What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-04-18 03:00:00 | Assume breach is for losers: These steps will stop data breaches (lien direct) | “Assume breach” is the popular computer defense strategy based on the idea that your company is either already breached or could easily be breached by a dedicated attacker. There is a lot of validity to this approach. Most companies and organizations are super easy to hack and compromise. However, it doesn't have to be this way. | Hack | ||
 |
2019-04-17 20:12:00 | RCE flaw in Electronic Arts Origin client exposes gamers to hack (lien direct) | Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts (EA) has addressed a vulnerability in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. […] | Hack Vulnerability | ★★ | |
 |
2019-04-13 14:14:05 | (Déjà vu) Hack the Box Vault: Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Vault”. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Intermediate Task: To find user.txt and... Continue reading → | Hack | ||
 |
2019-04-12 08:44:00 | Matrix.org hack forces servers offline, encrypted chat history lost (lien direct) | Matrix.org suffered a cyberattack which forced the group to boot all of their users out of the system. | Hack | ★★★ | |
 |
2019-04-11 20:22:14 | Assange indicted for breaking a password (lien direct) | In today's news, after 9 years holed up in the Ecuadorian embassy, Julian Assange has finally been arrested. The US DoJ accuses Assange for trying to break a password. I thought I'd write up a technical explainer what this means.According to the US DoJ's press release:Julian P. Assange, 47, the founder of WikiLeaks, was arrested today in the United Kingdom pursuant to the U.S./UK Extradition Treaty, in connection with a federal charge of conspiracy to commit computer intrusion for agreeing to break a password to a classified U.S. government computer.The full indictment is here.It seems the indictment is based on already public information that came out during Manning's trial, namely this log of chats between Assange and Manning, specifically this section where Assange appears to agree to break a password: What this says is that Manning hacked a DoD computer and found the hash "80c11049faebf441d524fb3c4cd5351c" and asked Assange to crack it. Assange appears to agree.So what is a "hash", what can Assange do with it, and how did Manning grab it?Computers store passwords in an encrypted (sic) form called a "one way hash". Since it's "one way", it can never be decrypted. However, each time you log into a computer, it again performs the one way hash on what you typed in, and compares it with the stored version to see if they match. Thus, a computer can verify you've entered the right password, without knowing the password itself, or storing it in a form hackers can easily grab. Hackers can only steal the encrypted form, the hash.When they get the hash, while it can't be decrypted, hackers can keep guessing passwords, performing the one way algorithm on them, and see if they match. With an average desktop computer, they can test a billion guesses per second. This may seem like a lot, but if you've chosen a sufficiently long and complex password (more than 12 characters with letters, numbers, and punctuation), then hackers can't guess them.It's unclear what format this password is in, whether "NT" or "NTLM". Using my notebook computer, I could attempt to crack the NT format using the hashcat password crack with the following command:hashcat -m 3000 -a 3 80c11049faebf441d524fb3c4cd5351c ?a?a?a?a?a?a?aAs this image shows, it'll take about 22 hours on my laptop to crack this. However, this doesn't succeed, so it seems that this isn't in the NT format. Unlike other password formats, the "NT" format can only be 7 characters in length, so we can completely crack it. |
Hack | ||
|
2019-04-11 06:19:03 | WPA3 attacks allow hackers to hack Wi-Fi password (lien direct) | Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks. One of the main advantages of WPA3 is that it’s near impossible to crack […] | Hack | ||
 |
2019-04-09 16:22:00 | Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print (lien direct) | The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint. | Hack | ||
|
2019-04-08 03:00:00 | Inside the 2014 hack of a Saudi embassy (lien direct) | An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails to more than a dozen embassies at The Hague demanding $50 million for ISIS, or they would blow up a major diplomatic reception, documents seen by CSO reveal. | Hack | ||
|
2019-04-05 10:59:04 | Flaws in Pre-Installed security App on Xiaomi Phones open to hack them (lien direct) | If you use a Xiaomi smartphone you should be aware that a pre-installed security software could be abused for malicious activities. Bad news for the owners of Xiaomi smartphones, a pre-installed security application could be used as a backdoor by hackers. Security experts at CheckPoint have discovered that a security app, called Guard Provider, that […] | Hack | ||
 |
2019-04-04 17:32:04 | Researchers Hack Google Maps Snake Game to Add God Mode, AI Auto-Play (lien direct) | Check Point's research team tried the April Fools snake game added by Google inside the Android and iOS Google Maps apps and, after failing to play it for as long as they wanted, they reverse engineered it, stuck an auto-play AI inside, and removed the "loss" factor altogether. [...] | Hack | ||
|
2019-04-04 06:58:05 | (Déjà vu) Hack the Box Curling: Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Curling”. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Intermediate Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-03-30 14:46:05 | (Déjà vu) Hack the Box Frolic: Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Frolic”. It is a retired vulnerable lab presented by Hack the Box for helping pentester's to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Expert Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-03-29 15:50:00 | Researchers publish list of MAC addresses targeted in ASUS hack (lien direct) | Most of the targeted MAC addresses are used by ASUStek, Intel, and AzureWave devices. | Hack | ||
 |
2019-03-29 03:58:00 | Here\'s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack (lien direct) | EXCLUSIVE - While revealing details of a massive supply chain cyber attack against ASUS customers, Russian security firm Kaspersky last week didn't release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.
