | (Déjà vu) SFO discloses data breach following the hack of 2 of its websites (lien direct) | San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. In March hackers compromised two websites of San Francisco International Airport (SFO) and now it disclosed a data breach. SFO is a major gateway to Europe and Asia, it serves 45 international carriers. The attackers may have […] | Data Breach Hack | ||
|
2020-04-10 14:22:09 | CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server (lien direct) | VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 […] | Hack Vulnerability | ||
|
2020-04-10 12:14:22 | San Francisco Intl Airport discloses data breach after hack (lien direct) | San Francisco International Airport (SFO) disclosed a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020. [...] | Data Breach Hack | ||
|
2020-04-10 10:04:43 | SEC settles with two suspects in EDGAR hacking case (lien direct) | Hacker directly responsible for the hack is still at large, though. | Hack | ||
 |
2020-04-09 11:01:00 | 16 real-world phishing examples - and how to recognize them (lien direct) | You think you know phishing? Image by ThinkstockEven though computer users are getting smarter, and the anti-phishing tools they use as protection are more accurate than ever, the scammers are still succeeding. Lured with promises of monetary gain or threats of financial or physical danger, people are being scammed out of tens of thousands of dollars. Corporations lose even more - tens of millions. |
Malware Hack | ||
 |
2020-04-06 14:46:50 | These are the countries trying to hack US critical infrastructure (lien direct) | Robert Lee, founder & CEO of Dragos, Inc., speaks with Dan Patterson about which countries pose a threat to US industrial infrastructures. | Hack Threat | ||
|
2020-04-03 22:45:12 | Hacking iPhone or MacBook devices by tricking into visiting a site (lien direct) | Bad news for Apple iPhone or MacBook users, attackers could hack their device’s camera by tricking them into visiting a website. The ethical hacker Ryan Pickren demonstrated that it is possible to hack Apple iPhone or MacBook users by simply tricking them into visiting a website with the Safari browser. Pickren reported seven vulnerabilities to Apple […] | Hack | ||
|
2020-04-03 08:50:13 | 100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack (lien direct) | An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […] | Hack Vulnerability | ||
 |
2020-04-02 01:23:55 | About them Zoom vulns... (lien direct) | Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. Because of the COVID-19, these vulns have hit the mainstream media. This means my non-techy friends and relatives have been asking about it. I thought I'd write up a blogpost answering their questions.The short answer is that you don't need to worry about it. Unless you do bad things, like using the same password everywhere, it's unlikely to affect you. You should worry more about wearing pants on your Zoom video conferences in case you forget and stand up.Now is a good time to remind people to stop using the same password everywhere and to visit https://haveibeenpwned.com to view all the accounts where they've had their password stolen. Using the same password everywhere is the #1 vulnerability the average person is exposed to, and is a possible problem here. For critical accounts (Windows login, bank, email), use a different password for each. (Sure, for accounts you don't care about, use the same password everywhere, I use 'Foobar1234'). Write these passwords down on paper and put that paper in a secure location. Don't print them, don't store them in a file on your computer. Writing it on a Post-It note taped under your keyboard is adequate security if you trust everyone in your household.If hackers use this Zoom method to steal your Windows password, then you aren't in much danger. They can't log into your computer because it's almost certainly behind a firewall. And they can't use the password on your other accounts, because it's not the same.Why you shouldn't worryThe reason you shouldn't worry about this password stealing problem is because it's everywhere, not just Zoom. It's also here in this browser you are using. If you click on file://hackme.robertgraham.com/foo/bar.html, then I can grab your password in exactly the same way as if you clicked on that vulnerable link in Zoom chat. That's how the Zoom bug works: hackers post these evil links in the chat window during a Zoom conference.It's hard to say Zoom has a vulnerability when so many other applications have the same issue.Many home ISPs block such connections to the Internet, such as Comcast, AT&T, Cox, Verizon Wireless, and others. If this is the case, when you click on the above link, nothing will happen. Your computer till try to contact hackme.robertgraham.com, and fail. You may be protected from clicking on the above link without doing anything. If your ISP doesn't block such connections, you can configure your home router to do this. Go into the firewall settings and block "TCP port 445 outbound". Alternatively, you can configure Windows to only follow such links internal to your home network, but not to the Internet.If hackers (like me if you click on the above link) gets your password, then they probably can't use use it. That's because while your home Internet router allows outbound connections, it (almost always) blocks inbound connections. Thus, if I steal your Windows password, I can't use it to log into your home computer unless I also break physically into your house. But if I can break into your computer physically, I can hack it without knowing your password.The same arguments apply to corporate desktops. Corporations should block such outbound connections. They | Hack Vulnerability Threat | ||
