A naukri.com initiative
Hacking News
Livebitcoinnews
1M
256
Image Credit: Livebitcoinnews
BNB Chain Four Meme Platform Hit by $183K Hack
- Four.Meme, a BNB Chain memecoin launchpad, lost $183K in a security incident.
- The platform has suspended token launches and is working to fix the issue.
- The breach occurred after the platform experienced record user activity.
- Increasing targeting of memecoin launchpads raises concerns about security in the crypto industry.
Read Full Article
15 Likes
Hackers-Arise
1M
443
Image Credit: Hackers-Arise
Physical Security: Single Pin Lockpicking for Hackers and Pentesters
- Lock picking is a critical skill for penetration testers to bypass physical security non-destructively through techniques like Single Pin Picking (SPP).
- Advanced Single Pin Picking (SPP) techniques require a deep understanding of lock mechanisms, precision, and tactile feedback.
- Tension control is fundamental in successful lock picking, with high-security locks often requiring extremely light tension for manipulation.
- Varying tension is essential for complex locks with security pins, allowing dynamic adjustments during the picking process.
- The jiggle test is a useful technique in pin setting, helping to identify whether pins are properly set, under-set, set, or over-set.
- Understanding feedback from both standard and security pins is crucial in advanced Single Pin Picking (SPP).
- Security pins like spool, serrated, and mushroom pins require specific manipulation techniques for successful lock picking.
- Ethical considerations and legal responsibilities are important in lock picking, highlighting the need for proper authorization and adherence to legal guidelines.
- Continuous practice on diverse locks and environments is essential for improving physical security testing skills as a pentester.
- Mastery of tension control, pin feedback interpretation, and handling high-security locks can enhance efficiency and success in bypassing physical security systems.
Read Full Article
26 Likes
Securityaffairs
1M
292
Image Credit: Securityaffairs
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
- Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a decision reportedly made by the Trump administration.
- Vinnik, a Russian national, pleaded guilty to money laundering charges related to operating the cryptocurrency exchange BTC-e from 2011 to 2017, processing over $9 billion in transactions and serving over a million users globally.
- In July 2017, law enforcement shut down BTC-e, which received criminal proceeds from various illegal activities, including computer intrusions, ransomware attacks, and identity theft.
- Vinnik was accused of promoting unlawful activities through BTC-e, leading to at least $121 million in losses.
- Greek authorities arrested Vinnik in 2017 for laundering billions worth of cryptocurrency through the BTC-e Bitcoin exchange.
- French authorities accused Vinnik of hacking, money laundering, extortion, and involvement in organized crime, defrauding more than 100 individuals and businesses globally.
- Vinnik denied charges of extortion and money laundering and returned to Greece before extradition to the U.S., where he must forfeit seized money as part of the exchange.
- The U.S. also charged Aliaksandr Klimenka, linked to BTC-e, with money laundering conspiracy and operating an unlicensed money services business.
- Vinnik's release, negotiated as a gesture by Trump and Putin for peace talks, has sparked disappointment among government officials regarding the potential impact on cybercrime.
- The exchange involving Vinnik and Fogel has raised concerns about emboldening cybercriminals and ransomware actors, according to U.S. law enforcement.
Read Full Article
17 Likes
Securityaffairs
1M
155
Image Credit: Securityaffairs
North Korea-linked APT Emerald Sleet is using a new tactic
- North Korea-linked APT Emerald Sleet is using a new tactic.
- Emerald Sleet is tricking targets into running PowerShell and executing code provided by the attacker.
- The APT group, also known as Kimsuky, primarily targets think tanks and organizations in South Korea.
- Microsoft Threat Intelligence has observed this shift in tactics, indicating a new approach to compromising traditional espionage targets.
Read Full Article
9 Likes
TheNewsCrypto
1M
453
Image Credit: TheNewsCrypto
zkLend Hit by Starknet Exploit and Lost $4.9 Million
- ZkLend lost over $4.9 million in a cyber attack.
- The team offered a whitehat bounty for the stolen assets.
