menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

2w

read

231

img
dot

Image Credit: Securityaffairs

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

  • Germany’s largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.
  • Crimenetwork facilitated the sale of illegal goods and services since 2012, serving as a hub for cybercriminal activities.
  • The police arrested the 29-year-old administrator and seized €1M in assets.
  • The operation was carried out by the Public Prosecutor’s Office, the Central Office for Combating Cybercrime, and the Federal Criminal Police Office.

Read Full Article

like

13 Likes

source image

Hackingblogs

2w

read

432

img
dot

Image Credit: Hackingblogs

Malicious Update to @solana/web3.js npm Library Steals Private Keys, Puts Crypto Wallets at Risk

  • The well-known @solana/web3.js library has been compromised in a supply chain attack.
  • Two malicious versions of the library were posted on the official npm registry on December 2, 2024.
  • The malicious code stole private keys from developers and users, putting cryptocurrency wallets at risk.
  • Developers are advised to rotate their private keys and update to Solana Web3.js version 1.95.8 immediately.

Read Full Article

like

26 Likes

source image

Securityaffairs

2w

read

13

img
dot

Image Credit: Securityaffairs

Veeam addressed critical Service Provider Console (VSPC) bug

  • Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code.
  • The vulnerability affects Veeam Service Provider Console 8.1.0.21377 and all earlier versions 8 and 7 builds.
  • Veeam also addressed another vulnerability that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.
  • Both vulnerabilities have been addressed in version 8.1.0.21999 and organizations are recommended to upgrade to the latest version of the software.

Read Full Article

like

Like

source image

Securityaffairs

2w

read

117

img
dot

Image Credit: Securityaffairs

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

  • Australia, Canada, New Zealand, and the U.S. jointly warn of PRC-linked cyber espionage targeting telecom networks.
  • All of the six security agencies recommend robust measures to protect enterprise networks against cyber threats.
  • Organizations should adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC).
  • China-linked cyber espionage campaign targeted U.S. broadband providers, compromising networks to steal call records and access private communications of government officials.
  • The alleged threat actors compromised networks of major global telecommunications providers and carried out a broad and significant cyber espionage campaign.
  • Experts believe that these breaches like this could enable disruptive attacks during any future potential conflicts.
  • The Salt Typhoon group targeted surveillance systems used by the US government to investigate crimes and threats to national security.
  • The company T-Mobile determined that the attacks suspected to be from 'Salt Typhoon' originated from a wireline provider’s network that was connected to its systems.
  • These breaches are a part of China’s expansive espionage strategies which are increasingly raising concerns of USA officials.
  • The carrier T-Mobile, which detected recent infiltration attempts confirmed no unauthorized system access occurred, and services were unaffected.

Read Full Article

like

7 Likes

source image

Securelist

2w

read

113

img
dot

Image Credit: Securelist

Kaspersky Security Bulletin 2024. Statistics

  • During the reporting period from November 2023 to October 2024, Kaspersky solutions stopped over 300 million malware attacks launched from online resources globally.
  • Kaspersky detected over 85 million unique malicious URLs and blocked over 72 million unique malicious objects with the help of Web Anti-Virus components.
  • Ransomware attacks were prevented on the computers of over 300,000 unique users, and miners were stopped from infecting nearly 1 million unique users.
  • Moreover, Kaspersky prevented the launch of banking, ATM, or PoS malware on the devices of over 200,000 users.

Read Full Article

like

6 Likes

source image

Securityaffairs

3w

read

432

img
dot

Image Credit: Securityaffairs

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

  • Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild.
  • The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, allowing an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
  • Cisco first published the advisory in March 2024, but recently detected new exploitation attempts for the vulnerability.
  • Cisco urges customers to upgrade to a fixed software release to mitigate the vulnerability.

Read Full Article

like

26 Likes

source image

Hackingblogs

3w

read

61

img
dot

Image Credit: Hackingblogs

Hacker Group Claims Massive Breach of Microsoft’s Software Licensing Security

  • A hacker group named Massgrave claims to have breached Microsoft's software licensing security.
  • They have cracked the code to permanently activate Microsoft Windows and Office products for free.
  • The crack is compatible with all versions of Office and Windows, from Vista to Windows 11.
  • Microsoft appears less concerned about piracy as Windows sales contribute a small percentage of their revenue.