 |
2020-03-27 10:50:35 | How VPN Technology Protects Your Privacy from Hackers (lien direct) | Introduction Picture this; the year is 2020. People store their most sensitive data online. They blindly trust that their information is safe, and they do nothing to protect it. Criminals can hack into these people's computers and steal all of their information, ruining their lives. This isn't the plot to a dystopian movie; this is... Continue reading → | Hack | ★★ | |
|
2020-03-26 22:30:30 | An Elite Spy Group Used 5 Zero-Days to Hack North Koreans (lien direct) | South Korea is a prime suspect for exploiting the secret software vulnerabilities in a sophisticated espionage campaign. | Hack | ||
|
2020-03-26 07:02:03 | Hack the Box: Wall Walkthrough (lien direct) | Today we are going to crack a machine called Wall. It was created by aksar. This is a Capture the Flag type of challenge. This machine is hosted on HackTheBox. Let’s get cracking!! Penetration Testing Methodology Network Scanning Nmap Enumeration Browsing HTTP Service at port 80 Directory Bruteforce using DirBuster Bypass Authentication using Verb Tampering... Continue reading → | Hack | ★★★★★ | |
 |
2020-03-25 15:00:00 | Criminals hack Tupperware website with credit card skimmer (lien direct) |
This latest hack from Magecart threat actors was well planned and executed.
Categories:
Hacking
Tags: credit cardMagecartskimmerskimmingsteganographytupperware
(Read more...)
|
Hack Threat | ||
 |
2020-03-25 11:10:13 | Microsoft warns Windows users of unfixable hack attack (lien direct) | MICROSOFT has warned of hackers exploiting a new vulnerability that can be found in all supported versions of Windows. If successfully manipulated by a cyber-criminal, it would be possible for them to run malware on a victim’s device. Source: The Sun | Malware Hack Vulnerability | ||
|
2020-03-24 14:46:51 | (Déjà vu) Fortune 500 tech giant General Electric (GE) discloses data breach after Canon hack (lien direct) | General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered […] | Data Breach Hack | ||
|
2020-03-23 17:47:19 | Tech Giant GE Discloses Data Breach After Service Provider Hack (lien direct) | Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former GE employees, as well as beneficiaries, was exposed in a security incident experienced by one of its service providers. [...] | Data Breach Hack | ||
|
2020-03-22 18:27:11 | (Déjà vu) Hack the Box: Postman Walkthrough (lien direct) | Today, we're sharing another Hack Challenge Walkthrough box: POSTMAN design by The Cyber Geek and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. The level of the Lab is set: Beginner to intermediate. Task: Capture the user.txt... Continue reading → | Hack | ||
|
2020-03-18 21:36:25 | Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware (lien direct) | The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices. | Malware Hack | ||
|
2020-03-17 10:01:21 | Government Blockchain Hacked in Argentina (lien direct) | In the midst of the global emergency caused by the Coronavirus pandemic, the Argentine government confirmed on March 14 that they suffered a hack on the website of their official gazette (Boletin Official) based on blockchain technology, where false statements regarding the coronavirus were spread. Source: Cointelegraph | Hack | ★★★★ | |
|
2020-03-13 11:42:03 | Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack (lien direct) | Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More than 100,000 websites are […] | Hack | ||
|
2020-03-12 12:54:15 | Hacking a network, using an \'invisibility cloak\' – Is it that simple? (lien direct) | Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? The short answer is, YES it is. We came to this conclusion after analyzing an incident after an […] | Hack | ||
|
2020-03-11 23:26:39 | Avast disables the JavaScript engine component due to a severe issue (lien direct) | Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs. The issue […] | Hack Vulnerability | ||
|
2020-03-11 13:12:44 | The Secret History of a Cold War Mastermind (lien direct) | Gus Weiss, a shrewd intelligence insider, pulled off an audacious tech hack against the Soviets in the last century. Or did he? | Hack | ||
|
2020-03-09 11:27:44 | Nation-state groups hack Microsoft Exchange servers (lien direct) | Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers. The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD. Source: ZD Net | Hack Vulnerability | ||
|
2020-03-09 10:35:18 | New research reveals Cerberus Malware easily preventable (lien direct) | Last month, a Dutch cyber-security firm ThreatFabric discovered the first-ever malware that could hack Google Authenticator application to extract one-time passcodes from a user’s device by taking a screenshot of a user’s screen with Google Authenticator open. The malware, named Cerberus, was under development when it was found and the ThreatFabric report did not […] | Malware Hack | ||
 |
2020-03-07 11:37:40 | 17-Yr-Old RCE Flaw Can Hack Several Linux Systems (lien direct) | The US-CERT has issued a security advisory warning users of a 17-year-old critical Remote Code Execution (RCE) vulnerability that affects PPP (Point to Point Protocol Daemon) daemon software implemented in almost all Linux based operating systems. The flaw, dubbed as CVE-2020-8597 with a 9.3 CVE score, was discovered by an IOActive security researcher, Ilja Van […] | Hack Vulnerability | ||
