What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-25 17:14:05 | Harmony Blockchain Bridge Loses $100 Million In Crypto Hack (lien direct) | >U.S. based firm Harmony, the crypto start-up behind Horizon Blockchain Bridge, on Friday announced that $100 million worth of digital tokens were stolen from one of its key products. For the unversed, Horizon Blockchain Bridge allows users to transfer their crypto assets including tokens, stablecoins, and NFTs, between Ethereum, Binance Smart Chain, and the Harmony blockchain. The company said that on June 23, 2022, […] | Hack | ||
 |
2022-06-23 19:36:46 | Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, | Hack Threat | ||
 |
2022-06-23 15:28:48 | CISA: Log4Shell exploits still being used to hack VMware servers (lien direct) | CISA warned today that threat actors including state-backed hacking groups are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. [...] | Hack Threat | ||
|
2022-06-23 06:05:37 | Conti ransomware hacking spree breaches over 40 orgs in a month (lien direct) | The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. [...] | Ransomware Hack | ||
 |
2022-06-20 21:46:13 | Russian APT28 hacker accused of the NATO think tank hack in Germany (lien direct) | >The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […] | Hack | APT 28 | |
 |
2022-06-20 10:58:14 | Jury Convicts Seattle Woman in Massive Capital One Hack (lien direct) | A federal jury on Friday convicted a former Seattle tech worker of several charges related to a massive hack of Capital One bank and other companies in 2019. | Hack | ||
 |
2022-06-17 20:19:14 | BSidesSF 2022 Writeups: Tutorial Challenges (Shurdles, Loadit, Polyglot, NFT) (lien direct) | Hey folks, This is my (Ron's / iagox86's) author writeups for the BSides San Francisco 2022 CTF. You can get the full source code for everything on github. Most have either a Dockerfile or instructions on how to run locally. Enjoy! Here are the four BSidesSF CTF blogs: shurdles1/2/3, loadit1/2/3, polyglot, and not-for-taking mod_ctfauth, refreshing turtle, guessme loca, reallyprettymundane Shurdles - Shellcode Hurdles The Shurdles challenges are loosely based on a challenge from last year, Hurdles, as well as a Holiday Hack Challenge 2021 challenge I wrote called Shellcode Primer. It uses a tool I wrote called Mandrake to instrument shellcode to tell the user what's going on. It's helpful for debugging, but even more helpful as a teaching tool! The difference between this and the Holiday Hack version was that this time, I didn't bother to sandbox it, so you could pop a shell and inspect the box. I'm curious if folks did that.. probably they couldn't damage anything, and there's no intellectual property to steal. :) I'm not going to write up the solutions, but I did include solutions in the repository. Although I don't work for Counter Hack anymore, a MUCH bigger version of this challenge that I wrote is included in the SANS NetWars version launching this year. It covers a huge amount, including how to write bind- and reverse-shell shellcode from scratch. It's super cool! Unfortunately, I don't think SANS is doing hybrid events anymore, but if you find yourself at a SANS event be sure to check out NetWars! Loadit - Learning how to use LD_PRELOAD I wanted to make a few challenges that can be solved with LD_PRELOAD, which is where loadit came from! These are designed to be tutorial-style, so I think the solutions mostly speak for themselves. One interesting tidbit is that the third loadit challenge requires some state to be kept - rand() needs to return several different values. I had a few folks ask me about that, so I'll show off my solution here: #include int rand(void) { int answers[] = { 20, 22, 12, 34, 56, 67 }; static int count = 0; return answers[count++]; } // Just for laziness unsigned int sleep(unsigned int seconds) { return 0; } I use the static variable type to keep track of how many times rand() has been called. When you declare something as static inside a function, it means that the variable is initialized the first time the function is called, but changes are maintained as if it's a global variable (at least conceptually - in reality, it's initialized when the program is loaded, even if the function is never called). Ironically, this solution actually has an overflow - the 7th time and onwards rand() is called, it will start manipulating random memory. Luckily, we know that'll never happen. :) | Hack Tool | ★★★★ | |
 |
2022-06-15 13:59:37 | DragonForce Gang Unleash Hacks Against Govt. of India (lien direct) | In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India. | Hack | ||
 |
2022-06-14 13:09:05 | Report Reveals $1.7 Billion Hacked From Top 10 Centralised Crypto Exchanges Over The Last Decade (lien direct) | A new study from BestBitcoinExchange.io has assessed which of the top crypto exchanges have suffered the worst hacks in the past, which are the safest to trust going forward, and which should be avoided. The experts analyzed data from the top 25 crypto exchanges over the last ten years, to identify which are the most […] | Hack | ||
|
2022-06-11 13:34:12 | PACMAN, a new attack technique against Apple M1 CPUs (lien direct) | >PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. The pointer authentication codes (PACs) allow to detect and guard against unexpected changes to pointers in memory. […] | Hack | ||
 |
