What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-11 16:31:23 | (Déjà vu) SFO discloses data breach following the hack of 2 of its websites (lien direct) | San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. In March hackers compromised two websites of San Francisco International Airport (SFO) and now it disclosed a data breach. SFO is a major gateway to Europe and Asia, it serves 45 international carriers. The attackers may have […] | Data Breach Hack | ||
|
2020-04-10 14:22:09 | CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server (lien direct) | VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 […] | Hack Vulnerability | ||
|
2020-04-03 22:45:12 | Hacking iPhone or MacBook devices by tricking into visiting a site (lien direct) | Bad news for Apple iPhone or MacBook users, attackers could hack their device’s camera by tricking them into visiting a website. The ethical hacker Ryan Pickren demonstrated that it is possible to hack Apple iPhone or MacBook users by simply tricking them into visiting a website with the Safari browser. Pickren reported seven vulnerabilities to Apple […] | Hack | ||
|
2020-04-03 08:50:13 | 100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack (lien direct) | An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […] | Hack Vulnerability | ||
|
2020-03-24 14:46:51 | (Déjà vu) Fortune 500 tech giant General Electric (GE) discloses data breach after Canon hack (lien direct) | General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered […] | Data Breach Hack | ||
|
2020-03-13 11:42:03 | Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack (lien direct) | Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More than 100,000 websites are […] | Hack | ||
|
2020-03-12 12:54:15 | Hacking a network, using an \'invisibility cloak\' – Is it that simple? (lien direct) | Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? The short answer is, YES it is. We came to this conclusion after analyzing an incident after an […] | Hack | ||
|
2020-03-11 23:26:39 | Avast disables the JavaScript engine component due to a severe issue (lien direct) | Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs. The issue […] | Hack Vulnerability | ||
|
2020-02-18 15:50:04 | Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack (lien direct) | Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of […] | Hack | ||
|
2020-02-18 13:50:52 | Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way! (lien direct) | Go grab a copy of the Gerbers and 3D-printed Case STL files at https://github.com/whid-injector/Focaccia-Board and print through your favorite FAB. Prologue Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. stlink, jlink, RS23–2-2USB, etc.). It was always a PITA bringing around a device […] | Hack | ||
|
2020-02-18 06:25:37 | Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack (lien direct) | A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability […] | Hack Vulnerability | ||
|
2020-02-17 11:15:57 | IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women (lien direct) | Israeli Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers' phones by posing as attractive women on social media. Israeli Defence Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers' mobile devices by posing as attractive women on social media and […] | Hack | ||
|
2020-02-17 06:07:10 | (Déjà vu) Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks (lien direct) | Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked […] | Hack | ||
|
2020-02-13 19:49:11 | Three Italian universities hacked by LulzSec_ITA collective (lien direct) | The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. The hacktivists claim that once hacked the universities did not disclose the data […] | Hack | ||
|
2020-02-11 08:12:37 | The Altsbit exchange will exit in May following a hack (lien direct) | The Italy-based cryptocurrency exchange Altsbit announced that it has suffered a security breach that led to the theft of its customer’s funds. Crypto-currency exchange Altsbit recently disclosed a security breach, the company claimed that hackers have stolen almost all its customers’ deposits. The Italian cryptocurrency trading firm disclosed the incident on February 5, only a “small […] | Hack | ||
|
2020-02-03 15:12:24 | Police are warning crooks are using cleaners to compromise businesses (lien direct) | Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them. The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physical access IT infrastructure and hack them. The police are urging organizations to […] | Hack | ||
|
2020-01-30 13:56:29 | Over 200K WordPress sites potentially exposed to hack due to Code Snippets flaw (lien direct) | Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin. A high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin. The […] | Hack | ||
|
2020-01-25 13:21:43 | (Déjà vu) Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack (lien direct) | Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers. This week, Mitsubishi Electric disclosed a security breach that might have […] | Hack Vulnerability | ||
|
2020-01-17 20:23:20 | Hack the Army bug bounty program paid $275,000 in rewards (lien direct) | Hack the Army bug bounty program results: 146 valid vulnerabilities were reported by white hat hackers and more than $275,000 were paid in rewards. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along […] | Hack | ||
|
