What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-17 13:18:17 | TFlower Ransomware - The Latest Attack Targeting Businesses (lien direct) | The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services. [...] | Ransomware Hack | ||
 |
2019-09-16 13:00:00 | Hacker prevention: tips to reduce your attack surface (lien direct) |
These days it seems that every time you open your favorite news source there is another data breach related headline. Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years. With all this publicity and the increasing awareness of the general public about how data breaches can impact their personal privacy and financial wellbeing, it is no surprise that there is a lot of interest in preventing hacking. The trouble is that there is no way to prevent others from attempting to hack into any target they chose. Since there is a practically limitless number of targets to choose from, the attacker need only be lucky or skilled enough to succeed once. In addition, the risk of successful prosecution of perpetrators remains low. However, while you can’t prevent hacking, you can help to reduce your attack surface to make your organization less likely to be the subject of attacks.
At this point, lets differentiate between opportunistic attacks and targeted attacks. Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations. Ever wonder why a small business with a small geographic footprint and almost no online presence gets compromised? Chances are good they just had the right combination of issues that an automated attack bot was looking to exploit. These kinds of events can potentially end a small to medium business as a going concern while costing the attacker practically nothing.
Targeted attacks are a different story all together. These attacks are generally low, slow and persistent; targeting your organizations technical footprint as well as your employees, partners and supply chain. While targeted attacks may utilize some of the same exploitable conditions that opportunistic attacks use, they tend to be less automated in nature so as to avoid possible detection for as long as possible. In addition, they may involve a more frequent use of previously unknown exploit vectors (“zero day’s”) to reach their goals or abuse trusted connections with third parties to gain access to your organization. Ultimately it doesn’t matter which of these kinds of attacks results in a breach event, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk.
There have been many articles written regarding best practices for minimizing the risk of a cyber-security incident. Rather than recount a list of commonly cited controls, I would like to approach the topic from a slightly different perspective and focus on the top six technical controls that I feel are likely to help mitigate the most risk, provided that all the “table stakes” items are in place (i.e. you have a firewall, etc.).
Patch and Update Constantly: Ultimately the most hacker-resistant environment is the one that is best administered. Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training. This practice often forces prioritization and choice about what tasks get done sooner, later or at all. Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions. Lack |
Data Breach Malware Hack | ||
|
2019-09-13 20:16:20 | North Korean Hackers Behind WannaCry and Sony Hack Sanctioned by USA (lien direct) | The U.S. Treasury signed sanctions against three hacking groups actively engaged in cyber operations meant to bring financial assets to the government of North Korea.. [...] | Hack | Wannacry | |
 |
2019-09-13 12:02:18 | Hacking LED Wristbands: A \'Lightning\' Recap of RF Security Basics (lien direct) |  We're always eager for new research and learning opportunities, but this time, serendipitously, the opportunity found us. At the closing party of the Hack In The Box Amsterdam conference - where we presented our industrial radio research and ran a CTS contest - we were given LED wristbands to wear. They're flashing wristbands meant to enhance the experience of an event, party, or show. At the beginning, we were not interested in the security impact; we just wanted to learn. Later on, however, we discovered that the RF link was used to transport an industrial protocol: DMX512 (Digital MultipleX 512), the same protocol used to pilot large light exhibitions.
|
Hack | ★★★ | |
|
2019-09-11 13:00:00 | Practicing safe charging (lien direct) |
This past June, I attended the 2019 Bitcoin Conference in San Francisco, CA. With the various discussions on Bitcoin, Cryptocurrency, and with the chance to hang out with my favorite Crypto personalities, it was easy to lose myself in all the festivities.
While taking a break, I found a seat and decided to charge my iPhone. The station by where I was seated was a wooden cube with two standard wall sockets and two USB ports. Other users took the wall sockets, but I knew that I could charge my phone via USB.
But before I did, I remembered on the trip up to San Francisco, one of my travel companions who was with a startup known as CoinCards passed out what they called a "USB data blocker” usb adaptor."
So, what is a USB data blocker?
 
Chargers for modern cellphones, in my case an iPhone Lightning Charger, serve dual purposes. 1. The charge your phone and 2. They allow for the transfer of data.
Why is this important to understand?
So, take the charging cube from the conference. Consider that a hacker placed the cube with a device, say a Raspberry Pi and the USB ports that were visible from the outside where the USB ports for the PI or USB hub connected to the Pi.