Instead, Kaspersky released a dedicated offline tool and launched an online web page where ASUS PC users can search |
Malware Hack Tool | ||
 |
2019-03-25 22:05:00 | How to hack your own Wi-Fi network (lien direct) | One way to bolster your understanding of Wi-Fi security is to do some hacking yourself. That doesn't mean you should infiltrate a company's network or snoop on a neighbor's setup. Rather, ethical hacking and legitimate Wi-Fi penetration testing – done in cooperation with the network owner – can help you learn more about the strengths and limitations of wireless security. Understanding potential Wi-Fi vulnerabilities can help you to better protect the networks you manage and ensure safer connections when you access other wireless networks.Start with a Wi-Fi stumbler General purpose Wi-Fi stumblers are the simplest and most innocent tools to add to your pen testing kit. Though typically passive tools, they serve an important purpose. They allow you to see what access points (AP) are nearby and their details, such as the signal level, security/encryption type, and media access control (MAC) address. It's a tool even a hacker would utilize to find the next victim. | Hack Tool | ||
 |
2019-03-25 15:47:01 | Two white hats hack a Tesla, get to keep it (lien direct) | >The electric automaker is working to release a fix for the underlying vulnerability in a matter of days | Hack Vulnerability | Tesla | |
 |
2019-03-25 14:15:03 | (Déjà vu) Security Researchers hack Telsa Car at Pwn2Own contest. (lien direct) | A team of security researchers has hacked a Tesla Model 3 car on the last day of the Pwn2Own 2019 hacking contest that was held this week in Vancouver, Canada. Team Fluoroacetate –made up of Amat Cama and Richard Zhu– hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process […] | Hack | Tesla | |
|
2019-03-25 09:39:05 | Warning: ASUS Software Update Server Hacked to Distribute Malware (lien direct) | Remember the CCleaner hack?
CCleaner hack was one of the largest supply chain attacks that infected more than 2.3 million users with a backdoored version of the software in September 2017.
Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS.
A group of state-sponsored |
Malware Hack | CCleaner | |
|
2019-03-22 20:53:05 | Medtronic\'s implantable heart defibrillators vulnerable to hack (lien direct) | The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human […] | Hack | ||
|
2019-03-21 16:55:00 | 13-Year-Old Allegedly Hacked Teacher Account to Create Student \'Hit List\' (lien direct) | A 13-year-old is currently under investigation after he allegedly used a teacher's credentials to hack into his school district's computing system to steal fellow students' personal information and create a "hit list." [...] | Hack | ||
 |
2019-03-21 15:00:00 | Are hackers gonna hack anymore? Not if we keep reusing passwords (lien direct) |
A look at the not-so-hacking hacker techniques attackers are using to compromise user accounts via weak passwords and gain access to enterprise networks.
Categories:
Cybercrime
Hacking
Tags: brute forcecredential stuffingenterpriseenterpriseshackershackingpassword managerspassword sprayingreusing passwordsweak passwords
(Read more...)
|
Hack | ||
|
2019-03-21 14:21:03 | Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019 (lien direct) | During the first day of Pwn2Own Vancouver 2019, contestants were able to successfully hack into the Apple Safari web browser, Oracle's VirtualBox, and VMware Workstation, earning a total of $240,000 in cash awards. [...] | Hack | ||
|
2019-03-20 09:41:02 | (Déjà vu) Hack the Box Carrier: Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Carrier”. It is a retired vulnerable lab presented by Hack the Box for helping pentester's to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Expert Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-03-18 16:57:05 | Multiple Ways to Exploiting OSX using PowerShell Empire (lien direct) | In this article, we will learn multiple ways to how to hack OS X using empire. There are various stagers given in empire for the same and we use a few of them in our article. Method to attack OS X is similar to that of windows. For the beginner's guide to pen-test OS X... Continue reading → | Hack | ||
|
2019-03-14 15:00:02 | Students Hack School System to Change Grades and Attendance (lien direct) | Like a modern day WarGames, students in Michigan have hacked into a school district's computer system and changed grades and attendance records. [...] | Hack | ||
|
2019-03-14 11:31:01 | CSRF flaw in WordPress potentially allowed the hack of websites (lien direct) | Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1. […] | Hack Vulnerability Guideline | ||
|
2019-03-14 03:00:00 | My two favorite companies from RSA Conference 2019 (lien direct) | I've got a confession to make. I've never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the presentation room and a spill-over room to hear it. I was a little under the weather, but I think it went well enough. | Hack | ||
|
2019-03-14 02:41:02 | New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites (lien direct) | If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once |
Hack Vulnerability | ||
|
2019-03-14 00:10:00 | Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers\' PCs (lien direct) | If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers.
