Hackers


Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Warning: Creating default object from empty value in /home/cyberbu/public_html/wp/wp-content/plugins/rss-import/rssimport.php on line 490

Retour à Sécurité

Security Affairs

    • 26 octobre 2021Dark HunTOR: Police arrested 150 people in dark web drug bust
      Dark HunTOR: Police corps across the world have arrested 150 individuals suspected of buying or selling illicit goods on the dark web marketplace DarkMarket. A joint international operation, tracked as Dark HunTOR, conducted by law enforcement across the world resulted in the arrest of 150 suspects allegedly involved in selling and buying illicit goods in DarkMarket marketplace. The authorities ar …

    • 26 octobre 2021Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv
      A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a sample of 5,000 gathered WiFi. CyberArk security researcher Ido Hoorvitch demonstrated how it is possible to crack WiFi at scale by exploiting a vulnerability that allows retrieving a PMKID hash. Hoorvitch has managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv to demonstra …

    • 26 octobre 2021Ranzy Locker ransomware hit tens of US companies in 2021
      The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at least 2020, threat actors hit organizations from various industries. “Unknown c …

    • 26 octobre 2021UltimaSMS subscription fraud campaign targeted millions of Android users
      UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS, the name comes from the first apps they discovered called Ultima Keyboard 3D Pro. Threat actors used at least 151 Android apps with 10.5 million …

    • 26 octobre 2021Kansas Man pleads guilty to hacking the Post Rock Rural Water District
      Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District. Kansas man Wyatt A. Travnichek pleaded guilty to tampering with the computer system at a drinking water treatment facility at the Post Rock Rural Water District. The man also pleaded guilty to one count of reckless damage to a protected computer system during unauthorized acc …

    • 25 octobre 2021Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
      An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware. The attacks were first spotted this month by researchers from security fir …

    • 25 octobre 2021A critical RCE flaw affects Discourse software, patch it now!
      US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is a popular open-source Internet forum and mailing list management software application. The US CISA published a security advisory to urge administrators to fix a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. The vulner …

    • 25 octobre 2021Red TIM Research found two rare flaws in Ericsson OSS-RC component
      The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio and Core (OSS-RC) provides a centralized interface into the radio and core components. The Operations Support Systems are all those systems used by companies th …

    • 25 octobre 2021Russia-linked Nobelium APT targets orgs in the global IT supply chain
      Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The SolarWinds security breach was not isolated, Russia-linked Nobelium APT group has targeted140 managed service providers (MSPs) and cloud service providers and successfully breached 14 of them since May 2021. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is …

    • 25 octobre 2021NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware
      Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group’s Pegasus spyware. The device was compromised two times, in July 2020 and June 2021. The attacks were documented by the Citizen Lab research team from the Un …

The Hackers News

    • 26 octobre 2021Over 10 Million Android Users Targeted With Premium SMS Scam Apps
      A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed « UltimaSMS » — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo …

    • 26 octobre 2021Malicious Firefox Add-ons Block Browser From Downloading Security Updates
      Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, « interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely …

    • 26 octobre 2021New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints
      A « potentially devastating and hard-to-detect threat » could be abused by attackers to collect users’ browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system « Gummy Browsers, » likening it to a nearly 20-year-old « Gummy Fingers » technique that can …

    • 25 octobre 2021Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM
      The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the …

    • 25 octobre 2021Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group
      Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary’s continuing interest in targeting the supply chain via the « compromise-one-to-compromise-many » …

    • 26 octobre 2021Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
      Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that’s being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully …

    • 25 octobre 2021NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia
      The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group’s Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto’s Citizen Lab, which publicized the findings on Sunday, said the « targeting took place while he was reporting on Saudi Arabia, and …

    • 23 octobre 2021Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks
      Microsoft on Thursday disclosed an « extensive series of credential phishing campaigns » that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in …

    • 23 octobre 2021Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline
      The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the …

    • 24 octobre 2021Popular NPM Package Hijacked to Publish Crypto-mining Malware
      The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in « UAParser.js, » a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. <!–adsense–> The supply-chain attack targeting the open-so …

Dark Reading

WeLiveSecurity

Threatpost

E Hacking News | Latest Hacker News and IT Security News
Erreur: Il y a un erreur avec ce flux.

TechWorm
Erreur: Il y a un erreur avec ce flux.