|
2020-03-06 15:57:01 | Huawei backdoors explanation, explained (lien direct) | Today Huawei published a video explaining the concept of "backdoors" in telco equipment. Many are criticizing the video for being tone deaf. I don't understand this concept of "tone deafness". Instead, I want to explore the facts.Does the word “#backdoor” seem frightening? That's because it's often used incorrectly – sometimes to deliberately create fear. Watch to learn the truth about backdoors and other types of network access. #cybersecurity pic.twitter.com/NEUXbZbcqw- Huawei (@Huawei) March 4, 2020This video seems in response to last month's story about Huawei misusing law enforcement backdoors from the Wall Street Journal. All telco equipment has backdoors usable only by law enforcement, the accusation is that Huawei has a backdoor into this backdoor, so that Chinese intelligence can use it.That story was bogus. Sure, Huawei is probably guilty of providing backdoor access to the Chinese government, but something is deeply flawed with this particular story.We know something is wrong with the story because the U.S. officials cited are anonymous. We don't know who they are or what position they have in the government. If everything they said was true, they wouldn't insist on being anonymous, but would stand up and declare it in a press conference so that every newspaper could report it. When something is not true or spun, then they anonymously "leak" it to a corrupt journalist to report it their way.This is objectively bad journalism. The Society of Professional Journalists calls this the "Washington Game". They also discuss this on their Code of Ethics page. Yes, it's really common in Washington D.C. reporting, you see it all the time, especially with the NYTimes, Wall Street Journal, and Washington Post. But it happens because what the government says is news, regardless of its false or propaganda, giving government officials the ability to influence journalists. Exclusive access to corrupt journalists is how they influence stories.We know the reporter is being especially shady because of the one quote in the story that is attributed to a named official:“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” said national security adviser Robert O'Brien. This quote is deceptive because O'Brien doesn't say any of the things that readers assume he's saying. He doesn't actually confirm any of the allegations in the rest of the story.It doesn't say.That Huawei has used that capability.That Huawei intentionally put that capability there.That this is special to Huawei (rather than everywhere in the industry).In fact, this quote applies to every telco equipment maker. They all have law enforcement backdoors. These backdoors always hve "controls" to prevent them from being misused. But these controls are always flawed, either in design or how they are used in the real world.Moreover, all telcos have maintenance/service contracts with the equipment makers. When there are ways around such controls, it's the company's own support engineers who will know them.I absolutely believe Huawei that it has don | Hack Threat | ||
 |
2020-03-04 12:26:32 | Police raid tech support scam centre who had their CCTV hacked by vigilantes (lien direct) | An indepth investigation by online vigilantes has exposed the activities of an Indian tech support scam centre. Extraordinarily, fraudsters had the tables turned on them as YouTuber Jim Browning was able to hack into the call centre and access recordings of scam phone calls and even watch live CCTV footage exposing the criminals at work. | Hack | Uber | |
|
2020-03-04 11:47:24 | Cathay Pacific slammed for security failures following hack which exposed 9.4 million people worldwide (lien direct) | The UK’s Information Commissioner’s Office (ICO) has fined Cathay Pacific for “a number of basic security inadequacies” which resulted in hackers stealing the data of 9.4 million people worldwide – including 111,578 from the UK. Read more in my article on the Hot for Security blog. | Hack | ||
|
2020-03-03 14:56:36 | Hackers Can Hijack Siri, Google Assistant Using Ultrasonic Waves (lien direct) | A group of security researchers have discovered a new method to hack smartphone voice assistants, including those used by Siri and Google by sending voice commands via ultrasonic waves. Dubbed as SurfingAttack, this attack allows a hacker to control Apple’s Siri and Google Assistant by sending inaudible vibrations through a tabletop from 30 feet away without the phone owner's […] | Hack | ||
|
2020-03-02 11:17:26 | Hackers target WordPress zero-days plugins (lien direct) | WordPress is, by far, the most widely used website building technology on the internet. According to the most recent statistics, more than 35% of all internet websites run on versions of the WordPress CMS (content management system).Due to its huge number of active installations, WordPress is a massive attack surface. Attempts to hack into WordPress […] | Hack | ||
|
2020-02-29 05:27:02 | (Déjà vu) Hack the Box: Haystack Walkthrough (lien direct) | Today, we're sharing another Hack Challenge Walkthrough box: Haystack design by JoyDragon and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. The level of the Lab is set: Beginner to intermediate. Task: Capture the user.txt and root.txt... Continue reading → | Hack | ||