Once my phone was plugged in, it could potentially expose me to whatever malware was on the Raspberry Pi. A USB data blocker
stops the data flow aspect of the charging cable and allows only the charging element.
Cybersecurity is no longer a corporate issue; we have all become our own cybersecurity firm and responsible for protecting our data.
Anti-virus and firewalls can only protect us so much; we have to do our due diligence when it comes to our safety online. Consider the computer housed behind a firewall. There can be some expectation of safety inside of the firewall, especially one that is monitored and updated.
But that firewall will not make a difference if someone brings in an infected USB device and then plugs that device into one of the company's computers. I know this from experience.
A client was confident that their firewall would protect them from cyber threats to the point where they refused to purchase anti-virus for their computers. One day, an employee brought in a USB flash drive that they had used at home and plugged it into their work computer. Turns out a file on their home computer was infected with malware and they brought it into the office. It put data on the server so that others could access it and the malware was able to spread, including to the server.
But how does this fit into our discussion on USB data blockers? If you take the phone aspect out of it, smart devices are computers. Smart devices access the internet, upload, and download and generally utilize USB to charge or sync data.
While iPhones are less likely to be the victim of malware than Android or Windows phones. We would be foolish to assume that a potential hacker could not use the lightning charger to send malicious software to the iPhone.
Apple has recently offered a bounty to anyone who can hack the iPhone OS; which means this topic has made the rounds at Apple as well.
Cyber awareness, training, and education are more critical now than ever. We can no longer assume because we have a particular type of device that we are automatically safe from harm.
Safe is not the world we live in anymore.
 |
Malware Hack | ||
 |
2019-09-10 08:54:03 | Student pleads guilty to IRS hack attempt for Trump tax returns (lien direct) | Prosecutors call him a mastermind. Defenders say it was Wayne's World gone awry. | Hack | ||
 |
2019-09-10 05:53:00 | IDG Contributor Network: How a small business should respond to a hack (lien direct) | Hacks and data breaches are, unfortunately, part of doing business today. Ten years ago, it was the largest corporations that were most targeted by hackers, but that has changed. As large organizations have improved their cybersecurity, and more and more small businesses go online, hackers have shifted their attention to smaller targets.The threat Putting numbers on the scale of cybercrime is difficult, not least because many companies are resistant to acknowledging that they've been hacked. A huge study from 2010, though, conducted by Verizon working in conjunction with the US Secret Service, found that even then smaller businesses were under huge threat from cybercriminals: over 60% of the data breaches covered in that report were from businesses with less than 100 employees. | Hack Threat | ||
 |
2019-09-09 23:09:04 | Brain hack devices must be scrutinised, say top scientists (lien direct) | The UK's Royal Society warns of the risk of companies accessing our thoughts and moods. | Hack | ||
 |
2019-09-09 13:29:02 | Man Pleads Guilty for Trying to Access Trump\'s Tax Returns (lien direct) | A Philadelphia man has pleaded guilty to trying to hack the IRS to obtain President Donald Trump's tax returns. Andrew Harris pleaded guilty Thursday to two computer fraud counts in federal court. The 23-year-old faces up to two years in prison and $200,000 fine. | Hack Guideline | ||
 |
2019-09-09 11:18:05 | Apple responds to Google\'s statement on iOS security vulnerabilities (lien direct) | Google's Report On iPhone Exploit Was Exaggerated, Says Apple Last week, Google in a blog post had announced that its Threat Analysis Group (TAG) and Project Zero had discovered a series of iOS exploit chains in the wild that were designed to hack iPhones over a period of at least two years. They were being used […] | Hack Threat | ||
 |
2019-09-07 21:52:04 | Google report on iPhone hack created \'False Impression,\' states Apple (lien direct) | Apple replied to Google about the recent report suggesting iPhones may have been hacked as part of a long-running hacking campaign. Apple criticized the report recently published by Google that claims that iPhones may have been hacked by threat actors as part of a long-running hacking campaign. Apple defines the report as inaccurate and misleading. […] | Hack Threat Guideline | ||
|
2019-09-07 17:02:04 | Apple: Security Report on iPhone Hack Created \'False Impression\' (lien direct) | Apple hit back Friday at a Google research report suggesting iPhones may have been targeted by a long-running hacking operation, calling it inaccurate and misleading. | Hack Guideline | ||
