Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490
Security Affairs
- 5 décembre 2022Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-based cybersecurity company protecting major Fortu … - 5 décembre 2022Critical Ping bug potentially allows remote hack of FreeBSD systems
A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potentially exploited to gain remote code execution. The ping utility allows testing the reachability of a … - 5 décembre 2022Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. The threat actors were observed spreading fake cryptocurrency apps under the fake brand BloxHolder to deliver the AppleJeus malware for … - 4 décembre 2022Law enforcement agencies can extract data from thousands of cars’ infotainment systems
Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as d … - 4 décembre 2022US DHS Cyber Safety Board will review Lapsus$ gang’s operations
US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies. The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached multiple high-profile companies in recent years. “Today, the U.S. Department of Homeland Securi … - 4 décembre 2022New CryWiper wiper targets Russian entities masquerading as a ransomware
Experts spotted a new data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. Researchers from Kaspersky discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. The malware masquerades as ransomware, but the analysis of the code demonstrate … - 4 décembre 2022Security Affairs newsletter Round 396
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Google fixed the ninth actively exploited Chrome zeroday this yearA new Linux flaw can be chained with other two bugs to gain full root privilegesAtt … - 3 décembre 2022Google fixed the ninth actively exploited Chrome zeroday this year
Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug in the V8 JavaScript. The vulnerability was r … - 3 décembre 2022A new Linux flaw can be chained with other two bugs to gain full root privileges
Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328, with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function … - 2 décembre 2022Attack of drones: airborne cybersecurity nightmare
Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at https://cybernews.com/security/drones-hack-airborne-cybersecurity-nightmare/ Once a niche technology, drones are about to explode in terms of market growth and enterprise adoption. Naturally, threat actors follow the trend and exploit the technology for surveillance, payl …
The Hackers News
- 5 décembre 2022SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle’s vehicle identification number (VIN), researcher Sam Curry said in a - 5 décembre 2022North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. « This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents, » - 5 décembre 2022Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. » … - 3 décembre 2022Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion - 2 décembre 2022Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. « A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image, » a report filed through the - 2 décembre 2022CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. « Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server - 2 décembre 2022The Value of Old Systems
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went - 2 décembre 2022Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed « Hell’s Keychain » by cloud security firm Wiz, has been described as a « first-of-its-kind supply-chain attack vector impacting a - 2 décembre 2022Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua. - 2 décembre 2022What the CISA Reporting Rule Means for Your IT Security Protocol
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and
Dark Reading
- 2 décembre 2022Concern Over DDoS Attacks Falls Despite Rise in Incidents
Almost a third of respondents in Fastly’s « Fight Fire with Fire » survey view data breaches and data loss as the biggest cybersecurity threat. - 2 décembre 2022SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking
A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps. - 2 décembre 2022Newsroom Sues NSO Group for Pegasus Spyware Compromise
Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety. - 2 décembre 2022Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech
Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say. - 2 décembre 2022SOC Turns to Homegrown Machine Learning to Catch Cyber-Intruders
A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe. - 2 décembre 2022A Risky Business: Choosing the Right Methodology
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization’s aims, and then translate the risk level to its impact on operations, reputation, or finances. - 2 décembre 2022AWS Unveils Amazon Security Lake at re:Invent 2022
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data. - 1 décembre 2022LastPass Discloses Second Breach in Three Months
The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment. - 1 décembre 2022Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer’s pipeline, highlighting the risk that insecure software pipelines pose. - 1 décembre 2022One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
WeLiveSecurity
- 2 décembre 2022ScarCruft updates its toolset – Week in security with Tony Anscombe
Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive The post ScarCruft updates its toolset – Week in security with Tony Anscombe appeared first on WeLiveSecurity … - 1 décembre 2022Top tips to save energy used by your electronic devices
With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets? The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity … - 30 novembre 2022Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity
- 28 novembre 2022RansomBoggs: New ransomware targeting Ukraine
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm’s fingerprints all over it
The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity
- 25 novembre 2022Spyware posing as VPN apps – Week in security with Tony Anscombe
The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations The post Spyware posing as VPN apps – Week in security with Tony Anscombe appeared first on WeLiveSecurity …
Threatpost
- 31 août 2022Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line. - 30 août 2022Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. - 29 août 2022Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. - 26 août 2022Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. - 25 août 2022Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
E Hacking News | Latest Hacker News and IT Security News
Erreur: Il y a un erreur avec ce flux.
TechWorm
Aucun contenu.
GBHackers On Security
- 5 décembre 2022New Android Malware Stolen Facebook Credentials From 300,000 Victims
The mobile security firm Zimperium has recently issued a warning about a Trojan called “Schoolyard Bully,” which is actively masquerading as an educational application in a malicious threat campaign. While this trojan “Schoolyard Bully” has been active since 2018, and from the infected devices, it primarily steals Facebook account credentials. As of right now, the campaign … - 5 décembre 2022Google Chrome High-Severity Zero-Day Flaw Exploited in The Wild – Emergency Patch!!
