What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-02 11:52:34 | Former Employee Accused of Being Behind Ubiquiti Hack (lien direct) | The hacker attack disclosed by Ubiquiti in January 2021 was actually conducted by a former employee, according to the Justice Department, which announced charges against the individual on Wednesday. | Hack | ||
 |
2021-11-30 13:00:00 | Think Climate Change Is Messy? Wait Until Geoengineering (lien direct) | Someone's bound to hack the atmosphere to cool the planet. So we urgently need more research on the consequences, says climate scientist Kate Ricke. | Hack | ||
 |
2021-11-30 01:36:45 | Panasonic Suffers Data Breach After Hackers Hack Into Its Network (lien direct) | Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26. | Data Breach Hack | ||
 |
2021-11-29 22:23:51 | How to disable (again) the blur effect on the Windows 11 login screen (lien direct) | We used a Registry File hack in Windows 10 to disable the blur effect on the login screen, but the Windows 11 update restored the default. We'll show you how to fix it again. | Hack | ||
 |
2021-11-29 09:40:21 | Panasonic discloses data breach after network hack (lien direct) | Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month. [...] | Data Breach Hack Threat | ||
 |
2021-11-27 09:31:26 | Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis, (Sat, Nov 27th) (lien direct) | The 2021 SANS Holiday Hack Challenge begins mid-December, but you can already watch "SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis" on YouTube. | Hack | ||
 |
2021-11-24 15:29:13 | Apple Sues NSO Group (lien direct) | Piling more on NSO Group’s legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims' devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers. More news: Apple's legal complaint provides new information on NSO Group's FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim's Apple device and install the latest version of NSO Group's spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. ... | Hack Vulnerability | ||
 |
2021-11-23 08:29:16 | GoDaddy hack exposes accounts of 1.2 million customers (lien direct) | Web-hosting firm and domain registrar GoDaddy has revealed that it has suffered cyber attack which saw a hacker gain access to details of over one million customers. Read more in my article on the Hot for Security blog. | Hack | ||
|
2021-11-22 15:55:47 | Researchers Hack Conti Ransomware Infrastructure (lien direct) | Prodaft security researchers exploited a vulnerability in the recovery servers used by the Conti Ransomware-as-a-Service (RaaS), which allowed them to gain insight into the inner workings of the ransomware. | Ransomware Hack Vulnerability | ||
|
2021-11-22 11:43:08 | GoDaddy hack causes data breach affecting 1.2 million customers (lien direct) | GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. [...] | Data Breach Hack | ||
|
2021-11-19 12:00:00 | Locked Out of \'God Mode\', Runners Hack Their Treadmills (lien direct) | NordicTrack customers were watching Netflix using a simple trick-until the company blocked their access. | Hack | ||
|
2021-11-15 19:51:13 | How to restore the full context menu to File Explorer in Windows 11 (lien direct) | The full right-click context menu in File Explorer can be restored in Windows 11 with a specific code and an unusual and slightly tricky hack of the Windows Registry File. | Hack | ||
|
2021-11-11 21:43:11 | Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant (lien direct) | Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a | Hack Threat | ||
 |
2021-11-10 14:00:00 | Breach and Attack Simulation: Hack Yourself to a More Secure Future (lien direct) | Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […] | Hack Threat | ||
|
2021-11-10 12:08:04 | Lazarus hackers target researchers with trojanized IDA Pro (lien direct) | A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. [...] | Hack | APT 38 APT 28 | |
 |
2021-11-04 14:58:51 | (Déjà vu) Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto (lien direct) | The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks. The US Department of Justice has indicted Joseph James O’Connor, a suspected Twitter hacker also known as ‘PlugWalkJoe,’ for also stealing $784,000 worth of cryptocurrency using SIM swap attacks. Crooks conduct SIM swapping attacks to take […] | Hack | ||
 |
2021-11-02 14:09:27 | Champion Spotlight: Cris Rodriguez (lien direct) | This interview was cross-posted from the Veracode Community. Join us in congratulating Cris, the latest Secure Code Champion in the Veracode Community! The Secure Code Champion is an award that recognizes individuals with three championships in the Veracode Community's Secure Coding Challenge competitions. Cris is a principal-level Application Security engineer in a large global travel technology company. In this role, he focuses on application penetration testing and setting the strategy for migrating their apps over to Google Cloud. Before entering the security space, he was a software developer for five years. In this interview, we asked Cris about this experience participating in the Secure Coding Challenges and his career change story. He talked about how he made the career switch from a developer to become a security engineer, and what he thinks is important for