menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Hackingblogs

1M

read

148

img
dot

Image Credit: Hackingblogs

#MahaKumbh CCTV Hacking Racket Run By Cybercriminals Is Exposed : Videos of pilgrim Women Taking A Bath And Filth

  • Secretly recorded videos of pilgrim women taking a bath were posted online, leading to the exposure of a CCTV hacking racket at MahaKumbh.
  • Three individuals involved in selling the hacked videos were arrested, and hard drives, cell phones, bank accounts, laptops, and computers were seized.
  • Authorities warn that such instances can be used for illegal purposes, highlighting the need for regulatory actions to ensure the safety of national CCTV networks.
  • Precautions to prevent CCTV hacking include avoiding default passwords and ensuring cameras are not vulnerable to known vulnerabilities.

Read Full Article

like

8 Likes

share

2 Shares

source image

Hackers-Arise

1M

read

381

img
dot

Image Credit: Hackers-Arise

Vulnerability Scanning: Automatic Search For Known CVEs With CVEScannerV2

  • CVEScannerV2 is a powerful Nmap script that scans for vulnerabilities based on services discovered in open ports.
  • The script utilizes Common Platform Enumeration (CPE) identifiers and version information to identify specific vulnerabilities.
  • CVEScannerV2 employs HTTP-based detection methods, such as path scanning and regex matching, for web services.
  • While powerful, CVEScannerV2 has potential drawbacks like dependency on Nmap's accuracy and resource-intensive scans.

Read Full Article

like

22 Likes

share

5 Shares

source image

Insider

1M

read

67

img
dot

Image Credit: Insider

How Anonymous actually works, according to a former hacker

  • Mustafa Al-Bassam, a former member of Anonymous and cofounder of LulzSec, provides insight into the world of cyber warfare and digital activism.
  • He discusses the rise of Anonymous, their hacking programs targeting governments, and the battle for online privacy.
  • Al-Bassam sheds light on cybersecurity threats posed by intelligence agencies and how countries like China and Russia use hacking geopolitically.
  • After leaving the hacktivist world, he became a blockchain developer and cofounded Celestia, a decentralized blockchain platform.

Read Full Article

like

4 Likes

share

Share

source image

Securityaffairs

1M

read

71

img
dot

Image Credit: Securityaffairs

Australia bans Kaspersky over national security concerns

  • Australia has banned Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks.
  • The Australian Government issued a directive under the Protective Security Policy Framework to manage security risks related to using Kaspersky products and services.
  • All Australian Government entities must remove existing instances of Kaspersky Lab products and services and prevent their installation on government systems by April 1, 2025.
  • The ban on Kaspersky antivirus software in the US was implemented due to national security risks posed by Russia.
  • The US Commerce Department banned Kaspersky due to concerns about the firm's ties to the Russian government and the potential for data exploitation.
  • Western governments, including the US and Germany, have previously taken action against Kaspersky due to concerns over national security.
  • In March 2022, the US FCC added Kaspersky products to its Covered List, flagging them as posing significant risks to US national security.
  • The German BSI recommended consumers uninstall Kaspersky antivirus software, citing potential risks during the Russian invasion of Ukraine.
  • The United States, European Parliament, and some European states have all taken measures to restrict the use of Kaspersky software over security concerns.
  • Kaspersky has consistently denied any links to the Russian government despite multiple bans and recommendations against its products by various countries.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

431

img
dot

Image Credit: Securityaffairs

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

  • Chinese cybersecurity firm TopSec offers censorship-as-a-service services, according to a data leak.
  • The leak includes work logs and infrastructure details, posing security risks.
  • TopSec provided monitoring services to a state-owned enterprise facing a corruption scandal.
  • The leaked documents highlight the role of cybersecurity firms in managing politically sensitive content in China.

Read Full Article

like

25 Likes

share

6 Shares

source image

Bitcoinist

1M

read

220

img
dot

Image Credit: Bitcoinist

Bybit Moves Fast: $742M ETH Purchase Follows $1.4B Hack—Damage Control?

