A naukri.com initiative
Hacking News
Medium
5h
147
Image Credit: Medium
Massive Data Breach Exposes 122 Million Business Contacts: Are You Protected? ️
- A significant data breach has exposed the personal and professional information of 122 million individuals, originating from B2B data aggregator DemandScience.
- B2B data aggregators like DemandScience store large volumes of sensitive data, making them attractive targets for cybercriminals.
- To prevent breaches, B2B aggregators should implement stricter controls, conduct regular security audits, and communicate transparently with customers.
- Wire Tor offers comprehensive Pentesting services to identify vulnerabilities, secure data assets, and provide ongoing support.
Read Full Article
8 Likes
Hackingblogs
13h
268
Image Credit: Hackingblogs
Microsoft Zero Day Vulnerability Will Let An Attacker Get Into User’s PC And Exploit Local Privilege Escalation
- A recently discovered zero-day vulnerability in Microsoft allows attackers to exploit local privilege escalation (LPE) to gain control of a victim's computer system.
- The vulnerability, identified as CVE-2017-0263, was promptly patched by Microsoft after being disclosed by Positive Technologies.
- By successfully exploiting the vulnerability, attackers could obtain system privileges and execute arbitrary code in kernel mode, potentially leading to unauthorized access and control over critical system components.
- The affected systems range from Windows Server versions to various Windows 10 and Windows 11 editions, highlighting the need for users to install the necessary updates to protect against this vulnerability.
Read Full Article
16 Likes
Siliconangle
1d
359
Image Credit: Siliconangle
Zscaler launches Zero Trust Segmentation to enhance security across branches and clouds
- Zscaler Inc. has launched Zero Trust Segmentation, a solution that enhances security across branches and clouds.
- Zero Trust Segmentation eliminates the need for traditional firewalls, SD-WANs, and site-to-site VPNs by turning branches, factories, and cloud environments into isolated, secure "virtual islands."
- By connecting directly to the Zscaler cloud platform, Zero Trust Segmentation enforces business policies to prevent ransomware spread, secure IoT and operational technology systems, and reduce network complexity.
- The offering comes in two parts: Zero Trust Segmentation for Branch and Factories, and Zero Trust Segmentation for Data Centers and Public Clouds.
Read Full Article
21 Likes
Securityaffairs
1d
308
Image Credit: Securityaffairs
Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands
- A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food, Hannaford, their pharmacies, and e-commerce services.
- Ahold Delhaize is a multinational retail and wholesale holding company that operates supermarkets and ecommerce sites in the US.
- The cyber incident was detected on November 8, 2024, and security teams are investigating with the help of external cybersecurity experts.
- Ahold Delhaize USA confirmed that all its brand stores remain open and continue serving customers.
Read Full Article
18 Likes
TechCrunch
1d
329
Image Credit: TechCrunch
Snowflake hackers identified and charged with stealing 50 billion AT&T records
- Two hackers, Connor Moucka and John Binns, have been identified and charged with stealing around 50 billion customer call and text records from AT&T.
- The stolen records were taken from AT&T's systems hosted on Snowflake, a provider of cloud services for data analysis.
- The indictment reveals that the hackers accessed billions of sensitive customer records and successfully extorted at least three victims.
- AT&T is one of several companies who had sensitive data stolen from their Snowflake instances, making these Snowflake-related breaches some of the worst cyberattacks of the year.
Read Full Article
19 Likes
Siliconangle
1d
326
Image Credit: Siliconangle
SlashNext warns of ‘GoIssue’ phishing tool targeting GitHub users
- Phishing protection company SlashNext Inc. warns of a new phishing tool called GoIssue that targets GitHub users.
- GoIssue allows attackers to extract email addresses from GitHub profiles and send bulk phishing emails to developers.
- The tool's advanced features enable targeted phishing campaigns, increasing the risk of credential theft.
- GoIssue is sold for $700 for a customized version, making it accessible to cybercriminals.
Read Full Article
19 Likes
NullTX
1d
162
Image Credit: NullTX
DeltaPrime DeFi Suffers $4.8M Exploit Across Arbitrum And Avalanche Networks
- DeltaPrime DeFi has suffered a $4.8 million exploit across Arbitrum and Avalanche networks.
- The attack was caused by a lack of input validation during the claiming of rewards.
- The attacker manipulated the system to substitute collateral with a reward and withdrew the initial funds, leaving the debt unpaid.
- This is the second security breach for DeltaPrime, following a $6 million loss in September 2024.