|
2019-09-05 09:59:03 | Twitter temporarily disables feature to tweet via SMS after CEO hack (lien direct) | Twitter opted to temporarily disable the feature that allows users to post tweets via SMS, in response to the hack of the CEO’s account. Twitter announced to temporarily disable the feature that allows users to post tweets via SMS, in response to the hack of the CEO’s account. “We're taking this step because of vulnerabilities […] | Hack | ||
|
2019-09-05 07:24:01 | Twitter Temporarily Disables Tweeting via SMS After CEO Hack (lien direct) | Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts. | Hack | ||
|
2019-09-04 12:36:04 | Twitter CEO Hack Highlights Dangers of \'SIM Swap\' Fraud (lien direct) | Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number. | Hack | ||
|
2019-09-04 09:14:01 | Some Zyxel devices can be hacked via DNS requests (lien direct) | Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. Security researchers at SEC Consult discovered multiple vulnerabilities in various Zyxel devices, including hardcoded credentials and issues that could allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure […] | Hack | ||
|
2019-09-03 21:42:02 | USBAnywhere BMC flaws expose Supermicro servers to hack (lien direct) | USBAnywhere – Tens of thousands of enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in USB devices. Tens of thousands of servers worldwide powered by Supermicro motherboards are affected by a vulnerability that would allow an attacker to remotely take over them. Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities […] | Hack Vulnerability | ||
 |
2019-09-03 13:04:03 | Jack Dorsey Twitter Hack – How Can SIM Swap Be Stopped? (lien direct) | On Friday afternoon Jack Dorsey's Twitter account was hacked – later identified as a SIM swap attack. With this type of fraud a hacker either convinces or bribes a carrier employee to switch the number associated with a SIM card to another device, at which point they can intercept any two-factor authentication codes sent by … The ISBuzz Post: This Post Jack Dorsey Twitter Hack – How Can SIM Swap Be Stopped? | Hack | ||
|
2019-09-03 04:38:01 | Malicious websites have been quietly hacking iPhones for years, says Google (lien direct) | Google reveals malicious websites were secretly used to hack into iPhones for years Security researchers at Google have discovered a series of hacked websites that were delivering malware designed to hack iPhones over a period of at least two years. These websites, which were visited thousands of times a week, were being used to extensively […] | Malware Hack | ||
|
2019-08-31 14:48:03 | FIN6 recently expanded operations to target eCommerce sites (lien direct) | The financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), the financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. FIN6 group has been active since 2015, […] | Hack | ||
|
2019-08-31 08:43:00 | (Déjà vu) Twitter account of Jack Dorsey, Twitter CEO and co-founder, has been hacked (lien direct) | Hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter, and published and retweeted offensive and racist messages. No one is secure online, news of the day is that hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter and co-founder, and published and retweeted offensive and racist tweets. The hack tool place […] | Hack Tool | ||
|
2019-08-30 16:41:00 | Google Finds \'Indiscriminate iPhone Attack Lasting Years\' (lien direct) | Security researchers at Google have found evidence of a “sustained effort” to hack iPhones over a period of at least two years.The attack was said to be carried out using websites which would discreetly implant malicious software to gather contacts, images and other data. Google's analysis suggested the booby-trapped websites were said to have been … The ISBuzz Post: This Post Google Finds ‘Indiscriminate iPhone Attack Lasting Years’ | Hack | ||
|
2019-08-30 14:56:00 | iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years (lien direct) | Google on Thursday published detailed information on five iOS exploit chains, one of which has been used to remotely hack iPhones for at least two years. | Hack | ||
|
2019-08-30 11:59:02 | Google revealed how watering hole attacks compromised iPhone devices earlier this year (lien direct) | Google researchers discovered that iPhone devices could be hacked by tricking owners into visiting specially crafted websites. Researchers at Google Project Zero discovered that it was possible to hack iPhone devices by visiting specially crafted websites. Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited […] | Hack Threat | ||
|
2019-08-29 21:09:05 | Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft (lien direct) | Paige Thompson, the alleged hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. Paige Thompson, a transgender woman, suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. In […] | Hack | ||
|