A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by |
Hack | ||
|
2019-03-12 18:43:41 | Some notes on the Raspberry Pi (lien direct) | I keep seeing this article in my timeline today about the Raspberry Pi. I thought I'd write up some notes about it.The Raspberry Pi costs $35 for the board, but to achieve a fully functional system, you'll need to add a power supply, storage, and heatsink, which ends up costing around $70 for the full system. At that price range, there are lots of alternatives. For example, you can get a fully function $99 Windows x86 PC, that's just as small and consumes less electrical power.There are a ton of Raspberry Pi competitors, often cheaper with better hardware, such as a Odroid-C2, Rock64, Nano Pi, Orange Pi, and so on. There are also a bunch of "Android TV boxes" running roughly the same hardware for cheaper prices, that you can wipe and reinstall Linux on. You can also acquire Android phones for $40.However, while "better" technically, the alternatives all suffer from the fact that the Raspberry Pi is better supported -- vastly better supported. The ecosystem of ARM products focuses on getting Android to work, and does poorly at getting generic Linux working. The Raspberry Pi has the worst, most out-of-date hardware, of any of its competitors, but I'm not sure I can wholly recommend any competitor, as they simply don't have the level of support the Raspberry Pi does. The defining feature of the Raspberry Pi isn't that it's a small/cheap computer, but that it's a computer with a bunch of GPIO pins. When you look at the board, it doesn't just have the recognizable HDMI, Ethernet, and USB connectors, but also has 40 raw pins strung out across the top of the board. There's also a couple extra connectors for cameras.The concept wasn't simply that of a generic computer, but a maker device, for robot servos, temperature and weather measurements, cameras for a telescope, controlling christmas light displays, and so on.I think this is underemphasized in the above story. The reason it finds use in the factories is because they have the same sorts of needs for controlling things that maker kids do. A lot of industrial needs can be satisfied by a teenager buying $50 of hardware off Adafruit and writing a few Python scripts.On the other hand, support for industrial uses is nearly nonexistant. The reason commercial products cost $1000 is because somebody will answer your phone, unlike the teenager whose currently out at the movies with their friends. However, with more and more people having experience with the Raspberry Pi, presumably you'll be able to hire generic consultants soon that can maintain th |
Hack | ||
|
2019-03-11 16:00:00 | Medical IoT Devices with Outdated Operating Sytems Exposed to Hacking (lien direct) | Medical IoT (IoMT) devices are in many cases left exposed to attacks because of outdated or legacy operating systems which, in many cases, are very easy to hack into and expose a throve of sensitive patient data, highly sought over on the black market. [...] | Hack | ||
|
2019-03-11 14:46:01 | Software company disclose data breach. (lien direct) | American software company Citrix disclosed a security breach during which hackers accessed the company’s internal network. In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week. “On March 6, 2019, the FBI contacted Citrix to advise they had reason […] | Hack | ||
|
2019-03-09 13:46:03 | Vulnerabilities in car alarm systems exposed 3 million cars to hack (lien direct) | Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. The flaws could be exploited by attackers to disable the alarm, as well as track and unlock the vehicles using it, or to start and stop the engine even when the […] | Hack | ||
|
2019-03-08 18:23:00 | Citrix discloses security breach of internal network (lien direct) | Citrix learned of the hack from the FBI. Hackers stole business documents. | Hack | ||
 |
2019-03-08 18:06:02 | Flaws in Smart Alarms Exposed Millions of Cars to Dangerous Hacking (lien direct) | Serious vulnerabilities found in high-end car alarms could have been exploited to remotely hack millions of vehicles, including to track them, immobilise them and spy on their owners. | Hack | ||
|
2019-03-08 15:25:00 | Marriott CEO shares post-mortem on last year\'s hack (lien direct) | Marriott investigators found Mimikatz and a remote access trojan (RAT) on hacked Starwood IT system. | Hack | ||
|
2019-03-07 03:00:00 | How to hack a smartcard to gain privileged access (lien direct) | I can change an email address and steal your most privileged credentials. | Hack | ||
|
2019-03-06 15:11:02 | StealthWorker Malware Uses Windows, Linux Bots to Hack Websites (lien direct) | Hackers are running a new campaign which drops the StealthWorker brute-force malware on Windows and Linux machines that end up being used to brute force other computers in a series of distributed brute force attacks. [...] | Malware Hack | ||
 |
