A naukri.com initiative
Hacking News
Securityaffairs
1d
201
Image Credit: Securityaffairs
FBI seized the notorious BreachForums hacking forum
- The FBI led an international law enforcement operation that resulted in the seizure of the BreachForums hacking forum.
- BreachForums was a cybercrime forum used for buying, selling, and exchanging stolen data.
- The website now displays a message stating it has been taken down by law enforcement.
- The owner of BreachForums, Conor Brian Fitzpatrick, pleaded guilty to hacking charges.
Read Full Article
12 Likes
Medium
1d
15
Image Credit: Medium
Kali Linux: A Comprehensive Tool for Cybersecurity and Ethical Hacking
- Kali Linux is a specialized operating system designed for cybersecurity and ethical hacking.
- It comes with a comprehensive toolset for network analysis, vulnerability assessment, and digital forensics.
- Kali Linux is widely used for penetration testing and vulnerability assessments, with tools like Metasploit Framework and Nmap.
- It is also instrumental in digital forensics investigations and cybersecurity training programs.
Read Full Article
Like
Securityaffairs
1d
362
Image Credit: Securityaffairs
A Tornado Cash developer has been sentenced to 64 months in prison
- One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison.
- Alexey Pertsev (29), the developer, helped launder over $2 billion worth of cryptocurrency.
- Tornado Cash was used for money laundering, including funds stolen from victims.
- The court sentenced Pertsev to 5 years and 4 months in prison and seized his assets.
Read Full Article
21 Likes
Medium
1d
202
Image Credit: Medium
Becoming Linux System Administrator: users and groups (part I)
- In Linux, each account is defined by a username and UID, stored in the /etc/passwd file.
- The password field in /etc/passwd indicates that the encrypted password is stored in /etc/shadow.
- UID represents the user's unique identification number, with root having UID 0.
- The shell field in /etc/passwd determines the shell to be executed upon login.
Read Full Article
12 Likes
Siliconangle
1d
361
Image Credit: Siliconangle
Cofense warns that sophisticated phishing campaign is targeting Meta business accounts
- A sophisticated phishing campaign is targeting Meta business accounts, according to a report by Cofense Inc.
- The campaign bypasses multifactor authentication measures and has impacted users across 19 countries.
- Attackers exploit Meta business accounts through official-looking emails that claim policy breaches or copyright issues.
- The phishing emails evade detection by secure email gateways and the campaign showcases a high degree of technical proficiency.
Read Full Article
21 Likes
TheNewsCrypto
1d
211
Image Credit: TheNewsCrypto
Sonne Finance Exploited of $20M, Hacker Initiates Stolen Funds Transfer
- Approximately $20 million was lost due to an exploit that hit the decentralized lending protocol Sonne Finance.
- Using the known donation attack, the hacker breached the protocol and stole WETH, VELO, soVELO, and USDC.e tokens.
- Sonne Finance halted all Optimism markets but left Base markets running in response to the assault.
- A portion of the stolen funds, $7.8 million, has already been transferred to another wallet address.
Read Full Article
12 Likes
Kitploit
1d
130
Image Credit: Kitploit
Subhunter - A Fast Subdomain Takeover Tool
- Subhunter is a fast subdomain takeover tool that scans a given list of subdomains to check for vulnerabilities.
- Subdomain takeover is a common vulnerability where an attacker gains control over a subdomain and redirects users to a malicious website.
- Subhunter uses random user agents, has an auto-update feature, and utilizes fingerprint data from well-known sources for scanning.
- To use Subhunter, you can download it from releases or build it from source, and then specify the list of subdomains to scan.
Read Full Article
7 Likes
Securityaffairs
1d
277
Image Credit: Securityaffairs
Adobe fixed multiple critical flaws in Acrobat and Reader
- Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software.
- The company released Patch Tuesday updates to fix 35 security vulnerabilities, with 12 of them impacting Adobe Acrobat and Reader software.
- The vulnerabilities include Use After Free, Improper Input Validation, and Improper Access Control, which can lead to arbitrary code execution.
- Experts and research teams from Trend Micro Zero Day Initiative, Cisco Talos, and Renmin University of China reported the vulnerabilities.
Read Full Article
16 Likes
Cryptopotato
1d
77
Image Credit: Cryptopotato
BlockTower Capital’s Primary Hedge Fund Falls Victim to Fraud
- BlockTower Capital's primary hedge fund has fallen victim to fraudsters, resulting in the partial drain of its assets.