GBHackers On Security

    • 26 octobre 2021What Are The Top 5 Penetration Testing Techniques?
      Before you start reading this topic, you need to know what are penetration tests all about? This is also known as pen test which typically involves a team of professionals that penetrates your company’s server, and to identify the exploitable vulnerabilities. Every company must update the penetration testing standard and methods to secure their system […] The post What Are The Top 5 Penetrat …

    • 26 octobre 2021Russian Threat Group Nobelium Attacking 14 IT Supply Chains & 140 MSPs
      The notorious hacking group, Nobelium is the main culprit who organized the sensational cyberattack on the American software manufacturer SolarWinds. However, the latest wave of Nobelium aimed at the resellers and other tech service providers in the cloud. In short, they have targeted 14 IT supply chains and 140 MSPs in their latest attack wave. […] The post Russian Threat Group Nobelium Att …

    • 25 octobre 2021SPARTA – GUI Toolkit To Perform Network Penetration Testing
      SPARTA is GUI application developed with python and inbuilds Network Penetration Testing  Kali Linux tool. It simplifies scanning and enumeration phase with faster results. The best thing of SPARTA GUI  Toolkit it scans detects the service running on the target port. Also, it provides Bruteforce attack for scanned open ports and services as a part of […] The post SPARTA …

    • 24 octobre 2021Two European Men Sentenced for Providing ‘Bulletproof Hosting’ to Hackers
      Two European men were sentenced recently by a US court for giving Bulletproof Hosting services to the hackers, and all these blackhat services were used by the cybercriminals. These two European men are Estonian and Lithuanian natives, Pavel Stassi from Estonia, and Alexander Skorodumov from Lithuania.  By exploiting these blackhat services hackers distribute the malware […] The post Tw …

    • 24 octobre 2021Active Directory Penetration Testing Checklist
      This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network. “Active Directory” Called as “AD” is a directory service that Microsoft developed for the Windows domain network. Using it you can to control domain computers and services that are running on every node […] The post Acti …

Cyber Defense Magazine

    • 25 octobre 2021NATO releases its first strategy for Artificial Intelligence
      This week, NATO Defence Ministers released the first-ever strategy for Artificial Intelligence (AI) that encourages the use of […] The post NATO releases its first strategy for Artificial Intelligence appeared first on Cyber Defense Magazine. …

    • 23 octobre 2021Forensic Collections From a Mac: Challenges & Solutions
      INTRODUCTION For law enforcement, finding and dealing with Apple devices in the field can create confusion and headaches […] The post Forensic Collections From a Mac: Challenges & Solutions appeared first on Cyber Defense Magazine. …

    • 22 octobre 2021Protecting SMBs from Current Cybersecurity Threats
      A Few Small Practices Can Have a Large Impact By Mike Mosher, Director of Technology, Cinch I.T. If […] The post Protecting SMBs from Current Cybersecurity Threats appeared first on Cyber Defense Magazine. …

    • 21 octobre 2021Making Sure the Lights Don’t Go Out
      By Brett Raybould, EMEA Solutions Architect at Menlo Security The ransomware attack on Colonial Pipeline, the largest fuel […] The post Making Sure the Lights Don’t Go Out appeared first on Cyber Defense Magazine. …

    • 20 octobre 2021Trustwave released a free decryptor for the BlackByte ransomware
      Trustwave’s SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover […] The post Trustwave released a free decryptor for the BlackByte ransomware appeared first on Cyber Defense Magazine. …

blackMORE Ops

    • 26 octobre 2021Penetration Testing Tools for Beginners
      Penetration tools for beginners. Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s. The post Penetration Testing Tools for Beginners appeared first on blackMORE Ops. …

    • 25 octobre 2021vcgencmd command not found
      vcgencmd command not found error and how to install it The post vcgencmd command not found appeared first on blackMORE Ops. …

    • 21 octobre 2021Detect SQL Injection (SQLi) and XSS
      SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront know …

    • 20 octobre 2021Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
      This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting gove …

    • 19 octobre 2021Machine Learning Network Share Password Hunting Toolkit
      SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C#. The tool is discussed in more detail on this blog here, but is summarised below also. SharpML performs a number of operations with a view to mining file shares, querying Active Directory for users, dropping an ML model and associated rules, performing Active Directory authentication checks, with a vi …

Hacker Ritz

    • 11 janvier 2019New Wifi Hack Method, Easy and Workable on WPA/WPA2 Securities.
      Looking for how to hack WiFi password OR WiFi hacking software?Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols wit …

    • 7 janvier 2019Bitcoin And Cryptocurrency Litigation : A Game Of Future
      Bitcoin and other cryptocurrencies are gaining more attention as days pass. Aside from the advantages that cryptocurrencies have like anonymity and easy international transactions, people are enticed by the fact that it can become a good investment. Apart from trading bitcoins for cash, you can also use bitcoins to buy gift cards, book flights, and hotels, buy furnitu …

    • 20 novembre 2018 Facebook Bug Could Have Exposed Your Private Information
      Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk.Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered …

    • 20 novembre 2018Instagram Bug : Passwords are in Plain Text
      Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.The company recently started notifying affected users of a security bug that resides in a newly offered feature called « Download Your Data » that allows users to download a copy of their data shared on the social media platform, including photos, comments, p …

    • 19 mai 2018Inside one of the largest hacking conferences in Russia
      Inside one of the largest hacking conferences in RussiaABC NewsWATCHHackers put their skills on display in Moscow conferenceEmailHundreds of aspiring hackers in Moscow faced off against one another earliest this week in different challenges.The event, called Positive Hack Days, is organized by the cybersecurity firm Positive Technologies. More than 4,000 people attended the cybersecurity conferenc …