menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Hackaday

4w

read

272

img
dot

Image Credit: Hackaday

USB-C For Hackers: Reusing Cables

  • USB-C cables can be used for a variety of high-speed electronic communications.
  • USB-C to USB-C cables have five conductors and can handle a maximum of 60W.
  • USB-C to USB-C cables that claim less than 60W are probably lying.
  • USB-C cables contain an extra wire compared to previous USB standards.
  • USB-C cables can handle a fair bit more power than previous USB standards.
  • Rotating USB-C cables is not easy and may not work with all types of signals.
  • Only one USB2 pair is actually connected at the USB-C cable end.
  • Using two USB2-grade 2:1 muxes can get two extra differential signals out of a fully-compliant USB socket.
  • USB-C cables are not standards-compliant if used for arbitrary voltages over 25V.
  • USB-C cables contain IC's in each plug - emarker chips and signal re-drivers, that need to be powered correctly.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

4w

read

111

img
dot

Image Credit: Securityaffairs

Threat actor sells data of over 750,000 patients from a French hospital

  • A threat actor had access to the electronic patient record system of an unnamed French hospital, compromising the health data of 750,000 patients.
  • The stolen data includes personal information such as names, dates of birth, addresses, phone numbers, and medical information like prescriptions and attending physicians.
  • The breach seems to be a supply chain attack, with the hacker compromising the MediBoard platform provided by Softway Medical Group.
  • The exposure of medical data puts patients at risk of identity theft, fraud, and can lead to misdiagnoses or medical errors.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

1M

read

228

img
dot

Image Credit: Securityaffairs

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

  • Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction.
  • The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges.
  • The needrestart package in Ubuntu is a utility designed to ensure system stability after software updates.
  • The vulnerabilities have been tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003.

Read Full Article

like

13 Likes

share

3 Shares

source image

Hackersking

1M

read

714

img
dot

Image Credit: Hackersking

Exploring Cybersecurity Jobs Salary From Entry Level To Experienced

  • The demand for cybersecurity professionals is soaring as organizations face rising cyber threats like data breaches and ransomware.
  • Entry-level roles offer salaries from $50,000–$80,000 annually, with professionals gaining foundational skills and experience. Mid-level careers see salaries between $80,000–$120,000, emphasizing leadership and technical expertise.
  • Senior positions, such as CISOs and Security Architects, command $120,000–$180,000 or more, addressing complex security challenges. Certifications like CEH, eJPT, and OSCP boost career prospects.

Read Full Article

like

10 Likes

share

2 Shares

source image

Medium

1M

read

80

img
dot

The Hidden Risks of ‘Shadow AI’ and How to Secure Them

  • Shadow AI refers to unauthorised or unapproved AI applications used within an organisation without the knowledge or oversight of IT or security teams.
  • The use of Shadow AI can lead to security gaps, exposing sensitive data and jeopardising business operations.
  • To manage Shadow AI effectively, visibility is crucial, along with securing and balancing innovation with security.
  • By taking a proactive approach to governance, businesses can transform potential liabilities into strategic assets, driving innovation securely.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

201

img
dot

Image Credit: Securityaffairs

Ford data breach involved a third-party supplier

  • Ford investigates a data breach linked to a third-party supplier.
  • Threat actors claim to have stolen 44,000 Ford customer records.
  • Ford confirms no breach of its systems or customer data.
  • Compromised data includes customer names, addresses, and purchase info.

Read Full Article

like

12 Likes

share

2 Shares

source image

Medium

1M

read

174

img
dot

Image Credit: Medium

Who Owns Your Data? The Dark Side of the Internet

  • Companies like Google, Facebook, and Amazon rely on user data to shape ads and develop services.
  • Your personal information is used to deliver targeted ads and companies know more about you than you may realize.
  • Data is also crucial for artificial intelligence and machine learning models.
  • While your data contributes to technological progress, corporations benefit the most.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

1M

read

403

img
dot

Image Credit: Securityaffairs

Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations

  • A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy.
  • The hacker gained access to files containing confidential testimony from a woman who claims she had sex with Matt Gaetz.
  • The file-sharing service hosting the documents was not correctly secured, exposing them to the internet without restrictions.
  • The compromised documents include sworn testimony, gate logs, and materials related to the allegations against Matt Gaetz.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