someone to be successful in this role. For developers considering a similar career move, he also shared the resources that he found most helpful. About Your Experience in the Secure Coding Challenge What brought you to the Secure Coding Challenge? I got an email about the competition and I enjoy a good challenge. What did you find most valuable in participating in the Challenge? Since there were multiple languages, we were able to experience different solutions for a single bug class. That was helpful since most companies use many languages for their apps. What's your suggestion for participants to stand out in the competition? Trust your instincts and be familiar with using a command line and coding project directory tree. As a security engineer, you'll need to be able to dig into your organization's code if you want to be able to help your developers succeed. About Your Experience Becoming a Security Engineer How have you grown from a software developer into a Security engineer? What are the skillsets and knowledge required for this career change? How did you acquire those skills? I was a software developer for five years before I switched over to security. When I made the switch, I was focusing on penetration so I read as many bug bounty write-ups as I could find and watched many more YouTube tutorials. Hack the box and pentester academy have been very helpful in my learnings. What are the top 3 qualities of a successful security engineer? Attention to detail:We are looking for bugs in code that work so you have to understand what makes a component vulnerable. Communication:The developers are going to push back sometimes so being able to communicate with them is key Vulnerability Knowledge:When the developers push back on a vulnerability you really need to have the knowledge of why it is important to fix it. It also helps if you can demonstrate how the vulnerability can be exploited. Is there any tool, resource, forum/meet-up, or course you'd recommend for developers looking to break into the security world? Read the disclosed write-ups at HackerOne and Bugcrowd. Also, here is a link to a great repo that gathered a lot of write-ups. https://github.com/devanshbatham/Awesome-Bugbounty-Writeups Questions about becoming a security engineer? Or, if you're a fellow security engineer, let's connect! You can follow me on Twitter @Nimbus689 or connect with me on LinkedIn. https://www.linkedin.com/mwlite/in/cristobal-rodriguez-03b3b079 | Hack Vulnerability | ||
|
2021-11-01 13:52:42 | How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash (lien direct) | Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […] | Hack | ||
|
2021-10-29 21:35:39 | An Apparent Ransomware Hack Puts the NRA in a Bind (lien direct) | The group behind the reported attack is under sanctions from the US Treasury, which means a payout could come with penalties for the victim. | Ransomware Hack | ||
 |
2021-10-29 13:38:04 | Microsoft documents “SHROOTLESS” hack patched in latest Apple updates (lien direct) | We'd have called this bug "SHROOTMORE", but naming it wasn't our call. | Hack | ||
|
2021-10-27 14:58:52 | Microsoft warns of new supply chain attacks by Russian-backed Nobelium group (lien direct) | The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May. | Hack | ★★★★★ | |
|
2021-10-27 13:26:12 | Twitter employees required to use security keys after 2020 hack (lien direct) | Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack. [...] | Hack | ||
|
2021-10-26 12:28:47 | BillQuick Billing Software Exploited to Hack U.S. Engineering Company (lien direct) | Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports. | Hack Threat | ||
 |
2021-10-25 05:51:00 | Attempted hack causes Tesco website outage (lien direct) | Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports. | Hack | ||
|
2021-10-25 04:37:22 | Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May (lien direct) | Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021. [...] | Hack | ||
|
2021-10-22 18:59:43 | REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation (lien direct) | The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack. | Ransomware Hack Guideline | ||
|
2021-10-21 20:10:31 | A flaw in WinRAR could lead to remote code execution (lien direct) | A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of […] | Hack Vulnerability | ||
|
2021-10-21 06:18:02 | Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer (lien direct) | A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks.
Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This |
Hack | ||
|
2021-10-21 00:00:05 | Smashing Security podcast #248: Press F12 to hack (lien direct) | A journalist is threatened with prosecution after choosing to "View Source" on a public webpage, Amazon Ring owners might be in line for a hefty fine if their neighbours complain, and is the school lunch queue a good place for facial recognition? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. | Hack | ||
|
2021-10-19 09:17:45 | Man gets 7 years in prison for hacking 65K health care employees (lien direct) | Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...] | Hack | ||
|
2021-10-19 08:07:56 | Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services (lien direct) | Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.
Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used |
Hack Vulnerability | ||
|
2021-10-18 20:42:56 | How to install Windows 11 on older, unsupported PCs (lien direct) | Microsoft will not automatically update unsupported PCs, so users must take it upon themselves to perform the procedure manually. But success requires a simple hack of the process. | Hack | ||
|
2021-10-18 07:27:01 | REvil ransomware operation shuts down once again (lien direct) | It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site and payment portal. The news of the hack was shared by the […] | Ransomware Hack Threat | ||
|
2021-10-15 18:11:10 | Twitch Says Hack Impacted \'Small Fraction of Users\' (lien direct) | Amazon-owned live streaming service Twitch on Friday shared another update on the recent data breach. The company says it's confident that only a “small fraction of users” are affected and that customer impact is minimal. The company said the breach was a result of a server configuration change that allowed the hackers to gain access to its systems. | Hack | ||
|
2021-10-15 16:58:32 | LANtenna hack spies on your data from across the room! (Sort of) (lien direct) | Are your network cables acting as undercover wireless transmitters? What can you do if they are? | Hack | ||
|
2021-10-11 18:25:55 | Engineering Company Weir Group Discloses Ransomware Hack (lien direct) | Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. | Ransomware Hack | ||
|
2021-10-11 15:02:35 | Man charged with hack which shared COVID-19 test details in protest against vaccine pass (lien direct) | Police in France have arrested and charged a 22-year-old man with hacking into a "secure" file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for 1.4 million people. | Hack | ||
|
2021-10-09 13:00:00 | Someone Hacked a US Warship Facebook Account to Stream Games (lien direct) | Plus: Twitch hack fallout, Russian phishing, and more of the week's top security news. | Hack | ||
|
2021-10-06 19:48:51 | Streaming Site Twitch Confirms Hack (lien direct) | Amazon's popular live video streaming platform Twitch said Wednesday hackers had broken into its network after reports of exposed confidential company data surfaced online. The service, where users often stream live video game play, confirmed the break-in on Twitter. | Hack | ||
|
2021-10-06 15:47:57 | A Devastating Twitch Hack Sends Streamers Reeling (lien direct) | The data breach apparently includes source code, gamer payouts, and more. | Data Breach Hack | ||
|
2021-10-06 14:19:18 | Syniverse Hack (lien direct) | This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. I’ve never heard of the company. No details about the hack. It could be nothing. It could be a national intelligence service looking for information. | Hack | ||
|
2021-09-30 12:02:50 | Contactless Payment Card Hack Affects Apple Pay, Visa (lien direct) | A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities exploited in the attack remain unpatched, but the impacted vendors say they are not concerned. | Hack | ||
 |
2021-09-29 17:58:33 | Love HacktheBox Walkthrough (lien direct) | Love is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim's system. Penetration Methodlogies 1st Method Recon Nmap Enumeration Dirb Exploit SSRF Unrestricted file upload to RCE Reverse Shell via Metasploit Post Enumeration | Hack | ★★★ | |
|
2021-09-28 15:12:01 | Assume Nothing: The story of the TalkTalk hack (lien direct) | The BBC has created a great documentary about the infamous TalKTalk hack. I think you would enjoy listening to it. | Hack | ||
|
2021-09-25 10:00:00 | Bitcoin.org hackers steal $17,000 in \'double your cash\' scam (lien direct) | This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...] | Hack Threat | ||
|
2021-09-24 11:00:19 | Port of Houston Target of Suspected Nation-State Hack (lien direct) | A major U.S. port was the target last month of suspected nation-state hackers, according to officials. The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.” | Hack | ||
|
2021-09-23 17:21:28 | Scriptkiddie HackTheBox Walkthrough (lien direct) | Script Kiddie is a CTF hosted on Hack the Box with Beginner categories. The objective for the participant is to identify the files user.txt and root.txt on the victim’s system. Penetration Methodlogies Recon Nmap Enumeration Exploit Generating apk Netcat Reverse Connection Post Enumeration Capture User.txt Abusing writeable script Privilege Escalation | Hack | ||
|
2021-09-23 15:21:02 | Report: Suspected Chinese Hack Targets Indian Media, Gov\'t (lien direct) | A U.S.-based private cybersecurity company said Wednesday it has uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the country's national identification database have been hacked, likely by a state-sponsored Chinese group. | Hack | ||
|
2021-09-23 14:23:32 | (Déjà vu) Apple patches new zero-day bug used to hack iPhones and Macs (lien direct) | Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack | ||
|
2021-09-23 14:23:32 | Apple fixes another zero-day used to deploy NSO iPhone spyware (lien direct) | Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...] | Hack |
To see everything:
Our RSS (filtrered)
