A naukri.com initiative
Hacking News
Coinpedia
1M
130
Image Credit: Coinpedia
Phobos Ransomware Arrest: Who is Evgenii Ptitsyn and What Are the Allegations Against Him?
- Evgenii Ptitsyn, a Russian national, has been extradited from South Korea and is facing charges related to the Phobos ransomware.
- Ptitsyn is accused of managing the sale and distribution of the ransomware that has affected over 1,000 organizations.
- Phobos ransomware is a Ransomware-as-a-Service tool used to target healthcare, education, and government institutions.
- Ptitsyn is charged with 13 counts of wire fraud, computer fraud, and extortion, with a potential prison sentence of up to 20 years for each count.
Read Full Article
7 Likes
TheNewsCrypto
1M
278
Image Credit: TheNewsCrypto
Polter Finance Exploiter Moves 120 ETH to Tornado Cash
- Polter Finance, a decentralized non-custodial lending and borrowing platform, lost $8.7 million in a hack.
- An address linked to the Polter Finance exploiter transferred 120 ETH to Tornado Cash.
- The platform paused operations, involved law enforcement, and filed a police report in Singapore.
- Criticism has surfaced regarding insider involvement and vulnerabilities in DeFi protocols.
Read Full Article
16 Likes
Tech Story
1M
134
How to Fax from a Computer
- Faxing may seem like a relic of the past, but it remains a critical tool for securely transmitting documents, especially in industries like healthcare, legal, and finance.
- You can easily fax from your computer using online fax services, fax through email, fax using fax software, fax through a printer, or use your smartphone as a backup.
- Online fax services are the most convenient option as they allow you to send and receive faxes digitally, with added features like encryption and cloud integration.
- Faxing through email is a simple method that doesn't require additional software, while using fax software or a multifunction printer allows you to fax directly from your computer.
Read Full Article
8 Likes
Securityaffairs
1M
126
Image Credit: Securityaffairs
Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
- Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns.
- Broadcom confirms that exploitation of the vulnerabilities has occurred in the wild.
- The vulnerabilities, namely a heap-overflow vulnerability (CVE-2024-38812) and a privilege escalation vulnerability (CVE-2024-38813), can lead to remote code execution and privilege escalation.
- VMware has released updated versions of vCenter Server and VMware Cloud Foundation to address the vulnerabilities.
Read Full Article
7 Likes
Tech Story
1M
372
How to Get Paramount Network on Roku
- To get Paramount Network on your Roku device, follow these steps:
- Step 1: Set up your Roku device by connecting it to your TV and Wi-Fi network.
- Step 2: Add the Paramount Network app from the Roku Channel Store.
- Step 3: Activate the Paramount Network app by entering the provided activation code on the Paramount Network Activation Page.
- Step 4: If you don't have a TV provider, subscribe to a live TV streaming service that offers Paramount Network, such as YouTube TV or Hulu + Live TV.
Read Full Article
22 Likes
Securityaffairs
1M
318
Image Credit: Securityaffairs
Foreign adversary hacked email communications of the Library of Congress says
- Foreign adversary hacked email communications of the Library of Congress.
- The alleged foreign threat actor gained access to email communications between congressional offices and some library staff.
- Email communications between January and September were affected.
- House and Senate email networks, as well as the U.S. Copyright Office systems, were not impacted.
Read Full Article
19 Likes
Securityaffairs
1M
53
Image Credit: Securityaffairs
T-Mobile is one of the victims of the massive Chinese breach of telecom firms
- T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies.
- The breach is part of a long-running cyber espionage campaign that targeted U.S. telecoms to steal call records and access private communications mainly of government and political figures.
- Salt Typhoon, also known as FamousSparrow and GhostEmperor, is a China-linked APT group active since at least 2019 that focused on government entities and telecommunications companies in Southeast Asia.
- The cyberattack poses a major national security risk and implicates China's digital army of Cyberspies breaking into valuable computer networks in the United States and around the globe.
- The cybersecurity experts warn that Chinese nation-state actors have shifted from stealing secrets to infiltrate critical US infrastructure, suggesting that they are now targeting the core of America’s digital networks.
- The Salt Typhoon hacking campaign appears to focus on intelligence gathering rather than crippling infrastructure, unlike the attacks carried out by another China-linked APT group called Volt Typhoon.
- Salt Typhoon used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities, including Cisco Systems routers, and investigators suspect the hackers relied on AI or machine learning to further their espionage operations.
- The cyberattack raises concern as T-Mobile has suffered multiple data breaches in recent years, with the most recent breach in August 2021 impacting 54 million customers.
- T-Mobile assures its customers that it closely monitors the industry-wide attack: no impact to customer information has been identified, and the authorities are working with relevant peers.
- The FBI and CISA are continuing the investigation, and they expect their understanding of these compromises to grow as the investigation continues.
Read Full Article
3 Likes
Securityaffairs
1M
431
Image Credit: Securityaffairs
Increased GDPR Enforcement Highlights the Need for Data Security
- GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures.
- Uber received a €290 million fine from the Dutch Data Protection Authority (DPA).
- Maximum fine organizations can face for GDRP violation is €20 million or 4% of their global annual revenue from the previous fiscal year.