2020-01-07 15:52:42 | MageCart gang compromised popular Focus Camera website (lien direct) | A new MageCart attack made the headlines, this time the gang compromised the website of popular Focus Camera. The Magecart group has compromised the website of the photography and imaging retailer Focus Camera. The hack took place last year, the hacker planted a software skimmer on the website to steal payment card data of users […] | Hack | ||
|
2019-11-21 20:56:47 | Google will pay up to $1.5m for full chain RCE for Android on Titan M chips (lien direct) | Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The […] | Hack | ||
|
2019-11-21 14:43:39 | A critical flaw in Jetpack exposes millions of WordPress sites (lien direct) | A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a […] | Hack Vulnerability Threat | ||
|
2019-11-20 07:30:58 | Monero Project website has been compromised to deliver a coin stealer (lien direct) | The official website of the Monero Project has been compromised to deliver a coin stealer. The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18. The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer. […] | Hack | ||
|
2019-11-11 20:09:47 | ZoneAlarm forum site hack exposed data of thousands of users (lien direct) | This is really an embarrassing incident, ZoneAlarm forum site has suffered a data breach exposing data of its discussion forum users. ZonaAlarm, the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion […] | Data Breach Hack | ||
|
2019-11-05 08:47:15 | \'Light commands\' attack: hacking Alexa, Siri, and other voice assistants via Laser Beam (lien direct) | Experts demonstrated that is possible to hack smart voice assistants like Siri and Alexa using a lasers beam to send them inaudible commands. Researchers with the University of Michigan and the University of Electro-Communications (Tokyo) have devised a new technique, dubbed “light commands,” to remotely hack Alexa and Siri smart speakers using a laser light […] | Hack | ||
|
2019-11-04 10:39:15 | Two unpatched RCE flaws in rConfig software expose servers to hack (lien direct) | The popular rConfig network configuration management utility is affected by two critical remote code execution flaws that have yet to be patched. rConfig is a completely open-source, network configuration management utility used to validate and manage network devices, including switches, routers, firewalls, and load-balancer. The cyber security expert Mohammad Askar has discovered two critical remote code […] | Hack | ||
|
2019-10-30 08:11:32 | Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack (lien direct) | A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. Last week, Prosvetova revealed on her private […] | Hack | ||
|
2019-10-26 15:07:54 | CVE-2019-11043 exposes Web servers using nginx and PHP-FPM to hack (lien direct) | asty PHP7 remote code execution bug exploited in the wild Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert […] | Hack Vulnerability | ||
|
2019-10-23 11:34:02 | Robots at HIS Group are vulnerable to hack (lien direct) | The Japanese hotel chain HIS Group admitted that its in-room robots were vulnerable and could allow hackers to remotely view video footage from the devices. The personnel at the Henn na Hotel managed by the Japanese hotel chain HIS Group is composed of robots that provide hospitality services to the guests. The HIS Group hotel […] | Hack | ||
|
2019-10-16 12:53:23 | Approaching the Reverse Engineering of a RFID/NFC Vending Machine (lien direct) | Security expert Pasquale Fiorillo demonstrates how to hack n RFID/NFC Vending Machine. The affected vendor did not answer to my responsible disclosure request, so I'm here to disclose this “hack” without revealing the name of the vendor itself. The target vending machine uses an insecure NFC Card, MIFARE Classic 1k, that has been affected by multiple […] | Hack | ||
|
2019-10-08 12:50:11 | Developer hacked back Muhstik ransomware crew and released keys (lien direct) | One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. Tobias Frömel, is a German software developer, who was a victim of the Muhstik ransomware. Frömel initially paid the ransom to decrypt his files, but later decided to get his […] | Ransomware Hack | ||
|
2019-09-21 14:09:15 | One of the hackers behind EtherDelta hack also involved in TalkTalk hack (lien direct) | US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted […] | Hack | ||
|
2019-09-20 10:38:01 | Crooks hacked other celebrity Instagram accounts to push scams (lien direct) | There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been […] | Hack Threat | ||
|
2019-09-07 21:52:04 | Google report on iPhone hack created \'False Impression,\' states Apple (lien direct) | Apple replied to Google about the recent report suggesting iPhones may have been hacked as part of a long-running hacking campaign. Apple criticized the report recently published by Google that claims that iPhones may have been hacked by threat actors as part of a long-running hacking campaign. Apple defines the report as inaccurate and misleading. […] | Hack Threat Guideline | ||
|
2019-09-05 09:59:03 | Twitter temporarily disables feature to tweet via SMS after CEO hack (lien direct) | Twitter opted to temporarily disable the feature that allows users to post tweets via SMS, in response to the hack of the CEO’s account. Twitter announced to temporarily disable the feature that allows users to post tweets via SMS, in response to the hack of the CEO’s account. “We're taking this step because of vulnerabilities […] | Hack | ||
|