2022-06-09 15:15:24 | Why AIs Will Become Hackers (lien direct) | At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems - and what that will mean for us. | Hack | ★★★★ | |
 |
2022-06-08 20:21:29 | Gone in 130 seconds: New Tesla hack gives thieves their own personal key (lien direct) | You may want to think twice before giving the parking attendant your Tesla-issued NFC card. | Hack | ||
 |
2022-06-08 09:00:00 | China using top consumer routers to hack Western comms networks (lien direct) | You may want to think twice before giving the parking attendant your Tesla-issued NFC card. | Hack | ★★★★ | |
 |
2022-06-06 22:14:34 | [Live Demo] Ridiculously Easy Security Awareness Training and Phishing (lien direct) |
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. |
Hack | ||
|
2022-06-04 15:23:45 | Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (lien direct) | Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. [...] | Hack | ||
|
2022-06-03 13:46:55 | Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again (lien direct) | Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.' | Hack Threat | ||
|
2022-06-02 15:01:51 | Ransomware gang now hacks corporate websites to show ransom notes (lien direct) | A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. [...] | Ransomware Hack | ||
|
2022-06-02 15:00:11 | Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report (lien direct) | Dutch secret services have used the controversial Israeli spyware known as Pegasus to hack targets including the country's most-wanted criminal, a news report said on Thursday. | Hack | ||
 |
2022-06-01 06:59:07 | Reg hack attends holographic WebEx meeting, blows away Zoom fatigue (lien direct) | Far from the finished product and not obviously a game-changer, but intriguing nonetheless In October 2021, Cisco announced WebEx Hologram – an augmented reality meeting experience that promised "photorealistic, real-time holograms of actual people" and the chance to "share physical and digital content".… | Hack | ||
 |
2022-05-27 08:00:43 | IT threat evolution Q1 2022 (lien direct) | Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. | Hack Threat | APT 38 | ★★★ |
 |
2022-05-26 03:00:00 | A Problem Like API Security: How Attackers Hack Authentication (lien direct) | >There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don't live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down […]… Read More | Hack | ||
|
2022-05-25 11:12:40 | (Déjà vu) Chaining Zoom bugs is possible to hack users in a chat by sending them a message (lien direct) | >Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022-22784 through CVE-2022-22787, […] | Hack | ||
 |
2022-05-25 02:00:00 | Security and privacy laws, regulations, and compliance: The complete guide (lien direct) | This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or regulation as well as information about what and who is covered.CSO updates this directory, originally published on January 28, 2021, frequently as new laws and regulations are put in place.Click on a link to skip to information and resources on that law:Broadly applicable laws and regulations Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) Payment Service Directive, revised (PSD2) Gramm-Leach-Bliley Act (GLBA) Customs-Trade Partnership Against Terrorism (C-TPAT) Free and Secure Trade Program (FAST) Children's Online Privacy Protection Act (COPPA) Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule Federal Rules of Civil Procedure (FRCP) Industry-specific guidelines and requirements Federal Information Security Management Act (FISMA) North American Electric Reliability Corp. (NERC) standards Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records Health Insurance Portability and Accountability Act (HIPAA) The Health Information Technology for Economic and Clinical Health Act (HITECH) Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule) H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation US state laws California Consumer Privacy Act (CCPA) California Privacy Rights Act (CPRA) Colorado Privacy Act Connecticut Data Privacy Act (CTDPA) Maine Act to Protect the Privacy of Online Consumer Information Maryland Personal Information Protection Act – Security Breach Notification Requirements – Modifications (House Bill 1154) Massachusetts 201 CMR 17 (aka Mass Data Protection Law) Massachusetts Bill H.4806 - An Act relative to consumer protection from security breaches | Hack | ||
|
2022-05-24 23:31:15 | Server hack yields harrowing images of life inside Chinese detention camps (lien direct) | Leak is latest bright light shined on China's persecution of ethnic minorities. | Hack | ||
|
2022-05-24 20:59:02 | New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message (lien direct) | Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google | Hack | ||
 |
2022-05-24 15:00:49 | Malicious Life Podcast: What The LinkedIn Hack Taught Us About Storing Passwords (lien direct) |
|
Hack | ||
|
2022-05-24 14:00:00 | Crypto Hacks Aren\'t a Niche Concern; They Impact Wider Society (lien direct) | Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace. | Hack | ||
|
2022-05-23 13:02:01 | Hackers can hack your online accounts before you even register them (lien direct) | Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [...] | Hack | ||
|
2022-05-20 07:53:39 | Russian Sberbank says it\'s facing massive waves of DDoS attacks (lien direct) | Sberbank's vice president and director of cybersecurity, Sergei Lebed, has told participants of the Positive Hack Days forum that the company is going through a period of unprecedented targeting by hackers. [...] | Hack | ||