- The stolen funds have not been recovered yet, and the perpetrator remains at large.
- BlockTower Capital previously lost $1.5 million due to an exploit on decentralized exchange aggregator Dexible.
- Another decentralized lending protocol, Sonne Finance, was also exploited, resulting in $20 million in losses.
Read Full Article
4 Likes
Coinpedia
1d
124
Image Credit: Coinpedia
DeFi Project Sonne Finance Exploited for $20 Million on Optimism
- Decentralized lending protocol Sonne Finance, operating on Optimism and Base, has been hacked for at least $20 million.
- The attack exploited a vulnerability common to Compound Finance forks, causing concern in the DeFi community.
- Sonne Finance closed all Optimism markets and ensured funds on Base were secure.
- The protocol is taking steps to recover the stolen funds, including offering bug bounties and engaging the crypto community.
Read Full Article
7 Likes
Securityaffairs
1d
310
Image Credit: Securityaffairs
Ransomware attack on Singing River Health System impacted 895,000 people
- The ransomware attack on Singing River Health System in August 2023 impacted 895,204 individuals.
- Three hospitals and several clinics operated by Singing River Health System were affected.
- Services such as laboratory and radiology testing suffered an IT systems outage.
- Potentially compromised information includes personal data, medical information, and health insurance information.
Read Full Article
18 Likes
Medium
2d
288
Image Credit: Medium
THE RETURN OF LOCKBIT!
- LockBit, the ransomware group that went quiet after law enforcement arrested its affiliates, is now back in full swing.
- LockBit started to victimize new targets after resurfacing with approximately 200 post-operation Cronos victims.
- The new targets include reputed US Government wing DSIB — The Government of the District of Columbia Department of Insurance, Securities and Banking (DISB) and Crinetics.
- The group demands an average of a 29-day negotiation timeframe before leaking the entire data on its leak servers.
- LockBit is now maintaining a stable server to host large leaks on a new onion domain running on the latest version of NGINX.
- LockBit also makes torrent files for all its victims to make downloading easier, and all the torrent trackers of LockBit leaks are connected.
- Various scammers also imitate LockBit, and there are imitators such as Dispossessor re-surfacing leaked LockBit data.
- A Russian individual claimed to be a LockBit affiliate, but it was ambiguous that this individual was a genuine LockBit affiliate.
- Europol arrested an individual and revealed that the individual behind LockBit was traced back to a Russian national named Dmitry Yuryevich Khoroshev.
- Khoroshev and LockBit affiliation does not have any substantial evidence, and no one can ensure that Dmitry is NOT LockBitSupp.
Read Full Article
17 Likes
Kitploit
2d
191
Image Credit: Kitploit
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework
- Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3.
- It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB) from vulnerable web applications.
- Hakuin utilizes optimization methods like pre-trained and adaptive language models, parallelism, and guessing to speed up the process.
- Hakuin has been presented at conferences like BlackHat MEA, Hack in the Box, and IEEE S&P Workshop on Offensive Technology.
Read Full Article
11 Likes
Medium
2d
105
Image Credit: Medium
Headless
- The author conducts a port and nmap scan to find the website's URL.
- Upon visiting the upnp port, the author comes across a webpage intended to be the landing page for a future website.
- The author implements a Fuzzscan to locate additional URLs but couldn't access the dashboard even though it was found in the scan.
- After conducting research, the author implements an XSS payload to steal an admin cookie.
- The author is then able to log into the website's backend as the admin and discovers a potential vulnerability in a line of code.
- After uploading a shell file to the server, the author gains access to the system via their listener, attaining dvir's permissions.
- The author gains root access by making /bin/bash executable and running syscheck with the already granted permissions.
- The author locates the root flag, learns to better use Burp Suite, and notes how to look for important information such as potential vulnerabilities.
Read Full Article
6 Likes
Siliconangle
2d
35
Image Credit: Siliconangle
Christie’s auction house suffers cyberattack, disrupting art auction schedule
- Christie’s auction house has experienced a cyberattack, resulting in the website being taken offline.
- The attack disrupted the art auction schedule, causing a rare watch sale in Geneva to be delayed.
- Ransomware is a possible suspect, but there are speculations that the attack may be related to market manipulation.
- Christie’s has created a temporary website to provide basic information about upcoming auctions.
Read Full Article
2 Likes
For uninterrupted reading, download the app