Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Retour à Sécurité

Security Affairs

    • 5 décembre 2022Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web
      Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-based cybersecurity company protecting major Fortu …

    • 5 décembre 2022Critical Ping bug potentially allows remote hack of FreeBSD systems
      A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potentially exploited to gain remote code execution. The ping utility allows testing the reachability of a …

    • 5 décembre 2022Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware
      The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. The threat actors were observed spreading fake cryptocurrency apps under the fake brand BloxHolder to deliver the AppleJeus malware for …

    • 4 décembre 2022Law enforcement agencies can extract data from thousands of cars’ infotainment systems
      Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as d …

    • 4 décembre 2022US DHS Cyber Safety Board will review Lapsus$ gang’s operations
      US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies. The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached multiple high-profile companies in recent years. “Today, the U.S. Department of Homeland Securi …

    • 4 décembre 2022New CryWiper wiper targets Russian entities masquerading as a ransomware
      Experts spotted a new data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. Researchers from Kaspersky discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. The malware masquerades as ransomware, but the analysis of the code demonstrate …

    • 4 décembre 2022Security Affairs newsletter Round 396
      A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Google fixed the ninth actively exploited Chrome zeroday this yearA new Linux flaw can be chained with other two bugs to gain full root privilegesAtt …

    • 3 décembre 2022Google fixed the ninth actively exploited Chrome zeroday this year
      Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug in the V8 JavaScript. The vulnerability was r …

    • 3 décembre 2022A new Linux flaw can be chained with other two bugs to gain full root privileges
      Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328, with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function …

    • 2 décembre 2022Attack of drones: airborne cybersecurity nightmare
      Threat actors could exploit drones for payload delivery, kinetic operations, and even diversion, experts warn. Original post at https://cybernews.com/security/drones-hack-airborne-cybersecurity-nightmare/ Once a niche technology, drones are about to explode in terms of market growth and enterprise adoption. Naturally, threat actors follow the trend and exploit the technology for surveillance, payl …

The Hackers News

    • 5 décembre 2022SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
      Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle’s vehicle identification number (VIN), researcher Sam Curry said in a 

    • 5 décembre 2022North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
      The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. « This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents, »

    • 5 décembre 2022Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
      The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.  » …

    • 3 décembre 2022Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
      Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

    • 2 décembre 2022Hackers Sign Android Malware Apps with Compromised Platform Certificates
      Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. « A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image, » a report filed through the

    • 2 décembre 2022CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
      The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. « Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server

    • 2 décembre 2022The Value of Old Systems
      Old technology solutions – every organization has a few of them tucked away somewhere.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.  This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went

    • 2 décembre 2022Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
      IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed « Hell’s Keychain » by cloud security firm Wiz, has been described as a « first-of-its-kind supply-chain attack vector impacting a

    • 2 décembre 2022Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
      A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.

    • 2 décembre 2022What the CISA Reporting Rule Means for Your IT Security Protocol
      The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and

Dark Reading



E Hacking News | Latest Hacker News and IT Security News
Erreur: Il y a un erreur avec ce flux.

Aucun contenu.

GBHackers On Security

    • 5 décembre 2022New Android Malware Stolen Facebook Credentials From 300,000 Victims
      The mobile security firm Zimperium has recently issued a warning about a Trojan called “Schoolyard Bully,” which is actively masquerading as an educational application in a malicious threat campaign. While this trojan “Schoolyard Bully” has been active since 2018, and from the infected devices, it primarily steals Facebook account credentials. As of right now, the campaign …

    • 5 décembre 2022Google Chrome High-Severity Zero-Day Flaw Exploited in The Wild – Emergency Patch!!
      In response to the active exploit of an open high-severity zero-day vulnerability (CVE-2022-4262) in the Chrome web browser, Google has released an emergency security patch to address the issue. Actively exploited Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take full control of the system remotely using the exploit that exists in the Wild. Since the beginnin …