2019-08-29 07:11:05 | Bug Hunters Invited to Hack Facebook Devices at Pwn2Own Tokyo 2019 (lien direct) | Trend Micro's Zero Day Initiative (ZDI) on Wednesday announced the prizes, rules and targets for Pwn2Own Tokyo 2019, which is set to take place on November 6-7 alongside the PacSec conference in Tokyo, Japan. This year's event targets 17 devices and over $750,000 in cash and prizes are being offered to researchers who can hack them. | Hack | ||
|
2019-08-27 16:27:03 | Nato: Cyber-attack on one nation is attack on all (lien direct) | The military alliance says a serious hack attack would trigger a defence from all 29 members. | Hack | ||
|
2019-08-27 06:17:01 | White hat hacker demonstrated how to hack a million Instagram accounts (lien direct) | A researcher was awarded $10,000 by Facebook for the discovery of a critical vulnerability that could have been exploited to hack Instagram accounts. The white-hat hacker Laxman Muthiyah has discovered a critical vulnerability that could have been exploited to hack Instagram accounts. The process affected Instagram's password recovery process for mobile devices that leverages on […] | Hack Vulnerability | ||
|
2019-08-26 16:49:05 | (Déjà vu) Binance says that leaked KYC Data are from third-party vendor. (lien direct) | The Binance cryptocurrency exchange revealed that leaked users’ KYC data were obtained by hackers from a third-party vendor. In July, the hack of the Binance cryptocurrency exchange made the headlines, hackers stole$41 Million worth of Bitcoin (over 7,000 bitcoins) from Binance. Binance is one of the world's largest cryptocurrency exchanges, its founder and CEO Changpeng Zhao confirmed that the hackers […] | Hack | ||
|
2019-08-26 15:22:04 | Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (lien direct) | A researcher says he has received $10,000 from Facebook after finding another critical vulnerability that could have been exploited to hack Instagram accounts. | Hack Vulnerability | ||
|
2019-08-26 10:38:00 | Capital One hack shows difficulty of defending against irrational cybercriminals (lien direct) | Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One. Thompson, who at the time of her arrest ran a hosting company called Netcrave Communications, had held a series of engineering jobs, including a stint at Amazon Web Services (AWS) in 2015 and 2016, where she presumably gained the skills to exploit a vulnerability in an application firewall on Capital One's AWS server. | Hack Vulnerability Guideline | ||
|
2019-08-24 05:07:04 | Microsoft is offering up to $30,000 to hack Chromium-based Edge browser (lien direct) | Researchers Can Earn Up To $30,000 With Microsoft's New Chromium Edge Browser Bounty Program Microsoft has launched a new Insider Bounty Program for its beta version of its new Chromium-based Edge browser that will reward researchers up to $30,000 for finding vulnerabilities that are unique to Edge. “We're excited to expand our bounty programs today to […] | Hack | ||
|
2019-08-23 17:36:00 | US Wants Woman Accused in Capital One Hack to Stay Locked Up (lien direct) | A woman accused of hacking Capital One and at least 30 other organizations is a flight risk, a threat and should be kept locked up until her trial, U.S. prosecutors said in court documents filed ahead of a Friday detention hearing in Seattle. | Hack Threat | ||
|
2019-08-21 13:00:00 | Cyberbullying and cybersecurity: how are they connected? (lien direct) |
Image Source: Pixabay
Cyberbullying and cybersecurity incidents and breaches are two common problems in the modern, internet-driven world. The fact that they are both related to the internet is not the only connection they have, however. The two are actually intimately connected issues on multiple levels.
It may seem like an odd notion. After all, cyberbullying typically involves using technology to harass a person (often overtly), while cybersecurity involves preventing hackers and identity thieves from accessing information and then simply getting away without being caught. While the two have similarities in that they both involve malicious actors online, the motives are quite different. However, the points of connection between these two topics are worth exploring.
Defining cyberbullying and cybersecurity
When comparing terms like these, it can be helpful to lay out a definition for each in order to make sure everyone is on the same page. Cyberbullying is, simply put, bullying a person through technological outlets, such as social media or texting. Cybersecurity is the protection of sensitive data (and therefore people) using specific measures.
Cyberbullying
The modern world now knows that bullying can go beyond simple physical abuse; it can take place digitally as well. Cyberbullying can involve intimidating, deceiving, harassing, humiliating, and even directly impersonating a person. Since it takes place online, it also isn’t restricted to places like school or social gatherings. Due to the ubiquitous nature of the internet, cyberbullying can follow victims throughout every aspect of their lives.