- Experts fear 2025 could see a surge in crypto hacking activities.
- Hackers have been given an ultimatum to return the funds or face prosecution.
Read Full Article
27 Likes
NullTX
1M
448
Image Credit: NullTX
Attack on Four_Meme Leads to Loss of $183K: Uniswap V3 Mechanism Exploited
- The Four_Meme project experienced a breach resulting in a loss of around $183,000 due to an attack on the Uniswap V3 mechanism.
- The attacker exploited weaknesses in the mechanism, starting by purchasing project tokens at a low price before liquidity was added to PancakeSwap.
- The attacker then created a trading pair pool on PancakeSwap with inflated token prices, taking advantage of Uniswap V3's ability to set prices in advance.
- When liquidity was injected into the pool, the attacker added more liquidity at a higher price, leading to significant profit from selling off the tokens acquired at a low price.
- This attack highlighted vulnerabilities in the Uniswap V3 protocol, showcasing risks related to price manipulation and design flaws in decentralized exchanges like PancakeSwap.
- The stolen funds are currently held in the attacker's address, raising questions about potential retrieval by the Four_Meme team.
- The incident emphasizes the need for enhanced security measures in the rapidly growing DeFi sector to counteract potential attacks and vulnerabilities.
- Attacks on DeFi platforms like Four_Meme underscore the importance of robust security protocols and continuous vigilance in the evolving cryptocurrency landscape.
- The attack serves as a cautionary tale for projects and investors in the DeFi space, urging them to prioritize security and risk management in the face of increasing threats.
- As the DeFi space expands, it is crucial for all stakeholders to remain proactive in identifying and addressing system vulnerabilities to prevent substantial financial losses.
- Security should always be a primary consideration in the cryptocurrency realm, emphasizing the need for thorough research and caution before engaging in trading or investment activities.
Read Full Article
26 Likes
Securityaffairs
1M
13
Image Credit: Securityaffairs
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog.
- The vulnerabilities added to the catalog include Zyxel DSL CPE OS Command Injection and Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow.
- The Zyxel flaw allows unauthenticated attackers to execute arbitrary commands, potentially leading to device takeover, data exfiltration, or network infiltration.
- The two zero-day flaws in Microsoft Windows being actively exploited in the wild were addressed through security updates in February 2025.
Read Full Article
Like
Securityaffairs
1M
54
Image Credit: Securityaffairs
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
- Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild.
- The vulnerabilities include a Windows Storage Elevation of Privilege flaw and a Windows Ancillary Function Driver for WinSock Elevation of Privilege flaw.
- The zero-day flaws allow attackers to delete files and gain SYSTEM privileges.
- Microsoft Patch Tuesday security updates for February 2025 addressed a total of 57 vulnerabilities, with three rated as Critical.
Read Full Article
3 Likes
Idownloadblog
1M
238
Image Credit: Idownloadblog
Security researcher wh1te4ever shares Safari-based remote execution exploit patched in iOS 16.5.1, macOS 13.4.1
- A Safari-based remote code execution (RCE) bug, patched by Apple in iOS 16.5.1 and macOS 13.4.1, has been exploited.
- Security researcher @wh1te4ever shared a link to a WebKit bug exploit and a demonstration video showcasing the bug.
- The exploit is likely patched, but has been confirmed to work on iOS & macOS versions prior to the patches.
- The exploit is not expected to result in a new jailbreak for iPhones and iPads.
Read Full Article
14 Likes
Idownloadblog
1M
77
Image Credit: Idownloadblog
Latest iPadOS 18.3.1 update still jailbreakable on iPad 7th generation via palera1n, right out of the box
- The latest iPadOS 18.3.1 update is still jailbreakable on the iPad 7th generation using palera1n.
- Devices equipped with A12 or newer chips are not yet eligible for jailbreak.
- Owners of the iPad 7th generation can update to iPadOS 18.3.1 and continue jailbreaking with palera1n.
- The palera1n jailbreak tool is also compatible with iPadOS 17.7.5 on older supported iPads.
