A naukri.com initiative
Hacking News
Securityaffairs
1M
155
Image Credit: Securityaffairs
Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
- Sophos reveals years-long battle with China-linked threat actors using custom implants to track their activities.
- Sophos publishes a series of reports named 'Pacific Rim' detailing Chinese hackers' operations targeting network devices worldwide for over 5 years.
- China-linked threat actors targeted multiple vendors, exploited vulnerabilities in networking devices, and used zero-day vulnerabilities.
- Sophos observed evolving tactics including targeting critical infrastructure, using stealth techniques, and improving operational security.
Read Full Article
9 Likes
Securityaffairs
1M
191
Image Credit: Securityaffairs
PTZOptics cameras zero-days actively exploited in the wild
- Hackers are actively exploiting two zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras.
- The vulnerabilities allow unauthorized access to sensitive information and OS command injection, potentially leading to full system control.
- These exploits can jeopardize video feeds, compromise sensitive sessions, and enable botnet participation for DDoS attacks.
- Affected organizations are advised to apply firmware updates immediately and ensure system security.
Read Full Article
11 Likes
Dev
1M
301
Image Credit: Dev
The Curious Case of the $15,000 Spam: My Unexpected Investigation
- A curious investigation into a spam message that led to an unexpected adventure.
- The message claimed a $15,000 cash prize bonus, triggering suspicion.
- Further investigation revealed a scam involving a gambling app's referral program.
- The investigator retaliated by sending random requests to overload the scammers' system.
Read Full Article
18 Likes
Securityaffairs
1M
9
Image Credit: Securityaffairs
New LightSpy spyware version targets iPhones with destructive capabilities
- The new LightSpy spyware version, which targets iOS devices, has destructive abilities that allow it to block compromised devices from booting up.
- This modular spyware can steal files from popular applications, record audio, harvest browser history, and more.
- The updated iOS version of LightSpy has expanded plugins to 28, from 12 before, including 7 that disrupt device booting.
- The iOS version of this spyware targets platforms up to version 13.3, and it gains initial access with the Safari exploit CVE-2020-9802 and for privilege escalation with CVE-2020-3837.
- This spyware is capable of deleting media files, SMS messages, and contacts, freezing devices, and preventing restarts. Some of the above plugins can simulate fake push notifications with specific URLs.
- The authors of this spyware used five active C2 servers, and some samples labeled 'DEMO' suggest that the infrastructure might be used for demonstration rather than active deployment.
- The delivery method for the iOS implant is similar to that of the macOS version, but the two versions rely on different post-exploitation and privilege escalation stages.
- The researchers suggest that watering hole attacks may be the method of distribution, and they believe the operators have a Chinese origin.
- Since the threat actors use a 'Rootless Jailbreak' — which doesn't survive a device reboot — a regular reboot may provide some protection for Apple device users.
- Evidence collected by the researchers suggests that this spyware was developed by the same team that designed the macOS version.
Read Full Article
Like
Medium
1M
415
Image Credit: Medium
BugBounty — Mastering the Basics (along with Resources)[Part-2]
- To begin with web application security, equip yourself with foundational knowledge and insights from numerous online resources
- For mobile application security, immerse yourself in the understanding of mobile security world
- Fortify your knowledge with recommended books, guides and important resources to master web application and mobile security
- Familiarize yourself with the OWASP Testing guide and OWASP Top 10 vulnerabilities as your priority
- Hacksplaining offers interactive lessons for complex security topics
- Explore real-world scenarios to learn about prominent vulnerabilities such as Cross-site request forgery
- Understand and combat other vulnerabilities such as SQL injection, Remote Code Execution (RCE), IDOR, HTTP request smuggling and more
- Gain insight into the landscape of cloud security through valuable resources
- Developers take risks by embedding sensitive credentials in the app and enabling security risks
- Learn more about mobile security vulnerabilities through resources such as weak cryptography, SQL injection, and attacks that target user session among others
Read Full Article
25 Likes
Securityaffairs
1M
59
Image Credit: Securityaffairs
LottieFiles confirmed a supply chain attack on Lottie-Player
- LottieFiles confirmed a supply chain attack on Lottie-Player.
- Threat actors targeted cryptocurrency wallets to steal funds.
- The attack involved unauthorized versions of the npm package.
- LottieFiles is investigating the incident and implementing security measures.
Read Full Article
3 Likes
Bitcoinik
1M
283
Image Credit: Bitcoinik
On Diwali, WazirX Users Appeal to Binance’s Former CEO CZ for Support Amid Ongoing Struggles
- WazirX users appeal to Binance's former CEO CZ for support amid ongoing struggles.
- Majority of WazirX users ask Changpeng Zhao to intervene in the WazirX vs. Binance dispute.
- WazirX exchange was hacked 3.5 months ago, leading to the suspension of services.
- Binance's former CEO CZ receives requests to address the dispute and resolve the matter.
Read Full Article
17 Likes
Hackers-Arise
1M
118
Image Credit: Hackers-Arise
Bluetooth Hacking, January 14-16
- Bluetooth Hacking is a significant threat in the IoT world.