It also typically involves the common issue of cyberstalking. While it may be cute or entertaining to learn about a new friend or potential partner by following their goings-ons on Facebook, the issue of cyberstalking in a cyberbullying context is serious and is one of the key things that connect it to cybersecurity.
From various levels of emotional abuse to stalking and even physical violence in extreme cases — such as that of Shana Grice in 2016, cyberbullying has a well-documented track record as a malicious and dangerous practice.
Cybersecurity
While cybersecurity is a broad topic, it’s worth taking the time to highlight some of the more specific areas of the practice that directly relate to the issue of cyberbullying.
Identity theft is the poster child of cybercrime, and it’s a threat that’s used in cyberbullying often. In addition to defrauding an individual by accessing or opening new lines of credit in their name, cybercriminals may impersonate an individual for other motives. For instance, if a cyberbully is stalking someone else, they may hack into their user account on a game, an email address, or social media account in order to impersonate them. This allows them to get information from their victim’s friends and family or harass them.
Another way a cyberbully can be a cybersecurity threat is by using malware to hack |
Data Breach Malware Hack Threat | ||
 |
2019-08-20 16:00:00 | A Huge Ransomware Attack Messes With Texas (lien direct) | A coordinated strike against 23 local governments is called the largest such hack from a single source. | Ransomware Hack | ||
|
2019-08-19 15:30:03 | (Déjà vu) The Most Common Hack Is Also The Most Successful. Here\'s How To Fight It. (lien direct) | Despite what movies might show, most hacks don't involve frantic typing or brute-force attacks. In fact, Verizon’s “2017 Data Breach Investigations” report revealed that 90 percent of successful hacks aren't hacks at all: They’re social engineering. Simply put, social engineering is about manipulating people rather than computers. Modern hackers have discovered that it is easier … The ISBuzz Post: This Post The Most Common Hack Is Also The Most Successful. Here’s How To Fight It. | Data Breach Hack | ||
|
2019-08-19 13:00:00 | What is r00tz Asylum? (lien direct) |
At Black Hat 2019 I had the pleasure to meet some AT&T colleagues who are now my new InfoSec buddies! I met Marc Kolaks and Don Tripp from the Office of the CSO at the AT&T Cybersecurity booth.
They told me about the weekend event they volunteering for at Defcon. So, being nosy I had to hear all about it and get some pics from the event (couldn’t attend myself due to date conflict with Diana Initiative.) First some cute kid pics!
 
R00tz started back in 2011; originally called Defcon Kids. It is an event designed specifically for kids to introduce them to “White Hat” security. It includes hands on events, talks, and contests that are specifically geared for a younger crowd, including lock picking, soldering stations, capture the flag contests, technical talks and more. One of the keys to the success of the event is that all these activities are specifically designed for and targeted for a young audience and include an Honor Code.
Some of the key aspects of the Honor Code include the following values:
Only do good
Always do your best
Constantly improve
Innovate
Think long-term
Be positive
Visualize it
Inspire others
Go big & have fun!
In general, the kids are encouraged to explore, to innovate and to learn.
The “rules” that govern R00TZ participation include:
Only hack things you own
Don’t hack anything you rely on
Respect the rights of others
Know the law, the possible risk, and the consequences for breaking it
Find a safe playground
AT&T participation: past and present
AT&T has participated in the r00tz event for the last few years. We’ve grown from being only a financial sponsor into actively participating.
Patrick McCanna & Marc Kolaks were the key individuals to get ATT involved. Patrick provided the contacts, and Marc arranged for the sponsorship. They saw a fantastic opportunity for AT&T to make a positive impact in the otherwise nefarious realm of hacking.
One of the major contributions that AT&T provides to the r00tz event is the “Junk Yard”
This event provides piles of old electronic equipment ranging from cell phones to routers to typewriters. The kids are provided with hand tools, and eye protection (this year some AT&T Cybersecurity sunglasses were provided), and are allowed / encouraged to dis-assemble all this equipment simply to “see what’s inside”.
