menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securelist

1M

read

209

img
dot

Image Credit: Securelist

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

  • SteelFox is a new crimeware bundle found in 2024 which imitates popular software products like Foxit PDF Editor and AutoCAD and spreads via forum posts, and malicious torrents.
  • It communicates with its Command and Control (C2) via SSL pinning and TLSv1.3, and it utilizes a domain with dynamically changing IP, implemented using Boost.Asio library.
  • The malware can elevate its privileges through exploiting a vulnerable driver.
  • SteelFox affects users worldwide, with most affected users in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka.
  • The malware is capable of stealing sensitive data like Credit Card details, browsing history, and can mine cryptocurrencies after elevating permissions with the vulnerable driver.
  • The Shellcode and driver in this malware are detected as XMRig miner, which helps it communicate with specific mining pools to mine cryptocurrencies.
  • The communication with the attacker's C2 is via SSL pinned TLSv1.3, also using Google Public DNS and DNS over HTTPS (DoH) to hide domain resolution.
  • The attackers use various platforms to spread the dropper, i.e., Baidu and Russian torrent trackers.
  • Users can use security solutions that prevent downloading infected software and only install apps from official sources to avoid attacks.
  • Kaspersky detects this threat as HEUR:Trojan.Win64.SteelFox.gen and Trojan.Win64.SteelFox.*.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1M

read

36

img
dot

Image Credit: Securityaffairs

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

  • Synology has fixed a critical vulnerability affecting DiskStation and BeePhotos NAS devices.
  • The vulnerability, named RISK:STATION, allows remote code execution.
  • The flaw was demonstrated by a security researcher at the Pwn2Own Ireland 2024 hacking contest.
  • Synology released a patch within 48 hours and urges users to update their devices immediately.

Read Full Article

like

2 Likes

share

Share

source image

Siliconangle

1M

read

9

img
dot

Image Credit: Siliconangle

Ransomware gang demands ransom payment in Schneider Electric data breach: baguettes

  • French multinational firm Schneider Electric SE has been breached and data stolen.
  • The ransomware gang Hellcat is demanding a payment of $62,500 USD in baguettes.
  • Schneider Electric confirmed the breach and is investigating the cybersecurity incident.
  • If the ransom is not paid by November 7th, Hellcat threatens to release the stolen data.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

63

img
dot

Image Credit: Securityaffairs

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

  • The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions.
  • ToxicPanda has infected thousands of devices across Italy, Portugal, Spain, and Latin America, targeting 16 banks.
  • The malware uses On-Device Fraud (ODF) techniques to bypass bank security measures and initiate account takeovers.
  • Experts speculate that Chinese-speaking individuals may be behind the malware campaign, indicating a potential shift or expansion in their operational focus.

Read Full Article

like

3 Likes

share

Share

source image

TechCrunch

1M

read

368

img
dot

Image Credit: TechCrunch

Canadian authorities say they arrested hacker linked to Snowflake data breaches

  • Canadian authorities have arrested a hacker connected to Snowflake data breaches.
  • The hacker, known as Alexander Moucka or Connor Moucka, was apprehended based on a provisional arrest warrant requested by the United States.
  • The hacker targeted various companies, including AT&T, Ticketmaster, and Advanced Auto Parts, stealing sensitive corporate data stored in Snowflake.
  • Moucka appeared in court on October 30, and his case was adjourned to November 5, 2024. Potential extradition to the United States is unclear.

Read Full Article

like

22 Likes

share

5 Shares

source image

Coinjournal

1M

read

373

img
dot

Image Credit: Coinjournal

Mt. Gox moves $2.2 billion in Bitcoin as it works to repay creditors

  • Defunct crypto exchange Mt. Gox has moved another $2.19 billion to two unmarked wallets.
  • The movement includes 32,371 Bitcoin transferred to one wallet and an additional 2,000 Bitcoin sent to another wallet.
  • This is one of the largest movements made by Mt. Gox this year.
  • The exchange is likely preparing for repayment to creditors after its collapse in 2014.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securityaffairs

1M

read

437

img
dot

Image Credit: Securityaffairs

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

  • U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog
  • PTZOptics PT30X-SDI/NDI camera vulnerabilities CVE-2024-8956 and CVE-2024-8957 added
  • Threat actors attempting to exploit the zero-day vulnerabilities
  • Vulnerabilities allow attackers to execute arbitrary commands and bypass authentication

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

346

img
dot

Image Credit: Securityaffairs

Canadian authorities arrested alleged Snowflake hacker

  • Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year.
  • The suspect, Alexander 'Connor' Moucka, was arrested on October 30, 2024, on a US provisional arrest warrant.
  • He is accused of being responsible for a series of attacks involving as many as 165 customers of Snowflake Inc.
  • The attacks involved stolen credentials, data theft, extortion attempts, and selling stolen data on criminal forums.

