A naukri.com initiative
Hacking News
Securityaffairs
2M
87
Image Credit: Securityaffairs
U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
- A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.
- Fortinet confirmed that the vulnerability CVE-2024-47575 has been exploited in the wild for exfiltrating files containing IPs, credentials, and configurations of managed devices.
- CISA orders federal agencies to fix this vulnerability by November 13, 2024.
Read Full Article
5 Likes
Securityaffairs
2M
110
Image Credit: Securityaffairs
Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections
- Resecurity reports a rise in political content related to the 2024 US elections on social media, with increased activity from foreign sources.
- Resecurity has detected a substantial increase in the distribution of political content related to the 2024 US elections through social media networks, particularly from foreign jurisdictions.
- Social media can create echo chambers where users are exposed primarily to information that reinforces their existing beliefs, leading to polarization and influencing voter behavior.
- Accounts impersonating government entities and media outlets, and promoting negative opinions about political candidates and distrust in U.S. elections, have been identified on Telegram.
Read Full Article
6 Likes
Minis
5M
1.5k
Image Credit: Minis
995 Crore Passwords Stolen In Biggest Data Breach Ever: Report
- In what's being called the largest data breach ever, 995 crore passwords were leaked by a hacker known as "ObamaCare".
- The dataset, named Rockyou2024, combines passwords from various breaches, posing a significant risk of credential stuffing and unauthorized access. This compilation, alongside other leaked databases, could lead to widespread data breaches, financial fraud, and identity thefts.
- Cybernews researchers urge enhanced cyber hygiene practices to mitigate risks. The breach underscores the critical need for robust cybersecurity measures globally, emphasizing the ongoing threat posed by large-scale data breaches.
Read Full Article
28 Likes
Minis
5M
2.6k
Image Credit: Minis
Shadowy hacker claims he has data of 375 million Airtel users, Airtel says no breach in its systems
- A hacker claims to possess data of 375 million Airtel users, including sensitive information like phone numbers, Aadhaar numbers, and more.
- Airtel denies any breach, attributing the claim to misinformation aimed at damaging its reputation. The alleged data sale surfaced on forums frequented by cybercriminals, sparking concerns despite Airtel's assurances.
- Security experts debate the validity of the claim, urging vigilance in cyber hygiene practices like password updates, monitoring accounts, enabling 2FA, and avoiding phishing. Airtel emphasizes its systems' security while acknowledging past data breaches in Indian companies.
Read Full Article
23 Likes
Minis
8M
764
Image Credit: Minis
Why millions of dollars are being offered to hack and crack iPhones, Android phones, WhatsApp and more
- Startups are offering millions to hackers who can discover zero-day vulnerabilities in popular devices and apps. Crowdfense, for instance, offers up to $30 million, with iPhone exploits fetching $7 million and Android exploits $5 million.
- Exploits for Chrome, Safari, WhatsApp, and iMessage can earn hackers between $3 and $5 million. These companies sell the exploits to organizations, including governments, for tracking criminals. Google reports that Commercial Surveillance Vendors were behind 75% of known zero-day exploits targeting Google products in 2023.
- Tech companies are enhancing their defenses against zero-days, with notable investments reducing their prevalence.
Read Full Article
11 Likes
Minis
1y
1.2k
Image Credit: Minis
IT engineer from Pune loses Rs 49 lakh in YouTube scam
- A Pune-based IT engineer reportedly lost ₹49 lakh after falling victim to a job offer that involved earning money by liking YouTube videos.
- Initially, the victim received ₹150 and ₹350 for completing tasks related to liking videos, but later she was persuaded to invest money with the promise of a 30% return.
- The engineer invested ₹49 lakh but did not receive any returns, leading to a significant financial loss. The police are investigating the case.
Read Full Article
18 Likes
Minis
1y
835
Image Credit: Minis
18-yr-old hacker, who said fraud is fun, charged with stealing make similar headlines
- Joseph Garrison, an 18-year-old American man, has been charged with hacking a fantasy sports and betting site and stealing over ₹4.97 crore from around 1,600 accounts.
- The accused allegedly gained unauthorized access to the accounts by using stolen usernames and passwords obtained from previous data breaches.
- Garrison expressed his fascination with fraud and his addiction to seeing money in his account, according to a statement he made to a co-conspirator.