Read Full Article
4 Likes
Securityaffairs
1M
160
Image Credit: Securityaffairs
Attackers exploit a new zero-day to hijack Fortinet firewalls
- Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls.
- The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges.
- Fortinet provides temporary mitigation by disabling the HTTP/HTTPS administrative interface or limiting access via local-in policies.
- Arctic Wolf researchers observed a four-phase campaign involving unauthorized logins, account creation, and config changes on Fortinet firewalls.
Read Full Article
9 Likes
Securityaffairs
1M
380
Image Credit: Securityaffairs
OpenSSL patched high-severity flaw CVE-2024-12797
- The OpenSSL Project patched a high-severity vulnerability, CVE-2024-12797, found by Apple that allows man-in-the-middle attacks.
- The vulnerability affects TLS clients using raw public keys (RPKs) and SSL_VERIFY_PEER mode for server authentication checks.
- OpenSSL 3.4, 3.3, and 3.2 versions are impacted, and the flaw was fixed with the release of versions 3.4.1, 3.3.2, and 3.2.4.
- In November 2022, OpenSSL addressed other high-severity vulnerabilities (CVE-2022-3602 and CVE-2022-3786) that could lead to remote code execution.
Read Full Article
22 Likes
Hackers-Arise
1M
407
Image Credit: Hackers-Arise
Signal Intelligence with a Software Defined Radio (SDR): The Quiet Revolution in Cybersecurity and Cyberwarfare
- Software-Defined Radio (SDR) has transformed communication and warfare, contributing significantly to signals intelligence and electronic warfare.
- Advances in SDR technology have revolutionized drone warfare, enabling multi-band communication architectures for drones like Turkish Bayraktar TB2 and American MQ-9 Reaper.
- SDR systems in drones operate across multiple frequency ranges, allowing for primary and backup command links, sophisticated video transmission, and encrypted data connections.
- Military drones now incorporate SDR-based signals intelligence to detect and classify enemy radar emissions, identify communication signals, and conduct electronic attacks.
- Satellite communications systems face various threats, including signal interception, coherent jamming, replay attacks, and command and control vulnerabilities.
- Recent events like the Viasat hack have underscored the vulnerabilities of satellite communications and the need for enhanced security measures.
- SDR technology offers improved protection against jamming and interference, with advancements in adapting waveforms and protocols to changing threat environments.
- The response to security incidents in satellite communications has led to advancements in ground station security, command authentication, and real-time monitoring.
- Experimental quantum communication satellites are being developed to provide unbreakable encryption for critical communications, aided by advancements in AI and machine learning for threat detection.
- The SDR revolution, fueled by technological progress, plays a crucial role in reshaping interactions with the electromagnetic spectrum across military and consumer applications.
Read Full Article
24 Likes
TechCrunch
1M
311
Image Credit: TechCrunch
Another person targeted by Paragon spyware comes forward
- Another person targeted by Paragon spyware comes forward
- Beppe Caccio, co-founder of the Italian NGO Mediterranea Saving Humans, reveals being targeted through WhatsApp with Paragon spyware.
- Several individuals, including members of NGOs and journalists, have already come forward as victims of the spyware campaign.
- The Italian government denies involvement in the hacking campaign, and other governments in countries targeted have not yet responded to requests for comment.
Read Full Article
18 Likes
Securityaffairs
1M
22
Image Credit: Securityaffairs
Artificial intelligence (AI) as an Enabler for Enhanced Data Security
- Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats.
- Discovery: AI automates the process of locating and mapping sensitive data in complex, distributed and cloud environments, providing a comprehensive view of the organization's data estate.
- Classification: AI enhances data classification by understanding the context around data and automatically tagging it with precise labels, improving accuracy and compliance with regulatory requirements.
- Protection: AI plays a critical role in assessing risks, controlling access, and mitigating threats by constantly monitoring systems, identifying vulnerabilities, and detecting unusual patterns or anomalous behavior in real time.
Read Full Article
1 Like
For uninterrupted reading, download the app