  • Cryptocurrency exchange Bybit purchased around 266,700 ETH worth $742 million in 48 hours.
  • Bybit strategically responded to the hack by making over-the-counter transactions with industry heavyweights FalconX, Galaxy Digital, and Wintermute.
  • Prominent platforms within the cryptocurrency sector collaborated to block stolen funds and prevent further laundering of assets.
  • Bybit's recovery effort is on track, with strategic purchases, whale deposits, and loans netting the exchange 446,870 ETH, or $1.23 billion, since the incident.

Read Full Article

like

13 Likes

share

3 Shares

source image

Coinjournal

1M

read

368

img
dot

Image Credit: Coinjournal

Infini suffers $50M hack, days after Bybit’s $1.5Bn exploit

  • Infini, a stablecoin neobank, was exploited resulting in a loss of $49.5 million.
  • The stolen USDC was converted into 17,696 Ethereum before being transferred to an external wallet.
  • The attacker had previously worked on the project's development contract and secretly retained the admin rights.
  • Infini's founder, Christian Li, stated that full compensation can be paid and the funds are being traced.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securelist

1M

read

80

img
dot

Image Credit: Securelist

The GitVenom campaign: cryptocurrency theft using GitHub

  • The GitVenom campaign utilizes fake projects with malicious code on GitHub to target users, reflecting a rising trend of using open-source code as a lure for attacks.
  • Threat actors created hundreds of repositories with fake projects like Instagram automation tools and hacking utilities designed to appear legitimate.
  • Repositories contained well-crafted README.md files and artificially inflated commit counts to deceive potential victims.
  • Malicious code was hidden in various programming languages like Python, JavaScript, C, C++, and C#, executing actions different from what was described in the fake projects.
  • The attackers used encrypted scripts, malicious functions, and batch scripts to implant and execute the malicious code within the projects.
  • The malicious payloads aimed to download further components from an attacker-controlled repository, including a Node.js stealer, AsyncRAT implant, Quasar backdoor, and a clipboard hijacker.
  • Potential victims worldwide, with notable activity in Russia, Brazil, and Turkey, have been targeted by the GitVenom campaign over the past few years.
  • It is critical for developers to cautiously assess and verify third-party code from platforms like GitHub to prevent incorporating malicious code into their projects.
  • The campaign's impact has been substantial, with infection attempts continuing globally, emphasizing the need for heightened vigilance in handling open-source code.
  • Reference hashes for infected repository archives are provided as a resource for identification and mitigation of the GitVenom threat.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

85

img
dot

Image Credit: Securityaffairs

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

  • Researchers discovered the SpyLend Android malware on Google Play, which targeted Indian users with unauthorized loan apps, enabling predatory lending, blackmail, and extortion.
  • The Finance Simplified app, posing as a finance tool, was downloaded 100,000 times from Google Play and has received negative reviews reporting blackmail, harassment, and photo manipulation.
  • The malware gains excessive permissions to access sensitive data including contacts, call logs, SMS, photos, and location. It captures clipboard data and uses stolen information for blackmail and extortion.
  • SpyLend utilizes a custom C2 server and admin panel in English and Chinese, suggesting Chinese-speaking attackers. The app creates deepfake photos to coerce payments, highlighting severe impact on user privacy and security.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1M