Read Full Article
26 Likes
Minis
1y
178
Image Credit: Minis
Self-taught cybergeek arrested, who was making Rs 3 crore a day from scams
- A class XII passout and self-taught cybergeek has been arrested from Vishakhapatnam in a multi-crore cyberfraud that defrauded Indian citizens.
- Shrinivas Rao Dadi was nabbed from a five-star hotel, where he had been hiding, and had been generating a turnover of anywhere between Rs 3 crore to 5 crore every day out of deceiving citizens.
- Fraudsters posed as police officers and tricked victims, mostly women, into giving their bank account details, which were then used to empty their accounts.
- Investigators said Dadi had been converting money that was defrauded from Indian citizens into cryptocurrency and transferring it to Chinese nationals.
Read Full Article
8 Likes
Minis
1y
1.4k
Image Credit: Minis
Woman seeking set-top-box recharge query loses ₹81,000 to online fraud
- A Mumbai woman lost around Rs 81,000 in a cyber fraud while seeking help with her set-top-box recharge.
- She found a helpline number online and contacted it, but received no response initially.
- The next day, a scammer posing as a customer care executive called her and convinced her to download a remote access application.
- The scammer then gained access to her smartphone and stole money from her bank account using her personal details and OTP.
Read Full Article
27 Likes
Minis
1y
778
Image Credit: Minis
160GB of Data from Acer Up for Sale Following Massive Data Breach
- Acer has reportedly experienced a data breach, which has led to 160 GB of its data being put up for sale to the highest bidder.
- The company has confirmed the event, stating that hackers were able to access the server hosting documents used by technicians, but not consumer data.
- Acer is still investigating the matter to determine the extent of the breach and any potential impact on its customers and operations.
Read Full Article
28 Likes
Minis
1y
599
Image Credit: Minis
Hilarious Revenge: Software engineer tricks scammer into paying for fake website
- A scammer pretended to be an HDFC Bank representative and sent a message to a man, saying his bank account had been disabled and he needed to link his account to his PAN card.
- The man, who is a software engineer, offered to redesign the scammer's website for 20k INR and sent a video of a fake HDFC Bank website to impress him.
- The scammer was impressed and tried calling the engineer twice, but he did not answer the call and texted him that he'd call him the next day.
- The engineer plans to create a FOMO scene to make the scammer pay and may even send him an audio tape with bad words in Hindi.
Read Full Article
7 Likes
Minis
1y
860
Image Credit: Minis
LinkedIn users targeted by 'sophisticated' recruitment fraud, says report
- Scammers are defrauding jobseekers on LinkedIn amid remote working and tech layoffs.
- Fake recruitment processes are being set up by scammers to obtain personal information from jobseekers.
- LinkedIn has noted that these attacks are becoming more sophisticated, with fake websites and phone numbers with professional operators being set up.
Read Full Article
23 Likes
Minis
1y
849
Image Credit: Minis
Instagram account of TV actress hacked, caller threatens to put her videos on porn sites
- Vidya Prasad, a TV actress, reportedly had her Instagram account hacked, with the hacker threatening to upload her videos on porn sites.
- According to her husband, the hacker demanded a ransom of ₹50,000 and they received a call from the scamster.
- Prasad had clicked on a link that asked her to upload her profile to audition for a role in the Bobby Deol-starrer 'Aashram', which is believed to be how the hacker gained access to her account.
Read Full Article
20 Likes
Minis
1y
687
Image Credit: Minis
ICC loses millions: World cricket governing body loses $2.5 mn in online scam: Reports
- The ICC lost $2.5 million in a cybercrime incident, according to a report. As per ESPNCricinfo, the phishing incident, which originated in the USA, occurred last year.
- The report stated that the scam used Business E-mail Compromise (BEC) to commit financial fraud, which the FBI calls 'one of the most financially damaging online crimes.'
- An investigation is ongoing as the ICC reported a cybercrime incident to a US law enforcement agency, without commenting on the matter.
Read Full Article
10 Likes
Minis
1y
688
Image Credit: Minis
30 million Railway passengers’ data for sale on the dark web
- On Tuesday, December 27, the Indian Railways' data hack compromised 30 million individuals. The hacker who claims to be responsible for this attack goes by the name "shadowhacker".
- He claims, without disclosing where the information came from, that "it's one of the biggest railways databases in India."
- The hacker's sample data includes Indian Railways ticket buyers' emails and phone numbers.
Read Full Article
10 Likes
For uninterrupted reading, download the app