 |
2020-02-27 13:00:00 | Online payment security: 8 Steps to ensure safe transactions (lien direct) | This blog was written by an independent guest blogger. Online shopping has become an increasingly popular trend in the past few years as people find it more convenient to buy from the comfort of their homes. You can get pretty much anything and everything from online stores: groceries, clothing, jewelry, electronics and other household items. Yet, we need to consider for a moment if all these online financial transactions taking place are safe – and how can we ensure our protection from online frauds such as identity theft and phishing attacks. It would be a little exaggerating to say that online transactions are highly insecure. Rather, most online payment systems are relatively secure. Still, online crime is a reality and bad actors are always lurking around looking for possible vulnerabilities to grab and exploit. Unless necessary precautions are taken by both merchants and customers, payment information can be leaked and subsequently compromised. Hence, it is important for both customers and merchants to understand the basic steps to keep online transactions save. Let us look at 8 fundamental steps to ensure safety transactions with online payments Be compliant with PCI DSS Before anything else, the first step to ensure safety is to make sure that your payment system is compliant with the Payment Card Industry Data Security Standard – an internationally accepted standard for secure card payments with 12 security requirements. PCI Security Standards Council was established in 2006 for regulating payment brands and helping merchants secure financial data of customers. Regardless of the size of your business, compliance to the standard is important to ensure that you meet fundamental security requirements to process customer transactions. PCI SSC also provides online safety education to merchants and assists them in taking important steps to improve their website’s safety. They analyze your transaction system, find and fix vulnerabilities. Their compliance team then creates a report and shares it with all banks and card brands associated with your business. Compliance with PCI DSS means that your company has implemented and the requirements for card payment security. Ensure data encryption The second step towards enhancing online payment security is to use data encryption to keep customer’s financial information private. Nowadays with open WIFI networks, identity theft is prevalent and relatively an easy task for hackers if the data is unencrypted. Websites that your business deals with for online transactions should be valid and with legitimate operators. Data encryption ensures that your sensitive information is only viewed by the authorized parties and does not fall into wrong hands. It also reduces password-hacking likelihood to a great extent. All these features combined proved an additional protection layer for customers during the transaction. Keep your network updated Hackers regularly come up with new ways to hack into systems, and while your network may be safe from them today, it may not be tomorrow. For this reason, it is really important that your business’s computer networks have security updates regularly installed on them. The best way is to sign up for automatic system updates to stay a step ahead from new threats. Automatic update will ensure that all important safeguards are installed, the absence of w | Hack Vulnerability | ||
|
2020-02-27 10:24:14 | Clearview AI, Hacked (lien direct) | Clearview AI, the company whose database has amassed over 3 billion photos, has suffered a data breach, it has emerged. The data stolen in the hack included the firm's entire customer list–which will include multiple law enforcement agencies–along with information such as the number of searches they had made and how many accounts they'd set […] | Hack | ||
 |
2020-02-26 18:01:25 | Redcar council IT hack confirmed as ransomware attack (lien direct) | Redcar council's IT systems have been down for 19 days but "significant progress" is being made. | Ransomware Hack | ||
|
2020-02-25 18:23:00 | How to hack an election without touching a voting machine (lien direct) | In a RSA 2020 simulation, the Red Team compromised email accounts, deepfake videos, and disinformation on Election Day in Adversaria. | Hack | ★★★ | |
 |
2020-02-25 13:49:16 | Ordnance Survey Hack – Expert Reaction (lien direct) | In light of the news that a hacker stole the personal data of 1,000 employees of the Ordnance Survey, cybersecurity experts, offered the following comments: Scoop: A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. Was "most likely" the result of a targeted #phishing attack. … The ISBuzz Post: This Post Ordnance Survey Hack – Expert Reaction | Hack | ||
|