read

13

img
dot

Image Credit: Securityaffairs

Leaked Black Basta chat logs reveal the gang’s operations

  • Leaked Black Basta chat logs reveal internal conflicts, exposing member details and hacking tools as the gang reportedly falls apart.
  • An unknown actor, named ExploitWhispers, leaked Matrix chat logs of the Black Basta ransomware gang revealing internal conflicts and member details.
  • The leak includes chat messages from September 18, 2023, to September 28, 2024, showing inactivity in 2025 due to conflicts and scams.
  • Key members left for other groups, and a major leak on February 11, 2025, exposed their operations, possibly due to attacks on Russian banks.
  • Black Basta's ransomware effectiveness was questioned, with key members leaving for other groups like Cactus ransomware.
  • The leaked chat logs reveal insights into Black Basta's operations, tools, and tactics, including a shared victim spreadsheet and VPN exploits.
  • Members mocked failures and emphasized deadlines, using social engineering to deploy ransomware and applying pressure on victims.
  • The gang exploited weak credentials, vulnerabilities, and social engineering for access, and rotated infrastructure to avoid detection.
  • In May 2024, a joint Cybersecurity Advisory was issued regarding Black Basta's ransomware activity and its impact on critical infrastructure sectors.
  • Black Basta has targeted over 500 organizations globally, accumulating $107 million in Bitcoin ransom payments and having links to the Conti Group.

Read Full Article

like

Like

share

Share

source image

Coinpedia

1M

read

310

img
dot

Image Credit: Coinpedia

$49.5M Ethereum Transfer Sparks Fears After Bybit’s $1.46B Hack – What’s Happening?

  • A suspicious fund movement of $49.5 million has been detected in the cryptocurrency ecosystem.
  • The funds were transferred from an unverified Ethereum contract and swapped for Dai stablecoin.
  • The transfer is believed to be a hack, following a pattern of major crypto hacks.
  • The incident highlights the ongoing risks and vulnerabilities in the Ethereum ecosystem.

Read Full Article

like

18 Likes

share

4 Shares

source image

Coinpedia

1M

read

408

img
dot

Image Credit: Coinpedia

Bybit Hack: Crypto Exchnage eXch Under Fire for Allegedly Processing Stolen Funds

  • Hackers stole $1.4 billion from Bybit in the largest crypto hack in history.
  • North Korean hackers are laundering the stolen funds using decentralized exchanges and anonymous crypto services.
  • Bybit faces massive withdrawals, with $1.7 billion worth of BTC being withdrawn after the hack.
  • Crypto exchange eXch accused of processing stolen funds despite requests from Bybit to block the transactions.

Read Full Article

like

24 Likes

share

5 Shares

source image

Insider

1M

read

265

img
dot

Image Credit: Insider

What you need to know about the 'Ghost' cyberattacks and why the FBI is concerned

  • The FBI has issued a warning about a Chinese ransomware group called Ghost.
  • Ghost has attacked critical infrastructure, schools, and businesses in over 70 countries.
  • The FBI advises using security updates and multifactor authentication to prevent ransomware attacks.
  • Ghost actors exploit common vulnerabilities in organizations' software and demand ransom for stolen data.

Read Full Article

like

15 Likes

share

3 Shares

source image

Siliconangle

1M

read

197

img
dot

Image Credit: Siliconangle

$1.5B in cryptocurrency stolen from Bybit in attack linked to North Korean hackers

  • Dubai-based cryptocurrency exchange Bybit has been hacked, with $1.5 billion in cryptocurrency stolen.
  • The attack involved manipulation of a routine transfer, transferring about 401,000 ETH.
  • Bybit assures clients of solvency and offers a 10% reward for recovery of stolen funds.
  • The hack has been linked to North Korean hackers, the Lazarus Group, responsible for previous high-profile cyberattacks.

Read Full Article

like

11 Likes

share

2 Shares

source image

Idownloadblog

1M

read

4

img
dot

Image Credit: Idownloadblog

iOS 18.4 appears to interfere with JIT compilation in sideloaded apps

  • The first iOS & iPadOS 18.4 developer beta 1 appears to lock down JIT capabilities to the debugger only.
  • JIT (Just In Time compilation) allows sideloaded apps like game emulators to run better on iPhones and iPads.
  • Apple's decision to interfere with normal JIT enablement affects sideloaded apps on iOS or iPadOS 18.4 and later.
  • While sideloaded emulator apps that utilized JIT will remain usable, they may experience worse performance without JIT.

Read Full Article

like

Like

share

Share

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app