|
2022-05-19 19:08:09 | New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars (lien direct) | A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. | Hack Vulnerability | ||
|
2022-05-19 13:45:00 | Microsoft detects massive surge in Linux XorDDoS malware activity (lien direct) | A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...] | Malware Hack | ★★★★★ | |
 |
2022-05-19 09:30:53 | The flip side of the coin: Why crypto is catnip for criminals (lien direct) | >Cybercriminals continue to mine for opportunities in the crypto space – here's what you should know about coin-mining hacks and crypto theft | Hack | ★★★ | |
|
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
 |
2022-05-18 23:03:26 | Smashing Security podcast #275: Jail for Bing, and mental health apps may not be good for you (lien direct) | A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker. Plus don't miss our featured interview with Rumble's Chris Kirsch. | Hack | ||
|
2022-05-18 14:03:55 | New Bluetooth hack can unlock your Tesla-and all kinds of other devices (lien direct) | All it takes to hijack Bluetooth-secured devices is custom code and $100 in hardware. | Hack | ||
|
2022-05-16 14:33:32 | Apple emergency update fixes zero-day used to hack Macs, Watches (lien direct) | Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] | Hack Vulnerability Threat | ||
 |
2022-05-16 13:13:18 | How To Hack Web Applications in 2022: Part 1 (lien direct) | Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] | Hack | ||
 |
2022-05-10 16:33:30 | UK blames Russia for satellite internet hack at start of war (lien direct) | Russia launched an attack on Viasat just before invading Ukraine, the UK and its allies say. | Hack | ★★★★★ | |
|
2022-05-10 11:49:30 | (Déjà vu) West Blames Russia for Satellite Hack Ahead of Ukraine Invasion (lien direct) | Western powers on Tuesday accused Russian authorities of carrying out a cyberattack against a satellite network an hour before the invasion of Ukraine to pave the way for its assault. | Hack | ★★★ | |
|
2022-05-10 11:49:30 | EU Blames Russia for Satellite Hack Ahead of Ukraine Invasion (lien direct) | The European Union on Tuesday accused the Russian authorities of carrying out a cyberattack against a satellite network an hour before the invasion of Ukraine to pave the way for its assault. | Hack | ★★★ | |
|
2022-05-06 21:23:05 | U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions (lien direct) | The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, | Hack Medical | APT 38 APT 28 | ★★★ |
|
2022-05-06 14:24:54 | The Global Impact of Operation CuckooBees (lien direct) |
Nation-states hack each other. This is the reality we live in and have for some time. The difference is some attacks are more dangerous than others, with a global impact. I'm proud of the research the Cybereason team has unveiled this week on Operation CuckooBees. This research is different. This campaign goes beyond nation-state espionage and has a ripple effect with consequences that impact the global economy. |
Hack | ★★★★ | |
 |
2022-05-04 14:09:46 | Instagram Hack Results in $1 Million Loss in NFTs (lien direct) | 
Imagine – your favorite brand on Instagram just announced a giveaway. You'll receive a free gift! All you have to...
|
Hack | ||
|
2022-04-28 02:57:15 | Twitter\'s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal (lien direct) | Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages (DM) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet. The statement comes days after the microblogging service announced it officially entered into | Hack | ★★★★ | |
 |
2022-04-27 16:00:00 | Private Investigator Admits Role in Hedge Fund Hack (lien direct) | Private investigator pleads guilty to involvement in global fraud and hacking conspiracy | Hack Guideline | ||
|
2022-04-27 10:34:42 | Coca-Cola Investigating Hack Claims Made by Pro-Russia Group (lien direct) | Coca-Cola has launched an investigation after a cybercrime group claimed to have breached the company's systems, but the hackers' previous claims have been called into question. The beverage giant said it has notified law enforcement and is trying to “determine the validity of the claim.” | Hack | ||
 |
2022-04-26 13:00:05 | Developer workflow for software supply-chain security is in high demand (lien direct) | Log4j showed how easy it is to hack popular software artifacts. Open-source projects and vendors are racing to make it easier for developers to lock down their software supply chains. | Hack | ★★★★★ | |
 |
2022-04-22 21:53:59 | Hackers hammer SpringShell vulnerability in attempt to install cryptominers (lien direct) | Thousands of hack attempts made in the days following discovery of the vulnerability. | Hack Vulnerability | ★★★★ | |
|
2022-04-21 20:17:50 | Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack (lien direct) | A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. The ALAC […] | Hack | ||
|
2022-04-19 15:31:51 | Episode 237: Jacked on the Beanstalk – DeFi\'s Security Debt Runs Wide, Deep (lien direct) | The hack of Beanstalk is just the latest major compromise of a decentralized finance (DeFi) platform. In this podcast, Jennifer Fernick of NCC Group joins me to talk about why DeFi's security woes are much bigger than Beanstalk. | Hack |
To see everything:
