A naukri.com initiative
Hacking News
Hackernoon
1M
170
Image Credit: Hackernoon
The Rise of Cyber Militias
- The internet has allowed like-minded individuals to come together and communicate about shared interests, leading to the rise in cyber militias.
- Cyber militias have broadened their causes to include social and environmental aims, becoming more popular over the last several years.
- Wars, climate change, and civil unrest are some of the many factors that led to people's engagement in cyber militias, which are accessible and used for mobilization, communication, and solidarity.
- Traditional activism required printing flyers, but the internet makes it incredibly easy to distribute information to the masses in seconds, leading to the emergence of cyber militias.
- The increasing availability of AI-based video and picture tools has made it difficult to believe everything seen on the internet.
- Cyber militias do not solely operate by creating or publishing doubtful or untruthful content. They also plan coordinated hacks that disrupt websites and online services.
- Some college campuses are like miniature cities and are ideal targets for cyberattacks. Most educational institutions still remain unprepared.
- Cyber militias have caused a shift whereby some participants actively take part in public spaces, inspired by the internet mobilization and activism.
- The internet has increased the speed at which people can create content and how effectively they can engage others.
- The modern difference in militias is that the internet and devices that connect to it have become powerful tools for getting heard and noticed during times of increasing upheaval.
Read Full Article
10 Likes
Hackingblogs
1M
440
Image Credit: Hackingblogs
A Detailed Guide On HTML Parsing and DOMPurify Bypassing for Security Researchers
- The article provides a detailed guide on HTML parsing and bypassing the DOMPurify library for security researchers.
- DOMPurify is a JavaScript package that helps prevent XSS attacks by sanitizing user-generated content.
- DOMPurify removes potentially dangerous elements, attributes, and scripts while maintaining the HTML's visual organisation and structure.
- To install the library DOMPurify, use npm commands.
- Client-side HTML sanitisers, such as DOMPurify, js-sanitize, and sanitize-html, lessen the possibility of cross-site scripting (XSS) attacks.
- The article also explains the working of DOMPurify and the Node flattening concept.
- HTML parsing involves splitting the HTML document into a document object model (DOM) or a parse tree.
- The article provides a list of discovered mutation techniques and the handling of HTML parse states.
- Four DOMPurify bypasses have been discussed in the article, and the unpredictability of HTML was highlighted.
- The article concludes that a single regular expression is now mostly responsible for the security of the DOMPurify library.
Read Full Article
26 Likes
Securityaffairs
1M
26
Image Credit: Securityaffairs
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day
- Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs).
- Last week, Palo Alto Networks warned customers about a potential remote code execution vulnerability in PAN-OS, but had no details on active exploitation.
- Now, Palo Alto Networks has confirmed that the zero-day in its PAN-OS firewall is actively being exploited and has released indicators of compromise.
- The cybersecurity firm observed malicious activities originating from specific IP addresses and recommended secure management access practices.
Read Full Article
1 Like
Hackersking
1M
189
Image Credit: Hackersking
Hacking Kia: Remotely Controlling Cars with Just a License Plate
- A vulnerability has been discovered in Kia cars, where hackers could potentially gain remote control of a vehicle using just its license plate number.
- The vulnerability arises from weak or outdated encryption in telematics systems used by modern cars, such as those from Kia.
- Kia has acknowledged the issue and is working on updating its software and strengthening encryption to protect against unauthorized access.
- Vehicle owners can protect their cars by updating software, using strong authentication, disabling remote features when not needed, and monitoring for suspicious activity.
Read Full Article
11 Likes
Securityaffairs
1M
99
Image Credit: Securityaffairs
NSO Group used WhatsApp exploits even after Meta-owned company sued it
- NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm.
- NSO Group continued using WhatsApp exploits, including spyware called 'Erised,' even after being sued for violating anti-hacking laws.
- NSO employees violated WhatsApp's Terms of Service by reverse-engineering, transmitting harmful code, and accessing the platform illegally.
- Court filings reveal that NSO Group had minimal control over customers' use of its spyware, contradicting prior claims by the company.
Read Full Article
5 Likes
Hackersking
1M
184
Image Credit: Hackersking
Email OSINT & Password Breach Hunting Using H8Mail On Linux
- H8Mail is an email OSINT and breach hunting tool for Linux.
- It uses open-source intelligence and web APIs to discover exposed email passwords.
- The tool supports email pattern matching, loose patterns for local search, and bulk file-reading for targeting.
- It can output results to CSV or JSON and is compatible with breach compilation scripts.
Read Full Article
11 Likes
Medium
1M
9
Image Credit: Medium
BugBounty — Mastering the Basics (along with Resources)[Part-4]
- Bug bounty hunting and web hacking are the focus of this section.