2019-03-04 21:00:03 | Hackers Listen In on What Synthetic DNA Machines Are Printing (lien direct) | Some of those sequences are worth millions of dollars, but fortunately the hack isn't easy to deploy-yet. | Hack | ||
|
2019-03-04 13:30:01 | Container Escape Hack Targets Vulnerable Linux Kernel (lien direct) | A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure. | Hack | ||
|
2019-03-04 10:51:00 | As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations. (lien direct) | North Korean hackers who have targeted American and European businesses for 18 months kept up their attacks last week even as President Trump was meeting with North Korea's leader in Hanoi. The attacks, which include efforts to hack into banks, utilities and oil and gas companies, began in 2017, according to researchers at the cybersecurity […] | Hack Guideline | ||
|
2019-03-03 17:16:03 | (Déjà vu) Hack the Box Access: Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Access”. It is a retired vulnerable lab presented by Hack the Box for helping pentester's to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Easy Task: To find user.txt and... Continue reading → | Hack | ||
|
2019-02-28 23:45:01 | US wiped some hard drives of Russia\'s \'troll factory\' in last year\'s hack (lien direct) | IRA news site reveals what happened last year on the day before the US midterms. | Hack | ||
|
2019-02-28 16:24:02 | UN Aviation Agency Concealed Serious Hack: Media (lien direct) | The Montreal-based United Nations aviation agency concealed for months a hack of its computers and allowed malware to spread throughout the airline industry, Canada's public broadcaster reported Wednesday. | Malware Hack | ||
|
2019-02-28 11:46:01 | (Déjà vu) Topps.com Sports Collectible Site Exposes Payment Info in MageCart Attack. (lien direct) | Last week, the sports trading card and collectible company Topps issued a data breach notification stating that it was affected by an attack, which possibly exposed the payment and address information of its customers. This type of attack is called a MageCart attack, which is when attackers hack a site to inject a malicious script into a site’s […] | Data Breach Hack | ||
|
2019-02-27 14:57:00 | Thunderclap vulnerabilities allows to hack most of moder computers (lien direct) | Researchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacksResearchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacks Security experts from Rice University in the United […] | Hack | ||
|
2019-02-27 10:23:00 | What is ethical hacking? How to get paid to break into computers (lien direct) | What is ethical hacking? Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization's defenses. It's among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester's point of view, there is no downside: If you hack in past the current defenses, you've given the client a chance to close the hole before an attacker discovers it. If you don't find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn't break into it.” Win-win! | Hack Threat | ||
|
2019-02-27 07:39:00 | Protecting the IoT: 3 things you must include in an IoT security plan (lien direct) | With many IT projects, security is often an afterthought, but that approach puts the business at significant risk. The rise of IoT adds orders of magnitude more devices to a network, which creates many more entry points for threat actors to breach. A bigger problem is that many IoT devices are easier to hack than traditional IT devices, making them the endpoint of choice for the bad guys.IoT is widely deployed in a few industries, but it is in the early innings still for most businesses. For those just starting out, IT and security leaders should be laying out their security plans for their implementations now. However, the landscape of security is wide and confusing so how to secure an IoT deployment may not be obvious. Below are three things you must consider when creating an IoT security plan. | Hack Threat Guideline | ||
|
2019-02-26 16:00:00 | New Golang brute forcer discovered amid rise in e-commerce attacks (lien direct) |
E-commerce sites are a hot commodity these days. We dig into how compromised PCs are helping to hack into them to inject skimmers, whether via vulnerabilities in the websites themselves or through a new malware we discovered gaining entry via brute force.
Categories:
Threat analysis
Tags: BotbotnetbruteforceGolanggoogletagmanagerMagecartmagentoskimmer
(Read more...)
|
Malware Hack | ||
|
2019-02-26 15:27:00 | The Arsenal Behind the Australian Parliament Hack (lien direct) | Cybaze-Yoroi ZLab investigated artefacts behind Australian Parliament attack to have an insight of Tools and Capabilities associated with the attackers. Introduction In the past days, a cyber attack targeted a high profile target on the APAC area: the Australian Parliament House. As reported by the Australian prime minister there was no evidence of any information theft […] | Hack |
To see everything:
Our RSS (filtrered)