In addition to the Junk Yard we’ve created various hands on activities ranging from penetration testing demonstrations to a customized version of the Hacker Games and Link buster in order to teach security “best practices” in a fun environment. Along with the “games” we also hosted MIT’s SCRATCH programming environment to allow the kids to experience computer programming on a fun an easy to understand platform.
Another addition to this year’s event included providing information to parents on AT&T’s ASPIRE program and information on STEM (Science, Technology, Engineering & Math) opportunities for th |
Hack | ||
|
2019-08-18 20:51:03 | Kaspersky Antivirus Injected Unique ID That Allowed Tracking Its Users Online (lien direct) | A security flaw in Kaspersky antivirus leaves millions of users exposed to online hack A security journalist Ronald Eikenberg at German computer magazine C'T revealed that a flaw in Kaspersky antivirus software allowed third parties to spy on its millions of users for years – even in the browser's Incognito Mode or when you use […] | Hack | ||
|
2019-08-16 19:12:01 | Iowa Grocery Chain Investigating Possible Hack of Payment Processing Systems (lien direct) | A West Des Moines, Iowa-based grocery chain that also operates restaurants, fuel-pumps and drive-thru coffee shops is warning its customers about a security incident involving some of its payment card systems. | Hack | ||
 |
2019-08-16 09:48:05 | European Central Bank confirms website hack and data breach (lien direct) | The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers. | Data Breach Malware Hack | ||
|
2019-08-15 15:07:03 | “NULL” vanity plate hack to dodge parking tickets backfires to the tune of $12,000 (lien direct) | A US security researcher called Droogie thought he’d come up with the perfect wheeze to avoid being fined by the Department of Motor Vehicles (DMV) – he bought a personalised license plate which we believed would mess with the DMV’s database. The name on Droogie’s vanity plate? “NULL” | Hack | ||
|
2019-08-12 14:24:00 | Watch out, your StockX account details may be available in crime forums (lien direct) | Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX, the fashion and sneaker trading platform. A threat actor stole details of 6 million users, the stolen data includes user names, email addresses, addresses, shoe size, purchase history, and encrypted passwords (salted […] | Hack Threat | ||
|
2019-08-12 13:21:00 | Researchers Demonstrate Ransomware Attack on DSLR Camera (lien direct) | 
Researchers at cybersecurity firm Check Point have demonstrated that malicious actors could hack a DSLR camera and infect it with a piece of ransomware.
|
Ransomware Hack | ||
|
2019-08-11 21:37:05 | Database from StockX Hack Sold Online, Check If You\'re Included (lien direct) | A database reportedly containing 6,840,339 unique user accounts from the recent StockX data breach is being sold and distributed online. Bad actors have stated that they have already begun to decrypt the passwords and it is expected for this information to be used in future attacks. [...] | Data Breach Hack | ||
|
2019-08-10 21:27:00 | Clever attack uses SQLite databases to hack other apps, malware servers (lien direct) | Tainted SQLite database can run malicious code inside other apps, such as web apps or Apple's iMessage. | Malware Hack | ||
|
2019-08-09 12:00:00 | Sorry, But We Can\'t Just Hack Our Way Out of Climate Doom (lien direct) | We have to suck carbon out of the atmosphere. That alone won't fix the mess we've made. | Hack | ||
|
2019-08-08 17:26:00 | KDE Linux Desktops are vulnerable to hack just by downloading Malicious files (lien direct) | Researcher discloses an unpatched KDE vulnerability that can run malicious code on a user’s system A security researcher has published a proof-of-concept (POC) code on Twitter for a zero-day vulnerability in the KDE software framework that is yet to be fixed. The security expert, Dominik Penner aka “@zer0pwn” who discovered the problem said that the […] | Hack Vulnerability | ||
 |
2019-08-07 14:14:03 | How the Air Force used a bug bounty program to hack its own cloud server (lien direct) | The Air Force paid out $123,000 to researchers who found vulnerabilities in the organization's move to the cloud. Here's why. | Hack | ||
 |
2019-08-07 04:05:02 | Package Delivery! Cybercriminals at Your Doorstep (lien direct) | >Reading Time: 6 minutes IBM X-Force Red investigated how cybercriminals might seek to exploit package deliveries to hack into corporate or personal home networks right from the office mailroom or from someone's front door. | Hack | ||
|
2019-08-06 08:11:02 | QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air (lien direct) | Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […] | Hack |
To see everything:
Our RSS (filtrered)