- Recommended blogs and YouTube channels provide valuable resources in the field.
- The resources include presentations from various conferences.
- Social media profiles for further engagement: Twitter, LinkedIn, GitHub.
Read Full Article
Like
Securityaffairs
1M
337
Image Credit: Securityaffairs
Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
- The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies.
- Glove Stealer is a .NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.
- The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service.
- The campaign observed by researchers used a phishing message with an HTML file attachment to trick users into executing malicious scripts.
Read Full Article
20 Likes
Securityaffairs
1M
364
Image Credit: Securityaffairs
Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison
- Bitfinex hacker Ilya Lichtenstein has been sentenced to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex.
- Over 96% of the stolen funds have been recovered, with most remaining unspent, according to defense attorney Samson Enzer and with assistance from Lichtenstein.
- In February 2022, Lichtenstein and his wife were arrested for alleged conspiracy to launder $4.5 billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.
- Lichtenstein used advanced hacking tools and techniques to breach Bitfinex’s network and laundered the stolen funds with the help of his wife.
Read Full Article
21 Likes
Medium
1M
67
Image Credit: Medium
Tutorials Suck, Just Build It Yourself!
- Deep learning is crucial for understanding programming principles.
- Building from scratch enhances problem-solving skills and critical thinking.
- Creativity and innovation flourish when not bound by tutorials.
- Ownership, satisfaction, and real-world application are gained by creating something from scratch.
- Building from scratch strengthens foundational knowledge and prepares for real-world scenarios.
- Community and collaboration thrive when building from scratch.
Read Full Article
4 Likes
Securityaffairs
1M
4
Image Credit: Securityaffairs
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
- The vulnerabilities in the Palo Alto Networks Expedition solution could allow an attacker to access sensitive data and potentially take over firewall administrator accounts.
- The identified vulnerabilities include command injection, SQL injection, and cross-site scripting (XSS) flaws.
- Palo Alto Networks provided workarounds and advised organizations to review and address the vulnerabilities in their infrastructure.
Read Full Article
Like
Hackingblogs
1M
342
Image Credit: Hackingblogs
Beware Of These 8 Fake Application On Google Playstore As They Contain Trojan Android.FakeApp.1669
- Beware of these 8 fake applications on Google PlayStore as they contain Trojan Android.FakeApp.1669
- Android.FakeApp.1669 is a dangerous Trojan that opens links to various sites instead of the expected program or game.
- The malware alters its behavior based on commands from the C&C server, displaying contents of target websites like online casinos.
- Users should uninstall compromised applications, regularly check permissions, and keep their devices and apps updated to prevent malware attacks.
Read Full Article
20 Likes
TheNewsCrypto
1M
301
Image Credit: TheNewsCrypto
Bitfinex Hacker Sentenced to 5 Years for Bitcoin Laundering
- Ilya Lichtenstein, the hacker behind the 2016 Bitfinex exchange breach, has been sentenced to five years in prison for his role in one of the largest cryptocurrency thefts in history. He stole approximately 120,000 Bitcoin, valued at $71.8 million at the time, which is now worth over $8 billion.
- Lichtenstein exploited vulnerabilities in Bitfinex's system and deleted crucial access logs and credentials to cover his tracks. He authorized over 2,000 transactions transferring 119,754 Bitcoins to a wallet under his control.
- After the hack, Lichtenstein enlisted his wife, Heather Morgan, to help with money laundering techniques, including using fictitious identities, automating transactions, and converting bitcoin into other cryptocurrencies.
- Both Lichtenstein and Morgan pleaded guilty to conspiracy to commit money laundering. Lichtenstein received a five-year sentence, while Morgan is scheduled for sentencing on November 18, 2024.
Read Full Article
18 Likes
Siliconangle
1M
441
Image Credit: Siliconangle
Data breach exposes 122M records from DemandScience following initial denials
- A database with information on 122 million people has been confirmed to have been stolen from DemandScience US LLC.
- The data was initially denied by DemandScience but later confirmed as authentic.
- The leaked data originated from a system that had been decommissioned two years ago.
- The data breach raises concerns about data exposure and the impact on DemandScience's business.
Read Full Article
26 Likes
Securityaffairs
1M
392
Image Credit: Securityaffairs
Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices
- Hackers have started targeting the critical flaw CVE-2024-10914 in end-of-life (EOL) D-Link NAS devices.
- The vulnerability is a command injection issue that affects certain D-Link NAS devices.
- The flaw allows remote OS command injection via the cgi_user_add function.
- Exploitation attempts have been observed since November 12th.
Read Full Article
23 Likes
For uninterrupted reading, download the app