- The penalties for failing to comply with GDPR can be severe and may reach €10 million or 2% of annual global revenue.
- Meta, Amazon, Instagram have previously faced GDPR violations and gigantic fines.
- Advanced Data Security Posture Management (DSPM) tools can help organizations minimize GDPR compliance risks.
- Data mapping and classification, Cross-border data transfer controls, and continuous monitoring are some strategic measures companies can adopt for GDPR compliance and data protection.
- As the regulatory environment tightens, global companies must realize that non-compliance with data protection laws can have dire consequences
- Those who prioritize security and compliance will be best positioned for long-term success.
- By adopting advanced data security solutions, businesses can maintain a robust data protection posture, mitigate risks, and avoid the severe consequences that come with non-compliance.
Read Full Article
25 Likes
Securityaffairs
1M
49
Image Credit: Securityaffairs
Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites
- A critical vulnerability in the Really Simple Security plugin affects over 4 million WordPress sites.
- The vulnerability allows attackers to gain full admin access to affected sites.
- The flaw is an authentication bypass vulnerability in the plugin's two-factor authentication feature.
- The vulnerability has been patched in version 9.1.2 of the plugin.
Read Full Article
2 Likes
Medium
1M
265
Image Credit: Medium
Critical Vulnerability in 'Really Simple Security' Plugin Puts Millions of WordPress Sites at Risk
- 'Really Simple Security' is a widely-used WordPress plugin with over four million active installations.
- The plugin has a critical authentication bypass vulnerability (CVE-2024-10924) that allows attackers to gain admin-level access.
- The vulnerability affects versions 9.0.0 to 9.1.1.1 of the plugin.
- Wordfence recommends updating to version 9.1.2 immediately to mitigate the risk.
Read Full Article
15 Likes
Medium
1M
305
Image Credit: Medium
Can Vpns Be Hacked? — Comprehensive Guide And FAQs
- VPNs, or Virtual Private Networks, create a secure tunnel between your device and the internet, protecting your online activity and masking your location by appearing as if you are accessing the internet through the VPN’s server.
- However, not all VPNs are created equal, and it’s essential to understand the different types available to choose the right service for your needs.
- VPNs can be hacked, but it’s important to understand that hacking can take many forms, including data leakage, outdated or weak encryption protocols, or an untrustworthy VPN provider.
- To maximize the security of your VPN, select a trustworthy provider, enable the kill switch feature if available, keep your software up to date, use strong passwords for your VPN, and consider multi-factor authentication if available.
- Be aware of government regulations concerning VPN use where you live and where the provider is based, and note that while free VPNs exist, they may not offer the same level of security as a paid reputable VPN service.
- VPNs can greatly enhance your anonymity, but they are not foolproof, and it’s essential to remain vigilant and proactively check for leaks or signs of compromise.
- Consider alternatives to VPNs, such as Tor or secure browser extensions, and understand the laws related to VPN use in your jurisdiction.
- No tool can wholly protect against risks, but constant vigilance and proactivity can go a long way in maintaining your online privacy.
Read Full Article
18 Likes
Securityaffairs
1M
301
Image Credit: Securityaffairs
Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
- A botnet exploits GeoVision zero-day to compromise end-of-life (EoL) devices
- Palo Alto Networks confirms active exploitation of recently disclosed zero-day
- NSO Group used WhatsApp exploits even after being sued by Meta-owned company
- Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
Read Full Article
18 Likes
Crypto-News-Flash
1M
314
Image Credit: Crypto-News-Flash
Thala Labs Investigates Exploit That Drained $25.5M
- Thala Labs recovered $25.5M stolen in a breach after identifying the exploiter and negotiating a $300K bounty.
- Thala Labs paused contracts for security reviews after a vulnerability was exploited, ensuring full recovery for affected users.
- The hack allowed the assailant to steal liquidity pool tokens worth $25.5 million.
- Thala Labs collaborated with law enforcement and cybersecurity professionals to find the exploiter and reach a settlement for complete asset recovery.
Read Full Article
18 Likes
Securityaffairs
1M
328
Image Credit: Securityaffairs
A botnet exploits e GeoVision zero-day to compromise EoL devices
- A botnet is exploiting a zero-day in end-of-life GeoVision devices to compromise devices in the wild.
- The zero-day, tracked as CVE-2024-11120, is a pre-auth command injection vulnerability.
- The botnet is used for DDoS or cryptomining attacks.
- Approximately 17,000 Internet-facing GeoVision devices are vulnerable to the zero-day.
Read Full Article
19 Likes
Idownloadblog
1M
247
Image Credit: Idownloadblog
Nugget iPhone customization utility updated to v4.1 with bug fixes & improvements
- iOS developer LeminLimez announced an updated version of Nugget, a device customization utility for iPhones and iPads.
- Nugget v4.1 introduces new risky tweak options and bug fixes, with a focus on experimental features.
- Support is available for macOS, including versions for Intel Macs and Apple Silicon Macs.
- Users are advised to be cautious when using Nugget and to back up their device's data beforehand.
Read Full Article
14 Likes
For uninterrupted reading, download the app