Read Full Article

like

20 Likes

share

4 Shares

source image

Coinpedia

1M

read

132

img
dot

Image Credit: Coinpedia

Crypto Hacks in October: Analyzing Over $129 Million in Losses

  • Crypto hacks in October resulted in over $129 million lost across 20+ attacks, highlighting significant vulnerabilities in the sector.
  • Major incidents included a $53 million hack of Radiant Capital and platform exploits accounting for over 60% of total losses.
  • The need for improved security measures is urgent, as only $245,000 was recovered from the total losses, emphasizing the risks for investors.
  • Various crypto platforms and exchanges such as M2 Exchange, Eigenlayer, and Tapioca Foundation were also targeted in significant attacks.

Read Full Article

like

7 Likes

share

1 Share

source image

Medium

1M

read

300

img
dot

Image Credit: Medium

SS7 — How Your Phone Can Be Hacked With an Unanswered WhatsApp Call

  • SS7 is a system that was created in 1975 to secure phone calls.
  • However, with an increase in the number of cellular network providers, SS7 has become vulnerable.
  • Individuals can now buy access to SS7 for tracking locations and intercepting calls and SMS messages.
  • The Pegasus spyware, distributed to governments, can exploit SS7 vulnerabilities by installing malware through an unanswered WhatsApp call.

Read Full Article

like

18 Likes

share

4 Shares

source image

Siliconangle

1M

read

200

img
dot

Image Credit: Siliconangle

City of Columbus acknowledges data theft after lawsuit against security researcher

  • The City of Columbus, Ohio, has acknowledged that the details of over 500,000 individuals were stolen in a cyberattack.
  • The cyberattack occurred after the city was targeted by the Rhysida ransomware gang, who claimed responsibility for the attack and stole 6.4 terabytes of data.
  • Initially, the city claimed the leaked data was encrypted, but a security researcher disputed this claim and shared unencrypted examples of the leaked data.
  • The city filed a lawsuit against the security researcher, but later dropped the case after acknowledging the data breach and reaching an agreement with the researcher.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1M

read

328

img
dot

Image Credit: Securityaffairs

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

  • The July 2024 ransomware attack on the City of Columbus, Ohio, impacted 500,000 individuals.
  • The attack was successfully thwarted, and no systems were encrypted.
  • The Rhysida ransomware gang claimed responsibility for the attack and demanded 30 Bitcoin ($1.9 million) for stolen data.
  • The City of Columbus determined that the attack compromised personal and financial information of the affected individuals.

Read Full Article

like

19 Likes

share

4 Shares

source image

Hackers-Arise

1M

read

268

img
dot

Image Credit: Hackers-Arise

Vulnerability Scanning with Nuclei: The High-Speed, Customizable Solution for Advanced Vulnerability Scanning

  • Nuclei is an advanced, open-source vulnerability scanner that has gained significant popularity among cybersecurity professionals, penetration testers and developers.
  • It’s open-source, highly customizable, and delivers the kind of accuracy that most scanners can only dream of.
  • Nuclei tackled several limitations of traditional scanners: speed, accuracy, flexibility, and update frequency.
  • Nuclei's concurrent scanning capabilities allow it to process multiple targets simultaneously, significantly reducing scan times.
  • Creating effective custom templates requires understanding of both the target systems and Nuclei's template syntax.
  • While fast, Nuclei can be resource-intensive when scanning large networks or using many templates simultaneously.
  • The hacker creates two custom templates to further investigate potential SQL injection and XSS vulnerabilities.
  • Nuclei represents a significant leap forward in vulnerability scanning technology.

Read Full Article

like

16 Likes

share

3 Shares

source image

Hackingblogs

1M

read

100

img
dot

Image Credit: Hackingblogs

Microsoft SharePoint Vulnerability Leads To Exploitation Of Entire Corporate Network

  • Microsoft SharePoint is affected by a high-severity remote code execution (RCE) vulnerability, CVE-2024-38094.
  • Attackers exploited this vulnerability to gain unauthorized access to a SharePoint server and plant a webshell.
  • Rapid7's investigation revealed that the attacker laterally moved across the network and compromised the entire domain.
  • The attacker used the webshell and exploited other system vulnerabilities to carry out malicious activities unnoticed.

Read Full Article

like

6 Likes

share

1 Share

source image

Crypto-News-Flash

1M

read

164

img
dot

Image Credit: Crypto-News-Flash

MetaWin Hit by $4M Crypto Breach, Users Reassured

  • MetaWin, an online gambling platform, suffered a hack that resulted in a loss of over $4 million in Ethereum and Solana.
  • Withdrawals have been restored for 95% of MetaWin's users, with enhanced security measures implemented.
  • The incident highlights ongoing security concerns in the crypto industry, with platform security and linked wallets being major vulnerabilities.
  • MetaWin's swift response reflects how other platforms have dealt with similar breaches, emphasizing the balancing act between security and usability.

Read Full Article

like

9 Likes

share

2 Shares

Prev

20
21
22
23
24
25
26
27
28

Next

For uninterrupted reading, download the app