1M

read

250

img
dot

Image Credit: Securityaffairs

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

  • Threat actors are exploiting misconfigured JupyterLab and Jupyter Notebooks servers to illegally stream sports events.
  • Researchers from Aqua observed threat actors using misconfigured servers to hijack environments and duplicate live sports broadcasts.
  • The attackers exploit unauthenticated access to JupyterLab and Jupyter Notebooks to establish initial access.
  • The consequences of such attacks can include denial of service, data manipulation, and reputational damage.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

1M

read

13

img
dot

Image Credit: Securityaffairs

Russian Phobos ransomware operator faces cybercrime charges

  • Russian Phobos ransomware operator Evgenii Ptitsyn extradited from South Korea to the US to face cybercrime charges.
  • Ptitsyn allegedly managed the sale, distribution, and operation of the Phobos ransomware.
  • The Phobos ransomware operation targeted over 1,000 entities worldwide, extorting more than $16 million in ransom payments.
  • Ptitsyn faces multiple charges including wire fraud, computer fraud and abuse, and extortion.

Read Full Article

like

Like

share

Share

source image

Hackingblogs

1M

read

434

img
dot

Image Credit: Hackingblogs

Vmware’s Critical Severity Vulnerability Found Comprising Of RCE And Heap Overflow

  • Serious vulnerabilities have been found in VMware vCenter Server and VMware Cloud Foundation.
  • The vulnerabilities include a heap-overflow vulnerability and a privilege escalation issue.
  • The severity score for these vulnerabilities is 9.8 and 7.5 out of 10, respectively.
  • Hackers can exploit these vulnerabilities to remotely code and compromise systems.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

228

img
dot

Image Credit: Securityaffairs

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

  • Chinese threat actors exploit a zero-day vulnerability in Fortinet's Windows VPN client.
  • The vulnerability allows the threat actors to steal user credentials and server details.
  • The exploit is carried out using the custom malware called DeepData.
  • Volexity researchers reported the vulnerability to Fortinet, but it remains unresolved.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securelist

1M

read

327

img
dot

Image Credit: Securelist

Scammer Black Friday offers: Online shopping threats and dark web

  • Each year, cybercriminals and fraudsters gear up to exploit the demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures.
  • Kaspersky’s automated technologies are designed to detect and prevent various forms of financial phishing and scams that fraudsters run during the Black Friday season.
  • Kaspersky identified more than 38 million phishing attacks targeting users of online stores, payment systems, and banks in the first ten months of 2024.
  • As many as 44.41% of these attacks targeted banking service users.
  • Kaspersky detected and blocked 3,807,116 phishing attempts in 2024, primarily those distributing Amazon-related scam and phishing pages.
  • This year, we have also discovered some malicious campaigns targeting users by spreading fake mobile shopping apps.
  • These malicious programs are designed to steal sensitive data from online banking and payment systems.
  • Despite the high number, the overall activity of PC banking trojans continues to decline.
  • After a phishing attack, scammers who steal shopping accounts or credit card data may use it for their own profit or sell it on dark web forums or marketplaces.
  • Consumers must remain vigilant, especially during peak shopping periods, and adopt stronger security measures like two-factor authentication, secure payment options, and cautious browsing habits.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

1M

read

188

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

  • U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog.
  • CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the catalog.
  • CVE-2024-1212 is an OS command injection vulnerability in Progress Kemp LoadMaster.
  • CVE-2024-0012 and CVE-2024-9474 are vulnerabilities in Palo Alto Networks PAN-OS.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securityaffairs

1M

read

399

img
dot

Image Credit: Securityaffairs

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

  • A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information.
  • The attack occurred on September 8, 2024, and an investigation was launched with the help of a cybersecurity firm.
  • Files were accessed, encrypted, and copied by the threat actor between September 5 and September 8, 2024.
  • The exposed patient information includes names, demographic and health insurance information, clinical treatment details, and in some cases, Social Security and driver's license numbers.

Read Full Article

like

24 Likes

share

5 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app