2019-09-04 09:14:01 | Some Zyxel devices can be hacked via DNS requests (lien direct) | Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. Security researchers at SEC Consult discovered multiple vulnerabilities in various Zyxel devices, including hardcoded credentials and issues that could allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure […] | Hack | ||
|
2019-09-03 21:42:02 | USBAnywhere BMC flaws expose Supermicro servers to hack (lien direct) | USBAnywhere – Tens of thousands of enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in USB devices. Tens of thousands of servers worldwide powered by Supermicro motherboards are affected by a vulnerability that would allow an attacker to remotely take over them. Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities […] | Hack Vulnerability | ||
|
2019-08-31 14:48:03 | FIN6 recently expanded operations to target eCommerce sites (lien direct) | The financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), the financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. FIN6 group has been active since 2015, […] | Hack | ||
|
2019-08-31 08:43:00 | (Déjà vu) Twitter account of Jack Dorsey, Twitter CEO and co-founder, has been hacked (lien direct) | Hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter, and published and retweeted offensive and racist messages. No one is secure online, news of the day is that hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter and co-founder, and published and retweeted offensive and racist tweets. The hack tool place […] | Hack Tool | ||
|
2019-08-30 11:59:02 | Google revealed how watering hole attacks compromised iPhone devices earlier this year (lien direct) | Google researchers discovered that iPhone devices could be hacked by tricking owners into visiting specially crafted websites. Researchers at Google Project Zero discovered that it was possible to hack iPhone devices by visiting specially crafted websites. Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited […] | Hack Threat | ||
|
2019-08-29 21:09:05 | Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft (lien direct) | Paige Thompson, the alleged hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. Paige Thompson, a transgender woman, suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud. In […] | Hack | ||
|
2019-08-27 06:17:01 | White hat hacker demonstrated how to hack a million Instagram accounts (lien direct) | A researcher was awarded $10,000 by Facebook for the discovery of a critical vulnerability that could have been exploited to hack Instagram accounts. The white-hat hacker Laxman Muthiyah has discovered a critical vulnerability that could have been exploited to hack Instagram accounts. The process affected Instagram's password recovery process for mobile devices that leverages on […] | Hack Vulnerability | ||
|
2019-08-26 16:49:05 | (Déjà vu) Binance says that leaked KYC Data are from third-party vendor. (lien direct) | The Binance cryptocurrency exchange revealed that leaked users’ KYC data were obtained by hackers from a third-party vendor. In July, the hack of the Binance cryptocurrency exchange made the headlines, hackers stole$41 Million worth of Bitcoin (over 7,000 bitcoins) from Binance. Binance is one of the world's largest cryptocurrency exchanges, its founder and CEO Changpeng Zhao confirmed that the hackers […] | Hack | ||
|
2019-08-12 14:24:00 | Watch out, your StockX account details may be available in crime forums (lien direct) | Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX, the fashion and sneaker trading platform. A threat actor stole details of 6 million users, the stolen data includes user names, email addresses, addresses, shoe size, purchase history, and encrypted passwords (salted […] | Hack Threat | ||
|
2019-08-06 08:11:02 | QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air (lien direct) | Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […] | Hack | ||
|
2019-08-06 07:04:02 | Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks (lien direct) | The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […] | Hack | APT 28 | |
|
2019-08-03 20:06:01 | DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords (lien direct) | Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen)devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws. We first met this team of experts […] | Hack | ||
|
2019-07-31 19:43:02 | DHS warns of cyber attacks against small airplanes (lien direct) | A few hours ago, I have written about an interesting analysis of the possible hack of avionics systems, not DHS warns of cyber attacks against small airplanes. Today we introduced an interesting report published by researchers at Rapid7 about the hacking of avionics systems via CAN bus, now the DHS issues an alert to warn […] | Hack | ||
|
2019-07-31 14:16:01 | Hacking avionics systems through the CAN bus (lien direct) | An expert analyzed the level of security of avionics systems used in small airplanes, and the results are disconcerting. Patrick Kiley, a senior security consultant at Rapid7 conducted an investigation into the security of avionics systems inside small airplanes. The results are disconcerting it is quite easy to hack a small plane. Kiley, which is […] | Hack | ||
|
2019-07-30 13:23:05 | Google Project Zero hackers disclose details and PoCs for 4 iOS RCE flaws (lien direct) | Security experts at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS. Researchers at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS that could be exploited by attackers to hack Apple devices by sending a specially-crafted message over […] | Hack |
To see everything:
Our RSS (filtrered)
