Hacker News | Latest Cyber Hacking News on Techminis

A naukri.com initiative

New

Home

Hacking News

Medium

103

Image Credit: Medium

POV-HackTheBox Walkthrough

The author starts by visiting port 80 but doesn't find anything of interest.
They run gobuster and ffuf to search for directories and subdomains.
They discover a vulnerability in the ViewState mechanism of ASP.NET web applications.
Using ysoserial.exe, they exploit the vulnerability to gain a reverse shell.

Read Full Article

6 Likes

Securityaffairs

263

Image Credit: Securityaffairs

Panda Restaurant Group disclosed a data breach

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates’ personal information.
The breach impacted corporate systems but did not affect in-store systems, operations, or guest experience.
The stolen information included associates' names and personal identifiers with driver's license or identification card numbers.
Panda Restaurant Group is offering impacted individuals complimentary credit monitoring and identity protection services.

Read Full Article

15 Likes

Medium

176

Image Credit: Medium

Redlight Cyber Security & IT Management WordPress Themes

Redlight Cyber Security & IT Management WordPress theme is designed for cyber security services and IT management.
The theme leverages Bootstrap 4 and offers essential elements like testimonials and dynamic services.
It is fully responsive and SEO-friendly, with multiple layout designs and compatibility with WooCommerce.
Redlight Cyber Security provides a powerful online presence for cyber security professionals and agencies.

Read Full Article

10 Likes

Medium

310

Image Credit: Medium

Nurturing Cyber Guardians: The Rise of Ethical Hacking and Cyber Security Institute in Rohtak City

The rise of an ethical hacking and cybersecurity institute in Rohtak City showcases the growing demand for cybersecurity expertise.
The institute offers diverse courses catering to varying skill levels, emphasizing ethical hacking as a means to understand and combat cyber threats.
Real-world application is a key component of the institute's curriculum, with hands-on practical exercises and simulations mirroring industry challenges.
The institute aims to cultivate ethical mindsets among students, equipping them with the knowledge and skills to safeguard digital assets for the greater good.

Read Full Article

18 Likes

Discover more

Securityaffairs

627

Image Credit: Securityaffairs

A flaw in the R programming language could allow code execution

A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files.
The vulnerability, tracked as CVE-2024-27322 (CVSS v3: 8.8), allows arbitrary code execution upon deserializing RDS or RDX files.
The flaw was reported by researchers at HiddenLayer and involves the use of promise objects and lazy evaluation in R.
Attackers can exploit this vulnerability by distributing malware-laced packages or tricking victims into executing malicious files.

Read Full Article

15 Likes

Securityaffairs

15h

146

Image Credit: Securityaffairs

Cuttlefish malware targets enterprise-grade SOHO routers

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data.
Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data and uses stolen credentials to access targeted resources.
The malware steals authentication data from web requests passing through the router, performs DNS and HTTP hijacking, and can interact with other devices on the network.
Cuttlefish has been active since at least July 2023, primarily targeting public cloud-based services and storing stolen data in logs.

Read Full Article

8 Likes

Medium

20h

219

Image Credit: Medium

Security: The Fools vs The Truth

Becoming a hacker is not as easy as portrayed in Hollywood movies.
Security vulnerabilities continue to exist due to outdated servers and human negligence.
Crypto platforms face frequent hacks, while the purpose of decentralization is questioned.
State-sponsored hacking groups pose an existential threat to security and privacy.

Read Full Article

13 Likes

Kitploit

20h

Image Credit: Kitploit

OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer

Automate the process of analyzing web server logs with the Python Web Log Analyzer.
Features include attack detection, rate limit monitoring, automated scanner detection, and user-agent analysis.
Future features may include IP geolocation and real-time monitoring.
To use the tool, clone the repository, navigate to the directory, and execute the command python3 WLA-cli.py.

Read Full Article

2 Likes

Hackersking

20h

241

Image Credit: Hackersking

Ominis OSINT For Secure Web-Search Like Dorking

Ominis OSINT is a powerful Python script for information gathering using advanced Dorking techniques.
The script utilizes Google searches to extract relevant information such as titles, URLs, and mentions of user-inputted queries.
To use Ominis OSINT, you need to clone the repository, install the required dependencies, and run the script on the Linux terminal.
Consider saving bookmarks and enrolling in a real-world hacking course for more in-depth knowledge.

Read Full Article

14 Likes

Insider

21h

Image Credit: Insider

A hacker got 6 years in prison for stealing therapy notes and blackmailing patients

Finnish hacker Aleksanteri 'Julius' Kivimäki has been sentenced to six years and three months in prison.
He hacked a therapy company to steal confidential notes and attempted to extort patients.
Kivimäki targeted around 33,000 people and demanded a ransom of over 400,000 euros.
Confidential therapy notes and personal details of patients were leaked online, leading to significant harm.

Read Full Article

1 Like

Securityaffairs

322

Image Credit: Securityaffairs

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

China-linked threat actors known as Muddling Meerkat have been using sophisticated DNS activities since 2019.
They manipulate DNS through fake MX records and have the ability to control China's Great Firewall.
The motive behind these attacks is still unknown.
Infoblox researchers have provided indicators of compromise to counter these activities.

Read Full Article

19 Likes

Medium

232

Image Credit: Medium

The OurMine and WikiLeaks Incident: A Terrifying Glimpse into the World of Cyber Attacks

The OurMine Hack: OurMine, a notorious hacking group known for targeting high-profile individuals and organizations, gained unauthorized access to the official Twitter account of WikiLeaks.
The WikiLeaks Fallout: The repercussions of the OurMine hack were swift and far-reaching, exposing the vulnerabilities of even well-guarded online platforms.
The Rise of Cyber Warfare: The incident serves as a reminder of the growing threat of cyber warfare, capable of wreaking havoc on critical infrastructure and undermining democratic institutions.
The Human Cost: Behind every cyber attack lies a human cost, leaving victims feeling exposed and powerless in the face of invisible adversaries.

Read Full Article

14 Likes

Medium

200

Image Credit: Medium

WhizCyber WordPress Themes

WhizCyber is a WordPress theme for cyber security services, built with Bootstrap 4 and designed to be SEO friendly and fast loading.
It includes multiple unique layout designs and features such as Services, About Us, Services Details, Blog pages, and Shop Pages.
The theme is highly customizable with elements from King Composer and offers advanced typography and custom page templates.
WhizCyber is recommended for showcasing expertise in the field of cyber security and comes with documentation and updates included.

Read Full Article

12 Likes

Securityaffairs

246

Image Credit: Securityaffairs

CISA guidelines to protect critical infrastructure against AI-based threats

The US government’s cybersecurity agency CISA published guidelines to protect critical infrastructure against AI-based attacks.
CISA collaborated with Sector Risk Management Agencies to assess AI risks and categorized them into attacks using AI, attacks targeting AI systems, and failures in AI design and implementation.
The guidelines integrate the AI Risk Management Framework into enterprise risk management programs, focusing on the Govern, Map, Measure, and Manage functions.
CISA emphasizes that critical infrastructure operators should consider sector-specific factors and align AI safety and security priorities with their organizational principles.

Read Full Article

14 Likes

Medium

216

Image Credit: Medium

Cyber Security Awareness by Sanjay Kumar (ADGP), Cyber Crime Wing

Ensuring cyber security awareness is crucial in the digital age.
Tamil Nadu Police actively promotes cyber security through workshops and campaigns.
The police department has established a dedicated helpline (1930) for reporting cyber threats.
Collectively, we can create a safer digital environment through proactive measures.

Read Full Article

13 Likes

For uninterrupted reading, download the app