What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-04 14:58:51 | (Déjà vu) Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto (lien direct) | The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks. The US Department of Justice has indicted Joseph James O’Connor, a suspected Twitter hacker also known as ‘PlugWalkJoe,’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. Crooks conduct SIM swapping attacks to take […] | Hack | ||
 |
2021-11-02 14:09:27 | Champion Spotlight: Cris Rodriguez (lien direct) | This interview was cross-posted from the Veracode Community. Join us in congratulating Cris, the latest Secure Code Champion in the Veracode Community! The Secure Code Champion is an award that recognizes individuals with three championships in the Veracode Community's Secure Coding Challenge competitions. Cris is a principal-level Application Security engineer in a large global travel technology company. In this role, he focuses on application penetration testing and setting the strategy for migrating their apps over to Google Cloud. Before entering the security space, he was a software developer for five years. In this interview, we asked Cris about this experience participating in the Secure Coding Challenges and his career change story. He talked about how he made the career switch from a developer to become a security engineer, and what he thinks is important for someone to be successful in this role. For developers considering a similar career move, he also shared the resources that he found most helpful. About Your Experience in the Secure Coding Challenge What brought you to the Secure Coding Challenge? I got an email about the competition and I enjoy a good challenge. What did you find most valuable in participating in the Challenge? Since there were multiple languages, we were able to experience different solutions for a single bug class. That was helpful since most companies use many languages for their apps. What's your suggestion for participants to stand out in the competition? Trust your instincts and be familiar with using a command line and coding project directory tree. As a security engineer, you'll need to be able to dig into your organization's code if you want to be able to help your developers succeed. About Your Experience Becoming a Security Engineer How have you grown from a software developer into a Security engineer? What are the skillsets and knowledge required for this career change? How did you acquire those skills? I was a software developer for five years before I switched over to security. When I made the switch, I was focusing on penetration so I read as many bug bounty write-ups as I could find and watched many more YouTube tutorials. Hack the box and pentester academy have been very helpful in my learnings. What are the top 3 qualities of a successful security engineer? Attention to detail:We are looking for bugs in code that work so you have to understand what makes a component vulnerable. Communication:The developers are going to push back sometimes so being able to communicate with them is key Vulnerability Knowledge:When the developers push back on a vulnerability you really need to have the knowledge of why it is important to fix it. It also helps if you can demonstrate how the vulnerability can be exploited. Is there any tool, resource, forum/meet-up, or course you'd recommend for developers looking to break into the security world? Read the disclosed write-ups at HackerOne and Bugcrowd. Also, here is a link to a great repo that gathered a lot of write-ups. https://github.com/devanshbatham/Awesome-Bugbounty-Writeups Questions about becoming a security engineer? Or, if you're a fellow security engineer, let's connect! You can follow me on Twitter @Nimbus689 or connect with me on LinkedIn. https://www.linkedin.com/mwlite/in/cristobal-rodriguez-03b3b079 | Hack Vulnerability | ||
|
2021-11-01 13:52:42 | How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash (lien direct) | Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […] | Hack | ||
 |
2021-10-29 21:35:39 | An Apparent Ransomware Hack Puts the NRA in a Bind (lien direct) | The group behind the reported attack is under sanctions from the US Treasury, which means a payout could come with penalties for the victim. | Ransomware Hack | ||
 |
2021-10-29 13:38:04 | Microsoft documents “SHROOTLESS” hack patched in latest Apple updates (lien direct) | We'd have called this bug "SHROOTMORE", but naming it wasn't our call. | Hack | ||
 |
2021-10-27 14:58:52 | Microsoft warns of new supply chain attacks by Russian-backed Nobelium group (lien direct) | The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May. | Hack | ★★★★★ | |
 |
2021-10-27 13:26:12 | Twitter employees required to use security keys after 2020 hack (lien direct) | Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack. [...] | Hack | ||
 |
2021-10-26 12:28:47 | BillQuick Billing Software Exploited to Hack U.S. Engineering Company (lien direct) | Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports. | Hack Threat | ||
 |
2021-10-25 05:51:00 | Attempted hack causes Tesco website outage (lien direct) | Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports. | Hack | ||
|
2021-10-25 04:37:22 | Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May (lien direct) | Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021. [...] | Hack | ||
|
2021-10-22 18:59:43 | REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation (lien direct) | The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack. | Ransomware Hack Guideline | ||
|
2021-10-21 20:10:31 | A flaw in WinRAR could lead to remote code execution (lien direct) | A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of […] | Hack Vulnerability | ||
 |
2021-10-21 06:18:02 | Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer (lien direct) | A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks.
Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This |
Hack | ||
 |
2021-10-21 00:00:05 | Smashing Security podcast #248: Press F12 to hack (lien direct) | A journalist is threatened with prosecution after choosing to "View Source" on a public webpage, Amazon Ring owners might be in line for a hefty fine if their neighbours complain, and is the school lunch queue a good place for facial recognition? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. | Hack | ||
|
2021-10-19 09:17:45 | Man gets 7 years in prison for hacking 65K health care employees (lien direct) | Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...] | Hack | ||
|
2021-10-19 08:07:56 | Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services (lien direct) | Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.
Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used |
Hack Vulnerability | ||
|
2021-10-18 20:42:56 | How to install Windows 11 on older, unsupported PCs (lien direct) | Microsoft will not automatically update unsupported PCs, so users must take it upon themselves to perform the procedure manually. But success requires a simple hack of the process. | Hack | ||
|
2021-10-18 07:27:01 | REvil ransomware operation shuts down once again (lien direct) | It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site and payment portal. The news of the hack was shared by the […] | Ransomware Hack Threat | ||
|
2021-10-15 18:11:10 | Twitch Says Hack Impacted \'Small Fraction of Users\' (lien direct) | Amazon-owned live streaming service Twitch on Friday shared another update on the recent data breach. The company says it's confident that only a “small fraction of users” are affected and that customer impact is minimal. The company said the breach was a result of a server configuration change that allowed the hackers to gain access to its systems. | Hack | ||
|
2021-10-15 16:58:32 | LANtenna hack spies on your data from across the room! (Sort of) (lien direct) | Are your network cables acting as undercover wireless transmitters? What can you do if they are? | Hack | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 15:02:35 | Man charged with hack which shared COVID-19 test details in protest against vaccine pass (lien direct) | Police in France have arrested and charged a 22-year-old man with hacking into a "secure" file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for 1.4 million people. | Hack | ||
|
2021-10-09 13:00:00 | Someone Hacked a US Warship Facebook Account to Stream Games (lien direct) | Plus: Twitch hack fallout, Russian phishing, and more of the week's top security news. | Hack | ||
|
2021-10-06 19:48:51 | Streaming Site Twitch Confirms Hack (lien direct) | Amazon's popular live video streaming platform Twitch said Wednesday hackers had broken into its network after reports of exposed confidential company data surfaced online. The service, where users often stream live video game play, confirmed the break-in on Twitter. | Hack | ||
|
2021-10-06 15:47:57 | A Devastating Twitch Hack Sends Streamers Reeling (lien direct) | The data breach apparently includes source code, gamer payouts, and more. | Data Breach Hack | ||
 |
2021-10-06 14:19:18 | Syniverse Hack (lien direct) | This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. I’ve never heard of the company. No details about the hack. It could be nothing. It could be a national intelligence service looking for information. | Hack | ||
|
2021-09-30 12:02:50 | Contactless Payment Card Hack Affects Apple Pay, Visa (lien direct) | A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. | Hack | ||
 |
2021-09-29 17:58:33 | Love HacktheBox Walkthrough (lien direct) | Love is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim's system. Penetration Methodlogies 1st Method Recon Nmap Enumeration Dirb Exploit SSRF Unrestricted file upload to RCE Reverse Shell via Metasploit Post Enumeration | Hack | ★★★ | |
|
2021-09-28 15:12:01 | Assume Nothing: The story of the TalkTalk hack (lien direct) | The BBC has created a great documentary about the infamous TalKTalk hack. I think you would enjoy listening to it. | Hack | ||
|
2021-09-25 10:00:00 | Bitcoin.org hackers steal $17,000 in \'double your cash\' scam (lien direct) | This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...] | Hack Threat | ||
|
2021-09-24 11:00:19 | Port of Houston Target of Suspected Nation-State Hack (lien direct) | A major U.S. port was the target last month of suspected nation-state hackers, according to officials. The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.” | Hack | ||
|