    • 3 décembre 2022How Visibility on Software Supply Chain Can Reduce Cyberattacks
      With cyberattacks cropping up in several tech sectors today, there is rightly more focus on monitoring software supply chains in the SDLC than ever before. When SolarWinds was hacked in 2020, the event sent shockwaves across the software industry. Although cybersecurity had always been important up until that point, such a high-profile security breach was bound to make people sit up and take notic …

    • 3 décembre 2022‘Black Panthers’ – A SIM Swap Gang Connected With Dark Web Got Arrested
      Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes. The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang. The operators behind this Black Panthers committed the bank scams through SIM swapping attacks with other methods such as social engineering techniques,  …

    • 3 décembre 2022Beware that Hackers Using Malicious USB Devices to Deliver Multiple Malware
      Recently, Mandiant Managed Defense discovered cyber espionage activity that focuses on the Philippines and mainly uses USB drives as an initial infection vector. This operation, which Mandiant tracks as ‘UNC4191’, has a connection to China. The report states that operations of UNC4191 have had an impact on a variety of public and private sector organizations, primarily in Southeast Asia and extend …

Cyber Defense Magazine

blackMORE Ops

    • 11 juin 2022Ubiquiti Dream Machine (UDM) – unable to connect to NBN
      I don’t want the NBN ISP router running anymore and use Ubiquiti Dream Machine (UDM) instead. But when I try to remove ISP Router it and direct connect UDM to NBN, the connection fails. UDM is set for DHCP, only other options are PPOE (which requires credentials) and Static IP (I have a dynamic IP). … The post Ubiquiti Dream Machine (UDM) – unable to connect to NBN appeared first …

    • 14 avril 2022Quick Snap Cheat Sheet for Ubuntu
      Snaps are app packages for desktop, cloud and IoT that are easy to install, secure, cross‐platform and dependency‐free. Snaps are discoverable and installable from the Snap Store, the app store for Linux with an audience of millions. This post is a quick snap cheat sheet for Ubuntu that contains the commonly used snap commands, fixes … The post Quick Snap Cheat Sheet for Ubuntu appeared firs …

    • 27 janvier 2022Find Related Domains and Subdomains with assetfinder
      assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more. assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info: crt.sh certspotter hackertarget threatcrowd wayback … The post Find Rela …

    • 30 novembre 2021Best ways to destroy Microsoft Windows
      I take no responsibility for these collection of best ways to destroy Microsoft Windows! The post Best ways to destroy Microsoft Windows appeared first on blackMORE Ops. …

Hacker Ritz

    • 11 janvier 2019New Wifi Hack Method, Easy and Workable on WPA/WPA2 Securities.
      Looking for how to hack WiFi password OR WiFi hacking software?Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols wit …

    • 7 janvier 2019Bitcoin And Cryptocurrency Litigation : A Game Of Future
      Bitcoin and other cryptocurrencies are gaining more attention as days pass. Aside from the advantages that cryptocurrencies have like anonymity and easy international transactions, people are enticed by the fact that it can become a good investment. Apart from trading bitcoins for cash, you can also use bitcoins to buy gift cards, book flights, and hotels, buy furnitu …

    • 20 novembre 2018 Facebook Bug Could Have Exposed Your Private Information
      Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk.Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered …

    • 20 novembre 2018Instagram Bug : Passwords are in Plain Text
      Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.The company recently started notifying affected users of a security bug that resides in a newly offered feature called « Download Your Data » that allows users to download a copy of their data shared on the social media platform, including photos, comments, p …

    • 19 mai 2018Inside one of the largest hacking conferences in Russia
      Inside one of the largest hacking conferences in RussiaABC NewsWATCHHackers put their skills on display in Moscow conferenceEmailHundreds of aspiring hackers in Moscow faced off against one another earliest this week in different challenges.The event, called Positive Hack Days, is organized by the cybersecurity firm Positive Technologies. More than 4,000 people attended the cybersecurity conferenc …