Read Full Article
9 Likes
Securityaffairs
9h
67
Image Credit: Securityaffairs
China’s Volt Typhoon botnet has re-emerged
- The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
- In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
- The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.
- The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.
- In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon.
- At the end of 2023, the U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.
- In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure.
- In August 2023, Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717, in Versa Director, to deploy a custom webshell on breached networks.
- Now SecurityScorecard warned that the botnet is back, it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
- While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools, escalating attack risks, especially through third-party and cloud dependencies.
Read Full Article
4 Likes
Securelist
19h
358
Image Credit: Securelist
Threats in space (or rather, on Earth): internet-exposed GNSS receivers
- Global Navigation Satellite Systems (GNSS) are vulnerable to several attack vectors such as jamming, spoofing, physical attack, cyber attack, and more.
- Cybersecurity firm Cyble analyzed the attack surface against satellite receivers from five major vendors, and found that, as of March 2023, thousands of these receivers were exposed online.
- In 2023, both SiegedSec and GhostSec groups conducted several attacks against GNSS receivers and illegally accessed numerous devices belonging to various entities in several countries.
- A recent study found that as of July 2024, over 10,000 GNSS receiver instances had been exposed online globally, and over 3,000 of them were still vulnerable to exploitation.
- Most vulnerable receivers by a specific vendor were largely found in the United States, Germany, Australia, Russia and Japan. Cloud computing, telecommunications and energy industries were among the worst hit.
- Out of numerous types of vulnerabilities in GNSS receivers, denial of service, exposure of information and privilege escalation were the most frequent ones.
- To protect the GNSS receivers, organizations should keep them unreachable from outside and use stern authentication mechanisms if the internet connection is essential.
- Specialized tools such as Space Attack Research and Tactic Analysis (SPARTA) matrix can be employed to formalize TTPs of space-related threat actors and provide effective countermeasures to protect space systems.
Read Full Article
21 Likes
Securityaffairs
1d
107
Image Credit: Securityaffairs
A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel
- A cyberattack in Israel disrupted credit card readers across stores and gas stations.
- The attack was a DDoS attack that targeted the company responsible for the operations of the devices.
- The attack lasted for an hour but was mitigated, and no personal or financial data was compromised.
- The attack is believed to be linked to ongoing military operations, and an Iran-linked hacker group claimed responsibility.
Read Full Article
6 Likes
Securityaffairs
1d
77
Image Credit: Securityaffairs
Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices
- Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users.
- The new feature was introduced with the release of iOS 18.1 at the end of October.
- The auto-reboot feature erases sensitive data from memory to prevent unauthorized extraction.
- Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock.
Read Full Article
4 Likes
Securityaffairs
1d
293
Image Credit: Securityaffairs
Ymir ransomware, a new stealthy ransomware grow in the wild
- Kaspersky researchers discovered a new ransomware family called Ymir ransomware.
- Ymir ransomware was deployed after breaching systems via PowerShell commands.
- The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files.
- The attack involved the use of RustyStealer malware as a precursor to weaken defenses.
Read Full Article
17 Likes
Medium
2d
1.1k
Image Credit: Medium
Amazon Confirms Data Breach: What It Means for Employee Security and Penetration Testing
- Amazon confirms a data breach involving employee information caused by a vendor hack.
- Over 2.8 million lines of Amazon employee data were leaked, but sensitive data was not compromised.
- The breach highlights the risks associated with third-party service providers and the importance of penetration testing.
- Wire Tor offers a 50% discount on penetration testing services to protect businesses from cyberattacks.
Read Full Article
15 Likes
Securityaffairs
2d
58
Image Credit: Securityaffairs
Amazon discloses employee data breach after May 2023 MOVEit attacks
- Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.
- The data breach occurred through a third-party vendor and the exact number of impacted employees was not disclosed.
- Over 2.8 million records containing employee data were leaked by a threat actor named Nam3L3ss on BreachForums.
- The compromised data includes names, contact information, building locations, and email addresses, but did not include SSNs or financial information.
Read Full Article
3 Likes
Medium
2d
328
Image Credit: Medium
FBI Warns of Cybercriminals Exploiting Fake Emergency Data Requests (EDRs)! ️
- The FBI has warned about cybercriminals exploiting fake emergency data requests (EDRs).
- These fraudulent requests allow threat actors to access sensitive information under the guise of urgency.
- The FBI reports a significant increase in cybercrime forums discussing the misuse of EDRs to target US-based organizations.
- Organizations need to prioritize data protection and take necessary steps to prevent risks from fake EDRs.
Read Full Article
19 Likes
For uninterrupted reading, download the app