2020-02-25 13:00:00 | How to harden your employees from the massive social engineering threat (lien direct) | This blog was written by an independent guest blogger. Social engineering is the art of human deception. In the world of cybersecurity, it’s how to fool human beings in order to conduct cyber attacks. Some of these cyber attacks can be very expensive to your business! In fact, many of the worst cyber attacks to your organization’s network start with fooling you or one of your employees. Penetrating a network without human interaction is really tough. But the people who work for your company have privileged access that can be easily exploited. I was at a Leading Cyber Ladies meetup in Toronto recently, where threat research expert Sherrod DeGrippo visited all the way from Atlanta to talk about how cyber threats often work these days, and what their attack chains are like. I had the idea to write about social engineering before I attended the meeting, but I wasn’t expecting to do research for this post by attending it. It was just a very fortunate coincidence that DeGrippo said some things about social engineering that really captured my attention. After the meeting, we had a quick chat and followed each other on Twitter. During her talk at the meeting, DeGrippo mentioned how she sees a lot of cyber attackers, from APTs to script kiddies, target human beings as an initial attack vector a lot more often than they used to. She said doing reconnaissance for a corporate network is very difficult, whereas doing reconnaissance on a person is a lot easier. We post about ourselves on social media all the time. We talk about the places we’ve visited and the things we like on Twitter. We talk about who our family and friends are on Facebook. And we tell LinkedIn our job titles, who we work for, and what we do there. An individual who works for a targeted company has privileged access to their networks and to their physical buildings. Socially engineer them, and you can get malware on their systems to send sensitive data to a command and control server, or you could possibly walk into an employees-only area of an office. The other thing she discussed which intrigued me is that she sees information security professionals targeted for social engineering attacks more often than ever before, and how we can be really lucrative for social engineering exploitation. Contrary to us thinking that we know better, it often works! I asked DeGrippo about it. She said: "Yes, targeting infosec professionals is my big concern lately. The more sophisticated actors are doing really specific targeting. This includes people in security roles and lots of people in software development roles. There is so much info out there. A job offer, a security report, a discussion of a new technology and a code snippet-- all potential social engineering lures to send to technical people with privileged access.” I said, “Maybe some of us are way too confident. That confidence can be dangerous.” "… totally. I worry about that. I worry that as an industry we are so focused on protecting others that we let our own opsec (operational security) slip or we just don’t have time to focus on it as much. It’s not really hubris in most cases, it’s just forgetting to do a threat model on ourselves.” She also spoke to me about how cyber attackers often choose their social engineering targets. “The thing I like to do is get into the psychology of a threat actor. If I could be anyone I wanted to be, but only online, who would I choose? A software dev at a fancy car company? I could hack some luxury car software to unlock for me anytime, anywhere! A junior HR admin at a large company? Steal a ton of identity and payroll data! Maybe I would be a fancy CFO’s assistant and make changes to deposit instructions for invoices to my own mule account | Malware Hack Threat Guideline | ||
|
2020-02-21 15:09:46 | MGM Hotel Hack Leaves 10.6M Guests\' Personal Data Exposed (lien direct) | 10.6 million people who had stayed at MGM Resorts have had their personal data published on a hacking forum, it was revealed this week. According to ZD Net the leaked personal data included names, addresses, phone numbers, emails and dates of birth. It is thought that the recent breach stems from an earlier incident which […] | Hack | ||
|
2020-02-21 11:11:05 | White House communications data hack (lien direct) | The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.The agency oversees military communications including calls for US President Donald Trump. The data exposed included names and social security numbers. Source: BBC | Hack | ||
|
2020-02-20 11:34:38 | ISS World: Hack leaves half a million employees without computers (lien direct) | ISS World, a major facilities provider, has been hit by an apparent ransomware attack. | Ransomware Hack | ||
|
2020-02-20 03:36:00 | MGM hack exposes personal data of 10.6 million guests (lien direct) | Celebrities including Justin Bieber were among those whose data was stolen, one report said. | Hack | ★★★★ | |
|
2020-02-19 07:24:09 | (Déjà vu) Hack the Box: Networked Walkthrough (lien direct) | Today, we're sharing another Hack Challenge Walkthrough box: Networked design by Guly and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. The level of the Lab is set: Beginner to intermediate. Task: Capture the user.txt and root.txt... Continue reading → | Hack | ||
|
2020-02-18 15:50:04 | Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack (lien direct) | Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of […] | Hack | ||
|
2020-02-18 13:50:52 | Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way! (lien direct) | Go grab a copy of the Gerbers and 3D-printed Case STL files at https://github.com/whid-injector/Focaccia-Board and print through your favorite FAB. Prologue Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. stlink, jlink, RS23–2-2USB, etc.). It was always a PITA bringing around a device […] | Hack | ||
|
2020-02-18 06:25:37 | Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack (lien direct) | A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability […] | Hack Vulnerability |
To see everything:
Our RSS (filtrered)