Read Full Article

like

3 Likes

source image

Securityaffairs

3w

read

218

img
dot

Image Credit: Securityaffairs

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

  • Energy industry contractor ENGlobal Corporation disclosed a ransomware attack on November 25, disrupting operations.
  • The threat actors gained unauthorized access to the company's IT system and encrypted some data files.
  • ENGlobal Corporation is currently working with external cybersecurity specialists to investigate and remediate the incident.
  • It is unclear when full access to the company's IT systems will be restored, and the impact on its financial condition and operations is being assessed.

Read Full Article

like

13 Likes

source image

Securityaffairs

3w

read

96

img
dot

Image Credit: Securityaffairs

Poland probes Pegasus spyware abuse under the PiS government

  • Poland is investigating the alleged misuse of Pegasus spyware by the previous administration.
  • Former head of Poland's internal security service, Piotr Pogonowski, was arrested to testify before parliament.
  • The spyware was used to spy on the phone of the opposition-linked Polish mayor in 2018-2019.
  • NSO Group, the vendor behind Pegasus, admitted mistakes and canceled several contracts after the abuse of its software was exposed.

Read Full Article

like

5 Likes

source image

Hackersking

3w

read

398

img
dot

Image Credit: Hackersking

Transfer Files Over The Internet Using Linux With Safely

  • When using the Linux operating system, it is important to transfer files over the Internet safely.
  • Relying on third-party cloud storage comes with risks such as data leaks and slow speeds.
  • To transfer files using Linux, you can use the Magic-wormhole package.
  • This package provides a command-line tool named Wormhole for secure file transfer.

Read Full Article

like

23 Likes

source image

Securityaffairs

3w

read

197

img
dot

Image Credit: Securityaffairs

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

  • The 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware.
  • Bootkitty is the first UEFI bootkit designed to target Linux systems.
  • The bootkit disables the kernel's signature verification feature and preloads unknown ELF binaries via the Linux init process.
  • Bootkitty bypasses UEFI Secure Boot and exploits the LogoFAIL flaw to compromise systems running on vulnerable firmware.

Read Full Article

like

11 Likes

source image

Hackersking

3w

read

2.7k

img
dot

Image Credit: Hackersking

Why Hackers & Programmers Love HackerRank Coding Challenges

  • HackerRank is the ultimate platform for mastering coding challenges.
  • It offers a wide range of challenges to suit all skill levels and has a supportive community.
  • HackerRank provides tutorials, competitions, and interview preparation materials.
  • Solving coding challenges enhances problem-solving skills and boosts confidence.

Read Full Article

like

17 Likes

source image

Securityaffairs

3w

read

8

img
dot

Image Credit: Securityaffairs

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

  • The Tor Project is seeking help in deploying 200 WebTunnel bridges by the end of the year to counter government censorship.
  • Recent reports from Russia indicate increased censorship targeting the Tor network, including blocking bridges, pluggable transports, and circumvention apps.
  • WebTunnel bridges are being blocked in Russia, making it necessary to deploy more bridges to provide secure access for users.
  • The Tor Project is urging the community to help by running a WebTunnel bridge, with specific technical requirements outlined in the WebTunnel guide.

Read Full Article

like

Like

source image

Coinpedia

3w

read

320

img
dot

Image Credit: Coinpedia

Will CZ and Binance Save WazirX Users Amid Fund Freeze Allegations?

  • The ongoing issue between WazirX and Binance escalated as users claim fund freeze allegations.
  • CZ, co-founder of Binance, expressed regret but clarified he was not managing WazirX during the alleged hack.
  • Users express concerns about Binance's role in resolving the situation and unfreezing funds.
  • Questions arise regarding Binance's responsibility to assist WazirX users in this matter.

Read Full Article

like

19 Likes

source image

Securityaffairs

3w

read

434

img
dot

Image Credit: Securityaffairs

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

  • Operation HAECHI-V led to more than 5,500 suspects arrested and $400 million seized.
  • The operation targeted cyber frauds such as phishing, romance scams, and online gambling.
  • A voice phishing syndicate causing $1.1 billion in losses was dismantled, leading to 27 arrests.
  • INTERPOL issued a Purple Notice warning about cryptocurrency fraud involving the USDT Token Approval Scam.

Read Full Article

like

26 Likes

For uninterrupted reading, download the app