- Recent vulnerabilities have been found, allowing arbitrary command injection.
- Hackers-Arise is addressing these vulnerabilities with a special class.
- The course covers Bluetooth and BLE protocols, security mechanisms, and exploitation.
Read Full Article
7 Likes
TheNewsCrypto
1M
297
Image Credit: TheNewsCrypto
Crypto Exchange M2 Secures User Funds After $13M Hot Wallet Breach
- The M2 Exchange hack has lost around $13 million.
- Hot wallets across Ethereum, Bitcoin, and Solana networks were targeted.
- The cryptocurrency exchange M2, regulated by the Financial Services Regulatory Authority, was hacked.
- M2 quickly secured the situation, restored customer funds, and implemented additional security measures.
Read Full Article
17 Likes
Securityaffairs
1M
41
Image Credit: Securityaffairs
Threat actor says Interbank refused to pay the ransom after a two-week negotiation
- Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online.
- A threat actor with the moniker 'kzoldyck' claims to have leaked 3.7 TB of company data related to 3 million Interbank customers, including personal information, credit card details, passwords, and API credentials.
- Interbank has deployed additional security measures to protect client information and assures the security of deposits and financial products.
- Interbank refused to pay the ransom demanded by the threat actor after a two-week negotiation.
Read Full Article
2 Likes
Siliconangle
1M
338
Image Credit: Siliconangle
Phish ’n’ Ships: Human Security warns of fake shops exploiting payment platforms and SEO
- A report from Human Security Inc. warns of a large-scale phishing scheme called 'Phish 'n' Ships.'
- The scheme leverages fake online shops and compromised search engine ranks to defraud consumers.
- Attackers infect legitimate websites to create and rank fake product listings, redirecting unsuspecting consumers to counterfeit stores.
- Payment information is collected, but the products never arrive, costing victims millions of dollars.
Read Full Article
20 Likes
Hackingblogs
1M
275
Image Credit: Hackingblogs
Facebook , Instagram And Other Popular Meta Platform Spreading Malware Through Ads
- A malvertising campaign is using Meta's advertising to spread the SYS01 infostealer virus.
- The campaign impersonates well-known brands like Netflix, Office 365, CapCut, and others.
- The malware is distributed through social media ads and uses two strategies, including reusing malicious domains.
- The SYS01 infostealer aims to harvest Facebook credentials, particularly Facebook Business accounts.
Read Full Article
16 Likes
Securelist
1M
439
Image Credit: Securelist
Loose-lipped neural networks and lazy scammers
- Loose-lipped neural networks (LLMs) enable automated writing that mimics human speech, which is useful to scammers who develop fake websites, sometimes to coincide with events such as Black Friday.
- These sites use LLMs to create unique and high-quality content that is hard to detect and analyse, often mimicking companies in dynamic industries, such as cryptocurrency.
- An LLM-generated message is detectable, however, by first-person apologies or refusals to follow instructions. Weaknesses in LLM applications can also leave tells, artifacts or indicators, that enable investigators to track fraudsters.
- Artifacts of this kind not only expose the use of LLMs to create scam web pages, but allow us to estimate both the campaign duration and the approximate time of content creation.
- LLMs can be used not only to generate text blocks, but entire web pages.
- LLM-generated text can go hand-in-hand with various techniques that hinder rule-based detection.
- As large language models improve, their strengths and weaknesses, as well as the tasks they do well or poorly, are becoming better understood. Threat actors are exploring applications of this technology in a range of automation scenarios.
- Peering into the future, we can assume that LLM-generated content will become increasingly difficult to distinguish from human-written.
- The task of automatically identifying LLM-generated text is extremely complex, especially as regards generic content like marketing materials, which are similar to what we saw in the examples.
- To better protect yourself against phishing, be it hand-made or machine-generated, it’s best to use modern security solutions that combine analysis of text information, metadata and other attributes to protect against fraud.
Read Full Article
26 Likes
Securityaffairs
1M
114
Image Credit: Securityaffairs
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
- QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024.
- The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP's SMB Service.
- The researcher YingMuo (@YingMuo) of the DEVCORE Internship Program exploited the vulnerability to achieve a root shell on the QNAP TS-464 NAS.
- QNAP also addressed another critical zero-day vulnerability, an OS command injection issue in HBS 3 Hybrid Backup Sync.
Read Full Article
6 Likes
Coinpedia
1M
365
Image Credit: Coinpedia
Crypto Hackers Strike Again: Lottie Player Compromised, Users Lose 10 BTC!
- A supply chain attack targeted Lottie Player, a popular JS library used by many websites.
- Unauthorized versions of Lottie Player contained code that prompted users to connect their crypto wallets.
- The LottieFiles team has taken immediate action by publishing a new safe version and removing compromised package versions.
- The attack impacted major decentralized applications (Dapps) like 1inch, and a user reportedly lost 10 Bitcoins due to the attack.
Read Full Article
22 Likes
For uninterrupted reading, download the app