In response to the active exploit of an open high-severity zero-day vulnerability (CVE-2022-4262) in the Chrome web browser, Google has released an emergency security patch to address the issue. Actively exploited Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take full control of the system remotely using the exploit that exists in the Wild. Since the beginnin … - 3 décembre 2022How Visibility on Software Supply Chain Can Reduce Cyberattacks
With cyberattacks cropping up in several tech sectors today, there is rightly more focus on monitoring software supply chains in the SDLC than ever before. When SolarWinds was hacked in 2020, the event sent shockwaves across the software industry. Although cybersecurity had always been important up until that point, such a high-profile security breach was bound to make people sit up and take notic … - 3 décembre 2022‘Black Panthers’ – A SIM Swap Gang Connected With Dark Web Got Arrested
Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes. The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang. The operators behind this Black Panthers committed the bank scams through SIM swapping attacks with other methods such as social engineering techniques, … - 3 décembre 2022Beware that Hackers Using Malicious USB Devices to Deliver Multiple Malware
Recently, Mandiant Managed Defense discovered cyber espionage activity that focuses on the Philippines and mainly uses USB drives as an initial infection vector. This operation, which Mandiant tracks as ‘UNC4191’, has a connection to China. The report states that operations of UNC4191 have had an impact on a variety of public and private sector organizations, primarily in Southeast Asia and extend …
Cyber Defense Magazine
- 4 décembre 2022Penetration Scanning Must Be Key Part of The Modern Business Arsenal
By Patti Key, Chief Revenue Officer (CRO), TPx Security remains among companies’ top challenges, permeating nearly every business […] The post Penetration Scanning Must Be Key Part of The Modern Business Arsenal appeared first on Cyber Defense Magazine. … - 3 décembre 2022Minimizing the Military Attack Surface with Peer-to-Peer Communications and Zero Trust
By Adam Fish, CEO, Ditto Perhaps there’s no scenario where cybersecurity is more critical than on the battlefield. […] The post Minimizing the Military Attack Surface with Peer-to-Peer Communications and Zero Trust appeared first on Cyber Defense Magazine. … - 2 décembre 2022Is Your Passwordless Solution Really Passwordless?
By Tim Callan, Chief Compliance Officer, Sectigo The term “passwordless” is a trendy marketing buzzword with no shortage […] The post Is Your Passwordless Solution Really Passwordless? appeared first on Cyber Defense Magazine. … - 1 décembre 2022Is AI At the Edge Right for Your Business And Three Tips To Consider
By Camille Morhardt, Dir Security Initiatives & Rita Wouhaybi, Senior Principal AI Engineer, IoT Group, at Intel As […] The post Is AI At the Edge Right for Your Business And Three Tips To Consider appeared first on Cyber Defense Magazine. … - 30 novembre 2022The Role of Endpoint Security and Management In Threat Detection
By Ashley Leonard, CEO & Founder, Syxsense According to a recent Verizon DBIR, 70% of security breaches originate […] The post The Role of Endpoint Security and Management In Threat Detection appeared first on Cyber Defense Magazine. …
blackMORE Ops
- 11 juin 2022Ubiquiti Dream Machine (UDM) – unable to connect to NBN
I don’t want the NBN ISP router running anymore and use Ubiquiti Dream Machine (UDM) instead. But when I try to remove ISP Router it and direct connect UDM to NBN, the connection fails. UDM is set for DHCP, only other options are PPOE (which requires credentials) and Static IP (I have a dynamic IP). … The post Ubiquiti Dream Machine (UDM) – unable to connect to NBN appeared first … - 14 avril 2022Quick Snap Cheat Sheet for Ubuntu
Snaps are app packages for desktop, cloud and IoT that are easy to install, secure, cross‐platform and dependency‐free. Snaps are discoverable and installable from the Snap Store, the app store for Linux with an audience of millions. This post is a quick snap cheat sheet for Ubuntu that contains the commonly used snap commands, fixes … The post Quick Snap Cheat Sheet for Ubuntu appeared firs … - 11 février 2022Bypass 40X Response Codes with dontgo403
Bypass 40X Response Codes with dontgo403 The post Bypass 40X Response Codes with dontgo403 appeared first on blackMORE Ops. … - 27 janvier 2022Find Related Domains and Subdomains with assetfinder
assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more. assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info: crt.sh certspotter hackertarget threatcrowd wayback … The post Find Rela … - 30 novembre 2021Best ways to destroy Microsoft Windows
I take no responsibility for these collection of best ways to destroy Microsoft Windows! The post Best ways to destroy Microsoft Windows appeared first on blackMORE Ops. …
Hacker Ritz
- 11 janvier 2019New Wifi Hack Method, Easy and Workable on WPA/WPA2 Securities.
Looking for how to hack WiFi password OR WiFi hacking software?Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols wit … - 7 janvier 2019Bitcoin And Cryptocurrency Litigation : A Game Of Future
Bitcoin and other cryptocurrencies are gaining more attention as days pass. Aside from the advantages that cryptocurrencies have like anonymity and easy international transactions, people are enticed by the fact that it can become a good investment. Apart from trading bitcoins for cash, you can also use bitcoins to buy gift cards, book flights, and hotels, buy furnitu … - 20 novembre 2018 Facebook Bug Could Have Exposed Your Private Information
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk.Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered … - 20 novembre 2018Instagram Bug : Passwords are in Plain Text
Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.The company recently started notifying affected users of a security bug that resides in a newly offered feature called « Download Your Data » that allows users to download a copy of their data shared on the social media platform, including photos, comments, p … - 19 mai 2018Inside one of the largest hacking conferences in Russia
Inside one of the largest hacking conferences in RussiaABC NewsWATCHHackers put their skills on display in Moscow conferenceEmailHundreds of aspiring hackers in Moscow faced off against one another earliest this week in different challenges.The event, called Positive Hack Days, is organized by the cybersecurity firm Positive Technologies. More than 4,000 people attended the cybersecurity conferenc …