2021-09-23 17:21:28 | Scriptkiddie HackTheBox Walkthrough (lien direct) | Script Kiddie is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim’s system. Penetration Methodlogies Recon Nmap Enumeration Exploit Generating apk Netcat Reverse Connection Post Enumeration Capture User.txt Abusing writeable script Privilege Escalation | Hack | ||
|
2021-09-23 15:21:02 | Report: Suspected Chinese Hack Targets Indian Media, Gov\'t (lien direct) | A U.S.-based private cybersecurity company said Wednesday it has uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the country's national identification database have been hacked, likely by a state-sponsored Chinese group. | Hack | ||
|
2021-09-23 14:23:32 | (Déjà vu) Apple patches new zero-day bug used to hack iPhones and Macs (lien direct) | Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack | ||
|
2021-09-23 14:23:32 | Apple fixes another zero-day used to deploy NSO iPhone spyware (lien direct) | Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack | ||
|
2021-09-21 11:05:47 | Alaska\'s Department of Health and Social Services Hack (lien direct) | Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably just my failure of imagination. | Hack | ||
 |
2021-09-21 05:17:22 | iOS 15 : l\'écran de verrouillage peut déjà être contourné ! (lien direct) | Un chercheur en sécurité estime avoir été lésé dans le programme de bug bounty d'Apple. Pour se venger, il vient de publier un hack qui permet d'accéder aux notes d'un iPhone verrouillé.  |
Hack | ||
|
2021-09-20 13:47:52 | How to see who is trying to break into your Office 365 and what they\'re trying to hack (lien direct) | Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools. | Hack | ||
|
2021-09-20 11:14:52 | Indonesia Says No Evidence of Alleged Chinese Intel Hack (lien direct) | Indonesian authorities have found no evidence that the country's main intelligence service's computers were compromised, after a U.S.-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking group, an official said. | Hack | ||
|
2021-09-15 18:17:09 | OMIGOD vulnerabilities expose thousands of Azure users to hack (lien direct) | OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities, collectively tracked as OMIGOD, in the Open Management Infrastructure (OMI) software agent that exposes Azure users to attack. Below is the list of the […] | Hack | ||
 |
2021-09-14 10:18:00 | Texas GOP Website Down After Anonymous Hack (lien direct) | Hackers ridiculed the state's Republican Party and went after Texas' new 'Heartbeat Act' | Hack | ||
 |
2021-09-13 12:48:26 | Malicious Life Podcast: The Tesla Hack (lien direct) |
It's every company's nightmare: a mysterious stranger approached an employee of Tesla's Gigafactory in Nevada, and offered him 1 million dollars to do a very simple job - insert a malware-laden USB flash drive into a computer in the company and keep it running for 8 hours - check it out...
|
Hack | ||
|
2021-09-09 11:13:10 | More Detail on the Juniper Hack and the NSA PRNG Backdoor (lien direct) | We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. | Hack | ||
 |
2021-09-09 10:25:08 | Jenkins discloses attack on its Atlassian Confluence service (lien direct) | The open source automation server Jenkins has disclosed a successful attack on its Confluence service. Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances. Rated CVSS […] | Hack Vulnerability Guideline | Equifax Equifax | |
|
2021-08-31 17:05:00 | Illinois Physicians Notify 600K Patients of Data Breach (lien direct) | DuPage Medical Group says hack may have exposed patients' information | Data Breach Hack | ||
|
2021-08-30 10:55:03 | T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks (lien direct) | American Living in Turkey Takes Credit for T-Mobile Hack | Hack | ||
|
2021-08-27 23:00:41 | An RCE in Annke video surveillance product allows hacking the device (lien direct) | Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The vulnerability, tracked as […] | Hack Vulnerability | ||
|
2021-08-27 13:56:41 | Vulnerability Allows Remote Hacking of Annke Video Surveillance Product (lien direct) | Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke, a Hong Kong-based global provider of home and business security solutions. | Hack Vulnerability | ||
|
2021-08-24 19:08:00 | Don\'t get rugged: DeFi scams go from zero to $129 million in a year to become top financial hack (lien direct) | Atlas VPN's analysis finds that theft within decentralized finance networks is taking in more money than phishing and ransomware attacks. | Ransomware Hack | ||
|
2021-08-23 16:52:00 | How to gain unlimited Gmail addresses with this simple hack (lien direct) | Jack Wallen shows you a neat little Gmail trick that makes it possible for you to not only gain unlimited Gmail addresses but more easily determine if something nefarious has been sent to you. | Hack |
To see everything:
Our RSS (filtrered)
